From 24c8a4c1c11994898e28eaafb9c9670a113c25a5 Mon Sep 17 00:00:00 2001 From: Fiona Grzebien Date: Tue, 5 Nov 2024 01:41:15 +0100 Subject: [PATCH 1/3] Add cherry root user key to hydra builder --- config/hosts/hydra/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/config/hosts/hydra/configuration.nix b/config/hosts/hydra/configuration.nix index eff89d1..9b554d8 100644 --- a/config/hosts/hydra/configuration.nix +++ b/config/hosts/hydra/configuration.nix @@ -24,6 +24,7 @@ users.users.builder = { isNormalUser = true; openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/plZfxF/RtB+pJsUYx9HUgRcB56EoO0uj+j3AGzZta root@cherry" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeIiHkHA5c6/jZx+BB28c5wchdzlFI7R1gbvNmPyoOg root@kiara" ]; }; From abc3c08a7a01ec43c9571c83b2df9d5da0d15298 Mon Sep 17 00:00:00 2001 From: Fiona Grzebien Date: Thu, 7 Nov 2024 16:20:12 +0100 Subject: [PATCH 2/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/dd6d18bf8d291daca03a444973bd4f9aa5c1f681?narHash=sha256-O2/v/ocUL0KsACqEIK5eD5XeX46duRIgKdOu6uCKarw%3D' (2024-10-28) → 'github:NixOS/nixpkgs/83fb6c028368e465cd19bb127b86f971a5e41ebc?narHash=sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0%3D' (2024-11-07) • Updated input 'nixpkgs-master': 'github:NixOS/nixpkgs/ec7caabec9679b1a9008e0cbcfa4b14a2b600774?narHash=sha256-WPGVR8NW9ctqwLMtYV23b94ExQulTFoTKqD21WI3fbg%3D' (2024-10-29) → 'github:NixOS/nixpkgs/b651050919c85b9131fa0d2640115ffd9266daad?narHash=sha256-YsODAqOF2xAHyK4%2BpKiS9nmGu%2BvQW%2B9kc5P7uRCirIM%3D' (2024-11-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/75e28c029ef2605f9841e0baa335d70065fe7ae2?narHash=sha256-P8wF4ag6Srmpb/gwskYpnIsnspbjZlRvu47iN527ABQ%3D' (2024-10-28) → 'github:NixOS/nixpkgs/0093b93ec307d42f51ced7ce90dda6c37516e98a?narHash=sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc%2Bbu0J/uW3BSg7tOs%3D' (2024-11-07) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 4534930..8912e2b 100644 --- a/flake.lock +++ b/flake.lock @@ -70,11 +70,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730142757, - "narHash": "sha256-O2/v/ocUL0KsACqEIK5eD5XeX46duRIgKdOu6uCKarw=", + "lastModified": 1730963269, + "narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dd6d18bf8d291daca03a444973bd4f9aa5c1f681", + "rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc", "type": "github" }, "original": { @@ -101,11 +101,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1730209337, - "narHash": "sha256-WPGVR8NW9ctqwLMtYV23b94ExQulTFoTKqD21WI3fbg=", + "lastModified": 1730992357, + "narHash": "sha256-YsODAqOF2xAHyK4+pKiS9nmGu+vQW+9kc5P7uRCirIM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ec7caabec9679b1a9008e0cbcfa4b14a2b600774", + "rev": "b651050919c85b9131fa0d2640115ffd9266daad", "type": "github" }, "original": { @@ -117,11 +117,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730157240, - "narHash": "sha256-P8wF4ag6Srmpb/gwskYpnIsnspbjZlRvu47iN527ABQ=", + "lastModified": 1730945957, + "narHash": "sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc+bu0J/uW3BSg7tOs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75e28c029ef2605f9841e0baa335d70065fe7ae2", + "rev": "0093b93ec307d42f51ced7ce90dda6c37516e98a", "type": "github" }, "original": { From e1d39fb8d4d3332b6fa32909f7cdd452057d7b51 Mon Sep 17 00:00:00 2001 From: fi Date: Tue, 12 Nov 2024 21:32:47 +0100 Subject: [PATCH 3/3] Setup ikiwiki host --- config/hosts/ikiwiki/configuration.nix | 27 +++++++++++++ config/hosts/ikiwiki/default.nix | 8 ++++ config/hosts/ikiwiki/ikiwiki.nix | 17 ++++++++ config/hosts/ikiwiki/nginx.nix | 39 +++++++++++++++++++ config/hosts/web-public-2/nginx.nix | 1 + .../virtualHosts/acme-challenge.nix | 1 + hosts.nix | 7 ++-- 7 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 config/hosts/ikiwiki/configuration.nix create mode 100644 config/hosts/ikiwiki/default.nix create mode 100644 config/hosts/ikiwiki/ikiwiki.nix create mode 100644 config/hosts/ikiwiki/nginx.nix diff --git a/config/hosts/ikiwiki/configuration.nix b/config/hosts/ikiwiki/configuration.nix new file mode 100644 index 0000000..632c401 --- /dev/null +++ b/config/hosts/ikiwiki/configuration.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "ikiwiki"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 8443 ]; + }; + }; + + fileSystems = { + # partition data disk with `sudo mkfs.ext4 /dev/vdx` + # label data disk with `e2label /dev/vdx "data"` + "/mnt/data" = { + device = "/dev/disk/by-label/data"; + fsType = "ext4"; + autoResize = true; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/config/hosts/ikiwiki/default.nix b/config/hosts/ikiwiki/default.nix new file mode 100644 index 0000000..bc9766c --- /dev/null +++ b/config/hosts/ikiwiki/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./ikiwiki.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/ikiwiki/ikiwiki.nix b/config/hosts/ikiwiki/ikiwiki.nix new file mode 100644 index 0000000..35fea70 --- /dev/null +++ b/config/hosts/ikiwiki/ikiwiki.nix @@ -0,0 +1,17 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + ikiwiki-full + ]; + + services.fcgiwrap.instances."ikiwiki" = { + socket = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + process = { + user = config.services.nginx.user; + group = config.services.nginx.group; + }; + }; +} diff --git a/config/hosts/ikiwiki/nginx.nix b/config/hosts/ikiwiki/nginx.nix new file mode 100644 index 0000000..b78131f --- /dev/null +++ b/config/hosts/ikiwiki/nginx.nix @@ -0,0 +1,39 @@ +{ pkgs, ... }: +{ + services.nginx = { + enable = true; + virtualHosts."fi.nekover.se" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + root = "/mnt/data/public_html/fi-zone"; + locations = { + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + "~ .cgi" = { + extraConfig = '' + gzip off; + fastcgi_pass unix:/var/run/fcgiwrap-ikiwiki.sock; + include ${pkgs.nginx}/conf/fastcgi_params; + ''; + }; + }; + extraConfig = '' + set_real_ip_from 10.202.41.100; + real_ip_header proxy_protocol; + ''; + }; + }; +} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 8debb31..1f14695 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -20,6 +20,7 @@ birdsite.nekover.se 10.202.41.107:8443; cloud.nekover.se 10.202.41.122:8443; element.nekover.se 127.0.0.1:8443; + fi.nekover.se 10.202.41.125:8443; gameserver.grzb.de 127.0.0.1:8443; git.grzb.de 127.0.0.1:8443; git.nekover.se 10.202.41.106:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index 558aa95..59b9d3a 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -7,6 +7,7 @@ let "netbox.grzb.de" = "netbox.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; + "fi.nekover.se" = "ikiwiki.vs.grzb.de"; "jackett.grzb.de" = "torrent.vs.grzb.de"; "jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de"; "keycloak-admin.nekover.se" = "keycloak.vs.grzb.de"; diff --git a/hosts.nix b/hosts.nix index 363f377..4515394 100644 --- a/hosts.nix +++ b/hosts.nix @@ -26,13 +26,14 @@ let }) hosts; in generateDefaults { - #fee = { - # site = "wg"; - #}; hydra = { site = "vs"; environment = "proxmox"; }; + ikiwiki = { + site = "vs"; + environment = "proxmox"; + }; iperf = { site = "vs"; environment = "proxmox";