Commit 3c36fe4
Changed files (14)
hosts
chaser-pardofelis
modules
hosts
chaser-pardofelis
secrets
cache
pardofelis
hosts/chaser-pardofelis/artalk.nix
@@ -1,84 +0,0 @@
-{config, ...}: {
- services.artalk = {
- enable = true;
- settings = {
- host = "127.0.0.1";
- port = 23366;
- app_key = {_secret = config.sops.secrets.artalk-app-key.path;};
- debug = false;
- locale = "zh-CN";
- timezone = "Asia/Shanghai";
- login_timeout = 259200;
- db = {
- type = "sqlite";
- file = "./data/artalk.db";
- user = "artalk";
- charset = "utf8mb4";
- };
- log = {
- enabled = true;
- filename = "./data/artalk.log";
- };
- trusted_domains = [
- "https://blog.hpcesia.com"
- ];
- moderator = {
- pending_default = true;
- api_fail_block = true;
- akismet_key = {_secret = config.sops.secrets.artalk-akismet-key.path;};
- };
- captcha = {
- enabled = true;
- captcha_type = "image";
- };
- img_upload.enable = false;
- email = {
- enabled = true;
- send_type = "smtp";
- send_name = "{{reply_nick}}";
- send_addr = "info@hpcesia.com";
- mail_subject = "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复";
- mail_tpl = "default";
- smtp = {
- host = "glacier.mxrouting.net";
- port = 465;
- username = "info@hpcesia.com";
- password = {_secret = config.sops.secrets.artalk-email-password.path;};
- };
- };
- admin_notify = {
- notify_tpl = "default";
- notify_pending = true;
- email = {
- enabled = true;
- mail_subject = "[{{site_name}}] 您的文章「{{page_title}}」有新回复";
- };
- };
- auth = {
- enabled = true;
- anonymous = true;
- callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
- email = {
- enabled = true;
- verify_subject = "您的验证码是 - {{code}}";
- verify_tpl = "default";
- };
- github = {
- enabled = true;
- client_id = {_secret = config.sops.secrets.artalk-github-client-id.path;};
- client_secret = {_secret = config.sops.secrets.artalk-github-client-secret.path;};
- };
- };
- frontend = {
- placeholder = "来都来了,不如说点什么吧!";
- emoticons = "https://blog.hpcesia.com/assets/emotion.json";
- gravatar = {
- mirror = "https://weavatar.com/avatar/";
- params = "sha256=1&d=mp&s=240";
- };
- imgLazyLoad = "native";
- versionCheck = false;
- };
- };
- };
-}
hosts/chaser-pardofelis/caddy.nix
@@ -14,7 +14,6 @@ in {
services.caddy = {
virtualHosts = let
localAddress = {
- artalk = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
authelia = "http://${
# Assuming address start with `tcp://`.
@@ -27,10 +26,6 @@ in {
prometheus = "http://${config.services.victoriametrics.listenAddress}";
};
in {
- "artalk.hpcesia.com".extraConfig = ''
- encode zstd gzip
- reverse_proxy ${localAddress.artalk}
- '';
"atuin.hpcesia.com".extraConfig = ''
encode zstd gzip
reverse_proxy ${localAddress.atuin}
modules/hosts/chaser-pardofelis/default.nix
@@ -19,6 +19,7 @@
map
(n: config.flake.modules.nixos."${config.flake.meta.service.prefix}${n}")
[
+ "artalk"
"caddy"
"forgejo"
"freshrss"
modules/services/artalk/app-key.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 6exuTfZ/+TVuf4KpvqPSn2mwLICyHBxq/Yhq0dKgZQk
+MzoLdU93aEoEjpMpbXafOMGUOjYxyFHQQV3cPDslOMM
+-> n)P-grease gQb)
+brt1qVx8AEtm4IaKaYssy7ELZn6gGXPDeUAzi4GLfiHjvJMB7LLr+QKlapLkxzWe
+v++0
+--- 281Vjv6FXnh2R5m7PHamDQFEYMt/Q7yxs2GJSukiTXQ
