Setup ikiwiki host

config/hosts/ikiwiki/configuration.nix

@@ -0,0 +1,27 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "ikiwiki";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 8443 ];
+    };
+  };
+
+  fileSystems = {
+    # partition data disk with `sudo mkfs.ext4 /dev/vdx`
+    # label data disk with `e2label /dev/vdx "data"`
+    "/mnt/data" = {
+      device = "/dev/disk/by-label/data";
+      fsType = "ext4";
+      autoResize = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}

config/hosts/ikiwiki/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./ikiwiki.nix
+    ./nginx.nix
+  ];
+}

config/hosts/ikiwiki/ikiwiki.nix

@@ -0,0 +1,149 @@
+{ pkgs, config, ... }:
+let
+  ikiwikiBootstrapTheme = pkgs.fetchgit {
+    url = "https://github.com/dequis/ikiwiki-bootstrap-theme.git";
+    rev = "afaedf8460d03664be6f590cf632b8be05de77dc";
+    hash = "sha256-iX/onqrsvzJdDrJ7WoQMnlAQtOA+rmi+esv25/IOsq8=";
+  }; # TODO: fork and set link color to #6d2bff or something
+  ikiwikiDataPath = "/mnt/data/ikiwiki";
+  ikiwikiSettingsHeader = pkgs.writeText "ikiwiki-settings-header" ''
+    # IkiWiki::Setup::Yaml - YAML formatted setup file
+  '';
+  ikiwikiSettings = {
+    wikiname = "fi-zone";
+    adminemail = "fi@ikiwiki.vs.grzb.de";
+    adminuser = [
+      "fi"
+    ];
+    banned_users = [];
+    srcdir = "${ikiwikiDataPath}/fi-zone";
+    destdir = "${ikiwikiDataPath}/public_html/fi-zone";
+    url = "https://fi.nekover.se/";
+    cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
+    reverse_proxy = 0;
+    cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
+    cgi_wrappermode = "06755";
+    cgi_overload_delay = "";
+    cgi_overload_message = "";
+    only_committed_changes = 0;
+    rcs = "";
+    add_plugins = [
+      "goodstuff"
+      "websetup"
+    ];
+    disable_plugins = [];
+    templatedir = "${ikiwikiBootstrapTheme}";
+    underlaydir = "${pkgs.ikiwiki-full}/share/ikiwiki/basewiki";
+    usedirs = 1;
+    prefix_directives = 1;
+    indexpages = 0;
+    discussion = 0;
+    html5 = 1;
+    sslcookie = 1;
+    default_pageext = "mdwn";
+    htmlext = "html";
+    timeformat = "%c";
+    userdir = "";
+    numbacklinks = 10;
+    hardlink = 0;
+    libdirs = [];
+    libdir = "${ikiwikiDataPath}/.ikiwiki";
+    ENV = {};
+    timezone = ":/etc/localtime";
+    wiki_file_chars = "-[:alnum:]+/.:_";
+    allow_symlinks_before_srcdir = 0;
+    cookiejar = {
+      file = "${ikiwikiDataPath}/.ikiwiki/cookies";
+    };
+    useragent = "ikiwiki/${pkgs.ikiwiki-full.version}";
+    responsive_layout = 1;
+    deterministic = 0;
+    rss = 1;
+    atom = 1;
+    blogspam_pagespec = "postcomment(*)";
+    locked_pages = "* and !postcomment(*)";
+    comments_pagespec = "posts/* and !*/Discussion";
+    archive_pagespec = "page(posts/*) and !*/Discussion";
+    global_sidebars = 0;
+    tagbase = "tags";
+  };
+  ikiwikiSettingsFile = pkgs.concatText "fi-zone.setup" [
+    ikiwikiSettingsHeader
+    ((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
+  ];
+  ikiwikiSetupAutomator = pkgs.writeScript "fi-zone.initial.setup" ''
+    #!${pkgs.perl}/bin/perl
+    require IkiWiki::Setup::Automator;
+    IkiWiki::Setup::Automator->import(
+      wikiname => '${ikiwikiSettings.wikiname}',
+      adminuser => ['fi'],
+      srcdir => '${ikiwikiSettings.srcdir}',
+      destdir => '${ikiwikiSettings.destdir}',
+      dumpsetup => '${ikiwikiSettings.wikiname}.setup',
+      url => '${ikiwikiSettings.url}',
+      cgiurl => '${ikiwikiSettings.cgiurl}',
+      cgi_wrapper => '${ikiwikiSettings.cgi_wrapper}',
+      adminemail => '${ikiwikiSettings.adminemail}',
+      add_plugins => [qw{goodstuff websetup}],
+      disable_plugins => [qw{}],
+      libdir => '${ikiwikiSettings.libdir}',
+      rss => 1,
+      atom => 1,
+      syslog => 1,
+    )
+  '';
+in
+{
+  environment.systemPackages = with pkgs; [
+    ikiwiki-full
+  ];
+
+  services.fcgiwrap.instances."ikiwiki" = {
+    socket = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+    process = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+  };
+
+  systemd.services.ikiwiki-initial-setup = {
+    description = "Run the initial setup of ikiwiki and set permissions.";
+
+    script = ''
+      mkdir -p ${ikiwikiDataPath}
+      chown ${config.services.nginx.user}:${config.services.nginx.group} ${ikiwikiDataPath}
+      if [ ! -d "${ikiwikiSettings.srcdir}" ]; then
+        ${pkgs.sudo}/bin/sudo -u ${config.services.nginx.user} ${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSetupAutomator}
+      fi
+    '';
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+      Group = "root";
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };
+
+  systemd.services.ikiwiki-settings-setup = {
+    description = "Setup ikiwiki with configuration managed by NixOS.";
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
+      User = config.services.nginx.user;
+      Group = config.services.nginx.group;
+      Requires = [ "ikiwiki-initial-setup.service" ];
+    };
+
+    wantedBy = [
+      "multi-user.target"
+    ];
+  };  
+}

