enable postgresql for vps7

2026-01-12 04:59:23 +08:00 · 2023-08-15 00:53:30 +08:00
parent 990c4f656b
commit 4388d82d4d
3 changed files with 88 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -431,6 +431,7 @@
 								sshd.enable = true;
 								rsshub.enable = true;
 								nginx = { enable = true; transparentProxy.externalIp = "207.180.253.54"; };
+								postgresql.enable = true;
 							};
 							boot =
 							{
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -118,6 +118,7 @@ inputs:
 		fileshelter.enable = mkOption { type = types.bool; default = false; };
 		postgresql.enable = mkOption { type = types.bool; default = false; };
 		rsshub.enable = mkOption { type = types.bool; default = false; };
+		wallabag.enable = mkOption { type = types.bool; default = false; };
 	};
 	config =
 		let
@@ -1077,5 +1078,88 @@ inputs:
 					};
 				}
 			)
+			(
+				mkIf services.wallabag.enable
+				{
+					virtualisation.oci-containers.containers.wallabag =
+					{
+						image = "wallabag/wallabag:2.6.2";
+						imageFile = inputs.pkgs.dockerTools.pullImage
+						{
+							imageName = "wallabag/wallabag";
+							imageDigest = "sha256:241e5c71f674ee3f383f428e8a10525cbd226d04af58a40ce9363ed47e0f1de9";
+							sha256 = "0zflrhgg502w3np7kqmxij8v44y491ar2qbk7qw981fysia5ix09";
+							finalImageName = "wallabag/wallabag";
+							finalImageTag = "2.6.2";
+						};
+						ports = [ "127.0.0.1:4398:80/tcp" ];
+						extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
+						environmentFiles = [ inputs.config.sops.templates."wallabag/env".path ];
+					};
+					sops =
+					{
+						templates."wallabag/env".content =
+							let
+								placeholder = inputs.config.sops.placeholder;
+							in stripeTabs
+							''
+								POPULATE_DATABASE=false
+								SYMFONY__ENV__DATABASE_DRIVER=pdo_pgsql
+								SYMFONY__ENV__DATABASE_HOST=host.docker.internal
+								SYMFONY__ENV__DATABASE_PORT=5432
+								SYMFONY__ENV__DATABASE_NAME=wallabag
+								SYMFONY__ENV__DATABASE_USER=wallabag
+								SYMFONY__ENV__DATABASE_PASSWORD=xxxxxxxxxxxxxxxxxxxx
+								SYMFONY__ENV__MAILER_DSN=smtp://mail.chn.moe
+								SYMFONY__ENV__FROM_EMAIL=bot@chn.moe
+								SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
+								SYMFONY__ENV__DOMAIN_NAME=https://wallabag.chn.moe
+								SYMFONY__ENV__REDIS_HOST=host.docker.internal
+								SYMFONY__ENV__REDIS_PORT=8790
+								SYMFONY__ENV__REDIS_PASSWORD=${placeholder."redis/wallabag"}
+								SYMFONY__ENV__SERVER_NAME=wallabag.chn.moe
+							'';
+						secrets = { "redis/wallabag".owner = inputs.config.users.users.redis-wallabag.name; }
+							// (listToAttrs (map (secret: { name = secret; value = {}; })
+							[
+
+							]));
+					};
+					services =
+					{
+						redis.servers.wallabag =
+						{
+							enable = true;
+							bind = null;
+							port = 8790;
+							requirePassFile = inputs.config.sops.secrets."redis/wallabag".path;
+						};
+						postgresql =
+						{
+							ensureDatabases = [ "wallabag" ];
+							ensureUsers.wallabag =
+							{
+								name = "wallabag";
+								ensurePermissions."DATABASE \"wallabag\"" = "ALL PRIVILEGES";
+								passwordFile = inputs.config.sops.secrets."postgresql/wallabag".path;
+							};
+						};
+					};
+					nixos =
+					{
+						services =
+						{
+							nginx = { enable = true; httpProxy."rsshub.chn.moe".upstream = "http://127.0.0.1:5221"; };
+							postgresql.enable = true;
+						};
+						virtualization.docker.enable = true;
+					};
+				}
+				# max_execution_time = 30
+				# max_input_time = 60
+				# post_max_size = 1G
+				# memory_limit = 128M
+				# upload_max_filesize = 1G
+			)
 		];
 }
--- a/secrets/vps7.yaml
+++ b/secrets/vps7.yaml
@@ -4,6 +4,7 @@ nginx:
    maxmind-license: ENC[AES256_GCM,data:9aW4QR3K6S+eTqzIjVlNEwkG0wZ4u5jgRfe7CMwRlJlK4AmcS6c45Q==,iv:cPTN1K4Aag5sohGbCQUZHYTvcwAL7AhF+rrY3OvXGPs=,tag:d9GGUMHnfzRz9Cf2U+dBfw==,type:str]
 redis:
    rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
+    wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
 rsshub:
    pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
    youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
@@ -34,8 +35,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-14T16:02:51Z"
-    mac: ENC[AES256_GCM,data:YudizUPWFfpvvbcO7TARiDNp1Da/DtF6eqx0VJfbuWisf/nH6hUsKkYeyNXLszIOP3uc84CPSCxUmH5JHrOqfYWZC77Udyi1jUUtfFfjxfQ1n3Z9sLLu9IXkfvVegB9Rns7jp6zNUGbRdIXFaCeOSVsJiglEk31xuAWCf+47vK8=,iv:bnjllgd25YONJh2xRXEEtqqjr/ty/QwCvt/eEGat9uc=,tag:mtGKyBw/+YMyUTQPxZwdPg==,type:str]
+    lastmodified: "2023-08-14T16:39:04Z"
+    mac: ENC[AES256_GCM,data:+NGGjyMVrrzY5i+3d2CzmYhVSWDaCbtoyFb67FZn6//3+YzKvaAceB/IC37n1iNvqtUlWS/C6/VrZ1BqSijWQEpIdvmrCEk9kPc2SbsxaZAx+ZyP4nrlFYu5bw3CEvLSVBJkcPgpOTq/n8m9EINkOxk3gKyJWVS0iaBzJ+EQK2E=,iv:m5J/98PyaoIuQ3oa4/IgyVhG/+7j6da/WFQ2p78Iy3w=,tag:QHORTrEG6Sg98nDUdHkSSA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3