From ce57ed6732b66df0e0697fcbcb7bdfe036b60493 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Wed, 1 Feb 2023 02:41:42 +0100
Subject: [PATCH] isso: fix; now it works :)

---
 hosts/dark-firepit/webapps/default.nix | 12 +++++++-----
 modules/services/code-server.nix       |  4 ++--
 modules/services/isso.nix              | 25 ++++++++++++++++++++++---
 3 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/hosts/dark-firepit/webapps/default.nix b/hosts/dark-firepit/webapps/default.nix
index 50b605f..bb76e90 100644
--- a/hosts/dark-firepit/webapps/default.nix
+++ b/hosts/dark-firepit/webapps/default.nix
@@ -88,11 +88,6 @@ in {
           enable = true;
         };
 
-        isso = {
-          enable = false;
-          port = 1995;
-        };
-
         code-server = {
           enable = true;
           domain = "dev-firepit.oat.zone";
@@ -104,6 +99,13 @@ in {
           domain = "blog.oat.zone";
           port = 1357;
         };
+
+        isso = {
+          enable = true;
+          port = 1995;
+          domain = "comments.oat.zone";
+          target = "blog.oat.zone";
+        };
       };
     };
 
diff --git a/modules/services/code-server.nix b/modules/services/code-server.nix
index 1d60878..81b3b97 100644
--- a/modules/services/code-server.nix
+++ b/modules/services/code-server.nix
@@ -26,8 +26,8 @@ in {
         port = cfg.port;
         # temporary
         auth = "password";
-        # temporary; be sure to remove trailing newline
-        hashedPassword = builtins.readFile /etc/code-server-password;
+        # temporary
+        hashedPassword = removeSuffix "\n" (builtins.readFile /etc/code-server-password);
 
         extraPackages = with pkgs; [ git nix nixpkgs-fmt ];
       };
diff --git a/modules/services/isso.nix b/modules/services/isso.nix
index 3d41a21..1dec5ee 100644
--- a/modules/services/isso.nix
+++ b/modules/services/isso.nix
@@ -13,10 +13,18 @@ in {
       type = types.str;
       default = "comments.oat.zone";
     };
+    target = mkOption {
+      type = types.str;
+      default = "blog.oat.zone";
+    };
     port = mkOption {
       type = types.port;
       default = 1550;
     };
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/isso";
+    };
   };
 
   config = mkIf cfg.enable {
@@ -25,13 +33,14 @@ in {
         enable = true;
         settings = {
           general = {
-            host = "https://blog.oat.zone/";
+            dbpath = "${cfg.dataDir}/comments.db";
+            host = "https://${cfg.target}";
             latest-enabled = true;
           };
           server = {
             listen = "http://localhost:${toString cfg.port}";
             samesite = "Lax";
-            public-endpoint = "https://comments.oat.zone";
+            public-endpoint = "https://${cfg.domain}";
           };
           guard = {
             enabled = true;
@@ -40,7 +49,7 @@ in {
           };
           admin = {
             enabled = true;
-            password = "a8UYAH7jQQC3LjnG";
+            password = removeSuffix "\n" (builtins.readFile /etc/isso_admin_pass);
           };
         };
       };
@@ -59,5 +68,15 @@ in {
         };
       };
     };
+
+    systemd.services.isso.serviceConfig = {
+      preStart = ''
+        umask u=rwx,g=rwx,o=rx
+        mkdir -p ${cfg.dataDir}
+        cd ${cfg.dataDir}
+        ${pkgs.coreutils}/bin/chown -R isso:isso .
+        ${pkgs.coreutils}/bin/chmod -R 775 .
+      '';
+    };
   };
 }