privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

VEGAS/blog: drop

Browse source
This commit is contained in:
Max Headroom 2022-07-31 20:33:35 +02:00
parent 44ab70a438
commit e11484050d
4 changed files with 0 additions and 128 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
hosts/VEGAS/services/blog/default.nix
View file

@ -1,113 +0,0 @@
{ config, inputs, lib, pkgs, tools, ... }:
let
inherit (tools.meta) domain;
flakePkgs = inputs.self.packages.${pkgs.system};
mapPaths = lib.mapAttrsRecursive (
path: value: lib.nameValuePair
(lib.concatStringsSep "__" path)
(builtins.toString value)
);
translateConfig = config: lib.listToAttrs (
lib.collect
(x: x ? name && x ? value)
(mapPaths config)
);
contentPath = "/srv/storage/private/ghost";
in
{
age.secrets.ghost-secrets = {
file = ../../../../secrets/ghost-secrets.age;
mode = "0400";
};
links.ghost.protocol = "http";
users.users.ghost = {
isSystemUser = true;
home = "${contentPath}/.home";
group = "ghost";
};
users.groups.ghost = {};
systemd.tmpfiles.rules = [
"d '${contentPath}' 0700 ghost ghost - -"
"d '${contentPath}/data' 0755 ghost ghost - -"
"d '${contentPath}/logs' 0755 ghost ghost - -"
"d '${contentPath}/themes' 0755 ghost ghost - -"
"L+ '${contentPath}/themes/casper' - - - - ${flakePkgs.ghost}/lib/node_modules/ghost/content/themes/casper"
];
systemd.services.ghost = {
wantedBy = [ "multi-user.target" ];
after = [ "mysql.service" ];
serviceConfig = {
User = "ghost";
Group = "ghost";
ProtectSystem = "strict";
ReadWritePaths = [ contentPath ];
ProtectHome = "tmpfs";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
LockPersonality = true;
SystemCallArchitectures = [ "native" ];
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ExecStart = flakePkgs.ghost + /bin/ghost;
EnvironmentFile = config.age.secrets.ghost-secrets.path;
};
environment = translateConfig {
NODE_ENV = "production";
url = "https://blog.${domain}";
database = {
client = "mysql";
connection = {
host = "127.0.0.1";
database = "ghost";
user = "ghost";
# TODO: set password in secrets
};
};
server = {
host = "127.0.0.1";
inherit (config.links.ghost) port;
};
privacy.useTinfoil = true;
paths = {
inherit contentPath;
};
};
};
services.nginx.virtualHosts."blog.${domain}" = tools.nginx.vhosts.proxy config.links.ghost.url;
}

1
hosts/VEGAS/system.nix
View file

@ -19,7 +19,6 @@
./services/api ./services/api
./services/backbone-routing ./services/backbone-routing
./services/bitwarden ./services/bitwarden
./services/blog
./services/dns ./services/dns
./services/fbi ./services/fbi
./services/gitlab ./services/gitlab

13
secrets/ghost-secrets.age
View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A o4wRZtz5LwvYgjprsAP5dyx4rmdC28lIT0RHnbQRo38
ndrXGHnOS+eiA0RFfjyYXpssJP1e9nC9rqEfarxo3oU
-> ssh-ed25519 5/zT0w YGbSNqtv+lBA60PhKRU/bCaNgDSXHgb+4pK/ZthsAgY
rbZbvu9Zh/78ie8m0LnraFPa6jqRUPZzrUPa0JrAYPY
-> ssh-ed25519 d3WGuA ks0xB6TgO6gzxoJkjX3xLmTTXeGHIKNOfPCP/e52kAg
wCuHg+Qk8icD0aX89V9m9iTzUoznUrZpsaCjX9JSXWs
-> q,M-grease
vK7mhSJIyJVsPBaGRPwP502a3aLZoOPeK+Nr+ApbluoeZmRg7fhirBrlVjRcJVJR
IaiNUg
--- ob1Ht4CIcaJpGvQ28RR2Cu8LqtZgzMJ7dGozZXH0Gu8
ú_SD¬À
Ðu+6Ê6´ÍЂ–>{šfÇõ9­¤Ç¾€]Ðð<C390>»Ìëer<65>ù¨<C3B9>Ç5nyIƒŠmåể-<2D>ìcµG΃³õx pf[äF9[ÚcâEßK®d [öT¿ÿ3QÀ7Ý8£dÇYpNÁÍbêÏ™&ÂŽ€½g3¥m<E28099>e(dC-;oÊ;EÂè-ȇwXEÃx.xeAU c!««»¸bÎO>ùR騇íQ-£ÖvD•<44>>

1
secrets/secrets.nix
View file

@ -6,7 +6,6 @@ in with hosts;
{ {
"acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"ghost-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];