Compare commits
No commits in common. "b2f80aa59898640ae0c2f6efb762019b6ad82aa7" and "c4fca0087e15d8f26081e3866a0f23142d818fc9" have entirely different histories.
b2f80aa598
...
c4fca0087e
|
@ -11,7 +11,7 @@ let
|
||||||
'';
|
'';
|
||||||
ikiwikiSettings = {
|
ikiwikiSettings = {
|
||||||
wikiname = "fi-zone";
|
wikiname = "fi-zone";
|
||||||
adminemail = "fi@ikiwiki.vs.grzb.de";
|
adminemail = "fiona@grzb.de";
|
||||||
adminuser = [
|
adminuser = [
|
||||||
"fi"
|
"fi"
|
||||||
];
|
];
|
||||||
|
@ -22,6 +22,7 @@ let
|
||||||
cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
|
cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
|
||||||
reverse_proxy = 0;
|
reverse_proxy = 0;
|
||||||
cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
|
cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
|
||||||
|
cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi";
|
||||||
cgi_wrappermode = "06755";
|
cgi_wrappermode = "06755";
|
||||||
cgi_overload_delay = "";
|
cgi_overload_delay = "";
|
||||||
cgi_overload_message = "";
|
cgi_overload_message = "";
|
||||||
|
@ -30,6 +31,7 @@ let
|
||||||
add_plugins = [
|
add_plugins = [
|
||||||
"goodstuff"
|
"goodstuff"
|
||||||
"websetup"
|
"websetup"
|
||||||
|
"httpauth"
|
||||||
];
|
];
|
||||||
disable_plugins = [];
|
disable_plugins = [];
|
||||||
templatedir = "${ikiwikiBootstrapTheme}";
|
templatedir = "${ikiwikiBootstrapTheme}";
|
||||||
|
@ -71,33 +73,20 @@ let
|
||||||
ikiwikiSettingsHeader
|
ikiwikiSettingsHeader
|
||||||
((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
|
((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
|
||||||
];
|
];
|
||||||
ikiwikiSetupAutomator = pkgs.writeScript "fi-zone.initial.setup" ''
|
|
||||||
#!${pkgs.perl}/bin/perl
|
|
||||||
require IkiWiki::Setup::Automator;
|
|
||||||
IkiWiki::Setup::Automator->import(
|
|
||||||
wikiname => '${ikiwikiSettings.wikiname}',
|
|
||||||
adminuser => ['fi'],
|
|
||||||
srcdir => '${ikiwikiSettings.srcdir}',
|
|
||||||
destdir => '${ikiwikiSettings.destdir}',
|
|
||||||
dumpsetup => '${ikiwikiSettings.wikiname}.setup',
|
|
||||||
url => '${ikiwikiSettings.url}',
|
|
||||||
cgiurl => '${ikiwikiSettings.cgiurl}',
|
|
||||||
cgi_wrapper => '${ikiwikiSettings.cgi_wrapper}',
|
|
||||||
adminemail => '${ikiwikiSettings.adminemail}',
|
|
||||||
add_plugins => [qw{goodstuff websetup}],
|
|
||||||
disable_plugins => [qw{}],
|
|
||||||
libdir => '${ikiwikiSettings.libdir}',
|
|
||||||
rss => 1,
|
|
||||||
atom => 1,
|
|
||||||
syslog => 1,
|
|
||||||
)
|
|
||||||
'';
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ikiwiki-full
|
ikiwiki-full
|
||||||
];
|
];
|
||||||
|
|
||||||
|
users = {
|
||||||
|
users.ikiwiki = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "ikiwiki";
|
||||||
|
};
|
||||||
|
groups.ikiwiki = {};
|
||||||
|
};
|
||||||
|
|
||||||
services.fcgiwrap.instances."ikiwiki" = {
|
services.fcgiwrap.instances."ikiwiki" = {
|
||||||
socket = {
|
socket = {
|
||||||
user = config.services.nginx.user;
|
user = config.services.nginx.user;
|
||||||
|
@ -109,21 +98,19 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.ikiwiki-initial-setup = {
|
systemd.services.ikiwiki-directory-setup = {
|
||||||
description = "Run the initial setup of ikiwiki and set permissions.";
|
description = "Setup ikiwiki directory structure.";
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p ${ikiwikiDataPath}
|
mkdir -p ${ikiwikiDataPath}
|
||||||
chown ${config.services.nginx.user}:${config.services.nginx.group} ${ikiwikiDataPath}
|
mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki
|
||||||
if [ ! -d "${ikiwikiSettings.srcdir}" ]; then
|
touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile
|
||||||
${pkgs.sudo}/bin/sudo -u ${config.services.nginx.user} ${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSetupAutomator}
|
chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath}
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "root";
|
User = "root";
|
||||||
Group = "root";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
wantedBy = [
|
wantedBy = [
|
||||||
|
@ -137,13 +124,35 @@ in
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
|
ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
|
||||||
User = config.services.nginx.user;
|
User = config.users.users.ikiwiki.name;
|
||||||
Group = config.services.nginx.group;
|
Group = config.users.users.ikiwiki.group;
|
||||||
Requires = [ "ikiwiki-initial-setup.service" ];
|
Requires = [ "ikiwiki-directory-setup.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
wantedBy = [
|
wantedBy = [
|
||||||
"multi-user.target"
|
"multi-user.target"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.ikiwiki-auth-setup = {
|
||||||
|
description = "Setup auth subdirectory for ikiwiki.cgi";
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
mkdir -p ${ikiwikiSettings.destdir}/auth
|
||||||
|
if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then
|
||||||
|
ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
User = config.users.users.ikiwiki.name;
|
||||||
|
Group = config.users.users.ikiwiki.group;
|
||||||
|
Requires = [ "ikiwiki-settings-setup.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
wantedBy = [
|
||||||
|
"multi-user.target"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,12 +26,16 @@ in
|
||||||
tryFiles = "$uri $uri/ =404";
|
tryFiles = "$uri $uri/ =404";
