From 85d4e22b65d6d3235d48ec2fd2ca847614c216e3 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Tue, 15 Aug 2023 01:10:28 +0800
Subject: [PATCH] enable wallabag to vps7

---
 flake.nix                    |  2 +-
 modules/services/default.nix | 31 +++++++++++++++----------------
 secrets/vps7.yaml            |  6 ++++--
 3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/flake.nix b/flake.nix
index f094eb11..a294c902 100644
--- a/flake.nix
+++ b/flake.nix
@@ -431,7 +431,7 @@
 								sshd.enable = true;
 								rsshub.enable = true;
 								nginx = { enable = true; transparentProxy.externalIp = "207.180.253.54"; };
-								postgresql.enable = true;
+								wallabag.enable = true;
 							};
 							boot =
 							{
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 3c8b8350..4d92b526 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1016,6 +1016,11 @@ inputs:
 						# lc_time = 'en_US.utf8'
 						# default_text_search_config = 'pg_catalog.english'
 						# plperl.on_init = 'use utf8; use re; package utf8; require "utf8_heavy.pl";'
+						# mv /path/to/dir /path/to/dir_old
+						# mkdir /path/to/dir
+						# chattr +C /path/to/dir
+						# cp -a --reflink=never /path/to/dir_old/. /path/to/dir
+						# rm -rf /path/to/dir_old
 					};
 				}
 			)
@@ -1109,7 +1114,7 @@ inputs:
 								SYMFONY__ENV__DATABASE_PORT=5432
 								SYMFONY__ENV__DATABASE_NAME=wallabag
 								SYMFONY__ENV__DATABASE_USER=wallabag
-								SYMFONY__ENV__DATABASE_PASSWORD=xxxxxxxxxxxxxxxxxxxx
+								SYMFONY__ENV__DATABASE_PASSWORD=${placeholder."postgresql/wallabag"}
 								SYMFONY__ENV__MAILER_DSN=smtp://mail.chn.moe
 								SYMFONY__ENV__FROM_EMAIL=bot@chn.moe
 								SYMFONY__ENV__TWOFACTOR_SENDER=bot@chn.moe
@@ -1119,11 +1124,11 @@ inputs:
 								SYMFONY__ENV__REDIS_PASSWORD=${placeholder."redis/wallabag"}
 								SYMFONY__ENV__SERVER_NAME=wallabag.chn.moe
 							'';
-						secrets = { "redis/wallabag".owner = inputs.config.users.users.redis-wallabag.name; }
-							// (listToAttrs (map (secret: { name = secret; value = {}; })
-							[
-
-							]));
+						secrets =
+						{
+							"redis/wallabag".owner = inputs.config.users.users.redis-wallabag.name;
+							"postgresql/wallabag" = {};
+						};
 					};
 					services =
 					{
@@ -1137,29 +1142,23 @@ inputs:
 						postgresql =
 						{
 							ensureDatabases = [ "wallabag" ];
-							ensureUsers.wallabag =
-							{
+							ensureUsers =
+							[{
 								name = "wallabag";
 								ensurePermissions."DATABASE \"wallabag\"" = "ALL PRIVILEGES";