+Tk�; �B�X�7H�z���vU�NJ��0M�����9~\¥��T
�X�
\ No newline at end of file
modules/services/artalk/default.nix
@@ -0,0 +1,112 @@
+{lib, ...}: {
+ flake.modules.nixos."services/artalk" = {config, ...}: {
+ services.artalk = let
+ secrets = config.vaultix.secrets;
+ in {
+ enable = true;
+ settings = {
+ host = "127.0.0.1";
+ port = 23366;
+ app_key = {_secret = secrets.artalk-app-key.path;};
+ debug = false;
+ locale = "zh-CN";
+ timezone = "Asia/Shanghai";
+ login_timeout = 259200;
+ db = {
+ type = "sqlite";
+ file = "./data/artalk.db";
+ user = "artalk";
+ charset = "utf8mb4";
+ };
+ log = {
+ enabled = true;
+ filename = "./data/artalk.log";
+ };
+ trusted_domains = [
+ "https://blog.hpcesia.com"
+ ];
+ moderator = {
+ pending_default = true;
+ api_fail_block = true;
+ akismet_key = {_secret = secrets.artalk-akismet-key.path;};
+ };
+ captcha = {
+ enabled = true;
+ captcha_type = "image";
+ };
+ img_upload.enable = false;
+ email = {
+ enabled = true;
+ send_type = "smtp";
+ send_name = "{{reply_nick}}";
+ send_addr = "info@hpcesia.com";
+ mail_subject = "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复";
+ mail_tpl = "default";
+ smtp = {
+ host = "glacier.mxrouting.net";
+ port = 465;
+ username = "info@hpcesia.com";
+ password = {_secret = secrets.artalk-email-password.path;};
+ };
+ };
+ admin_notify = {
+ notify_tpl = "default";
+ notify_pending = true;
+ email = {
+ enabled = true;
+ mail_subject = "[{{site_name}}] 您的文章「{{page_title}}」有新回复";
+ };
+ };
+ auth = {
+ enabled = true;
+ anonymous = true;
+ callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
+ email = {
+ enabled = true;
+ verify_subject = "您的验证码是 - {{code}}";
+ verify_tpl = "default";
+ };
+ github = {
+ enabled = true;
+ client_id = {_secret = secrets.artalk-github-client-id.path;};
+ client_secret = {_secret = secrets.artalk-github-client-secret.path;};
+ };
+ };
+ frontend = {
+ placeholder = "来都来了,不如说点什么吧!";
+ emoticons = "https://blog.hpcesia.com/assets/emotion.json";
+ gravatar = {
+ mirror = "https://weavatar.com/avatar/";
+ params = "sha256=1&d=mp&s=240";
+ };
+ imgLazyLoad = "native";
+ versionCheck = false;
+ };
+ };
+ };
+
+ services.caddy.virtualHosts."artalk.hpcesia.com".extraConfig =
+ lib.mkIf config.services.caddy.enable
+ (let
+ localAddress = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
+ in ''
+ encode zstd gzip
+ reverse_proxy ${localAddress}
+ '');
+
+ vaultix.secrets = lib.mkMerge (builtins.map (s: {
+ "artalk-${s}" = {
+ file = lib.path.append ./. "${s}.age";
+ owner = "root";
+ group = "artalk";
+ mode = "0440";
+ };
+ }) [
+ "app-key"
+ "akismet-key"
+ "email-password"
+ "github-client-id"
+ "github-client-secret"
+ ]);
+ };
+}
modules/services/artalk/email-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 /wavjyo1rG+SBuuinswBXjLmpxdh2ZmrOdaKDTULoh8
+Dq/EKT9iQ1xUC7e7QgZ8rB1+eC+vqoF9PAyt5fDrIDU
+-> z&S%zwM-grease $M.v.NGB Z5" ACR>G
+836po7vBkpz2C/OnQHJmeFpg7XpGrmQ8Im/JTa+NtDXlYCunIQ
+--- JrqsXQuME4qQnIiEEvJG+Ub8Btg5j27kPZTbpzUmTQA
+b1<����5��.+�q���P�7�d�?}�h��YB��ƳN�������R����
\ No newline at end of file
modules/services/artalk/github-client-id.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 oZcH0fFl4WCgdT3sjxim97kGy6RzrE4Pe3b4ujsao0w
