Setup ikiwiki host

2024-11-12 21:32:47 +01:00 · 2024-11-12 21:32:47 +01:00 · e1d39fb8d4
commit e1d39fb8d4
parent abc3c08a7a
7 changed files with 97 additions and 3 deletions
--- a/config/hosts/ikiwiki/configuration.nix
+++ b/config/hosts/ikiwiki/configuration.nix
@ -0,0 +1,27 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "ikiwiki";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 8443 ];
+    };
+  };
+
+  fileSystems = {
+    # partition data disk with `sudo mkfs.ext4 /dev/vdx`
+    # label data disk with `e2label /dev/vdx "data"`
+    "/mnt/data" = {
+      device = "/dev/disk/by-label/data";
+      fsType = "ext4";
+      autoResize = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}
--- a/config/hosts/ikiwiki/default.nix
+++ b/config/hosts/ikiwiki/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./ikiwiki.nix
+    ./nginx.nix
+  ];
+}
--- a/config/hosts/ikiwiki/ikiwiki.nix
+++ b/config/hosts/ikiwiki/ikiwiki.nix
@ -0,0 +1,17 @@
+{ pkgs, config, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    ikiwiki-full
+  ];
+
+  services.fcgiwrap.instances."ikiwiki" = {
+    socket = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+    process = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+  };
+}
--- a/config/hosts/ikiwiki/nginx.nix
+++ b/config/hosts/ikiwiki/nginx.nix
@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."fi.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          extraParameters = [ "proxy_protocol" ];
+        }
+      ];
+      root = "/mnt/data/public_html/fi-zone";
+      locations = {
+        "/" = {
+          tryFiles = "$uri $uri/ =404";
+        };
+        "~ .cgi" = {
+          extraConfig = ''
+            gzip off;
+            fastcgi_pass unix:/var/run/fcgiwrap-ikiwiki.sock;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+          '';
+        };
+      };
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}