From dd454001d1b6dc9582a518a92f38a8a3e63865f3 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Fri, 6 Dec 2024 17:13:46 +0100
Subject: [PATCH] feat(gustave): init plausible

---
 machines/gustave/default.nix         |   1 +
 machines/gustave/plausible.nix       |  32 +++++++++++++++++++++++++++
 secrets/plausible-keybase-secret.age | Bin 0 -> 522 bytes
 secrets/plausible-password.age       |   9 ++++++++
 secrets/secrets.nix                  |  12 ++++++++++
 5 files changed, 54 insertions(+)
 create mode 100644 machines/gustave/plausible.nix
 create mode 100644 secrets/plausible-keybase-secret.age
 create mode 100644 secrets/plausible-password.age

diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix
index 3c42fbd..692be2b 100644
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@@ -13,6 +13,7 @@
     ./borg.nix
     ./pages.nix
     ./readeck.nix
+    ./plausible.nix
   ];
 
   machine.meta = {
diff --git a/machines/gustave/plausible.nix b/machines/gustave/plausible.nix
new file mode 100644
index 0000000..9115421
--- /dev/null
+++ b/machines/gustave/plausible.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+
+{
+  services.plausible = {
+    enable = true;
+    adminUser = {
+      activate = true;
+      email = "analytics@luj.fr";
+      passwordFile = config.age.secrets.plausible-admin-password.path;
+    };
+    server = {
+      baseUrl = "https://probable.luj.fr";
+      port = 8455;
+      secretKeybaseFile = config.age.secrets.plausible-secret-key-base.path;
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "probable.luj.fr" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.plausible.server.port}";
+      };
+    };
+  };
+
+  age.secrets = {
+    plausible-admin-password.file = ../../secrets/plausible-password.age;
+    plausible-secret-key-base.file = ../../secrets/plausible-keybase-secret.age;
+  };
+}
diff --git a/secrets/plausible-keybase-secret.age b/secrets/plausible-keybase-secret.age
new file mode 100644
index 0000000000000000000000000000000000000000..56097e8da488c1b0ea695d8edbaaa9ec8844ee4c
GIT binary patch
literal 522
zcmZ9_yNlCs003YIK?tI_c%XuT15b&$T$)FdMNQK*X>CoKK9Y8k=8`n&Bkv~t6+vBY
z66&OfC{C_A3F6{*py1)^-~$!zR1`tvZV(^yegDAM>szShtwtb7T;E&vqdu165PA-d
zV+Xa&97W+Q%!PU`>BDs*C-vM*KIX50s#vcXpk)zlSuZr>StzZ<3d_wX1TdzTK`mpP
zn~E3PnVPDUJ$1MSs0K1l`u{UA6QyyXRWuU^$Vs+$n-D<n*5Ogb8ZrDd!rU=N`6bzs
zWlpIekwTZ7B|VoS)2^6izCqwa$PFExX^4O+JKeBqV}c$=lZm6?vj{j@BxPchV8y;_
z+nv2zS(UgU2PZRY5F~a`Q^$0VGzWr3Yq)AgS_7n*;>I0P(_F0^dqN!whMri^CUM1N
z`Mfb22*Y-sso0HnafGyaS`U<tM|2IP;;cd_iozld@+}5Y1-^k$La38QGmn{Jsv813
z&{?8Wbog0FlCD{U?i^Wr`t0LLM_OFtvz^hyuUoZ}V*P&KyZq?-clIDwW1IH`>&*K6
z(AzKai*L#6E5~%=#QN=x-jb_aSa|c`SMqncbo1=?{=4zwwfW{P`myAmK7X|E^7;Lr
if7lP77q)kgyH8%doBueqvGi%Yd3E0;yCJm>ANU8@w!Mr1

literal 0
HcmV?d00001

diff --git a/secrets/plausible-password.age b/secrets/plausible-password.age
new file mode 100644
index 0000000..b81cfdc
--- /dev/null
+++ b/secrets/plausible-password.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 AqX2tg uurrbgincmOIH/eXNPkLSvDem4tCVlXvicTC9WvPA1E
+gRjRiEL0jj+76E8jKAoDI5mzO6WCEGeiRivJTio7Y8Y
+-> ssh-ed25519 u3yXZQ 8YyLZtt2tQ0zajM3SjykPH4PUXKtpme3KQ2X+EeG5UE
+BZxZyLuc8yQ4aLOQHafQt8ed7HUnE+vJvrGxbzIbO4o
+-> ssh-ed25519 IRHAkA m1eAtnpxfExAHlPKQeHwLmFFQGSGlVaZY+0Z3IBEiSU
+3bORsrUsW1ABEjLHcrc9UsVNmrFyKfwUcqRzSFekWeE
+--- y6RfOhPCb76nsA1w5YSyYSnV6+WrCsxQP2W7EL684L0
+<\>r~	œ.tX*û’·ÎöÝlŽ0Åòt»4!«#ä_f™¶e§L¨ë3äLüš_ÿ'ƒÌ`ÿ4ÑŸ³Äé¢u
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3f93d46..7dc7264 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -136,4 +136,16 @@ in
     gallifrey_home
     fisher_home
   ];
+
+  "plausible-keybase-secret.age".publicKeys = [
+    tower
+    gallifrey
+    gustave
+  ];
+  "plausible-password.age".publicKeys = [
+    tower
+    gallifrey
+    gustave
+  ];
+
 }