-								passwordFile = inputs.config.sops.secrets."postgresql/wallabag".path;
-							};
+							}];
 						};
 					};
 					nixos =
 					{
 						services =
 						{
-							nginx = { enable = true; httpProxy."rsshub.chn.moe".upstream = "http://127.0.0.1:5221"; };
+							nginx = { enable = true; httpProxy."wallabag.chn.moe".upstream = "http://127.0.0.1:4398"; };
 							postgresql.enable = true;
 						};
 						virtualization.docker.enable = true;
 					};
 				}
-				# max_execution_time = 30
-				# max_input_time = 60
-				# post_max_size = 1G
-				# memory_limit = 128M
-				# upload_max_filesize = 1G
 			)
 		];
 }
diff --git a/secrets/vps7.yaml b/secrets/vps7.yaml
index 8648e0fa..f623b933 100644
--- a/secrets/vps7.yaml
+++ b/secrets/vps7.yaml
@@ -5,6 +5,8 @@ nginx:
 redis:
     rsshub: ENC[AES256_GCM,data:uPnZIjbnRRoWIHlWkZNZkMpIb3Ujnnpb+AisVSVGFv4sfDAuDlAjt39pRdnWkCXJPqtXjJzQ+FeT34cqxTf8Bg==,iv:/jcyAHkxByFnbkmCAYQwda2QRmhW7L/ICoLuCgsVLCI=,tag:M5Q+dh/Bn7FiNpqQGYus4Q==,type:str]
     wallabag: ENC[AES256_GCM,data:WkiqS9TOHxYalDp7Ssgg2x7vj4D58psQ5au4a0e3LZBecERwzUKmrhbVKRuDvNTwWbYxSds9SAca0wN+pWmrmA==,iv:QqHlzSXG1I4+p8wd58lcQs8TqAF3foxiYVdgL8L3IpA=,tag:CPtFgIeFL5W25gtd6NFkrg==,type:str]
+postgresql:
+    wallabag: ENC[AES256_GCM,data:ANwvEE3K/W/hU34Y7RvlbUuJNo2bOaRfeusYM9pRxXQOdG4XpwYfd/DprsrVjlkrMFuTurUR5j6UNHWh+ILDbQ==,iv:K8doqhVosz+OosMrLJXrSxairr84EeGs3EWgVQjpkS8=,tag:WjDzy7ubm/GVlBkW0O3znQ==,type:str]
 rsshub:
     pixiv-refreshtoken: ENC[AES256_GCM,data:EeSOTSAAh+1Dc8+a/AaPJ0aBK5DTa3pdS6DrIMQmRw/n0SRu2QoynIF76w==,iv:dnZxi8jM1I4w3C2duYielpP/8wOAdHDjcqDIrowM0dM=,tag:8irGvLEbRJHV9TB8Jibs9g==,type:str]
     youtube-key: ENC[AES256_GCM,data:OEm/ynOUPUq7ZEVzL2jgs9d+utkLTIdNq0MHE0JDujb9ndAwyJJI,iv:RRae6Cg6GdDnXAQOdtBYmcA7ZNuu70VpIg2MEezBn5k=,tag:gX4ZG345cT3Jh3ovUxtLGw==,type:str]
@@ -35,8 +37,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-14T16:39:04Z"
-    mac: ENC[AES256_GCM,data:+NGGjyMVrrzY5i+3d2CzmYhVSWDaCbtoyFb67FZn6//3+YzKvaAceB/IC37n1iNvqtUlWS/C6/VrZ1BqSijWQEpIdvmrCEk9kPc2SbsxaZAx+ZyP4nrlFYu5bw3CEvLSVBJkcPgpOTq/n8m9EINkOxk3gKyJWVS0iaBzJ+EQK2E=,iv:m5J/98PyaoIuQ3oa4/IgyVhG/+7j6da/WFQ2p78Iy3w=,tag:QHORTrEG6Sg98nDUdHkSSA==,type:str]
+    lastmodified: "2023-08-14T17:07:23Z"
+    mac: ENC[AES256_GCM,data:Vpt2Qalx80ChfkPJB8aNQAF/MYxd+HgDEm6INEbHDDdciy8+O1B/WxiUyveprcsOTNL5+X7jwfJSxn4CVUsEz6u6F+OoxYWqYDALPnUthyrdDsD4mEHyHu83J+MUjSwBVMoyf2AHh7Ism37liXsZH7sR4xbfwCL8Y1ONFgDlVGM=,iv:YYHhBv72IyUSz/JVSVFSpv+PPcwDYHrgrdUkXVJTyD4=,tag:PzhXWwPR08rtlpmwfOu7qA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3