From 71eab709e772956f58b3f12d7af4374e20f80d35 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Fri, 16 Aug 2024 15:23:55 +0200 Subject: [PATCH] Let's see if we can run writefreely like this :) --- nixos/hosts/queen/secrets/sops.yaml | 7 ++--- .../package-configs/writefreely/default.nix | 26 +++++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 nixos/server/package-configs/writefreely/default.nix diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index d8c5ab7..68d0e73 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -11,6 +11,7 @@ lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str] grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str] sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str] +writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] sops: kms: [] gcp_kms: [] @@ -26,8 +27,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-04T16:38:10Z" - mac: ENC[AES256_GCM,data:KqkNjZe/rMhiWNS3SeYHm+b23u1LD1jq3f0+jB/BVmy6pDQDTNgA/wWHF/HcorU2Z7TOdjofJPuvRuF6C8ec4RCtTxX2ubIYWV4H3BynYxrEuEsIN8EnPJDcFFc92n9PKzoWnHo2NK1a4ZX+DxYVjDDdjhOMWj/kqWRWZRU+qEw=,iv:rarq3mCSfDFzbIdSIe+3mTNTnoZwFZ2uPkYMGt/xqos=,tag:rCD6SUpwOktRo7fM3Irv7g==,type:str] + lastmodified: "2024-08-16T13:19:27Z" + mac: ENC[AES256_GCM,data:C/wU6gDxhgkmzFEOw+NJNRNyDctnCgt8/FsJUhysJ18f344GlCZcLNTOKT04bklfP1y/LGWeALZPWB5crump3k2YuK6kwQsoOkder9BO2GY/bPaLty03KY5xALYFP7vQwfLx7Z/pO76jHVRT19Eh0/tXqb0BHs8qXtvot81g5HU=,iv:GbEt2IFMc/QaUCOcrVhjYVbLUh4monovspYl9DxTA/w=,tag:5dt+5yK/kNOhkn56ufYDxg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/nixos/server/package-configs/writefreely/default.nix b/nixos/server/package-configs/writefreely/default.nix new file mode 100644 index 0000000..e196004 --- /dev/null +++ b/nixos/server/package-configs/writefreely/default.nix @@ -0,0 +1,26 @@ +{ + config, + pkgs, + ... +}: { + sops.secrets."writefreely".mode = "0440"; + sops.secrets."writefreely".owner = config.users.users.writefreely.name; + services.writefreely = { + enable = true; + host = "writefreely.gladtherescake.eu"; + nginx.enable = true; + nginx.forceSSL = true; + acme.enable = true; + database = { + type = "mysql"; + createLocally = true; + }; + admin = { + initialPasswordFile = config.sops.secrets."writefreely".path; + name = "GLaDTheresCake"; + }; + settings = { + server.port = "15763"; + }; + }; +}