From 608639fddb246ae44ebd72ac08b970c309857329 Mon Sep 17 00:00:00 2001 From: Nick Date: Sat, 19 Oct 2024 15:04:13 -0500 Subject: [PATCH] feat: wiki test --- config/default.nix | 1 + config/instance.nix | 26 ++++++- .../modules/firefox/config/bookmarks.nix | 12 +++ home-manager/modules/obs-studio/default.nix | 1 + nixos/modules/services/acme.nix | 1 + nixos/modules/services/default.nix | 1 + nixos/modules/services/owncast.nix | 14 +--- nixos/modules/services/wiki.nix | 77 +++++++++++++++++++ secrets/secrets.yaml | 5 +- 9 files changed, 122 insertions(+), 16 deletions(-) create mode 100644 nixos/modules/services/wiki.nix diff --git a/config/default.nix b/config/default.nix index 585f5b5..16f5fd1 100755 --- a/config/default.nix +++ b/config/default.nix @@ -28,6 +28,7 @@ "syncthing" "synology" "vaultwarden" + "wiki" "writefreely" ]; userNames = [ diff --git a/config/instance.nix b/config/instance.nix index 09ab65f..08fac86 100755 --- a/config/instance.nix +++ b/config/instance.nix @@ -16,6 +16,7 @@ let syncthingLabel = "Syncthing"; synologyLabel = "Synology"; vaultwardenLabel = "Vaultwarden"; + wikiLabel = "Wiki"; writefreelyLabel = "WriteFreely"; acmeName = "acme"; @@ -35,6 +36,7 @@ let syncthingName = "syncthing"; synologyName = "synology"; vaultwardenName = "vaultwarden"; + wikiName = "wiki"; writefreelyName = "writefreely"; domain0 = "cloudbert.fun"; @@ -336,6 +338,26 @@ in { key = "${sslPath}/${vaultwardenName}.${domain0}/key.pem"; }; }; + wiki = let + wikiSubdomain = "vault"; + in { + label = wikiLabel; + name = wikiName; + sops = { + path0 = "${sops}/${wikiName}"; + }; + subdomain = wikiSubdomain; + paths = { + path0 = "${servicePath}/${wikiLabel}/BackupDir"; + }; + ports = { + port0 = 3033; + }; + ssl = { + cert = "${sslPath}/${wikiSubdomain}.${domain1}/fullchain.pem"; + key = "${sslPath}/${wikiSubdomain}.${domain1}/key.pem"; + }; + }; writefreely = let writefreelyDomain = "blog"; in { @@ -352,8 +374,8 @@ in { port0 = 8093; }; ssl = { - cert = "${sslPath}/${writefreelyDomain}.${domain0}/fullchain.pem"; - key = "${sslPath}/${writefreelyDomain}.${domain0}/key.pem"; + cert = "${sslPath}/${writefreelyDomain}.${domain1}/fullchain.pem"; + key = "${sslPath}/${writefreelyDomain}.${domain1}/key.pem"; }; }; }; diff --git a/home-manager/modules/firefox/config/bookmarks.nix b/home-manager/modules/firefox/config/bookmarks.nix index 9354aa8..e5f65dc 100755 --- a/home-manager/modules/firefox/config/bookmarks.nix +++ b/home-manager/modules/firefox/config/bookmarks.nix @@ -495,6 +495,18 @@ tags = ["ollama" "chat" "ai"]; keyword = "Ollama"; } + { + name = "Owncast (Admin)"; + url = "http://192.168.50.140:9454"; + tags = ["owncast" "own" "cast" "stream"]; + keyword = "Owncast"; + } + { + name = "Owncast (Server)"; + url = "http://stream.the-nutrivore.social"; + tags = ["owncast" "own" "cast" "stream"]; + keyword = "Owncast"; + } { name = "PeerTube"; url = "https://video.the-nutrivore.social"; diff --git a/home-manager/modules/obs-studio/default.nix b/home-manager/modules/obs-studio/default.nix index 6676636..899c5de 100755 --- a/home-manager/modules/obs-studio/default.nix +++ b/home-manager/modules/obs-studio/default.nix @@ -5,6 +5,7 @@ plugins = with pkgs.obs-studio-plugins; [ obs-tuna obs-vkcapture + obs-multi-rtmp ]; }; }; diff --git a/nixos/modules/services/acme.nix b/nixos/modules/services/acme.nix index 38138d4..9652892 100755 --- a/nixos/modules/services/acme.nix +++ b/nixos/modules/services/acme.nix @@ -25,6 +25,7 @@ ]; domain1SubdomainNames = [ + "wiki" "nextcloud" "castopod" "forgejo" diff --git a/nixos/modules/services/default.nix b/nixos/modules/services/default.nix index 3b8fc92..42c334b 100755 --- a/nixos/modules/services/default.nix +++ b/nixos/modules/services/default.nix @@ -14,6 +14,7 @@ ./owncast.nix ./samba.nix ./vaultwarden.nix + ./wiki.nix # These are all broken. diff --git a/nixos/modules/services/owncast.nix b/nixos/modules/services/owncast.nix index 6662f9f..1a7e08a 100755 --- a/nixos/modules/services/owncast.nix +++ b/nixos/modules/services/owncast.nix @@ -1,8 +1,8 @@ {flake, ...