servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: upgrade to excalidraw-full

Browse Source
This commit is contained in:
Servius
2026-02-11 04:27:14 +05:30
parent 3a97de6af2
commit 98989afdec
2 changed files with 89 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
nixos/tako/services/excalidraw.nix
View File

@@ -1,29 +1,91 @@
{...}: { {config, ...}: let
dataDir = "/var/lib/excalidraw";
base_domain = "darksailor.dev";
in {
# SOPS secrets and templates
sops = {
secrets = {
"excalidraw/jwt_secret" = {};
"authelia/oidc/excalidraw/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
"authelia/oidc/excalidraw/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["authelia-darksailor.service"];
};
};
templates."excalidraw.env".content = ''
OIDC_ISSUER_URL=https://auth.${base_domain}
OIDC_CLIENT_ID=${config.sops.placeholder."authelia/oidc/excalidraw/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/excalidraw/client_secret"}
OIDC_REDIRECT_URL=https://draw.${base_domain}/auth/callback
JWT_SECRET=${config.sops.placeholder."excalidraw/jwt_secret"}
STORAGE_TYPE=sqlite
DATA_SOURCE_NAME=excalidraw.db
LOCAL_STORAGE_PATH=/root/data
'';
};
# Create data directory and initialize SQLite DB
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 root root -"
"d ${dataDir}/data 0755 root root -"
"f ${dataDir}/excalidraw.db 0644 root root -"
];
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
# Excalidraw Full backend
excalidraw = { excalidraw = {
image = "excalidraw/excalidraw:latest"; image = "ghcr.io/betterandbetterii/excalidraw-full:latest";
ports = ["127.0.0.1:5959:80"]; ports = ["127.0.0.1:3002:3002"];
volumes = []; environmentFiles = [
config.sops.templates."excalidraw.env".path
];
volumes = [
"${dataDir}/data:/root/data"
"${dataDir}/excalidraw.db:/root/excalidraw.db"
];
}; };
}; };
}; };
services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
reverse_proxy localhost:5959 # Caddy reverse proxy
services.caddy.virtualHosts."draw.${base_domain}".extraConfig = ''
reverse_proxy localhost:3002
''; '';
