diff --git a/modules/services/default.nix b/modules/services/default.nix index f88569b..1029fb0 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -14,5 +14,6 @@ ./kop-monitor.nix ./kop-fileshare.nix ./adam-site.nix + ./plausible.nix ]; } diff --git a/modules/services/plausible.nix b/modules/services/plausible.nix new file mode 100644 index 0000000..d822c42 --- /dev/null +++ b/modules/services/plausible.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, inputs, ... }: +let cfg = config.custom.services.plausible; +in { + options.custom.services.plausible = { + enable = lib.mkEnableOption "Enables plausible"; + }; + config = lib.mkIf cfg.enable { + + age.secrets.plausible-admin = { + file = ../../secrets/plausible-admin.age; + }; + age.secrets.plausible-keybase = { + file = ../../secrets/plausible-keybase.age; + }; + + services.plausible = { + enable = true; + adminUser = { + # activate is used to skip the email verification of the admin-user that's + # automatically created by plausible. This is only supported if + # postgresql is configured by the module. This is done by default, but + # can be turned off with services.plausible.database.postgres.setup. + activate = true; + email = "admin@localhost"; + passwordFile = config.age.secrets.plausible-admin.path; + }; + server = { + baseUrl = "https://plausible.imbissaggsbachdorf.at"; + #baseUrl = "http://localhost"; + # secretKeybaseFile is a path to the file which contains the secret generated + # with openssl as described above. + secretKeybaseFile = config.age.secrets.plausible-keybase.path; + }; + }; + + }; +} diff --git a/pkgs/adam-site/default.nix b/pkgs/adam-site/default.nix index 7f25156..b56243c 100644 --- a/pkgs/adam-site/default.nix +++ b/pkgs/adam-site/default.nix @@ -6,7 +6,7 @@ buildNpmPackage rec { src = fetchGit { url = "git@github.com:oberprofis/adams.git"; ref = "main"; - rev = "b5af7fe2acf2fcf3b7b115f39c9401d0bf40456d"; + rev = "68fa8392335a462634d4bb886344762592c8d566"; }; npmDepsHash="sha256-ULxOaEpa2+YS45kh+2xCZMqXQs5bMYhy7J08DsFYE+s="; installPhase = '' diff --git a/secrets/plausible-admin.age b/secrets/plausible-admin.age new file mode 100644 index 0000000..2ed2886 --- /dev/null +++ b/secrets/plausible-admin.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 bqM3xA Wrj1qtU09AyFSgxzqH0eCYWwlGhZEgIZJBrjywU/bSg +mMwRqlAGXFCUr+Nj/6JMbjjJHLbwHm4/mrOjwaxBlDM +-> ssh-ed25519 DCzi1A hgOetbh8HzZeDfHccR5LG7V8ImLyY7Hil+LvcIAO5RQ +xfLj0NwDZ0jUzCjxs3DUHGxu3tQc7uShMduyl9hoqe8 +--- uaqIvyCHbDxezDYBgIYAlBYD+Dtw+jIFknYl8DQVRnM +!9~:_!Ap] h9{ HKMvL =TOA%8 u[2-,2*j[V8s0@g \ No newline at end of file diff --git a/secrets/plausible-keybase.age b/secrets/plausible-keybase.age new file mode 100644 index 0000000..9234d1e Binary files /dev/null and b/secrets/plausible-keybase.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5e811ff..49f4ae7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,6 +3,7 @@ let server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqcphdDEJhnSBkAZzQXZJDCzsyb/Tqpcf0pUADFpbd1 root@nix-laptop"; mini-pc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKla9+Gj2i9Ax7cIdnTM6zsmze3g1N/qCPqhga0P+toU root@mini-pc"; + adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos"; users = [ kop ]; systems = [ mini-pc server laptop ]; in @@ -28,4 +29,6 @@ in "fileshelter-conf.age".publicKeys = [ mini-pc server kop ]; "webhook.age".publicKeys = [ mini-pc server kop ]; "stash-auth.age".publicKeys = [ mini-pc server kop ]; + "plausible-admin.age".publicKeys = [ adam-site kop ]; + "plausible-keybase.age".publicKeys = [ adam-site kop ]; } diff --git a/systems/adam-site/configuration.nix b/systems/adam-site/configuration.nix index e6eff67..8f7a344 100644 --- a/systems/adam-site/configuration.nix +++ b/systems/adam-site/configuration.nix @@ -12,6 +12,7 @@ services = { acme.enable = true; adam-site.enable = true; + plausible.enable = true; }; nftables.enable = true; nix = { settings.enable = true; }; @@ -34,6 +35,11 @@ enableACME = true; locations."/".proxyPass = "http://127.0.0.1:4000"; }; + "plausible.imbissaggsbachdorf.at" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:8000"; + }; }; };