diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix index 3c42fbd..692be2b 100644 --- a/machines/gustave/default.nix +++ b/machines/gustave/default.nix @@ -13,6 +13,7 @@ ./borg.nix ./pages.nix ./readeck.nix + ./plausible.nix ]; machine.meta = { diff --git a/machines/gustave/plausible.nix b/machines/gustave/plausible.nix new file mode 100644 index 0000000..9115421 --- /dev/null +++ b/machines/gustave/plausible.nix @@ -0,0 +1,32 @@ +{ config, ... }: + +{ + services.plausible = { + enable = true; + adminUser = { + activate = true; + email = "analytics@luj.fr"; + passwordFile = config.age.secrets.plausible-admin-password.path; + }; + server = { + baseUrl = "https://probable.luj.fr"; + port = 8455; + secretKeybaseFile = config.age.secrets.plausible-secret-key-base.path; + }; + }; + + services.nginx.virtualHosts = { + "probable.luj.fr" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.plausible.server.port}"; + }; + }; + }; + + age.secrets = { + plausible-admin-password.file = ../../secrets/plausible-password.age; + plausible-secret-key-base.file = ../../secrets/plausible-keybase-secret.age; + }; +} diff --git a/secrets/plausible-keybase-secret.age b/secrets/plausible-keybase-secret.age new file mode 100644 index 0000000..56097e8 Binary files /dev/null and b/secrets/plausible-keybase-secret.age differ diff --git a/secrets/plausible-password.age b/secrets/plausible-password.age new file mode 100644 index 0000000..b81cfdc --- /dev/null +++ b/secrets/plausible-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 AqX2tg uurrbgincmOIH/eXNPkLSvDem4tCVlXvicTC9WvPA1E +gRjRiEL0jj+76E8jKAoDI5mzO6WCEGeiRivJTio7Y8Y +-> ssh-ed25519 u3yXZQ 8YyLZtt2tQ0zajM3SjykPH4PUXKtpme3KQ2X+EeG5UE +BZxZyLuc8yQ4aLOQHafQt8ed7HUnE+vJvrGxbzIbO4o +-> ssh-ed25519 IRHAkA m1eAtnpxfExAHlPKQeHwLmFFQGSGlVaZY+0Z3IBEiSU +3bORsrUsW1ABEjLHcrc9UsVNmrFyKfwUcqRzSFekWeE +--- y6RfOhPCb76nsA1w5YSyYSnV6+WrCsxQP2W7EL684L0 +<\>r~ œ.tX*û’·ÎöÝlŽ0Åòt»4!«#ä_f™¶e§L¨ë3äLüš_ÿ'ƒÌ`ÿ 4ÑŸ³Äé¢u \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3f93d46..7dc7264 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -136,4 +136,16 @@ in gallifrey_home fisher_home ]; + + "plausible-keybase-secret.age".publicKeys = [ + tower + gallifrey + gustave + ]; + "plausible-password.age".publicKeys = [ + tower + gallifrey + gustave + ]; + }