|
||||||
};
|
};
|
||||||
"~ .cgi" = {
|
"~ .cgi" = {
|
||||||
|
basicAuth = {
|
||||||
|
fi = "test";
|
||||||
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
gzip off;
|
gzip off;
|
||||||
fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
|
fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
|
||||||
fastcgi_index ikiwiki.cgi;
|
fastcgi_index ikiwiki.cgi;
|
||||||
fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
|
fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
|
||||||
fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
|
fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
|
||||||
|
fastcgi_param REMOTE_USER $remote_user if_not_empty;
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -55,12 +55,4 @@
|
||||||
"/secrets/matrix-keycloak-client-secret.secret"
|
"/secrets/matrix-keycloak-client-secret.secret"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-sliding-sync = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
|
|
||||||
};
|
|
||||||
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,14 +33,6 @@
|
||||||
permissions = "0640";
|
permissions = "0640";
|
||||||
uploadAt = "pre-activation";
|
uploadAt = "pre-activation";
|
||||||
};
|
};
|
||||||
"matrix-SYNCV3_SECRET.secret" = {
|
|
||||||
keyCommand = keyCommandEnv ++ [ "pass" "matrix/SYNCV3_SECRET" ];
|
|
||||||
destDir = "/secrets";
|
|
||||||
user = "matrix-synapse";
|
|
||||||
group = "matrix-synapse";
|
|
||||||
permissions = "0640";
|
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
"matrix-keycloak-client-secret.secret" = {
|
"matrix-keycloak-client-secret.secret" = {
|
||||||
keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
|
keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
|
||||||
destDir = "/secrets";
|
destDir = "/secrets";
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
|
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
|
||||||
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
|
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
|
||||||
|
|
||||||
{ pkgs, ... }:
|
{ nixpkgs-unstable, ... }:
|
||||||
{
|
{
|
||||||
systemd.packages = [ pkgs.qbittorrent-nox ];
|
systemd.packages = [ nixpkgs-unstable.legacyPackages."x86_64-linux".qbittorrent-nox ];
|
||||||
|
|
||||||
systemd.services."qbittorrent-nox@torrent" = {
|
systemd.services."qbittorrent-nox@torrent" = {
|
||||||
overrideStrategy = "asDropin";
|
overrideStrategy = "asDropin";
|
||||||
|
|
30
flake.lock
30
flake.lock
|
@ -34,11 +34,11 @@
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729386149,
|
"lastModified": 1731805462,
|
||||||
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
|
"narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
|
"rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -55,11 +55,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729472750,
|
"lastModified": 1732151224,
|
||||||
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
|
"narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
|
"rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -70,11 +70,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730963269,
|
"lastModified": 1731842749,
|
||||||
"narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=",
|
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc",
|
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -101,11 +101,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-master": {
|
"nixpkgs-master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730992357,
|
"lastModified": 1732154639,
|
||||||
"narHash": "sha256-YsODAqOF2xAHyK4+pKiS9nmGu+vQW+9kc5P7uRCirIM=",
|
"narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b651050919c85b9131fa0d2640115ffd9266daad",
|
"rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -117,11 +117,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730945957,
|
"lastModified": 1732136765,
|
||||||
"narHash": "sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc+bu0J/uW3BSg7tOs=",
|
"narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0093b93ec307d42f51ced7ce90dda6c37516e98a",
|
"rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
17
hosts.nix
17
hosts.nix
|
@ -61,10 +61,6 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
mail-2 = {
|
|
||||||
site = "wg";
|
|
||||||
environment = "proxmox";
|
|
||||||
};
|
|
||||||
mastodon = {
|
mastodon = {
|
||||||
hostNixpkgs = nixpkgs-unstable;
|
hostNixpkgs = nixpkgs-unstable;
|
||||||
site = "vs";
|
site = "vs";
|
||||||
|
@ -78,11 +74,6 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
navidrome = {
|
|
||||||
hostNixpkgs = nixpkgs-unstable;
|
|
||||||
site = "wg";
|
|
||||||
environment = "proxmox";
|
|
||||||
};
|
|
||||||
netbox = {
|
netbox = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
@ -95,10 +86,6 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
paperless = {
|
|
||||||
site = "wg";
|
|
||||||
environment = "proxmox";
|
|
||||||
};
|
|
||||||
coturn = {
|
coturn = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
@ -120,10 +107,6 @@ in
|
||||||
site = "af";
|
site = "af";
|
||||||
environment = "openstack";
|
environment = "openstack";
|
||||||
};
|
};
|
||||||
web-public-1 = {
|
|
||||||
site = "wg";
|
|
||||||
environment = "proxmox";
|
|
||||||
};
|
|
||||||
web-public-2 = {
|
web-public-2 = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
|
Loading…
Reference in a new issue