# services.authelia = {
# instances.darksailor = { # Configure Authelia OIDC for Excalidraw
# settings = { services.authelia.instances.darksailor.settings = {
# access_control = { identity_providers = {
# rules = [ oidc = {
# { clients = [
# domain = "draw.darksailor.dev"; {
# policy = "one_factor"; client_name = "Excalidraw: Darksailor";
# } client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_id".path}" }}'';
# ]; client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/excalidraw/client_secret".path}" }}'';
# }; public = false;
# }; authorization_policy = "one_factor";
# }; require_pkce = false;
# }; redirect_uris = [
"https://draw.${base_domain}/auth/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
} }

9
secrets/secrets.yaml
View File

@@ -49,6 +49,9 @@ authelia:
client_id: ENC[AES256_GCM,data:T6O5yS0HwwJ8,iv:JiWbN2+s8RCF6saTNYEzwMrsSq2ghRAv3aZ75nSTaUg=,tag:oYZYR5BbyxYqmigzcN6k+g==,type:str] client_id: ENC[AES256_GCM,data:T6O5yS0HwwJ8,iv:JiWbN2+s8RCF6saTNYEzwMrsSq2ghRAv3aZ75nSTaUg=,tag:oYZYR5BbyxYqmigzcN6k+g==,type:str]
client_secret: ENC[AES256_GCM,data:pQpVJoX8MPUqWUXmnv8K0oGwWfgRRoQgpz//FzyJsflE79ytivaR+CE7jhww7CG7o5lezEXUJrup7fyISYEvRA==,iv:r3IuwvNb1bT9bGSDTKFcd4yJNhaREha3DgFoQqNuttc=,tag:NeA3h39G+6T7guaBeYEPTw==,type:str] client_secret: ENC[AES256_GCM,data:pQpVJoX8MPUqWUXmnv8K0oGwWfgRRoQgpz//FzyJsflE79ytivaR+CE7jhww7CG7o5lezEXUJrup7fyISYEvRA==,iv:r3IuwvNb1bT9bGSDTKFcd4yJNhaREha3DgFoQqNuttc=,tag:NeA3h39G+6T7guaBeYEPTw==,type:str]
jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str] jwks: ENC[AES256_GCM,data:1efhdlYmiD/y4kzK0hFfLAmY6rXK0hvZez/tu1cb2hfUhIM/DzNNthKQjH8Cu2TlZwDQpUIrCO7Tr0BbkiREC+VNK4vYgi+GWswnG7VCZS40xRAZhSArNO2uQ4dpf/KAHRSSJa3i7gGOqSG/Pnrl3TRhzkhkfWSRk+7koPWKpYJOKLem+ZLN75yssCsEbYIOHjcXyizNHt6SE2ylqqCjyWnlhlnRQStYaFPWAAABcm96MkSThSyRd6hTAifC/aZiM1IMlLw7wJJk01uwjJytlxBxDiFrdr4Grg0PzOsOAocex9Siw5fzcr7dFpVBoaS7e7nD/sccGSyEysw/t+wvkMou1Ewr5U2Pnew8lPjSrEiiGxuPwmK9kHxD3L6cADxF6xs4bn+Iqa/yy9FWbtGZfBYOxJiRvXgxBPiO7CH4tJyVIbnLfi8K/zCJC9u5vO+WFXiVIzXxAPVUL7VKQQZGxV7989LMdcjzck+B1zFHVQz25siwbpu0FxMxiJsVtBxu1U+QBRfQrwLacX2NAJvqYNZxr+9l43Fh0x8dS5CBheVEy39sXge9jLyS7kIW0FfvgJaHuLL2/GhDGsvfi7zFPOc8Thg+8LP58L8wzPT+LvVoidq/j3K2Ct6udn9JsOnbZT3Gs1RiY+E77H09GbdwIrP0sGVi4ZJe++w+sKNjyzLzceEYGkfa1EiMQhYPHzqUAwqtgmJZo9tY+2jOBJb9ZU+Kj0xtqZsjFpHaGWsRj8XGkPrAFEh6Z6/Ak9/BpYaapPeAO3Wa6tzNVlTCtaX786nSTjfGC7v9O4Uz8XQr0HV3A7wj36Fw3dqERZFKea7BJbiiAiEZtnOsbWVqQXpIUVfCvPhfwuFcOU/ClyM1fGyZXaCIeB62Tkqa+ZlqRQgzzf3bSFUK0PgxE3Ny5pIPzNEINqse+6DeFuF91uY1dLQB4Vizyzv1H+X/OecO9K8kECM1wUy3Fbbyh4tYYxt4VvqFQZ1o4A7Jd04WCIf3hdAHmwvOQW+/8dfnyLa8kqTcQYeI3jfjtRvD6TaZl21K9kFY2VJAexdno9bbozDOus1Ep92ublwonVjfvzbyDURHGF6Cw2OL7xcbHQIMz/ZmkVHMra49NHgWlI6X0slgYDxKKDszHhZ9SHkEXF8pJf+uogbwSwz1glRkEdn1oprbs8GsFoc7HGVvSHRgOWKHwvhZD2tMiSE4cEFZ9/2nSPISQMNGuS7wgnVkalKPW+gF1EWVXczanzKsrpcDtpMdFufMRVusaJBV5Jw62I++cx1AMW2dRTseQyWLchRWtOba6dd9gbNzGi39+njHClHIEUxaxXzxIQLhSgCA9loXRc26ZA6DpwHQR+gtH2OybeFEiH390YoSfFeZuU+f0E2awMdpiEsBL/AniUcboDaBEaDQYpwUawNL+II7rmSn4rTJM64n5z3B88U/vAQh9BQFhf7SDKb05n/ArCibkdy3gbo8rTVH1gGbmW53DTxzuW+AEpFcuueiP3yz1vGzEwKSX+LMkCwFwk6Y/VcqHXW+PdZ88SFUr5WELGPkZxT3AvmduBCifE0KDzKWrN3yy1xwEQDGrYiqeHqeqHpEuk/KpxeAwepqWayGMq6iT4BWUBojNo6quoXkPPodSsotbBFLjyRHoDGm0NZSbgluOUyERrN6M+ELdHqQjeNTS046KB6QnG5s+uTA+uxyonvmPCPBgFAd0q0qfq4T/SISHrPe13Y7nHnATxoMBszvIfKznqFthTBsc3V9C5+g/kcOzcEQpAC6baGe+eq23m/Go3uDa7O84Euxhj9C5NBcidvgmYmRZuY6l2ehnxf1oGoGwHBJEaYEuCk7sc3Wac6u2OvqCIKPxRdi2tUiZ9FwCGLqd8qcLEPtsSaBNk2CVlK9ZkgPzSYH794qpNQDWkyv5SJ4V9zy2LL+s9MHtHNQu6QxALZ8c0GfQetTI5ArkC3cBz/3mRdDMy9k7HpO7b6USoxqGAZ+H4kzJhus9QwjaqJnnB+fJI5O2ek5TVLY9RWXo+W2pCBDjt925BVoChkvkUEg4GtvR+8/yChgYEgYWUPqRV4vMEwQiRoaJamL/E+lRaUx+c0f9ga8+k0JdfxfzoIPUA3/rBGcfO8Y12RF8Ool4hreP409KjdPP0PeeOVKg58MPYNO5O0BdT62nyL+fSvJkw7uPGcOwtOtcxjcBsNhoFv0twrCp8S3cLX45GTNaTw+JHcxsTzG9ibL3bFtVkAAiZHZGMisEjTSGElSGIDk+MoPt68hq4BRioab,iv:gGKyTUigpnqg3Fgd76INrESRT27hJRzYQ3xk8heNkWk=,tag:fVc8rg1Or63X/14neG+8Cw==,type:str]
excalidraw:
client_id: ENC[AES256_GCM,data:ANaCFTiPnR/bP51lSMfiTRX7ZGZ2pmX3Guamsyj7KRzD34G18E+UUgXi0YdbDfmFxcEj+nvoerf7wWhtvIzO1Q==,iv:CyNiLA0PH0p1Zwdf8B6/Ysb6GODClnXkPctbtZnoddw=,tag:X3kAkBKD407QFg/Se33Flg==,type:str]
client_secret: ENC[AES256_GCM,data:VHIbKjHWXfQCUp3wh2dsMpMaDdCabmVlLMHcMnTCXPr5ZNIS1zpyGD6keapoOYywwvDFenICf73vpHun5aFhLw==,iv:HjRTwREC2jMsW1VrVYe4iywGc9apWZWLwh5aHOjvde0=,tag:Jl9kDI8C9VjSm6SiePk7Ow==,type:str]
lldap: lldap:
jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
seed: ENC[AES256_GCM,data:jJPutPkhFVFxLbbQNZznHHiilP/cN2r+/vT4ArQVRQSqPMnkkwgc3LNk4sUTrT9V,iv:LD1IJ1CgtDfYf1gSyyaU+hir0InuDEq0u7ppMmwGJRY=,tag:cK4l4Evr7V9WEUEL7V9jtQ==,type:str] seed: ENC[AES256_GCM,data:jJPutPkhFVFxLbbQNZznHHiilP/cN2r+/vT4ArQVRQSqPMnkkwgc3LNk4sUTrT9V,iv:LD1IJ1CgtDfYf1gSyyaU+hir0InuDEq0u7ppMmwGJRY=,tag:cK4l4Evr7V9WEUEL7V9jtQ==,type:str]
@@ -87,6 +90,8 @@ tuwunel:
