current
  1{lib, ...}: {
  2  flake.modules.nixos."services/artalk" = {config, ...}: {
  3    services.artalk = let
  4      secrets = config.vaultix.secrets;
  5    in {
  6      enable = true;
  7      settings = {
  8        host = "127.0.0.1";
  9        port = 23366;
 10        app_key = {_secret = secrets.artalk-app-key.path;};
 11        debug = false;
 12        locale = "zh-CN";
 13        timezone = "Asia/Shanghai";
 14        login_timeout = 259200;
 15        db = {
 16          type = "sqlite";
 17          file = "./data/artalk.db";
 18          user = "artalk";
 19          charset = "utf8mb4";
 20        };
 21        log = {
 22          enabled = true;
 23          filename = "./data/artalk.log";
 24        };
 25        trusted_domains = [
 26          "https://blog.hpcesia.com"
 27        ];
 28        moderator = {
 29          pending_default = false;
 30          api_fail_block = true;
 31          akismet_key = {_secret = secrets.artalk-akismet-key.path;};
 32        };
 33        captcha = {
 34          enabled = true;
 35          captcha_type = "image";
 36        };
 37        img_upload.enable = false;
 38        email = {
 39          enabled = true;
 40          send_type = "smtp";
 41          send_name = "{{reply_nick}}";
 42          send_addr = "info@hpcesia.com";
 43          mail_subject = "[{{site_name}}]  @{{reply_nick}} ";
 44          mail_tpl = "default";
 45          smtp = {
 46            host = "glacier.mxrouting.net";
 47            port = 465;
 48            username = "info@hpcesia.com";
 49            password = {_secret = secrets.artalk-email-password.path;};
 50          };
 51        };
 52        admin_notify = {
 53          notify_tpl = "default";
 54          notify_pending = true;
 55          email = {
 56            enabled = true;
 57            mail_subject = "[{{site_name}}] {{page_title}}";
 58          };
 59        };
 60        auth = {
 61          enabled = true;
 62          anonymous = true;
 63          callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
 64          email = {
 65            enabled = true;
 66            verify_subject = " - {{code}}";
 67            verify_tpl = "default";
 68          };
 69          github = {
 70            enabled = true;
 71            client_id = {_secret = secrets.artalk-github-client-id.path;};
 72            client_secret = {_secret = secrets.artalk-github-client-secret.path;};
 73          };
 74        };
 75        frontend = {
 76          placeholder = "";
 77          emoticons = "https://blog.hpcesia.com/assets/emotion.json";
 78          gravatar = {
 79            mirror = "https://weavatar.com/avatar/";
 80            params = "sha256=1&d=mp&s=240";
 81          };
 82          imgLazyLoad = "native";
 83          versionCheck = false;
 84        };
 85      };
 86    };
 87
 88    services.caddy.virtualHosts."artalk.hpcesia.com".extraConfig =
 89      lib.mkIf config.services.caddy.enable
 90      (let
 91        localAddress = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
 92      in ''
 93        encode zstd gzip
 94        reverse_proxy ${localAddress}
 95      '');
 96
 97    services.restic.backups."${config.networking.hostName}-backup".paths =
 98      lib.mkIf
 99      (builtins.hasAttr "${config.networking.hostName}-backup" config.services.restic.backups)
100      [config.services.artalk.workdir];
101
102    vaultix.secrets = lib.mkMerge (builtins.map (s: {
103        "artalk-${s}" = {
104          file = lib.path.append ./. "${s}.age";
105          owner = "root";
106          group = "artalk";
107          mode = "0440";
108        };
109      }) [
110        "app-key"
111        "akismet-key"
112        "email-password"
113        "github-client-id"
114        "github-client-secret"
115      ]);
116  };
117}