Setup ikiwiki host

2024-11-12 21:32:47 +01:00 · 2024-11-12 21:32:47 +01:00 · e1d39fb8d4
parent abc3c08a7a
commit e1d39fb8d4
7 changed files with 97 additions and 3 deletions
--- a/config/hosts/ikiwiki/configuration.nix
+++ b/config/hosts/ikiwiki/configuration.nix
@ -0,0 +1,27 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "ikiwiki";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 8443 ];
+    };
+  };
+
+  fileSystems = {
+    # partition data disk with `sudo mkfs.ext4 /dev/vdx`
+    # label data disk with `e2label /dev/vdx "data"`
+    "/mnt/data" = {
+      device = "/dev/disk/by-label/data";
+      fsType = "ext4";
+      autoResize = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}
--- a/config/hosts/ikiwiki/default.nix
+++ b/config/hosts/ikiwiki/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./ikiwiki.nix
+    ./nginx.nix
+  ];
+}
--- a/config/hosts/ikiwiki/ikiwiki.nix
+++ b/config/hosts/ikiwiki/ikiwiki.nix
@ -0,0 +1,17 @@
+{ pkgs, config, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    ikiwiki-full
+  ];
+
+  services.fcgiwrap.instances."ikiwiki" = {
+    socket = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+    process = {
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+  };
+}
--- a/config/hosts/ikiwiki/nginx.nix
+++ b/config/hosts/ikiwiki/nginx.nix
@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."fi.nekover.se" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 8443;
+          ssl = true;
+          extraParameters = [ "proxy_protocol" ];
+        }
+      ];
+      root = "/mnt/data/public_html/fi-zone";
+      locations = {
+        "/" = {
+          tryFiles = "$uri $uri/ =404";
+        };
+        "~ .cgi" = {
+          extraConfig = ''
+            gzip off;
+            fastcgi_pass unix:/var/run/fcgiwrap-ikiwiki.sock;
+            include ${pkgs.nginx}/conf/fastcgi_params;
+          '';
+        };
+      };
+      extraConfig = ''
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
+    };
+  };
+}
--- a/config/hosts/web-public-2/nginx.nix
+++ b/config/hosts/web-public-2/nginx.nix
@ -20,6 +20,7 @@
          birdsite.nekover.se 10.202.41.107:8443;
          cloud.nekover.se 10.202.41.122:8443;
          element.nekover.se 127.0.0.1:8443;
+          fi.nekover.se 10.202.41.125:8443;
          gameserver.grzb.de 127.0.0.1:8443;
          git.grzb.de 127.0.0.1:8443;
          git.nekover.se 10.202.41.106:8443;
--- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix
+++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix
@ -7,6 +7,7 @@ let
    "netbox.grzb.de" = "netbox.vs.grzb.de";
    "git.nekover.se" = "forgejo.vs.grzb.de";
    "grafana.grzb.de" = "metrics.vs.grzb.de";
+    "fi.nekover.se" = "ikiwiki.vs.grzb.de";
    "jackett.grzb.de" = "torrent.vs.grzb.de";
    "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";
    "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de";
--- a/hosts.nix
+++ b/hosts.nix
@ -26,13 +26,14 @@ let
  }) hosts;
 in
  generateDefaults {
-    #fee = {
-    #  site = "wg";
-    #};
    hydra = {
      site = "vs";
      environment = "proxmox";
    };
+    ikiwiki = {
+      site = "vs";
+      environment = "proxmox";
+    };
    iperf = {
      site = "vs";
      environment = "proxmox";