Commit 3c36fe4

HPCesia <me@hpcesia.com>
2025-10-04 15:28:35
refactor: migrate artalk
1 parent e7aba09
hosts/chaser-pardofelis/artalk.nix
@@ -1,84 +0,0 @@
-{config, ...}: {
-  services.artalk = {
-    enable = true;
-    settings = {
-      host = "127.0.0.1";
-      port = 23366;
-      app_key = {_secret = config.sops.secrets.artalk-app-key.path;};
-      debug = false;
-      locale = "zh-CN";
-      timezone = "Asia/Shanghai";
-      login_timeout = 259200;
-      db = {
-        type = "sqlite";
-        file = "./data/artalk.db";
-        user = "artalk";
-        charset = "utf8mb4";
-      };
-      log = {
-        enabled = true;
-        filename = "./data/artalk.log";
-      };
-      trusted_domains = [
-        "https://blog.hpcesia.com"
-      ];
-      moderator = {
-        pending_default = true;
-        api_fail_block = true;
-        akismet_key = {_secret = config.sops.secrets.artalk-akismet-key.path;};
-      };
-      captcha = {
-        enabled = true;
-        captcha_type = "image";
-      };
-      img_upload.enable = false;
-      email = {
-        enabled = true;
-        send_type = "smtp";
-        send_name = "{{reply_nick}}";
-        send_addr = "info@hpcesia.com";
-        mail_subject = "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复";
-        mail_tpl = "default";
-        smtp = {
-          host = "glacier.mxrouting.net";
-          port = 465;
-          username = "info@hpcesia.com";
-          password = {_secret = config.sops.secrets.artalk-email-password.path;};
-        };
-      };
-      admin_notify = {
-        notify_tpl = "default";
-        notify_pending = true;
-        email = {
-          enabled = true;
-          mail_subject = "[{{site_name}}] 您的文章「{{page_title}}」有新回复";
-        };
-      };
-      auth = {
-        enabled = true;
-        anonymous = true;
-        callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
-        email = {
-          enabled = true;
-          verify_subject = "您的验证码是 - {{code}}";
-          verify_tpl = "default";
-        };
-        github = {
-          enabled = true;
-          client_id = {_secret = config.sops.secrets.artalk-github-client-id.path;};
-          client_secret = {_secret = config.sops.secrets.artalk-github-client-secret.path;};
-        };
-      };
-      frontend = {
-        placeholder = "来都来了,不如说点什么吧!";
-        emoticons = "https://blog.hpcesia.com/assets/emotion.json";
-        gravatar = {
-          mirror = "https://weavatar.com/avatar/";
-          params = "sha256=1&d=mp&s=240";
-        };
-        imgLazyLoad = "native";
-        versionCheck = false;
-      };
-    };
-  };
-}
hosts/chaser-pardofelis/caddy.nix
@@ -14,7 +14,6 @@ in {
   services.caddy = {
     virtualHosts = let
       localAddress = {
-        artalk = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
         atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
         authelia = "http://${
           # Assuming address start with `tcp://`.
@@ -27,10 +26,6 @@ in {
         prometheus = "http://${config.services.victoriametrics.listenAddress}";
       };
     in {
-      "artalk.hpcesia.com".extraConfig = ''
-        encode zstd gzip
-        reverse_proxy ${localAddress.artalk}
-      '';
       "atuin.hpcesia.com".extraConfig = ''
         encode zstd gzip
         reverse_proxy ${localAddress.atuin}
modules/hosts/chaser-pardofelis/default.nix
@@ -19,6 +19,7 @@
         map
         (n: config.flake.modules.nixos."${config.flake.meta.service.prefix}${n}")
         [
+          "artalk"
           "caddy"
           "forgejo"
           "freshrss"
modules/services/artalk/akismet-key.age
Binary file
