diff --git a/config/hosts/ikiwiki/ikiwiki.nix b/config/hosts/ikiwiki/ikiwiki.nix index 3a501e6..dff935c 100644 --- a/config/hosts/ikiwiki/ikiwiki.nix +++ b/config/hosts/ikiwiki/ikiwiki.nix @@ -11,7 +11,7 @@ let ''; ikiwikiSettings = { wikiname = "fi-zone"; - adminemail = "fiona@grzb.de"; + adminemail = "fi@ikiwiki.vs.grzb.de"; adminuser = [ "fi" ]; @@ -22,7 +22,6 @@ let cgiurl = "https://fi.nekover.se/ikiwiki.cgi"; reverse_proxy = 0; cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi"; - cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi"; cgi_wrappermode = "06755"; cgi_overload_delay = ""; cgi_overload_message = ""; @@ -31,7 +30,6 @@ let add_plugins = [ "goodstuff" "websetup" - "httpauth" ]; disable_plugins = []; templatedir = "${ikiwikiBootstrapTheme}"; @@ -73,20 +71,33 @@ let ikiwikiSettingsHeader ((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings) ]; + ikiwikiSetupAutomator = pkgs.writeScript "fi-zone.initial.setup" '' + #!${pkgs.perl}/bin/perl + require IkiWiki::Setup::Automator; + IkiWiki::Setup::Automator->import( + wikiname => '${ikiwikiSettings.wikiname}', + adminuser => ['fi'], + srcdir => '${ikiwikiSettings.srcdir}', + destdir => '${ikiwikiSettings.destdir}', + dumpsetup => '${ikiwikiSettings.wikiname}.setup', + url => '${ikiwikiSettings.url}', + cgiurl => '${ikiwikiSettings.cgiurl}', + cgi_wrapper => '${ikiwikiSettings.cgi_wrapper}', + adminemail => '${ikiwikiSettings.adminemail}', + add_plugins => [qw{goodstuff websetup}], + disable_plugins => [qw{}], + libdir => '${ikiwikiSettings.libdir}', + rss => 1, + atom => 1, + syslog => 1, + ) + ''; in { environment.systemPackages = with pkgs; [ ikiwiki-full ]; - users = { - users.ikiwiki = { - isSystemUser = true; - group = "ikiwiki"; - }; - groups.ikiwiki = {}; - }; - services.fcgiwrap.instances."ikiwiki" = { socket = { user = config.services.nginx.user; @@ -98,19 +109,21 @@ in }; }; - systemd.services.ikiwiki-directory-setup = { - description = "Setup ikiwiki directory structure."; + systemd.services.ikiwiki-initial-setup = { + description = "Run the initial setup of ikiwiki and set permissions."; script = '' mkdir -p ${ikiwikiDataPath} - mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki - touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile - chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath} + chown ${config.services.nginx.user}:${config.services.nginx.group} ${ikiwikiDataPath} + if [ ! -d "${ikiwikiSettings.srcdir}" ]; then + ${pkgs.sudo}/bin/sudo -u ${config.services.nginx.user} ${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSetupAutomator} + fi ''; serviceConfig = { Type = "simple"; User = "root"; + Group = "root"; }; wantedBy = [ @@ -124,35 +137,13 @@ in serviceConfig = { Type = "simple"; ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}"; - User = config.users.users.ikiwiki.name; - Group = config.users.users.ikiwiki.group; - Requires = [ "ikiwiki-directory-setup.service" ]; + User = config.services.nginx.user; + Group = config.services.nginx.group; + Requires = [ "ikiwiki-initial-setup.service" ]; }; wantedBy = [ "multi-user.target" ]; - }; - - systemd.services.ikiwiki-auth-setup = { - description = "Setup auth subdirectory for ikiwiki.cgi"; - - script = '' - mkdir -p ${ikiwikiSettings.destdir}/auth - if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then - ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi - fi - ''; - - serviceConfig = { - Type = "simple"; - User = config.users.users.ikiwiki.name; - Group = config.users.users.ikiwiki.group; - Requires = [ "ikiwiki-settings-setup.service" ]; - }; - - wantedBy = [ - "multi-user.target" - ]; - }; + }; } diff --git a/config/hosts/ikiwiki/nginx.nix b/config/hosts/ikiwiki/nginx.nix index 18cd2a7..c3e0760 100644 --- a/config/hosts/ikiwiki/nginx.nix +++ b/config/hosts/ikiwiki/nginx.nix @@ -26,16 +26,12 @@ in tryFiles = "$uri $uri/ =404"; }; "~ .cgi" = { - basicAuth = { - fi = "test"; - }; extraConfig = '' gzip off; fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address}; fastcgi_index ikiwiki.cgi; fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi; fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone; - fastcgi_param REMOTE_USER $remote_user if_not_empty; include ${pkgs.nginx}/conf/fastcgi_params; ''; }; diff --git a/config/hosts/matrix/matrix-synapse.nix b/config/hosts/matrix/matrix-synapse.nix index 7f339bf..e719484 100644 --- a/config/hosts/matrix/matrix-synapse.nix +++ b/config/hosts/matrix/matrix-synapse.