client_id: ENC[AES256_GCM,data:25wSM5POfSJTmAaP/3vVqqbqa46vF21hZgCuJ1qfh8pHl8K6fMLdd0Q4GeVH1tgsBHKY0zStqYIc/RIgmerSVw==,iv:tWCw4jWymrSWR+xj37Bt7Qx60bRhpWQ+UEZ2dDJRGQo=,tag:PBa/P66bWexmlUEIaCtEKw==,type:str] client_id: ENC[AES256_GCM,data:25wSM5POfSJTmAaP/3vVqqbqa46vF21hZgCuJ1qfh8pHl8K6fMLdd0Q4GeVH1tgsBHKY0zStqYIc/RIgmerSVw==,iv:tWCw4jWymrSWR+xj37Bt7Qx60bRhpWQ+UEZ2dDJRGQo=,tag:PBa/P66bWexmlUEIaCtEKw==,type:str]
client_secret: ENC[AES256_GCM,data:cH/zkBj46u/07XiSd/4DsLYImkQwxNT8jQDjOuESi5dED6KEXwCjNNPzVvQuEuM7r4enZeIfb3cQztcxQJwTSA==,iv:eD5DKLUvTaK0ce1MJCLJHEl44hwtKx8rQ93eohqcUNE=,tag:FkkYHjAOaEu2gs8v7+EVgA==,type:str] client_secret: ENC[AES256_GCM,data:cH/zkBj46u/07XiSd/4DsLYImkQwxNT8jQDjOuESi5dED6KEXwCjNNPzVvQuEuM7r4enZeIfb3cQztcxQJwTSA==,iv:eD5DKLUvTaK0ce1MJCLJHEl44hwtKx8rQ93eohqcUNE=,tag:FkkYHjAOaEu2gs8v7+EVgA==,type:str]
registration_token: ENC[AES256_GCM,data:A0Wd9DTruGnCoPosKUHrd3AgN3T9JbkW/6fTJyzcryV0COqLSjOqCD4W2PXPwnk83MFeQ84RpJ3J4tuvYv2JuQ==,iv:7JIQUwfeEN03N0F35z6VipN66DpErqnY6aQrLznnw8g=,tag:RF2gB8kVKT3ioPVVRyj4aQ==,type:str] registration_token: ENC[AES256_GCM,data:A0Wd9DTruGnCoPosKUHrd3AgN3T9JbkW/6fTJyzcryV0COqLSjOqCD4W2PXPwnk83MFeQ84RpJ3J4tuvYv2JuQ==,iv:7JIQUwfeEN03N0F35z6VipN66DpErqnY6aQrLznnw8g=,tag:RF2gB8kVKT3ioPVVRyj4aQ==,type:str]
excalidraw:
jwt_secret: ENC[AES256_GCM,data:W1Tqr8tjd7xmp3WiGXfrRgS4YD5f9MUECs3zum7KY0bv2fp4J9jn/pt1PfY=,iv:TJWkJdP2eItuzsyqaGzUwd+v0iQXShoqUL8X10TME+8=,tag:htJC/jKB7mYVKOR59pEekQ==,type:str]
sops: sops:
age: age:
- recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk - recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
@@ -98,7 +103,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-10T14:49:29Z" lastmodified: "2026-02-10T22:47:33Z"
mac: ENC[AES256_GCM,data:ua8maqTc3KkkNni+fNnQLqP4PwRVVh5FuUjsAN5+w+ad3sD/+QunnAkHAMKUajAlwXKS/PIAqz6p0iwSn80ip3yXxMZPRG134+q729m5rwkGcV4FzyR2wIYVP5vRbZEMuMbfomMMjUyJk/Gsg4CY8iecgvvoMkWvK2INSH07TcE=,iv:GiyicPX4YAZAXuKXxJskuJyzi8ukQ/vv2aOncKf/Qew=,tag:tAmz6F6WMMzLLYmBlsrxvQ==,type:str] mac: ENC[AES256_GCM,data:E9MGlDYKb7Uf5rnGrowqaSyYexfgS6LXSZRWd/H1q9eizY65Z4otbY9eEVJu9yC4SJasiL48+FLnkrmCz9pRz2VK9s16jOUFhNItUqRWrCjQ4HD+FHMrJsqoxB+3jr2QwbX+zKkAVDbO9UZEZRbg8zNNVrOYzaR21WQzDQo0L0g=,iv:VZl7zPsvWIPE3ZuwC8VWqeSSTq3gJgIOZ33IGmNCc5s=,tag:nC+pw1fNy/cIcjiLPgxfwA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0