diff --git a/config/hosts/ikiwiki/configuration.nix b/config/hosts/ikiwiki/configuration.nix new file mode 100644 index 0000000..632c401 --- /dev/null +++ b/config/hosts/ikiwiki/configuration.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "ikiwiki"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 8443 ]; + }; + }; + + fileSystems = { + # partition data disk with `sudo mkfs.ext4 /dev/vdx` + # label data disk with `e2label /dev/vdx "data"` + "/mnt/data" = { + device = "/dev/disk/by-label/data"; + fsType = "ext4"; + autoResize = true; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/config/hosts/ikiwiki/default.nix b/config/hosts/ikiwiki/default.nix new file mode 100644 index 0000000..bc9766c --- /dev/null +++ b/config/hosts/ikiwiki/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./ikiwiki.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/ikiwiki/ikiwiki.nix b/config/hosts/ikiwiki/ikiwiki.nix new file mode 100644 index 0000000..3a501e6 --- /dev/null +++ b/config/hosts/ikiwiki/ikiwiki.nix @@ -0,0 +1,158 @@ +{ pkgs, config, ... }: +let + ikiwikiBootstrapTheme = pkgs.fetchgit { + url = "https://github.com/dequis/ikiwiki-bootstrap-theme.git"; + rev = "afaedf8460d03664be6f590cf632b8be05de77dc"; + hash = "sha256-iX/onqrsvzJdDrJ7WoQMnlAQtOA+rmi+esv25/IOsq8="; + }; # TODO: fork and set link color to #6d2bff or something + ikiwikiDataPath = "/mnt/data/ikiwiki"; + ikiwikiSettingsHeader = pkgs.writeText "ikiwiki-settings-header" '' + # IkiWiki::Setup::Yaml - YAML formatted setup file + ''; + ikiwikiSettings = { + wikiname = "fi-zone"; + adminemail = "fiona@grzb.de"; + adminuser = [ + "fi" + ]; + banned_users = []; + srcdir = "${ikiwikiDataPath}/fi-zone"; + destdir = "${ikiwikiDataPath}/public_html/fi-zone"; + url = "https://fi.nekover.se/"; + cgiurl = "https://fi.nekover.se/ikiwiki.cgi"; + reverse_proxy = 0; + cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi"; + cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi"; + cgi_wrappermode = "06755"; + cgi_overload_delay = ""; + cgi_overload_message = ""; + only_committed_changes = 0; + rcs = ""; + add_plugins = [ + "goodstuff" + "websetup" + "httpauth" + ]; + disable_plugins = []; + templatedir = "${ikiwikiBootstrapTheme}"; + underlaydir = "${pkgs.ikiwiki-full}/share/ikiwiki/basewiki"; + usedirs = 1; + prefix_directives = 1; + indexpages = 0; + discussion = 0; + html5 = 1; + sslcookie = 1; + default_pageext = "mdwn"; + htmlext = "html"; + timeformat = "%c"; + userdir = ""; + numbacklinks = 10; + hardlink = 0; + libdirs = []; + libdir = "${ikiwikiDataPath}/.ikiwiki"; + ENV = {}; + timezone = ":/etc/localtime"; + wiki_file_chars = "-[:alnum:]+/.:_"; + allow_symlinks_before_srcdir = 0; + cookiejar = { + file = "${ikiwikiDataPath}/.ikiwiki/cookies"; + }; + useragent = "ikiwiki/${pkgs.ikiwiki-full.version}"; + responsive_layout = 1; + deterministic = 0; + rss = 1; + atom = 1; + blogspam_pagespec = "postcomment(*)"; + locked_pages = "* and !postcomment(*)"; + comments_pagespec = "posts/* and !*/Discussion"; + archive_pagespec = "page(posts/*) and !*/Discussion"; + global_sidebars = 0; + tagbase = "tags"; + }; + ikiwikiSettingsFile = pkgs.concatText "fi-zone.setup" [ + ikiwikiSettingsHeader + ((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings) + ]; +in +{ + environment.systemPackages = with pkgs; [ + ikiwiki-full + ]; + + users = { + users.ikiwiki = { + isSystemUser = true; + group = "ikiwiki"; + }; + groups.ikiwiki = {}; + }; + + services.fcgiwrap.instances."ikiwiki" = { + socket = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + process = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + }; + + systemd.services.ikiwiki-directory-setup = { + description = "Setup ikiwiki directory structure."; + + script = '' + mkdir -p ${ikiwikiDataPath} + mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki + touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile + chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath} + ''; + + serviceConfig = { + Type = "simple"; + User = "root"; + }; + + wantedBy = [ + "multi-user.target" + ]; + }; + + systemd.services.ikiwiki-settings-setup = { + description = "Setup ikiwiki with configuration managed by NixOS."; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}"; + User = config.users.users.ikiwiki.name; + Group = config.users.users.ikiwiki.group; + Requires = [ "ikiwiki-directory-setup.service" ]; + }; + + wantedBy = [ + "multi-user.target" + ]; + }; + + systemd.services.ikiwiki-auth-setup = { + description = "Setup auth subdirectory for ikiwiki.cgi"; + + script = '' + mkdir -p ${ikiwikiSettings.destdir}/auth + if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then + ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi + fi + ''; + + serviceConfig = { + Type = "simple"; + User = config.users.users.ikiwiki.name; + Group = config.users.users.ikiwiki.group; + Requires = [ "ikiwiki-settings-setup.service" ]; + }; + + wantedBy = [ + "multi-user.target" + ]; + }; +} diff --git a/config/hosts/ikiwiki/nginx.nix b/config/hosts/ikiwiki/nginx.nix new file mode 100644 index 0000000..18cd2a7 --- /dev/null +++ b/config/hosts/ikiwiki/nginx.nix @@ -0,0 +1,49 @@ +{ pkgs, config, ... }: +let + ikiwikiDataPath = "/mnt/data/ikiwiki"; +in +{ + services.nginx = { + enable = true; + virtualHosts."fi.nekover.se" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + root = "${ikiwikiDataPath}/public_html/fi-zone"; + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ .cgi" = { + basicAuth = { + fi = "test"; + }; + extraConfig = '' + gzip off; + fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address}; + fastcgi_index ikiwiki.cgi; + fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi; + fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone; + fastcgi_param REMOTE_USER $remote_user if_not_empty; + include ${pkgs.nginx}/conf/fastcgi_params; + ''; + }; + }; + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 8debb31..1f14695 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -20,6 +20,7 @@ birdsite.nekover.se 10.202.41.107:8443; cloud.nekover.se 10.202.41.122:8443; element.nekover.se 127.0.0.1:8443; + fi.nekover.se 10.202.41.125:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; git.nekover.se 10.202.41.106:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index 558aa95..59b9d3a 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -7,6 +7,7 @@ let "netbox.grzb.de" = "netbox.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; + "fi.nekover.se" = "ikiwiki.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de"; diff --git a/hosts.nix b/hosts.nix index 17e93a6..cd5f347 100644 --- a/hosts.nix +++ b/hosts.nix @@ -30,6 +30,10 @@ in site = "vs"; environment = "proxmox"; }; + ikiwiki = { + site = "vs"; + environment = "proxmox"; + }; iperf = { site = "vs"; environment = "proxmox";