current
1{lib, ...}: {
2 flake.modules.nixos."services/artalk" = {config, ...}: {
3 services.artalk = let
4 secrets = config.vaultix.secrets;
5 in {
6 enable = true;
7 settings = {
8 host = "127.0.0.1";
9 port = 23366;
10 app_key = {_secret = secrets.artalk-app-key.path;};
11 debug = false;
12 locale = "zh-CN";
13 timezone = "Asia/Shanghai";
14 login_timeout = 259200;
15 db = {
16 type = "sqlite";
17 file = "./data/artalk.db";
18 user = "artalk";
19 charset = "utf8mb4";
20 };
21 log = {
22 enabled = true;
23 filename = "./data/artalk.log";
24 };
25 trusted_domains = [
26 "https://blog.hpcesia.com"
27 ];
28 moderator = {
29 pending_default = false;
30 api_fail_block = true;
31 akismet_key = {_secret = secrets.artalk-akismet-key.path;};
32 };
33 captcha = {
34 enabled = true;
35 captcha_type = "image";
36 };
37 img_upload.enable = false;
38 email = {
39 enabled = true;
40 send_type = "smtp";
41 send_name = "{{reply_nick}}";
42 send_addr = "info@hpcesia.com";
43 mail_subject = "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复";
44 mail_tpl = "default";
45 smtp = {
46 host = "glacier.mxrouting.net";
47 port = 465;
48 username = "info@hpcesia.com";
49 password = {_secret = secrets.artalk-email-password.path;};
50 };
51 };
52 admin_notify = {
53 notify_tpl = "default";
54 notify_pending = true;
55 email = {
56 enabled = true;
57 mail_subject = "[{{site_name}}] 您的文章「{{page_title}}」有新回复";
58 };
59 };
60 auth = {
61 enabled = true;
62 anonymous = true;
63 callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
64 email = {
65 enabled = true;
66 verify_subject = "您的验证码是 - {{code}}";
67 verify_tpl = "default";
68 };
69 github = {
70 enabled = true;
71 client_id = {_secret = secrets.artalk-github-client-id.path;};
72 client_secret = {_secret = secrets.artalk-github-client-secret.path;};
73 };
74 };
75 frontend = {
76 placeholder = "来都来了,不如说点什么吧!";
77 emoticons = "https://blog.hpcesia.com/assets/emotion.json";
78 gravatar = {
79 mirror = "https://weavatar.com/avatar/";
80 params = "sha256=1&d=mp&s=240";
81 };
82 imgLazyLoad = "native";
83 versionCheck = false;
84 };
85 };
86 };
87
88 services.caddy.virtualHosts."artalk.hpcesia.com".extraConfig =
89 lib.mkIf config.services.caddy.enable
90 (let
91 localAddress = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
92 in ''
93 encode zstd gzip
94 reverse_proxy ${localAddress}
95 '');
96
97 services.restic.backups."${config.networking.hostName}-backup".paths =
98 lib.mkIf
99 (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
100 [config.services.artalk.workdir];
101
102 vaultix.secrets = lib.mkMerge (builtins.map (s: {
103 "artalk-${s}" = {
104 file = lib.path.append ./. "${s}.age";
105 owner = "root";
106 group = "artalk";
107 mode = "0440";
108 };
109 }) [
110 "app-key"
111 "akismet-key"
112 "email-password"
113 "github-client-id"
114 "github-client-secret"
115 ]);
116 };
117}