Compare commits

...

No commits in common. "c4fca0087e15d8f26081e3866a0f23142d818fc9" and "b2f80aa59898640ae0c2f6efb762019b6ad82aa7" have entirely different histories.

7 changed files with 84 additions and 64 deletions

View file

@ -11,7 +11,7 @@ let
''; '';
ikiwikiSettings = { ikiwikiSettings = {
wikiname = "fi-zone"; wikiname = "fi-zone";
adminemail = "fiona@grzb.de"; adminemail = "fi@ikiwiki.vs.grzb.de";
adminuser = [ adminuser = [
"fi" "fi"
]; ];
@ -22,7 +22,6 @@ let
cgiurl = "https://fi.nekover.se/ikiwiki.cgi"; cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
reverse_proxy = 0; reverse_proxy = 0;
cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi"; cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi";
cgi_wrappermode = "06755"; cgi_wrappermode = "06755";
cgi_overload_delay = ""; cgi_overload_delay = "";
cgi_overload_message = ""; cgi_overload_message = "";
@ -31,7 +30,6 @@ let
add_plugins = [ add_plugins = [
"goodstuff" "goodstuff"
"websetup" "websetup"
"httpauth"
]; ];
disable_plugins = []; disable_plugins = [];
templatedir = "${ikiwikiBootstrapTheme}"; templatedir = "${ikiwikiBootstrapTheme}";
@ -73,20 +71,33 @@ let
ikiwikiSettingsHeader ikiwikiSettingsHeader
((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings) ((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
]; ];
ikiwikiSetupAutomator = pkgs.writeScript "fi-zone.initial.setup" ''
#!${pkgs.perl}/bin/perl
require IkiWiki::Setup::Automator;
IkiWiki::Setup::Automator->import(
wikiname => '${ikiwikiSettings.wikiname}',
adminuser => ['fi'],
srcdir => '${ikiwikiSettings.srcdir}',
destdir => '${ikiwikiSettings.destdir}',
dumpsetup => '${ikiwikiSettings.wikiname}.setup',
url => '${ikiwikiSettings.url}',
cgiurl => '${ikiwikiSettings.cgiurl}',
cgi_wrapper => '${ikiwikiSettings.cgi_wrapper}',
adminemail => '${ikiwikiSettings.adminemail}',
add_plugins => [qw{goodstuff websetup}],
disable_plugins => [qw{}],
libdir => '${ikiwikiSettings.libdir}',
rss => 1,
atom => 1,
syslog => 1,
)
'';
in in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ikiwiki-full ikiwiki-full
]; ];
users = {
users.ikiwiki = {
isSystemUser = true;
group = "ikiwiki";
};
groups.ikiwiki = {};
};
services.fcgiwrap.instances."ikiwiki" = { services.fcgiwrap.instances."ikiwiki" = {
socket = { socket = {
user = config.services.nginx.user; user = config.services.nginx.user;
@ -98,19 +109,21 @@ in
}; };
}; };
systemd.services.ikiwiki-directory-setup = { systemd.services.ikiwiki-initial-setup = {
description = "Setup ikiwiki directory structure."; description = "Run the initial setup of ikiwiki and set permissions.";
script = '' script = ''
mkdir -p ${ikiwikiDataPath} mkdir -p ${ikiwikiDataPath}
mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki chown ${config.services.nginx.user}:${config.services.nginx.group} ${ikiwikiDataPath}
touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile if [ ! -d "${ikiwikiSettings.srcdir}" ]; then
chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath} ${pkgs.sudo}/bin/sudo -u ${config.services.nginx.user} ${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSetupAutomator}
fi
''; '';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "root"; User = "root";
Group = "root";
}; };
wantedBy = [ wantedBy = [
@ -124,35 +137,13 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}"; ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
User = config.users.users.ikiwiki.name; User = config.services.nginx.user;
Group = config.users.users.ikiwiki.group; Group = config.services.nginx.group;
Requires = [ "ikiwiki-directory-setup.service" ]; Requires = [ "ikiwiki-initial-setup.service" ];
}; };
wantedBy = [ wantedBy = [
"multi-user.target" "multi-user.target"
]; ];
}; };
systemd.services.ikiwiki-auth-setup = {
description = "Setup auth subdirectory for ikiwiki.cgi";
script = ''
mkdir -p ${ikiwikiSettings.destdir}/auth
if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then
ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi
fi
'';
serviceConfig = {
Type = "simple";
User = config.users.users.ikiwiki.name;
Group = config.users.users.ikiwiki.group;
Requires = [ "ikiwiki-settings-setup.service" ];
};
wantedBy = [
"multi-user.target"
];
};
} }