config/hosts/ikiwiki/nginx.nix

@@ -0,0 +1,45 @@
+{ pkgs, config, ... }:
+let
+  ikiwikiDataPath = "/mnt/data/ikiwiki";
+in
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."fi.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          extraParameters = [ "proxy_protocol" ];
+        }
+      ];
+      root = "${ikiwikiDataPath}/public_html/fi-zone";
+      locations = {
+        "/" = {
+          tryFiles = "$uri $uri/ =404";
+        };
+        "~ .cgi" = {
+          extraConfig = ''
+            gzip off;
+            fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
+            fastcgi_index ikiwiki.cgi;
+            fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
+            fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+          '';
+        };
+      };
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}

config/hosts/ikiwiki/setup.yaml

@@ -0,0 +1,398 @@
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+#
+# Setup file for ikiwiki.
+# 
+# Passing this to ikiwiki --setup will make ikiwiki generate
+# wrappers and build the wiki.
+# 
+# Remember to re-run ikiwiki --setup any time you edit this file.
+#
+# name of the wiki
+wikiname: fi-zone
+# contact email for wiki
+adminemail: fi@ikiwiki.vs.grzb.de
+# users who are wiki admins
+adminuser:
+- fi
+# users who are banned from the wiki
+banned_users: []
+# where the source of the wiki is located
+srcdir: /mnt/data/fi-zone
+# where to build the wiki
+destdir: /mnt/data/public_html/fi-zone
+# base url to the wiki
+url: https://fi.nekover.se/
+# url to the ikiwiki.cgi
+cgiurl: https://fi.nekover.se/ikiwiki.cgi
+# do not adjust cgiurl if CGI is accessed via different URL
+reverse_proxy: 0
+# filename of cgi wrapper to generate
+cgi_wrapper: /mnt/data/public_html/fi-zone/ikiwiki.cgi
+# mode for cgi_wrapper (can safely be made suid)
+cgi_wrappermode: 06755
+# number of seconds to delay CGI requests when overloaded
+cgi_overload_delay: ''
+# message to display when overloaded (may contain html)
+cgi_overload_message: ''
+# enable optimization of only refreshing committed changes?
+only_committed_changes: 0
+# rcs backend to use
+rcs: ''
+# plugins to add to the default configuration
+add_plugins:
+- goodstuff
+- websetup
+- comments
+- blogspam
+- calendar
+- sidebar
+- trail
+# plugins to disable
+disable_plugins: []
+# additional directory to search for template files
+templatedir: /nix/store/r228dddgr7gc5ap04frbhd33bxgvp842-ikiwiki-3.20200202.3/share/ikiwiki/templates
+# base wiki source location
+underlaydir: /nix/store/r228dddgr7gc5ap04frbhd33bxgvp842-ikiwiki-3.20200202.3/share/ikiwiki/basewiki
+# display verbose messages?
+#verbose: 1
+# log to syslog?
+syslog: 1
+# create output files named page/index.html?
+usedirs: 1
+# use '!'-prefixed preprocessor directives?
+prefix_directives: 1
+# use page/index.mdwn source files
+indexpages: 0
+# enable Discussion pages?
+discussion: 0
+# name of Discussion pages
+discussionpage: Discussion
+# use elements new in HTML5 like <section>?
+html5: 0
+# only send cookies over SSL connections?
+sslcookie: 0
+# extension to use for new pages
+default_pageext: mdwn
+# extension to use for html files
+htmlext: html
+# strftime format string to display date
+timeformat: '%c'
+# UTF-8 locale to use
+#locale: en_US.UTF-8
+# put user pages below specified page
+userdir: ''
+# how many backlinks to show before hiding excess (0 to show all)
+numbacklinks: 10
+# attempt to hardlink source files? (optimisation for large files)
+hardlink: 0
+# force ikiwiki to use a particular umask (keywords public, group or private, or a number)
+#umask: public
+# group for wrappers to run in
+#wrappergroup: ikiwiki
+# extra library and plugin directories
+libdirs: []
+# extra library and plugin directory (searched after libdirs)
+libdir: /mnt/data/.ikiwiki
+# environment variables
+ENV: {}
+# time zone name
+timezone: :/etc/localtime
+# regexp of normally excluded files to include
+#include: ^\.htaccess$
+# regexp of files that should be skipped
+#exclude: ^(*\.private|Makefile)$
+# specifies the characters that are allowed in source filenames
+wiki_file_chars: -[:alnum:]+/.:_
+# allow symlinks in the path leading to the srcdir (potentially insecure)
+allow_symlinks_before_srcdir: 0
+# cookie control
+cookiejar:
+  file: /mnt/data/.ikiwiki/cookies
+# set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds
+useragent: ikiwiki/3.20200202.3
+# theme has a responsive layout? (mobile-optimized)
+responsive_layout: 1
+# try harder to produce deterministic output
+deterministic: 0
+
+######################################################################
+# core plugins
+#   (editpage, htmlscrubber, inline, link, meta, parentlinks, templatebody)