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, ... }: { services.matrix-synapse = { enable = true; @@ -55,4 +55,12 @@ "/secrets/matrix-keycloak-client-secret.secret" ]; }; + + services.matrix-sliding-sync = { + enable = true; + settings = { + SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl; + }; + environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret"; + }; } diff --git a/config/hosts/matrix/secrets.nix b/config/hosts/matrix/secrets.nix index a95309e..68e4771 100644 --- a/config/hosts/matrix/secrets.nix +++ b/config/hosts/matrix/secrets.nix @@ -33,6 +33,14 @@ permissions = "0640"; uploadAt = "pre-activation"; }; + "matrix-SYNCV3_SECRET.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "matrix/SYNCV3_SECRET" ]; + destDir = "/secrets"; + user = "matrix-synapse"; + group = "matrix-synapse"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; "matrix-keycloak-client-secret.secret" = { keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ]; destDir = "/secrets"; diff --git a/config/hosts/torrent/qbittorrent-nox/services.nix b/config/hosts/torrent/qbittorrent-nox/services.nix index 71d22f8..4050e15 100644 --- a/config/hosts/torrent/qbittorrent-nox/services.nix +++ b/config/hosts/torrent/qbittorrent-nox/services.nix @@ -2,9 +2,9 @@ # - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598 # - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos -{ nixpkgs-unstable, ... }: +{ pkgs, ... }: { - systemd.packages = [ nixpkgs-unstable.legacyPackages."x86_64-linux".qbittorrent-nox ]; + systemd.packages = [ pkgs.qbittorrent-nox ]; systemd.services."qbittorrent-nox@torrent" = { overrideStrategy = "asDropin"; diff --git a/flake.lock b/flake.lock index 8e74f17..8912e2b 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ }, "nixlib": { "locked": { - "lastModified": 1731805462, - "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1732151224, - "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731842749, - "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=", + "lastModified": 1730963269, + "narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682", + "rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1732154639, - "narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=", + "lastModified": 1730992357, + "narHash": "sha256-YsODAqOF2xAHyK4+pKiS9nmGu+vQW+9kc5P7uRCirIM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d", + "rev": "b651050919c85b9131fa0d2640115ffd9266daad", "type": "github" }, "original": { @@ -117,11 +117,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1732136765, - "narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=", + "lastModified": 1730945957, + "narHash": "sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc+bu0J/uW3BSg7tOs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2", + "rev": "0093b93ec307d42f51ced7ce90dda6c37516e98a", "type": "github" }, "original": { diff --git a/hosts.nix b/hosts.nix index cd5f347..4515394 100644 --- a/hosts.nix +++ b/hosts.nix @@ -61,6 +61,10 @@ in site = "vs"; environment = "proxmox"; }; + mail-2 = { + site = "wg"; + environment = "proxmox"; + }; mastodon = { hostNixpkgs = nixpkgs-unstable; site = "vs"; @@ -74,6 +78,11 @@ in site = "vs"; environment = "proxmox"; }; + navidrome = { + hostNixpkgs = nixpkgs-unstable; + site = "wg"; + environment = "proxmox"; + }; netbox = { site = "vs"; environment = "proxmox"; @@ -86,6 +95,10 @@ in site = "vs"; environment = "proxmox"; }; + paperless = { + site = "wg"; + environment = "proxmox"; + }; coturn = { site = "vs"; environment = "proxmox"; @@ -107,6 +120,10 @@ in site = "af"; environment = "openstack"; }; + web-public-1 = { + site = "wg"; + environment = "proxmox"; + }; web-public-2 = { site = "vs"; environment = "proxmox";