View file

@ -26,16 +26,12 @@ in
tryFiles = "$uri $uri/ =404"; tryFiles = "$uri $uri/ =404";
}; };
"~ .cgi" = { "~ .cgi" = {
basicAuth = {
fi = "test";
};
extraConfig = '' extraConfig = ''
gzip off; gzip off;
fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address}; fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
fastcgi_index ikiwiki.cgi; fastcgi_index ikiwiki.cgi;
fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi; fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone; fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
fastcgi_param REMOTE_USER $remote_user if_not_empty;
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
''; '';
}; };

View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
@ -55,4 +55,12 @@
"/secrets/matrix-keycloak-client-secret.secret" "/secrets/matrix-keycloak-client-secret.secret"
]; ];
}; };
services.matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
};
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
};
} }

View file

@ -33,6 +33,14 @@
permissions = "0640"; permissions = "0640";
uploadAt = "pre-activation"; uploadAt = "pre-activation";
}; };
"matrix-SYNCV3_SECRET.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/SYNCV3_SECRET" ];
destDir = "/secrets";
user = "matrix-synapse";
group = "matrix-synapse";
permissions = "0640";
uploadAt = "pre-activation";
};
"matrix-keycloak-client-secret.secret" = { "matrix-keycloak-client-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ]; keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
destDir = "/secrets"; destDir = "/secrets";

View file

@ -2,9 +2,9 @@
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598 # - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos # - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
{ nixpkgs-unstable, ... }: { pkgs, ... }:
{ {
systemd.packages = [ nixpkgs-unstable.legacyPackages."x86_64-linux".qbittorrent-nox ]; systemd.packages = [ pkgs.qbittorrent-nox ];
systemd.services."qbittorrent-nox@torrent" = { systemd.services."qbittorrent-nox@torrent" = {
overrideStrategy = "asDropin"; overrideStrategy = "asDropin";

View file

@ -34,11 +34,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1731805462, "lastModified": 1729386149,
"narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -55,11 +55,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732151224, "lastModified": 1729472750,
"narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=", "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c", "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -70,11 +70,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731842749, "lastModified": 1730963269,
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=", "narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682", "rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,11 +101,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1732154639, "lastModified": 1730992357,
"narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=", "narHash": "sha256-YsODAqOF2xAHyK4+pKiS9nmGu+vQW+9kc5P7uRCirIM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d", "rev": "b651050919c85b9131fa0d2640115ffd9266daad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -117,11 +117,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1732136765, "lastModified": 1730945957,
"narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=", "narHash": "sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc+bu0J/uW3BSg7tOs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2", "rev": "0093b93ec307d42f51ced7ce90dda6c37516e98a",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -61,6 +61,10 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
mail-2 = {
site = "wg";
environment = "proxmox";
};
mastodon = { mastodon = {
hostNixpkgs = nixpkgs-unstable; hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
@ -74,6 +78,11 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
navidrome = {
hostNixpkgs = nixpkgs-unstable;
site = "wg";
environment = "proxmox";
};
netbox = { netbox = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
@ -86,6 +95,10 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
paperless = {
site = "wg";
environment = "proxmox";
};
coturn = { coturn = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
@ -107,6 +120,10 @@ in
site = "af"; site = "af";
environment = "openstack"; environment = "openstack";
}; };
web-public-1 = {
site = "wg";
environment = "proxmox";
};
web-public-2 = { web-public-2 = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";