modules/services/artalk/app-key.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 6exuTfZ/+TVuf4KpvqPSn2mwLICyHBxq/Yhq0dKgZQk
+MzoLdU93aEoEjpMpbXafOMGUOjYxyFHQQV3cPDslOMM
+-> n)P-grease gQb)
+brt1qVx8AEtm4IaKaYssy7ELZn6gGXPDeUAzi4GLfiHjvJMB7LLr+QKlapLkxzWe
+v++0
+--- 281Vjv6FXnh2R5m7PHamDQFEYMt/Q7yxs2GJSukiTXQ
+Tk�; �B�X�7H�z���vU�NJ��0M�����9~\¥��T
�X�
\ No newline at end of file
modules/services/artalk/default.nix
@@ -0,0 +1,112 @@
+{lib, ...}: {
+  flake.modules.nixos."services/artalk" = {config, ...}: {
+    services.artalk = let
+      secrets = config.vaultix.secrets;
+    in {
+      enable = true;
+      settings = {
+        host = "127.0.0.1";
+        port = 23366;
+        app_key = {_secret = secrets.artalk-app-key.path;};
+        debug = false;
+        locale = "zh-CN";
+        timezone = "Asia/Shanghai";
+        login_timeout = 259200;
+        db = {
+          type = "sqlite";
+          file = "./data/artalk.db";
+          user = "artalk";
+          charset = "utf8mb4";
+        };
+        log = {
+          enabled = true;
+          filename = "./data/artalk.log";
+        };
+        trusted_domains = [
+          "https://blog.hpcesia.com"
+        ];
+        moderator = {
+          pending_default = true;
+          api_fail_block = true;
+          akismet_key = {_secret = secrets.artalk-akismet-key.path;};
+        };
+        captcha = {
+          enabled = true;
+          captcha_type = "image";
+        };
+        img_upload.enable = false;
+        email = {
+          enabled = true;
+          send_type = "smtp";
+          send_name = "{{reply_nick}}";
+          send_addr = "info@hpcesia.com";
+          mail_subject = "[{{site_name}}] 您收到了来自 @{{reply_nick}} 的回复";
+          mail_tpl = "default";
+          smtp = {
+            host = "glacier.mxrouting.net";
+            port = 465;
+            username = "info@hpcesia.com";
+            password = {_secret = secrets.artalk-email-password.path;};
+          };
+        };
+        admin_notify = {
+          notify_tpl = "default";
+          notify_pending = true;
+          email = {
+            enabled = true;
+            mail_subject = "[{{site_name}}] 您的文章「{{page_title}}」有新回复";
+          };
+        };
+        auth = {
+          enabled = true;
+          anonymous = true;
+          callback = "https://artalk.hpcesia.com/api/v2/auth/{provider}/callback";
+          email = {
+            enabled = true;
+            verify_subject = "您的验证码是 - {{code}}";
+            verify_tpl = "default";
+          };
+          github = {
+            enabled = true;
+            client_id = {_secret = secrets.artalk-github-client-id.path;};
+            client_secret = {_secret = secrets.artalk-github-client-secret.path;};
+          };
+        };
+        frontend = {
+          placeholder = "来都来了,不如说点什么吧!";
+          emoticons = "https://blog.hpcesia.com/assets/emotion.json";
+          gravatar = {
+            mirror = "https://weavatar.com/avatar/";
+            params = "sha256=1&d=mp&s=240";
+          };
+          imgLazyLoad = "native";
+          versionCheck = false;
+        };
+      };
+    };
+
+    services.caddy.virtualHosts."artalk.hpcesia.com".extraConfig =
+      lib.mkIf config.services.caddy.enable
+      (let
+        localAddress = "http://localhost:${builtins.toString config.services.artalk.settings.port}";
+      in ''
+        encode zstd gzip
+        reverse_proxy ${localAddress}
+      '');
+
+    vaultix.secrets = lib.mkMerge (builtins.map (s: {
+        "artalk-${s}" = {
+          file = lib.path.append ./. "${s}.age";
+          owner = "root";
+          group = "artalk";
+          mode = "0440";
+        };
+      }) [
+        "app-key"
+        "akismet-key"
+        "email-password"