+######################################################################
+
+# htmlscrubber plugin
+# PageSpec specifying pages not to scrub
+#htmlscrubber_skip: '!*/Discussion'
+
+# inline plugin
+# enable rss feeds by default?
+rss: 1
+# enable atom feeds by default?
+atom: 1
+# allow rss feeds to be used?
+#allowrss: 0
+# allow atom feeds to be used?
+#allowatom: 0
+# urls to ping (using XML-RPC) on feed update
+#pingurl: http://rpc.technorati.com/rpc/ping
+
+######################################################################
+# auth plugins
+#   (anonok, blogspam, emailauth, httpauth, lockedit, moderatedcomments,
+#    opendiscussion, openid, passwordauth, signinedit)
+######################################################################
+
+# anonok plugin
+# PageSpec to limit which pages anonymous users can edit
+#anonok_pagespec: '*/discussion'
+
+# blogspam plugin
+# PageSpec of pages to check for spam
+blogspam_pagespec: postcomment(*)
+# options to send to blogspam server
+#blogspam_options: blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10
+# blogspam server JSON url
+#blogspam_server: ''
+
+# emailauth plugin
+# email address to send emailauth mails as (default: adminemail)
+#emailauth_sender: ''
+
+# httpauth plugin
+# url to redirect to when authentication is needed
+#cgiauthurl: http://example.com/wiki/auth/ikiwiki.cgi
+# PageSpec of pages where only httpauth will be used for authentication
+#httpauth_pagespec: '!*/Discussion'
+
+# lockedit plugin
+# PageSpec controlling which pages are locked
+locked_pages: '* and !postcomment(*)'
+
+# moderatedcomments plugin
+# PageSpec matching users or comment locations to moderate
+#moderate_pagespec: '*'
+
+# openid plugin
+# url pattern of openid realm (default is cgiurl)
+#openid_realm: ''
+# url to ikiwiki cgi to use for openid authentication (default is cgiurl)
+#openid_cgiurl: ''
+
+# passwordauth plugin
+# a password that must be entered when signing up for an account
+#account_creation_password: s3cr1t
+# cost of generating a password using Authen::Passphrase::BlowfishCrypt
+#password_cost: 8
+
+######################################################################
+# format plugins
+#   (creole, highlight, hnb, html, mdwn, otl, rawhtml, rst, textile, txt)
+######################################################################
+
+# highlight plugin
+# types of source files to syntax highlight
+#tohighlight: .c .h .cpp .pl .py Makefile:make
+# location of highlight's filetypes.conf
+#filetypes_conf: /etc/highlight/filetypes.conf
+# location of highlight's langDefs directory
+#langdefdir: /usr/share/highlight/langDefs
+
+# mdwn plugin
+# enable multimarkdown features?
+#multimarkdown: 0
+# disable use of markdown discount?
+#nodiscount: 0
+# enable footnotes in Markdown (where supported)?
+#mdwn_footnotes: 1
+# interpret line like 'A. First item' as ordered list when using Discount?
+#mdwn_alpha_lists: 0
+
+######################################################################
+# special-purpose plugins
+#   (osm, underlay)
+######################################################################
+
+# osm plugin
+# the default zoom when you click on the map link
+#osm_default_zoom: 15
+# the icon shown on links and on the main map
+#osm_default_icon: ikiwiki/images/osm.png
+# the alt tag of links, defaults to empty
+#osm_alt: ''
+# the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated)
+#osm_format: KML
+# the icon attached to a tag, displayed on the map for tagged pages
+#osm_tag_default_icon: icon.png
+# Url for the OpenLayers.js file
+#osm_openlayers_url: http://www.openlayers.org/api/OpenLayers.js
+# Layers to use in the map. Can be either the 'OSM' string or a type option for Google maps (GoogleNormal, GoogleSatellite, GoogleHybrid or GooglePhysical). It can also be an arbitrary URL in a syntax acceptable for OpenLayers.Layer.OSM.url parameter.
+#osm_layers:
+#  OSM: GoogleSatellite
+# Google maps API key, Google layer not used if missing, see https://code.google.com/apis/console/ to get an API key
+#osm_google_apikey: ''
+
+# underlay plugin
+# extra underlay directories to add
+#add_underlays:
+#- /home/fi/wiki.underlay
+
+######################################################################
+# web plugins
+#   (404, attachment, comments, editdiff, edittemplate, getsource, google,
+#    goto, mirrorlist, remove, rename, repolist, search, theme, userlist,
+#    websetup, wmd)
+######################################################################
+
+# attachment plugin
+# enhanced PageSpec specifying what attachments are allowed
+#allowed_attachments: virusfree() and mimetype(image/*) and maxsize(50kb)
+# virus checker program (reads STDIN, returns nonzero if virus found)
