Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.augustin.ai/llms.txt

Use this file to discover all available pages before exploring further.

Self-hosted Excalidraw with a gallery, collections, and real-time collaboration. Runs on debian-1, deployed as two swarm services that share a bind mount.

Architecture

  • excalideck-web — SvelteKit app, SQLite metadata, .excalidraw JSON + SVG thumbnails on disk
  • excalideck-collab — plain Node WebSocket server speaking the Yjs sync/awareness protocol, one room per diagram, flushes to disk every 10s and on shutdown
  • Shared state: apps/excalideck/data/ bind mount holds excalideck.db, diagrams/, thumbnails/
  • Auth: single-user, session cookies, scrypt passwords, rate-limited
  • Collab auth: web mints short-lived HMAC-signed tokens scoped to (userId, diagramId); collab verifies with the shared COLLAB_SECRET — no DB access needed

Secrets

COLLAB_SECRET in apps/excalideck/.env. Rotating it invalidates in-flight collab sessions but does not log users out. Generate with openssl rand -base64 48; must be identical on both services (env_file: .env on both handles this).

Password reset

CID=$(docker service ps -q --filter desired-state=running excalideck_excalideck-web | head -1 \
  | xargs docker inspect --format '{{.Status.ContainerStatus.ContainerID}}')
docker exec $CID pnpm reset-password <email>              # random password printed to stdout
docker exec $CID pnpm reset-password <email> <password>   # specific password
Invalidates all existing sessions for that user.

Upgrades

Images are built from amarcin/excalideck and pushed to the local registry. See apps/excalideck/AGENTS.md for the full build + redeploy recipe. Migrations run automatically on web boot.

Health

curl https://excalideck.augustin.ai/health
curl https://excalideck-collab.augustin.ai/health
Uptime Kuma monitors the web endpoint.