}: let inherit (flake.config.people) user0; inherit (flake.config.people.user.${user0}) domain; - inherit (flake.config.system.device) server wildcard; - inherit (flake.config.service.instance.owncast) paths ports subdomain ssl name; + inherit (flake.config.system.device) wildcard; + inherit (flake.config.service.instance.owncast) ports subdomain ssl; localhost = wildcard.ip.address1; host = "${subdomain}.${domain.url1}"; in { @@ -25,16 +25,6 @@ in { }; }; }; - # fileSystems."/var/lib/${name}" = { - # device = paths.path0; - # fsType = "none"; - # options = ["bind"]; - # depends = [server.storage0.mount]; - # }; - - # systemd.tmpfiles.rules = [ - # "Z ${paths.path0} 755 ${name} ${name} -" - # ]; networking = { firewall = { diff --git a/nixos/modules/services/wiki.nix b/nixos/modules/services/wiki.nix new file mode 100644 index 0000000..d662d73 --- /dev/null +++ b/nixos/modules/services/wiki.nix @@ -0,0 +1,77 @@ +{ + flake, + config, + ... +}: let + inherit (flake.config.people) user0; + inherit (flake.config.people.user.${user0}) domain; + inherit (flake.config.system.device) server wildcard; + inherit (flake.config.service.instance.wiki) paths ports subdomain ssl sops name; + localhost = wildcard.ip.address1; + host = "${subdomain}.${domain.url1}"; +in { + services = { + wiki-js = { + enable = true; + environmentFile = config.sops.secrets."wiki-pass".path; + settings = { + port = ports.port0; + bindIP = localhost; + db = { + type = "postgres"; + }; + }; + }; + + caddy = { + virtualHosts = { + "${host}" = { + extraConfig = '' + reverse_proxy ${localhost}:${toString ports.port0} + + tls ${ssl.cert} ${ssl.key} + ''; + }; + }; + }; + }; + + sops = let + sopsSecrets = ["pass"]; + sopsPath = secret: { + path = "${sops.path0}/${name}-${secret}"; + owner = name; + mode = "600"; + }; + in { + secrets = builtins.listToAttrs ( + map + (secret: { + name = "${name}-${secret}"; + value = sopsPath secret; + }) + sopsSecrets + ); + }; + + fileSystems."/var/lib/${name}" = { + device = paths.path0; + fsType = "none"; + options = ["bind"]; + depends = [server.storage0.mount]; + }; + + systemd.tmpfiles.rules = [ + "Z ${paths.path0} 755 ${name} ${name} -" + "Z ${sops.path0} 755 ${name} ${name} -" + ]; + + networking = { + firewall = { + allowedTCPPorts = [ + ports.port0 + ports.port1 + ]; + }; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 07829e6..f329b68 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -30,6 +30,7 @@ nextcloud-user0: ENC[AES256_GCM,data:yUZruPJ4s2Svvh6Q0f4C4lgcKCcWJDMw8CpT8cXv3m4 nextcloud-user1: ENC[AES256_GCM,data:6EsbSeWWftPjZQM=,iv:LTcx6fx55d3+SepFIoy/6cBdbgaauDeo0gvq9ACCtHA=,tag:uzoATR3ZL2Uk5z6aMiD/yw==,type:str] nextcloud-user2: ENC[AES256_GCM,data:axrWMmouq5gwqdGL,iv:BPHEn47z2g7gocKO4g5vV4ZSGb+AMA3vGYheAy1zR5Q=,tag:QOWg4fdKxMhGk2qRehH2EQ==,type:str] nextcloud-user3: ENC[AES256_GCM,data:g6ldEdtBuEmPAQYAQfaO,iv:6fElE2vZh9l/KgJuNevklpIlZZdqGHgwhnOzq1n3ojE=,tag:T0Q1IkdVTeW2T1FmGnjz8A==,type:str] +wiki-pass: ENC[AES256_GCM,data:/LjMYk+crjKvB7WQky9sEBnj3UyrJPxao/HCXp0CzGWzkLLJiTtxdw==,iv:OSVwkVPI9oHnfgiuVMof3QzHHakMEnvLYY+8mXZ5sm4=,tag:UgnfnhYjWqYKNwH/k60vrA==,type:str] sops: kms: [] gcp_kms: [] @@ -45,8 +46,8 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-06T19:27:03Z" - mac: ENC[AES256_GCM,data:alv7AQtp/8dBH+bMZ4oONvl/wgTxnft5GBunByXnjN8eJSOyJgjUTcQomHMEGY5n50/j9Oza7YjYnUJUXnZopgxrcGb1BTKlpuI4n9P07UikNuYCknZ1FUPqsiYxAOtnp4SK7X6lQjchWwWuM8wpC1Xf2gjHGdylq0Fk8xZ33hM=,iv:nPK99qlDX9jRWEmCmLoHNCccURt+/TD5lLtt01cT2f0=,tag:mW8UIHxG79OTmF51BWQEVg==,type:str] + lastmodified: "2024-10-19T20:03:47Z" + mac: ENC[AES256_GCM,data:Bcrv7Yf7eDxZxtM9wKK86qvEYv7EquIsi5oWdQk/LdLZ+FGkwj10+0OE+M9voHso2+ACH2AbqLvMiKVdigcHsalJbHiSL61CGuYtEUTMnmGgxJ5Bgk7hvmbFnUAEdW3WqiQ83igrtPcJ3WQEM2x8QGYVVHq921eI9+zEcFWgnn0=,iv:CfIT66FeuWUllniFrrUHjJuNPt7YbqTDcDefpJ9D93M=,tag:85oq6jeC9V2AS2DrGB+ONw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0