+#virus_checker: clamdscan -
+
+# comments plugin
+# PageSpec of pages where comments are allowed
+comments_pagespec: posts/* and !*/Discussion
+# PageSpec of pages where posting new comments is not allowed
+#comments_closed_pagespec: blog/controversial or blog/flamewar
+# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12"
+#comments_pagename: ''
+# Interpret directives in comments?
+#comments_allowdirectives: 0
+# Allow anonymous commenters to set an author name?
+#comments_allowauthor: 0
+# commit comments to the VCS
+#comments_commit: 1
+# Restrict formats for comments to (no restriction if empty)
+#comments_allowformats: mdwn txt
+
+# getsource plugin
+# Mime type for returned source.
+#getsource_mimetype: text/plain; charset=utf-8
+
+# mirrorlist plugin
+# list of mirrors
+#mirrorlist: {}
+# generate links that point to the mirrors' ikiwiki CGI
+#mirrorlist_use_cgi: 1
+
+# repolist plugin
+# URIs of repositories containing the wiki's source
+#repositories:
+#- svn://svn.example.org/wiki/trunk
+
+# search plugin
+# path to the omega cgi program
+#omega_cgi: /usr/lib/cgi-bin/omega/omega
+# use google site search rather than internal xapian index?
+#google_search: 1
+
+# theme plugin
+# name of theme to enable
+#theme: actiontabs
+
+# websetup plugin
+# list of plugins that cannot be enabled/disabled via the web interface
+#websetup_force_plugins: []
+# list of additional setup field keys to treat as unsafe
+#websetup_unsafe: []
+# show unsafe settings, read-only, in web interface?
+#websetup_show_unsafe: 1
+
+######################################################################
+# widget plugins
+#   (calendar, color, conditional, cutpaste, date, format, fortune,
+#    graphviz, haiku, headinganchors, img, linkmap, listdirectives, map,
+#    more, orphans, pagecount, pagestats, poll, polygen, postsparkline,
+#    progress, shortcut, sparkline, table, template, teximg, toc, toggle,
+#    version)
+######################################################################
+
+# calendar plugin
+# base of the archives hierarchy
+#archivebase: archives
+# PageSpec of pages to include in the archives, if option `calendar_autocreate` is true.
+archive_pagespec: page(posts/*) and !*/Discussion
+# autocreate new calendar pages?
+#calendar_autocreate: 1
+# if set, when building calendar pages, also build pages of year and month when no pages were published (building empty calendars).
+#calendar_fill_gaps: 1
+
+# img plugin
+# Image formats to process (jpeg, png, gif, svg, pdf or 'everything' to accept all)
+#img_allowed_formats: ''
+
+# listdirectives plugin
+# directory in srcdir that contains directive descriptions
+#directive_description_dir: ikiwiki/directive
+
+# teximg plugin
+# Should teximg use dvipng to render, or dvips and convert?
+#teximg_dvipng: ''
+# LaTeX prefix for teximg plugin
+#teximg_prefix: |
+#  \documentclass{article}
+#  \usepackage[utf8]{inputenc}
+#  \usepackage{amsmath}
+#  \usepackage{amsfonts}
+#  \usepackage{amssymb}
+#  \pagestyle{empty}
+#  \begin{document}
+# LaTeX postfix for teximg plugin
+#teximg_postfix: \end{document}
+
+######################################################################
+# other plugins
+#   (aggregate, autoindex, brokenlinks, camelcase, ddate, embed, favicon,
+#    filecheck, flattr, goodstuff, htmlbalance, localstyle, loginselector,
+#    notifyemail, pagetemplate, pingee, pinger, prettydate, recentchanges,
+#    recentchangesdiff, relativedate, rsync, sidebar, smiley,
+#    sortnaturally, tag, testpagespec, trail, transient)
+######################################################################
+
+# aggregate plugin
+# enable aggregation to internal pages?
+#aggregateinternal: 1
+# allow aggregation to be triggered via the web?
+#aggregate_webtrigger: 0
+
+# autoindex plugin
+# commit autocreated index pages
+#autoindex_commit: 1
+
+# camelcase plugin
+# list of words to not turn into links
+#camelcase_ignore: []
+
+# flattr plugin
+# userid or user name to use by default for Flattr buttons
+#flattr_userid: joeyh
+
+# pinger plugin
+# how many seconds to try pinging before timing out
+#pinger_timeout: 15
+
+# prettydate plugin
+# format to use to display date
+#prettydateformat: '%X, %B %o, %Y'
+
+# recentchanges plugin
+# name of the recentchanges page
+#recentchangespage: recentchanges
+# number of changes to track
+#recentchangesnum: 100
+
+# rsync plugin
+# command to run to sync updated pages
+#rsync_command: rsync -qa --delete . user@host:/path/to/docroot/
+
+# sidebar plugin
+# show sidebar page on all pages?
+global_sidebars: 0
+
+# tag plugin
+# parent page tags are located under
+tagbase: tags
+# autocreate new tag pages?
+#tag_autocreate: 1
+# commit autocreated tag pages
+#tag_autocreate_commit: 1

