diff --git a/configuration.nix b/configuration.nix index 13dfa75..8267443 100644 --- a/configuration.nix +++ b/configuration.nix @@ -226,13 +226,16 @@ with pkgs; owner = "acme"; group = "nginx"; }; - secrets.wallabag.file = secrets/wallabag.age; - secrets.wallabag-postgres.file = secrets/wallabag-postgres.age; secrets.microbin = { file = secrets/microbin.age; owner = "63026"; group = "63026"; }; + secrets.readeck = { + file = secrets/readeck.age; + owner = "63026"; + group = "63026"; + }; identityPaths = [ "/etc/ssh/id_ed25519" ]; }; diff --git a/modules/containers.nix b/modules/containers.nix index 4ac78e4..2ab51d2 100644 --- a/modules/containers.nix +++ b/modules/containers.nix @@ -44,31 +44,9 @@ ports = [ "127.0.0.1:9090:8080" ]; volumes = [ "/vault/opodsync:/var/www/server/data" ]; }; - # Wallabag - wallabag = { - image = "wallabag/wallabag@sha256:0d6602bbca0b0393f04f491788031e43b075e57b3eaec1873b17a136b662edaa"; - environmentFiles = [ config.age.secrets.wallabag.path ]; - dependsOn = [ "postgresql" ]; - extraOptions = [ "--pod=wallabag-pod" ]; - }; - # Wallabag database - postgresql = { - image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e"; - environmentFiles = [ config.age.secrets.wallabag-postgres.path ]; - extraOptions = [ "--pod=wallabag-pod" ]; - volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ]; - }; }; }; }; - # Allow networking between Wallabag and Postgresql - systemd.services.create-wallabag-pod = { - serviceConfig.Type = "oneshot"; - wantedBy = [ "podman-postgresql.service" ]; - script = with pkgs; '' - ${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80' - ''; - }; # Start services after ZFS mount systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ]; diff --git a/modules/information.nix b/modules/information.nix index e873a5a..ccff052 100644 --- a/modules/information.nix +++ b/modules/information.nix @@ -24,4 +24,21 @@ }; }; + # Readeck configuration + services.readeck = { + enable = true; + settings = { + server = { + host = "127.0.0.1"; + port = 9092; + allowed_hosts = [ "read.psydnd.org" ]; + trusted_proxies = [ "127.0.0.1" ]; + environmentFile = config.age.secrets.readeck.path; + }; + }; + }; + + # NOTE Load credentials using environment variables + systemd.services.readeck.serviceConfig.EnvironmentFile = config.age.secrets.readeck.path; + } diff --git a/modules/webstack.nix b/modules/webstack.nix index fe7142a..b194f91 100644 --- a/modules/webstack.nix +++ b/modules/webstack.nix @@ -134,18 +134,6 @@ }; }; }; - "wallabag.psydnd.org" = { - useACMEHost = "psydnd.org"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:8090/"; - extraConfig = '' - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - }; "books.psydnd.org" = { useACMEHost = "psydnd.org"; forceSSL = true; @@ -176,6 +164,11 @@ forceSSL = true; locations."/".proxyPass = "http://localhost:9091/"; }; + "read.psydnd.org" = { + useACMEHost = "psydnd.org"; + forceSSL = true; + locations."/".proxyPass = "http://localhost:9092/"; + }; }; }; diff --git a/secrets/readeck.age b/secrets/readeck.age new file mode 100644 index 0000000..074f703 Binary files /dev/null and b/secrets/readeck.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 40560d2..1a6b1cd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,7 +19,6 @@ in "inadyn-porkbun.age".publicKeys = [ zion ]; "acme-duckdns.age".publicKeys = [ zion ]; "acme-porkbun.age".publicKeys = [ zion ]; - "wallabag.age".publicKeys = [ zion ]; - "wallabag-postgres.age".publicKeys = [ zion ]; "microbin.age".publicKeys = [ zion ]; + "readeck.age".publicKeys = [ zion ]; }