From 7491e221d34a15e51a5f789f66811344f49a10a4 Mon Sep 17 00:00:00 2001
From: Jeltz <jeltz@federez.net>
Date: Fri, 9 Aug 2024 05:48:12 +0200
Subject: [PATCH] discourse: init (wip)

Incomplete installation of Discourse on pendragon.

Missing in particular are emails (both outgoing and incoming).

Signed-off-by: Jeltz <jeltz@federez.net>
---
 hive.nix                       |  17 +++++++++++++++++
 profiles/discourse.nix         |  19 +++++++++++++++++++
 secrets/discourse-key-base.age | Bin 0 -> 1859 bytes
 secrets/secrets.nix            |   5 ++++-
 4 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 profiles/discourse.nix
 create mode 100644 secrets/discourse-key-base.age

diff --git a/hive.nix b/hive.nix
index fd93914..b8e6a25 100644
--- a/hive.nix
+++ b/hive.nix
@@ -134,4 +134,21 @@ in
       ./profiles/gitlab.nix
     ];
   };
+
+  pendragon = { name, nodes, ... }: {
+    deployment.tags = [ "discourse" ];
+    deployment.targetHost = "pendragon.federez.net";
+    federez.monitoring.apiKey = "370a181d-6b00-4c3d-af27-ca65e6e4c1b0";
+    networking.hostName = name;
+
+    glucagon.networking = {
+      nibble = 233;
+      wan-mac = "BC:24:11:C2:AA:47";
+    };
+
+    imports = [
+      ./profiles/vm.nix
+      ./profiles/discourse.nix
+    ];
+  };
 }
diff --git a/profiles/discourse.nix b/profiles/discourse.nix
new file mode 100644
index 0000000..2bf016d
--- /dev/null
+++ b/profiles/discourse.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }: {
+  age.secrets.discourse-key-base = {
+    file = ../secrets/discourse-key-base.age;
+    owner = "discourse";
+    group = "discourse";
+  };
+
+  services.postgresql.package = pkgs.postgresql_13;
+
+  services.discourse = {
+    enable = true;
+    hostname = "forum.federez.net";
+    secretKeyBaseFile = config.age.secrets.discourse-key-base.path;
+    # TODO(jeltz): mail
+    admin.skipCreate = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/secrets/discourse-key-base.age b/secrets/discourse-key-base.age
new file mode 100644
index 0000000000000000000000000000000000000000..424fbee03aa1ab920ea4445840c82fd7b1672d21
GIT binary patch
literal 1859
zcmZ9M%ggKr0mWSv2?cK}UFn5S6e)(!WHL!+0!2tNnLH+w*GygmF7kfApOcohA}I9g
zLfj~&3sIyCDN+TMt}5777rGHD6a;T~cU95L)s5H1x9MN-gL8i8I8ksLlwNzS`=lzr
zS+x-~u7KNb-E>`i8~6x@t%#dyN2={~6W~q?ITGb;5`Jun^030{86As`G#E8G(K#ZQ
zjzC|O)CQ)-A$zAA>nOKnKZe+D&4MS0Mwb}{cd~huO@n5wkU7D3w6=3@veu+U72vn{
zndAm4M{}ZIE?bDn-Rt?lMFqnqNJ}k+i<*K1MT|$DAyC`Glpf)*5?u*dg1`k}NYA^3
z>7cPKPXvA}Au=g0ebe#`M2>rQ$?0>d!4hXFP$@HtCrR*8m8zXo=^eB&0W(bO^G=C_
z^=M{DOEg9zjLF^$Bj_SJkhOP66D*j(qr<UOYphc9MI@R2*rJ;TyvD$iAX?d3UG0{5
z4<8S!SXeY=E7zNi*sJE8t2T=<BzHb-bt&qoHGI8JId{@mJ+_D;4DgzxM}sr8Rzv#o
z(*Pn3Ejc;Bk5YYA6gnTzV6wH&OF>hv+!P&w4BoyMbAy2TsZfAP?mGpAhHC5iLWUPf
z<s2FHF73N+p>a|@_2y)6=PW@&1T)t&O3!%6!^VK;+o6bO?Hp~_l}&k}4qGT-RPw}m
zjY1c@2G6gS>PEyU8a2ENdjpj`(L?i{>n2{pe3k}l#6}@+oRn0~XCy}TcBSpilXs~y
zP>xDv+|)RIv|S<Gpl6!3wFrPVx>BK`6Y@e@8%Km^Yi8jW?6l)+DnR_KYEmNxG0*Mp
zX#Y1U6+tGSfRJa7&dTE&JR8s}*Aya@cvzL9I0D(LK-aBu^t?bA2cfX@Gm3i`OEDFg
z#oSeCP*=bsR~-%~spGd=nMbL6&0%DF^hNrh8erO&vU+y#h-1T;whBzLM?50p(`+94
z!qd<#5Ttgm7v;>k6YQ=XL#N@~(^l~aCtSiDh<rv)>fA9oi|s3k9Sj+E0xzi2mf=jU
zPJxbz@uM!o`$3v?c2pD{(cI$9_B<i3y=H+(5t^JS5QLHuBA-*NJ>4<<=776AFQqLo
z_Mun>E0mG;TC0K3!J_q&u@awSU6|0sst92u#++=p@U5}qUC`3ovzn4+@zk4g4X~HP
znaoURVmHZB4?#a7yB2J^Y)2sBRM&GI^=N#UPGYX-jnLKCA`?|`@}exAO@RPFt0ec8
zAbMDxxlCwxtBc!(!w9F7U}07_^lI1%@`;BOgZH<4HV!ChREFG{g+197Kuuh)(vc!d
zk(HNnv-K;VD@Wu|D7sUhF??o`Hr@4yrXB2|!^^VscZlw+V<e=y!XN>JlZe&0>d`dA
z-NIO9OQLhRby`#9gl}yxEwYO%o<}T)Yy=$Ef(`TOHVmS`NosO)0^C~U8fL>b;yN5!
zw5HdloHVUhOVm!nXJUVX(;+NGjCB^7J@SSn@UUnTgiG6Tyn=vk<n-;FXd0A^%;icM
z2F*je+*Rcm7NzO3r?b{)XphyiJCE-+n(|iobTud*?=jKTnh0cLBu^<e%c<~+tjJ|N
zVAcp9=(S`SGgRt8(ol&p4E&ga{;@V!)47!`kQ%5aY8Sg{wS#!ly)bQ$$IsG+Vl$iM
zjXmxl??OAJ5hG2>5U5w?frulyh|YDkw?miHl@TJGLIuXBcbKQbu~Wk_ya+Y#&)m~j
z)Z``;qdaZ=DP^c-&8%u3xV^o-*<c)sdZ@pq*ZoWtIC$_`5Nw%p<vK<~U{1u7il3WB
z%mdHHpFR%KH~#8={K|*#z4PS7=l=4rf9}bbU;5p<&-`Zh>ib{&)4jic#eVS0-+uA%
z^-tda@cGXzb@%%xAL;+CK7RDzhoXP4{qgIsJ?g*v<~{M(AI;yp|KQVS9wuM>!3+QX
z{=1(iK6rk9<Ha@qlSeOL$FFA#@anI=`lEla|NPk>qv)N7_xnG*`K4ce<E`IrsJGv{
jdA5D~wLgF7<$vA(xwC%xKVNw3@Y3VQ$WPO6e{%XCW%_)O

