diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index bb66461..fefa991 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -17,6 +17,7 @@ ../../modules/nixos/monitoring/promtail.nix ../../modules/nixos/ntfy-sh.nix ../../modules/nixos/searx.nix + ../../modules/nixos/wakapi.nix ]; sops.secrets = { @@ -43,6 +44,10 @@ plausible_key = { sopsFile = ./secrets.yaml; }; + + wakapi_salt = { + sopsFile = ./secrets.yaml; + }; }; boot = { diff --git a/hosts/arcturus/secrets.yaml b/hosts/arcturus/secrets.yaml index a915629..8fd48b7 100644 --- a/hosts/arcturus/secrets.yaml +++ b/hosts/arcturus/secrets.yaml @@ -2,6 +2,7 @@ borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKr searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str] plausible_password: ENC[AES256_GCM,data:B0r2UuFqmz9i5yxbTCg=,iv:u6jZKJ1n15W0xH+UzNfvU1fHy3jDHZjs55nSW+0KoEo=,tag:tN0dunetZUPm/tsYAvDOzg==,type:str] plausible_key: ENC[AES256_GCM,data:Ynf2aJ6RLRdAkT9ltLpCXTl8zg/VESDchlf67PmKjc93rSfDgq9tFqv1q55Km2lDo7y9iLu5WyLLg24CSSwy8Q==,iv:yW5hgP4dhfkvunv3iYmXGEH9w29OOmrG4ourPagslVg=,tag:C5PVfEseP5gJdoQQL4gERQ==,type:str] +wakapi_salt: ENC[AES256_GCM,data:Vk5Lezv0f/0ehHqXXBCsQxWFYE2KFujTfII0r7Gd1BXFrwiPEdX62aZ+9LQx7s1RTHh0n+LP/5t0cmHO/fJhGw==,iv:ZUlRwNXUCQ53Lymi9fO4qoBWjLpHVWfTnYM0Z1I6F5o=,tag:dadkEKV7paH4+qAz7Bxxqg==,type:str] cloudflare_credentials: email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str] dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str] @@ -29,8 +30,8 @@ sops: NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9 uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-29T03:57:54Z" - mac: ENC[AES256_GCM,data:rQe7AKr5nY2hgIlVndBizG7Qnh4NgWerav/7VfU9n5ZqY8FO2ojPO7HCIRJggsMUXNNcsrj7oxLvsEDH4IwCnOySM5zrouQY20RL4eBBZ8W+fZERRGEZ8sQCey6Jt/w1sIP/eCVQMlL6RDqX7yTy0my0Ufu6pkGNELl4i+kui9c=,iv:bq64/7j23uF/Qm6xTv9xnrjTKyaFjI2HjTSSVfTw8aE=,tag:N6SQk+QSq0zCZZRA5DNouw==,type:str] + lastmodified: "2024-09-29T05:10:28Z" + mac: ENC[AES256_GCM,data:pMOHJ4X52riV5ZRrENjy2pNpClmd33eFQwDZeiAf17nb3T5fHEfUDzOWkJBjNcxW1+ekjvcfREMNz7ny+x+yG52WrOBldvHO5MiQ/SaKXdzDD33uREnlBVXgp19feu2WdhW4cRvEu/vKILSVqGwNZvD1zMIQbRHIqymIXlxVFlg=,iv:BU3x8clOZ4HyWSOT6u+1Cf7zdrc1h9+9MUNurcezNAY=,tag:jt/45ZMiz94ENch7eCvDNA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix index 397a03e..f79085b 100644 --- a/modules/nixos/postgresql.nix +++ b/modules/nixos/postgresql.nix @@ -9,6 +9,7 @@ ensureDatabases = [ "plausible" + "wakapi" ]; ensureUsers = [ { @@ -25,6 +26,10 @@ name = "plausible"; ensureDBOwnership = true; } + { + name = "wakapi"; + ensureDBOwnership = true; + } ]; checkConfig = true; diff --git a/modules/nixos/wakapi.nix b/modules/nixos/wakapi.nix new file mode 100644 index 0000000..b96ee3a --- /dev/null +++ b/modules/nixos/wakapi.nix @@ -0,0 +1,49 @@ +{ + lib, + config, + ... +}: { + services = { + wakapi = { + enable = true; + passwordSaltFile = config.sops.secrets.wakapi_salt.path; + settings = { + app.avatar_url_template = "https://www.gravatar.com/avatar/{email_hash}.png"; + + server = { + port = 15999; + public_url = "https://wakapi.tux.rs"; + }; + + db = { + dialect = "postgres"; + host = "/run/postgresql"; + port = 5432; + name = "wakapi"; + user = "wakapi"; + }; + + security = { + allow_signup = false; + disable_frontpage = true; + }; + }; + }; + + nginx = { + enable = lib.mkForce true; + virtualHosts = { + "wakapi.tux.rs" = { + forceSSL = true; + useACMEHost = "tux.rs"; + locations = { + "/" = { + proxyPass = "http://localhost:15999"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + }; +}