diff --git a/config/hosts/ikiwiki/configuration.nix b/config/hosts/ikiwiki/configuration.nix new file mode 100644 index 0000000..632c401 --- /dev/null +++ b/config/hosts/ikiwiki/configuration.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "ikiwiki"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 8443 ]; + }; + }; + + fileSystems = { + # partition data disk with `sudo mkfs.ext4 /dev/vdx` + # label data disk with `e2label /dev/vdx "data"` + "/mnt/data" = { + device = "/dev/disk/by-label/data"; + fsType = "ext4"; + autoResize = true; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/config/hosts/ikiwiki/default.nix b/config/hosts/ikiwiki/default.nix new file mode 100644 index 0000000..bc9766c --- /dev/null +++ b/config/hosts/ikiwiki/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./ikiwiki.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/ikiwiki/ikiwiki.nix b/config/hosts/ikiwiki/ikiwiki.nix new file mode 100644 index 0000000..35fea70 --- /dev/null +++ b/config/hosts/ikiwiki/ikiwiki.nix @@ -0,0 +1,17 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + ikiwiki-full + ]; + + services.fcgiwrap.instances."ikiwiki" = { + socket = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + process = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + }; +} diff --git a/config/hosts/ikiwiki/nginx.nix b/config/hosts/ikiwiki/nginx.nix new file mode 100644 index 0000000..b78131f --- /dev/null +++ b/config/hosts/ikiwiki/nginx.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."fi.nekover.se" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + root = "/mnt/data/public_html/fi-zone"; + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ .cgi" = { + extraConfig = '' + gzip off; + fastcgi_pass unix:/var/run/fcgiwrap-ikiwiki.sock; + include ${pkgs.nginx}/conf/fastcgi_params; + ''; + }; + }; + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 8debb31..1f14695 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -20,6 +20,7 @@ birdsite.nekover.se 10.202.41.107:8443; cloud.nekover.se 10.202.41.122:8443; element.nekover.se 127.0.0.1:8443; + fi.nekover.se 10.202.41.125:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; git.nekover.se 10.202.41.106:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index 558aa95..59b9d3a 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -7,6 +7,7 @@ let "netbox.grzb.de" = "netbox.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; + "fi.nekover.se" = "ikiwiki.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de"; diff --git a/hosts.nix b/hosts.nix index 363f377..4515394 100644 --- a/hosts.nix +++ b/hosts.nix @@ -26,13 +26,14 @@ let }) hosts; in generateDefaults { - #fee = { - # site = "wg"; - #}; hydra = { site = "vs"; environment = "proxmox"; }; + ikiwiki = { + site = "vs"; + environment = "proxmox"; + }; iperf = { site = "vs"; environment = "proxmox";