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 6ca386c..ea4fc61 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -5,6 +5,7 @@ let
   lagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8fiqJw9RvVVQghG0OVKsXAkBcWox4JsozfxToLAiIK root@lagon";
   klingon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/P58bPqi8yTl12jpP8oFcYG7S8j1WpfgqwZz+EuQqy root@kligon";
   aragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUDEhYDtCLI4ypIXhimPjleiGUI3lOTv5LntzNEPM1p root@aragon";
+  pendragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrJwgqLnGuUpUFacXLphiu8vUthVD4mA4a3Uytl5eSD root@pendragon";
   # Add yourself.
   raito = readKeyFile ../pubkeys/raito.keys;
   bensmrs = readKeyFile ../pubkeys/bensmrs.keys;
@@ -17,7 +18,8 @@ let
   vaultwarden-admins = active-admins;
   keycloak-admins = active-admins;
   ldap-bind-admins = active-admins;
-  servers = [ estragon wagon lagon klingon aragon ];
+  discourse-admins = active-admins;
+  servers = [ estragon wagon lagon klingon aragon pendragon ];
 in
   {
     "matrix-shared-secret.age".publicKeys = [ estragon ] ++ matrix-admins;
@@ -25,4 +27,5 @@ in
     "vaultwarden-secrets.age".publicKeys = [ wagon ] ++ vaultwarden-admins;
     "keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins;
     "ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins;
+    "discourse-key-base.age".publicKeys = [ pendragon ] ++ discourse-admins;
   }