Add blog

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-09-14 20:03:47 +01:00
parent 43b6159feb
commit 8f2cea6abf
6 changed files with 80 additions and 13 deletions
--- a/hosts/jupiter/users/storm/configs/console/podman/blog/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/blog/default.nix
@@ -0,0 +1,62 @@
+{ user, home }:
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  hmConfig = config.home-manager.users.${user};
+  inherit (hmConfig.virtualisation.quadlet) volumes networks;
+in
+{
+  home-manager.users.${user} = {
+    sops = {
+      secrets."blog/apiKey".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
+
+      templates.blog-receiver-env.content = ''
+        AUTH_KEY=${hmConfig.sops.placeholder."blog/apiKey"}
+      '';
+    };
+
+    virtualisation.quadlet = {
+      volumes.blog = { };
+
+      containers = {
+        blog.containerConfig = {
+          image = "docker-archive:${pkgs.dockerImages.nginx}";
+          networks = [ networks.traefik.ref ];
+          volumes = [ "${volumes.blog.ref}:/var/www/nginx:ro" ];
+          labels = [
+            "traefik.enable=true"
+            "traefik.http.routers.blog.rule=Host(`blog.karaolidis.com`)"
+          ];
+        };
+
+        blog-receiver = {
+          containerConfig = {
+            image = "docker-archive:${pkgs.dockerImages.nginx-receiver}";
+            networks = [ networks.traefik.ref ];
+            volumes = [ "${volumes.blog.ref}:/var/www/nginx" ];
+            environments = {
+              TARGET_DIR = "/var/www/nginx";
+              SUBPATH = "/upload";
+            };
+            environmentFiles = [ hmConfig.sops.templates.blog-receiver-env.path ];
+            labels = [
+              "traefik.enable=true"
+              "traefik.http.routers.blog-receiver.rule=Host(`blog.karaolidis.com`) && PathPrefix(`/upload`)"
+
+              "traefik.http.middlewares.redirect-root-to-blog.redirectregex.regex=^https://(www\.)?karaolidis\.com(/.*)?$"
+              "traefik.http.middlewares.redirect-root-to-blog.redirectregex.replacement=https://blog.karaolidis.com$${2}"
+              "traefik.http.middlewares.redirect-root-to-blog.redirectregex.permanent=false"
+            ];
+          };
+
+          unitConfig.After = [ "sops-nix.service" ];
+        };
+      };
+    };
+  };
+}
--- a/hosts/jupiter/users/storm/configs/console/podman/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/default.nix
@@ -12,6 +12,7 @@ in
  imports = [
    (import ./attic { inherit user home; })
    (import ./authelia { inherit user home; })
+    (import ./blog { inherit user home; })
    (import ./comentario { inherit user home; })
    (import ./gitea { inherit user home; })
    (import ./grafana { inherit user home; })