feat(public): add listmonk instance on news.forkos.org
To prepare for public communications and updates. Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
parent
8c35dfa8e0
commit
58c0dd3d2e
|
@ -12,6 +12,10 @@
|
||||||
bagel.sysadmin.enable = true;
|
bagel.sysadmin.enable = true;
|
||||||
# Buildbot is proxied.
|
# Buildbot is proxied.
|
||||||
bagel.raito.v6-proxy-awareness.enable = true;
|
bagel.raito.v6-proxy-awareness.enable = true;
|
||||||
|
bagel.newsletter = {
|
||||||
|
enable = true;
|
||||||
|
domain = "news.forkos.org";
|
||||||
|
};
|
||||||
bagel.hardware.raito-vm = {
|
bagel.hardware.raito-vm = {
|
||||||
enable = true;
|
enable = true;
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
@ -34,6 +34,8 @@ let
|
||||||
|
|
||||||
postgres-ca-priv = [ machines.bagel-box ];
|
postgres-ca-priv = [ machines.bagel-box ];
|
||||||
postgres-tls-priv = [ machines.bagel-box ];
|
postgres-tls-priv = [ machines.bagel-box ];
|
||||||
|
|
||||||
|
newsletter-secrets = [ machines.public01 ];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
builtins.listToAttrs (
|
builtins.listToAttrs (
|
||||||
|
|
20
secrets/newsletter-secrets.age
Normal file
20
secrets/newsletter-secrets.age
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 CyxfgQ LLKBR/y/57Y/1TYqjp8KLEQhJ7FUORnXU47vD7KCvFQ
|
||||||
|
8Fv7pvlK76uBC2ff7tnHDWlqlKCsiHicLgVNWXt1GwM
|
||||||
|
-> ssh-ed25519 K3b7BA +XXalaNGAVKwZFNIFesJnxqXlRVajMEEk4isESG9+Q8
|
||||||
|
LXPCdJcZ0noqQyHlskyhDTfP8A7PCM6I2mV4bfv1GAI
|
||||||
|
-> ssh-ed25519 +qVung WwNv3STfTW9bcluV1Y/MncsYshU+XRU4CW0IZdkTVgo
|
||||||
|
ZauuA39WxZ5DnxTjIJjMUWhGNOS9rM3VekOZzRQJKDw
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
PJu9tYtGzFlgSeAeEFuxk2OkSEXPxcAnwRr1wgvxR2WfIUpN+5G5nQ08ABQDNHoc
|
||||||
|
v3kpEKXvBgT6yvDk6p8W/DPVjQ9f6wREYxJJnOwzgfw7DeP9YAJ9XDdkh4/ToFLo
|
||||||
|
th67fPjL0awdBF064osJAadyuiop6kqp2C3k19IZbFd4tCEctVK0kAEameMWMjkx
|
||||||
|
/BV6EqZ7qDupj4Mq0RjXRgdHivR+twmLVqHbq814k5D2syrfnv+5Mt2Th2yUiKMT
|
||||||
|
nEX+fQqU90Nbu9t7MtlI7KX0WYWna58sfM3t+taFj1V5khW64S+/1bOml8D20K2Z
|
||||||
|
K2hiwd5SgPV9Qza5yoVJqg
|
||||||
|
-> ssh-ed25519 /vwQcQ pVGCyA58zXp+mblJucT0YW4FvMy1PsZpUebSJNv4axg
|
||||||
|
IMLJuX5CmBARC/q7F5NTf7lQZsOfVlsJjYPOcm3jM1w
|
||||||
|
-> ssh-ed25519 0R97PA rSjAkrTvPKrEJ6HFOHkhxLEfCpmWgE8G+r2vTszwHnw
|
||||||
|
UNrfN/5y2JZPybuniGpL1Gd+XCEDN7KzVh7HjU+C7hg
|
||||||
|
--- BaRg9iHv5VcOx/UJbAgjefJTPGoM68kiOXBHIk25vOA
|
||||||
|
Q<EFBFBD>7クケツ-稿=フ岡/スキsi軅aDィコ<10>吠ユ撚<1D>ヨヘ埋j{堂<>ウYスJ旒ス斥B-0~<7E>ウqLュ"汎マ:ェッフL'~{X<>i奓湊2ヨブ疂<EFBE9E>
|
|
@ -10,5 +10,6 @@
|
||||||
./forgejo
|
./forgejo
|
||||||
./baremetal-builder
|
./baremetal-builder
|
||||||
./buildbot
|
./buildbot
|
||||||
|
./newsletter
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
43
services/newsletter/default.nix
Normal file
43
services/newsletter/default.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.bagel.newsletter;
|
||||||
|
inherit (lib) mkIf mkOption mkEnableOption types;
|
||||||
|
port = 18999;
|
||||||
|
address = "127.0.0.1:${toString port}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.bagel.newsletter = {
|
||||||
|
enable = mkEnableOption "the newsletter web service (listmonk)";
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
age.secrets.newsletter-secrets.file = ../../secrets/newsletter-secrets.age;
|
||||||
|
services.listmonk = {
|
||||||
|
enable = true;
|
||||||
|
secretFile = config.age.secrets.newsletter-secrets.path;
|
||||||
|
settings."app" = {
|
||||||
|
inherit address;
|
||||||
|
admin_username = "admin";
|
||||||
|
};
|
||||||
|
database.createLocally = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
|
services.nginx.virtualHosts."${cfg.domain}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/".proxyPass = "http://${address}";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.listmonk = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "listmonk";
|
||||||
|
};
|
||||||
|
users.groups.listmonk = {};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -85,6 +85,7 @@ in
|
||||||
(record "buildbot" 300 "CNAME" ["buildbot.infra.p"])
|
(record "buildbot" 300 "CNAME" ["buildbot.infra.p"])
|
||||||
(record "b" 300 "CNAME" ["public01.infra.p"])
|
(record "b" 300 "CNAME" ["public01.infra.p"])
|
||||||
(record "postgres" 300 "CNAME" ["bagel-box.infra.p"])
|
(record "postgres" 300 "CNAME" ["bagel-box.infra.p"])
|
||||||
|
(record "news" 3600 "CNAME" ["public01.infra.p"])
|
||||||
|
|
||||||
# S3 in delroth's basement
|
# S3 in delroth's basement
|
||||||
(record "cache" 300 "AAAA" ["2a02:168:6426::12"]) # smol.delroth.net
|
(record "cache" 300 "AAAA" ["2a02:168:6426::12"]) # smol.delroth.net
|
||||||
|
|
Loading…
Reference in a new issue