+9gxmpeSEVm8LCBxxG7yy6Tq0tqFBZj4/6qMMItVBAbc
+-> S$BcO#rJ-grease Kl'G%C, h=LN]8}T b ER_MkcY;
+BCycbQ8tBZs+ngPerwUPwdQ0WjJ9HRsLriH3mtCIapjecioR5FHhzjw4/t8inLux
+0B9j8A
+--- CLoyhuKMIVuIObjsgtnE4xBwxu0Zuc6NOMFwbKUL1mc
+�3)]iZӿ�ǥ�$�Q�4*�]<c��H�-n�#��PV��[K�0P;��LZ�
\ No newline at end of file
modules/services/artalk/github-client-secret.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 Ns+gBiSiXr2B3bNqg8LFpatkvtgOI8zNMDKI+l95aC4
+0lKmOATR0KaNCwgkyNfaSYqew3vThOHQsbLAKSpuJd4
+-> ^:{6-grease rD)_YZ: iX6N2aH ttlm N
+5DQD6raVR3F+SY9G+DceQlpnQPsr2lkDD1gAcSBJSxGmJnKdCnTLBePDxV5j/jH3
+re+FyrhkOu8WBqBPgDK0SFP+eoSnH3syunMnasK0qmmz+tE+V42YaLz9VJ/kieEY
+iQ
+--- O+oT9782dRjjoSJeERG011Icd40kwxpcr1iwNnhlFNQ
+��4��ⅺ������NR���k��|�*�sG�q+A�42GL��`�Ce!��s
+V���!�U��
+S�Oį�
\ No newline at end of file
secrets/cache/pardofelis/4b9eeee8c1b565adbab63d89975464e4304792c075909abbd2ad18125d7b4bdb
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw bhD1R+xlrhHz1otZ0yUIPJx+nmqKJtwJ4t8YdnzMpkw
+q2nW5nIPhKZQ8Qvt9NIis8NLc+MNqlq79v3ft7jVDlQ
+-> |F5ii9-grease 8
+pO40fvwr8xUBh/GCxkDWt9FXCWvWjHw5e6X7bA8WhT+IP3XronMsY0h3sDu9ZOXH
+cVMKZILi
+--- gl8ushlEOnxhlG67qdgl7nTw3+chcDRBaoXim97sA/E
+�y�'�*`gL~cg�:�^��������вRK���d��b#i'��1�Ή
\ No newline at end of file
secrets/cache/pardofelis/50ff6b740f8d459f38ce89001ca34d7278f8e2ef565cdc76a3ad7cea3adffb6c
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw KezRLE9Zao1S/GZhJM/+8DsBXbgh7Xm7MpG6lyvYBHo
+L7QNiNTAnkqyPfBjkP1GE1lJ2JVJNwou0U4w71tjpZ4
+-> {-grease Pn\H` yTA
+vXQ54a6V6dQsFr6R/YGnetu/uQ546ZdjM/1kBOnINTURECNK2fYunrWbrUE
+--- lXF96ouyE6/Ug2WhF9EVkfMqEDSea6iCoEo2o5ExS7c
+�����"�(<i��et]td���k�K=O�k�U���
+�g��y�ڐ�
\ No newline at end of file
secrets/cache/pardofelis/5d1ad91bf08ce21552ea8c9b93b13389789f7eb05947ae4d400a831ce8591853
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw BYEhkpEbORYlF5DjbdxZE+MUFkgeAvtBvD5dwk0DETo
+2t1SVUxdSjwsqIm5wLsc4pIRh7jHd9rjoY9m3feSbt8
+-> 9-grease %KHf `sYu! EQW y]v
+yEaAmiMHB6dbgi15Z39XrwS6v+0coFrcZHa1ph7vxZzXBzRobIFkaD2MWiu5b8vT
+cQVcBSv2XSuw108Vr8NoGQjT4lozPd/HTiWTsA
+--- 2C4IpEYlyKXxCa7q3UxWKDY15y62wjRziWjIV3Nxo84
+����[
+9ǁ�ħ���ɡ7�
@f2^y�3f �0����=i�
\ No newline at end of file
secrets/cache/pardofelis/c4e0b6fc66d4ecf93c0d2902c0006950bb1fcef61dec8ffe73283deb8e94a7dc
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw CjHBi+U9msdcP0P3gSAirjQ7LOR4P5OCPKsbd0qAPwk
+zIwVzBShr0m1c+V09gPD4yAInE7e1rkNfw6KxP3h7As
+-> }mT-grease rp@og$b Wmsx{t_- %
+KskFnRT/CpIBtfqw2XRfrEj1wADfHsawMDlfHwzTqFRgTxd7Jt3Yt7uxlUugLUul
+ZK17YUXR0Ko
+--- b4rn/Z5bYA03n2pzygy1cY12PRR3h9gkBHxq12dqllU
+��mV�����5s��V��!�I��<��0v������r��/� �yԧaWC&�n��$
\ No newline at end of file
secrets/cache/pardofelis/f9791632c2a70caa5ab24d75d7c1957d9733ca608aa6be64eefa56dd4ddf0564
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw ri5bkfLgUOsdDxb5OkX48Wvcz4DA7zEskNLq34ErEEc
+j7Qo4E424Xi5Cr4JDaLH3pSDkCW7fRWwGGFW4hJDbQw
+-> O'KR&r-grease vfgg
+ihEWuxCyHxDnHupt2Wx9Fj5X1QuG8pCZqUeY45p2938hAh54Jd8pskT1iX1cJ2gR
+5MTCNJVNQxTNwscF
+--- k3021E60LB70s8p6SJpL+hR2d3v5I9zrLlmaOSPh6WU
+:
+����^�Y��*�����T��o�0yEƣ��-/�/���L��y8
+�Eq�s�Ţ"{3�n><aU�
\ No newline at end of file