feat(public): add listmonk instance on news.forkos.org

To prepare for public communications and updates.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-08-21 16:27:00 +02:00
parent 8c35dfa8e0
commit 58c0dd3d2e
6 changed files with 71 additions and 0 deletions

View file

@ -12,6 +12,10 @@
bagel.sysadmin.enable = true; bagel.sysadmin.enable = true;
# Buildbot is proxied. # Buildbot is proxied.
bagel.raito.v6-proxy-awareness.enable = true; bagel.raito.v6-proxy-awareness.enable = true;
bagel.newsletter = {
enable = true;
domain = "news.forkos.org";
};
bagel.hardware.raito-vm = { bagel.hardware.raito-vm = {
enable = true; enable = true;
networking = { networking = {

View file

@ -34,6 +34,8 @@ let
postgres-ca-priv = [ machines.bagel-box ]; postgres-ca-priv = [ machines.bagel-box ];
postgres-tls-priv = [ machines.bagel-box ]; postgres-tls-priv = [ machines.bagel-box ];
newsletter-secrets = [ machines.public01 ];
}; };
in in
builtins.listToAttrs ( builtins.listToAttrs (

View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 CyxfgQ LLKBR/y/57Y/1TYqjp8KLEQhJ7FUORnXU47vD7KCvFQ
8Fv7pvlK76uBC2ff7tnHDWlqlKCsiHicLgVNWXt1GwM
-> ssh-ed25519 K3b7BA +XXalaNGAVKwZFNIFesJnxqXlRVajMEEk4isESG9+Q8
LXPCdJcZ0noqQyHlskyhDTfP8A7PCM6I2mV4bfv1GAI
-> ssh-ed25519 +qVung WwNv3STfTW9bcluV1Y/MncsYshU+XRU4CW0IZdkTVgo
ZauuA39WxZ5DnxTjIJjMUWhGNOS9rM3VekOZzRQJKDw
-> ssh-rsa krWCLQ
PJu9tYtGzFlgSeAeEFuxk2OkSEXPxcAnwRr1wgvxR2WfIUpN+5G5nQ08ABQDNHoc
v3kpEKXvBgT6yvDk6p8W/DPVjQ9f6wREYxJJnOwzgfw7DeP9YAJ9XDdkh4/ToFLo
th67fPjL0awdBF064osJAadyuiop6kqp2C3k19IZbFd4tCEctVK0kAEameMWMjkx
/BV6EqZ7qDupj4Mq0RjXRgdHivR+twmLVqHbq814k5D2syrfnv+5Mt2Th2yUiKMT
nEX+fQqU90Nbu9t7MtlI7KX0WYWna58sfM3t+taFj1V5khW64S+/1bOml8D20K2Z
K2hiwd5SgPV9Qza5yoVJqg
-> ssh-ed25519 /vwQcQ pVGCyA58zXp+mblJucT0YW4FvMy1PsZpUebSJNv4axg
IMLJuX5CmBARC/q7F5NTf7lQZsOfVlsJjYPOcm3jM1w
-> ssh-ed25519 0R97PA rSjAkrTvPKrEJ6HFOHkhxLEfCpmWgE8G+r2vTszwHnw
UNrfN/5y2JZPybuniGpL1Gd+XCEDN7KzVh7HjU+C7hg
--- BaRg9iHv5VcOx/UJbAgjefJTPGoM68kiOXBHIk25vOA
Q<EFBFBD>7クケツ-稿=フ岡/スキsi軅aDィコ<10>吠ユ撚<1D>ヨヘ埋j{ <>ウYスJ旒ス斥B-0~<7E> qLュ"汎マ:ェッフL'€~{X<>i奓湊2ヨブ疂<EFBE9E>

View file

@ -10,5 +10,6 @@
./forgejo ./forgejo
./baremetal-builder ./baremetal-builder
./buildbot ./buildbot
./newsletter
]; ];
} }

View file

@ -0,0 +1,43 @@
{ config, lib, ... }:
let
cfg = config.bagel.newsletter;
inherit (lib) mkIf mkOption mkEnableOption types;
port = 18999;
address = "127.0.0.1:${toString port}";
in
{
options.bagel.newsletter = {
enable = mkEnableOption "the newsletter web service (listmonk)";
domain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
age.secrets.newsletter-secrets.file = ../../secrets/newsletter-secrets.age;
services.listmonk = {
enable = true;
secretFile = config.age.secrets.newsletter-secrets.path;
settings."app" = {
inherit address;
admin_username = "admin";
};
database.createLocally = true;
};
services.nginx.enable = true;
services.nginx.virtualHosts."${cfg.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${address}";
};
users.users.listmonk = {
isSystemUser = true;
group = "listmonk";
};
users.groups.listmonk = {};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

View file

@ -85,6 +85,7 @@ in
(record "buildbot" 300 "CNAME" ["buildbot.infra.p"]) (record "buildbot" 300 "CNAME" ["buildbot.infra.p"])
(record "b" 300 "CNAME" ["public01.infra.p"]) (record "b" 300 "CNAME" ["public01.infra.p"])
(record "postgres" 300 "CNAME" ["bagel-box.infra.p"]) (record "postgres" 300 "CNAME" ["bagel-box.infra.p"])
(record "news" 3600 "CNAME" ["public01.infra.p"])
# S3 in delroth's basement # S3 in delroth's basement
(record "cache" 300 "AAAA" ["2a02:168:6426::12"]) # smol.delroth.net (record "cache" 300 "AAAA" ["2a02:168:6426::12"]) # smol.delroth.net