+        "github-client-id"
+        "github-client-secret"
+      ]);
+  };
+}
modules/services/artalk/email-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 /wavjyo1rG+SBuuinswBXjLmpxdh2ZmrOdaKDTULoh8
+Dq/EKT9iQ1xUC7e7QgZ8rB1+eC+vqoF9PAyt5fDrIDU
+-> z&S%zwM-grease $M.v.NGB Z5" ACR>G
+836po7vBkpz2C/OnQHJmeFpg7XpGrmQ8Im/JTa+NtDXlYCunIQ
+--- JrqsXQuME4qQnIiEEvJG+Ub8Btg5j27kPZTbpzUmTQA
+b1<����5��.+�q���P�7�d�?}�h��YB��ƳN�������R����
\ No newline at end of file
modules/services/artalk/github-client-id.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 oZcH0fFl4WCgdT3sjxim97kGy6RzrE4Pe3b4ujsao0w
+9gxmpeSEVm8LCBxxG7yy6Tq0tqFBZj4/6qMMItVBAbc
+-> S$BcO#rJ-grease Kl'G%C, h=LN]8}T b ER_MkcY;
+BCycbQ8tBZs+ngPerwUPwdQ0WjJ9HRsLriH3mtCIapjecioR5FHhzjw4/t8inLux
+0B9j8A
+--- CLoyhuKMIVuIObjsgtnE4xBwxu0Zuc6NOMFwbKUL1mc
+�3)]iZӿ�ǥ�$�Q�4*�]<c��H�-n�#��PV��[K�0P;��LZ�
\ No newline at end of file
modules/services/artalk/github-client-secret.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 Ns+gBiSiXr2B3bNqg8LFpatkvtgOI8zNMDKI+l95aC4
+0lKmOATR0KaNCwgkyNfaSYqew3vThOHQsbLAKSpuJd4
+-> ^:{6-grease rD)_YZ: iX6N2aH ttlm N
+5DQD6raVR3F+SY9G+DceQlpnQPsr2lkDD1gAcSBJSxGmJnKdCnTLBePDxV5j/jH3
+re+FyrhkOu8WBqBPgDK0SFP+eoSnH3syunMnasK0qmmz+tE+V42YaLz9VJ/kieEY
+iQ
+--- O+oT9782dRjjoSJeERG011Icd40kwxpcr1iwNnhlFNQ
+��4��ⅺ������NR���k��|�*�sG�q+A�42GL��`�Ce!��s
+V���!�U��
+S�Oį�
\ No newline at end of file
secrets/cache/pardofelis/4b9eeee8c1b565adbab63d89975464e4304792c075909abbd2ad18125d7b4bdb
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw bhD1R+xlrhHz1otZ0yUIPJx+nmqKJtwJ4t8YdnzMpkw
+q2nW5nIPhKZQ8Qvt9NIis8NLc+MNqlq79v3ft7jVDlQ
+-> |F5ii9-grease 8
+pO40fvwr8xUBh/GCxkDWt9FXCWvWjHw5e6X7bA8WhT+IP3XronMsY0h3sDu9ZOXH
+cVMKZILi
+--- gl8ushlEOnxhlG67qdgl7nTw3+chcDRBaoXim97sA/E
+�y�'�*`gL~cg�:�^��������вRK���d��b#i'��1�Ή
\ No newline at end of file
secrets/cache/pardofelis/50ff6b740f8d459f38ce89001ca34d7278f8e2ef565cdc76a3ad7cea3adffb6c
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw KezRLE9Zao1S/GZhJM/+8DsBXbgh7Xm7MpG6lyvYBHo
+L7QNiNTAnkqyPfBjkP1GE1lJ2JVJNwou0U4w71tjpZ4
+-> {-grease Pn\H` yTA
+vXQ54a6V6dQsFr6R/YGnetu/uQ546ZdjM/1kBOnINTURECNK2fYunrWbrUE
+--- lXF96ouyE6/Ug2WhF9EVkfMqEDSea6iCoEo2o5ExS7c
+�����"�(<i��et]td���k�K=O�k�U���
+�g��y�ڐ�
\ No newline at end of file
secrets/cache/pardofelis/5d1ad91bf08ce21552ea8c9b93b13389789f7eb05947ae4d400a831ce8591853
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw BYEhkpEbORYlF5DjbdxZE+MUFkgeAvtBvD5dwk0DETo
+2t1SVUxdSjwsqIm5wLsc4pIRh7jHd9rjoY9m3feSbt8
+-> 9-grease %KHf `sYu! EQW y]v
+yEaAmiMHB6dbgi15Z39XrwS6v+0coFrcZHa1ph7vxZzXBzRobIFkaD2MWiu5b8vT
+cQVcBSv2XSuw108Vr8NoGQjT4lozPd/HTiWTsA
+--- 2C4IpEYlyKXxCa7q3UxWKDY15y62wjRziWjIV3Nxo84
+����[
+9ǁ�ħ���ɡ7�
@f2^y�3f �0����=i�
\ No newline at end of file
secrets/cache/pardofelis/c4e0b6fc66d4ecf93c0d2902c0006950bb1fcef61dec8ffe73283deb8e94a7dc
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw CjHBi+U9msdcP0P3gSAirjQ7LOR4P5OCPKsbd0qAPwk
+zIwVzBShr0m1c+V09gPD4yAInE7e1rkNfw6KxP3h7As
+-> }mT-grease rp@og$b Wmsx{t_- %
+KskFnRT/CpIBtfqw2XRfrEj1wADfHsawMDlfHwzTqFRgTxd7Jt3Yt7uxlUugLUul
+ZK17YUXR0Ko
+--- b4rn/Z5bYA03n2pzygy1cY12PRR3h9gkBHxq12dqllU
+��mV�����5s��V��!�I��<��0v������r��/�	�yԧaWC&�n��$
\ No newline at end of file
secrets/cache/pardofelis/f9791632c2a70caa5ab24d75d7c1957d9733ca608aa6be64eefa56dd4ddf0564
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw ri5bkfLgUOsdDxb5OkX48Wvcz4DA7zEskNLq34ErEEc
+j7Qo4E424Xi5Cr4JDaLH3pSDkCW7fRWwGGFW4hJDbQw
+-> O'KR&r-grease vfgg
+ihEWuxCyHxDnHupt2Wx9Fj5X1QuG8pCZqUeY45p2938hAh54Jd8pskT1iX1cJ2gR
+5MTCNJVNQxTNwscF
+--- k3021E60LB70s8p6SJpL+hR2d3v5I9zrLlmaOSPh6WU
+:
+����^�Y��*΀�����T��o�0yEƣ��-/�/���L��y8
+�Eq�s�Ţ"{3�n><aU�
\ No newline at end of file