config/hosts/web-public-2/nginx.nix

@@ -20,6 +20,7 @@
           birdsite.nekover.se 10.202.41.107:8443;
           cloud.nekover.se 10.202.41.122:8443;
           element.nekover.se 127.0.0.1:8443;
+          fi.nekover.se 10.202.41.125:8443;
           gameserver.grzb.de 127.0.0.1:8443;
           git.grzb.de 127.0.0.1:8443;
           git.nekover.se 10.202.41.106:8443;

config/hosts/web-public-2/virtualHosts/acme-challenge.nix

@@ -7,6 +7,7 @@ let
     "netbox.grzb.de" = "netbox.vs.grzb.de";
     "git.nekover.se" = "forgejo.vs.grzb.de";
     "grafana.grzb.de" = "metrics.vs.grzb.de";
+    "fi.nekover.se" = "ikiwiki.vs.grzb.de";
     "jackett.grzb.de" = "torrent.vs.grzb.de";
     "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";
     "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de";

hosts.nix

@@ -26,13 +26,14 @@ let
   }) hosts;
 in
   generateDefaults {
-    #fee = {
-    #  site = "wg";
-    #};
     hydra = {
       site = "vs";
       environment = "proxmox";
     };
+    ikiwiki = {
+      site = "vs";
+      environment = "proxmox";
+    };
     iperf = {
       site = "vs";
       environment = "proxmox";