federez/nix
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

discourse: init (wip)

Browse source 
Incomplete installation of Discourse on pendragon.

Missing in particular are emails (both outgoing and incoming).

Signed-off-by: Jeltz <jeltz@federez.net>
This commit is contained in:
jeltz 2024-08-09 05:48:12 +02:00
parent 61ed6e9571
commit 7491e221d3
Signed by: jeltz
GPG key ID: 800882B66C0C3326
4 changed files with 40 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
hive.nix
View file

@ -134,4 +134,21 @@ in
./profiles/gitlab.nix ./profiles/gitlab.nix
]; ];
}; };
pendragon = { name, nodes, ... }: {
deployment.tags = [ "discourse" ];
deployment.targetHost = "pendragon.federez.net";
federez.monitoring.apiKey = "370a181d-6b00-4c3d-af27-ca65e6e4c1b0";
networking.hostName = name;
glucagon.networking = {
nibble = 233;
wan-mac = "BC:24:11:C2:AA:47";
};
imports = [
./profiles/vm.nix
./profiles/discourse.nix
];
};
} }

19
profiles/discourse.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }: {
age.secrets.discourse-key-base = {
file = ../secrets/discourse-key-base.age;
owner = "discourse";
group = "discourse";
};
services.postgresql.package = pkgs.postgresql_13;
services.discourse = {
enable = true;
hostname = "forum.federez.net";
secretKeyBaseFile = config.age.secrets.discourse-key-base.path;
# TODO(jeltz): mail
admin.skipCreate = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

BIN
secrets/discourse-key-base.age Normal file
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -5,6 +5,7 @@ let
lagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8fiqJw9RvVVQghG0OVKsXAkBcWox4JsozfxToLAiIK root@lagon"; lagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8fiqJw9RvVVQghG0OVKsXAkBcWox4JsozfxToLAiIK root@lagon";
klingon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/P58bPqi8yTl12jpP8oFcYG7S8j1WpfgqwZz+EuQqy root@kligon"; klingon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/P58bPqi8yTl12jpP8oFcYG7S8j1WpfgqwZz+EuQqy root@kligon";
aragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUDEhYDtCLI4ypIXhimPjleiGUI3lOTv5LntzNEPM1p root@aragon"; aragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUDEhYDtCLI4ypIXhimPjleiGUI3lOTv5LntzNEPM1p root@aragon";
pendragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrJwgqLnGuUpUFacXLphiu8vUthVD4mA4a3Uytl5eSD root@pendragon";
# Add yourself. # Add yourself.
raito = readKeyFile ../pubkeys/raito.keys; raito = readKeyFile ../pubkeys/raito.keys;
bensmrs = readKeyFile ../pubkeys/bensmrs.keys; bensmrs = readKeyFile ../pubkeys/bensmrs.keys;
@ -17,7 +18,8 @@ let
vaultwarden-admins = active-admins; vaultwarden-admins = active-admins;
keycloak-admins = active-admins; keycloak-admins = active-admins;
ldap-bind-admins = active-admins; ldap-bind-admins = active-admins;
servers = [ estragon wagon lagon klingon aragon ]; discourse-admins = active-admins;
servers = [ estragon wagon lagon klingon aragon pendragon ];
in in
{ {
"matrix-shared-secret.age".publicKeys = [ estragon ] ++ matrix-admins; "matrix-shared-secret.age".publicKeys = [ estragon ] ++ matrix-admins;
@ -25,4 +27,5 @@ in
"vaultwarden-secrets.age".publicKeys = [ wagon ] ++ vaultwarden-admins; "vaultwarden-secrets.age".publicKeys = [ wagon ] ++ vaultwarden-admins;
"keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins; "keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins;
"ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins; "ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins;
"discourse-key-base.age".publicKeys = [ pendragon ] ++ discourse-admins;
} }