From 60e99627ac28506aaa3f6016e6b248c8e077a6cb Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Tue, 1 Aug 2023 12:39:55 -0600 Subject: [PATCH] h: setup writefreely --- flake.lock | 8 ++++---- hosts/h/default.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 611b899..37a9617 100644 --- a/flake.lock +++ b/flake.lock @@ -437,11 +437,11 @@ "stable": "stable_2" }, "locked": { - "lastModified": 1690836207, - "narHash": "sha256-GirSUj6lEt70t6mZQAVI3UHyu9fkjwNSgUfXoGIUFU0=", + "lastModified": 1690910764, + "narHash": "sha256-Ht1SPBO9P8E6o+uDHGxrxxHzwQSPIHX9UVul7Gm3H8E=", "ref": "main", - "rev": "af2e01fe2f0933fa05ce7f4ac21107ed86b45596", - "revCount": 102, + "rev": "aed78dca541375cf08d5fc994d8aac15958ed4cb", + "revCount": 103, "type": "git", "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git" }, diff --git a/hosts/h/default.nix b/hosts/h/default.nix index e83912a..ff25f18 100644 --- a/hosts/h/default.nix +++ b/hosts/h/default.nix @@ -150,6 +150,11 @@ in { owner = config.services.tsrevprox.user; sopsFile = config.xin-secrets.h.services; }; + writefreely = { + mode = "400"; + owner = config.services.writefreely.user; + sopsFile = config.xin-secrets.h.services; + }; }; networking = { @@ -411,6 +416,7 @@ in { "/var/lib/mcchunkie" "/var/lib/taskserver" "/var/lib/heisenbridge" + "/var/lib/writefreely" ]; timerConfig = {OnCalendar = "00:05";}; @@ -420,6 +426,26 @@ in { }; }; + writefreely = { + enable = true; + host = "arst.lol"; + settings = { + server.port = 3287; + app = { + single_user = true; + min_username_len = 4; + federation = true; + monetization = false; + wf_modesty = true; + }; + }; + database.migrate = true; + admin = { + name = "qbit"; + initialPasswordFile = "${config.sops.secrets.writefreely.path}"; + }; + }; + nginx = { enable = true; @@ -491,6 +517,22 @@ in { proxyPass = "http://localhost:9009/weechat"; }; }; + "arst.lol" = { + forceSSL = true; + enableACME = true; + root = "/var/www/arst.lol"; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:${ + toString config.services.writefreely.settings.server.port + }"; + }; + }; + #"embracethe.lol" = { + # forceSSL = true; + # enableACME = true; + # root = "/var/www/embracethe.lol"; + #}; "notes.suah.dev" = { forceSSL = true; enableACME = true;