feat: wiki test

2025-06-16 18:15:13 -05:00 · 2024-10-19 15:04:13 -05:00 · 2024-10-19 15:04:13 -05:00 · 608639fddb
commit 608639fddb
parent 825ed6fa5d
9 changed files with 122 additions and 16 deletions
--- a/config/default.nix
+++ b/config/default.nix
@ -28,6 +28,7 @@
    "syncthing"
    "synology"
    "vaultwarden"
+    "wiki"
    "writefreely"
  ];
  userNames = [
--- a/config/instance.nix
+++ b/config/instance.nix
@ -16,6 +16,7 @@ let
  syncthingLabel = "Syncthing";
  synologyLabel = "Synology";
  vaultwardenLabel = "Vaultwarden";
+  wikiLabel = "Wiki";
  writefreelyLabel = "WriteFreely";

  acmeName = "acme";
@ -35,6 +36,7 @@ let
  syncthingName = "syncthing";
  synologyName = "synology";
  vaultwardenName = "vaultwarden";
+  wikiName = "wiki";
  writefreelyName = "writefreely";

  domain0 = "cloudbert.fun";
@ -336,6 +338,26 @@ in {
        key = "${sslPath}/${vaultwardenName}.${domain0}/key.pem";
      };
    };
+    wiki = let
+      wikiSubdomain = "vault";
+    in {
+      label = wikiLabel;
+      name = wikiName;
+      sops = {
+        path0 = "${sops}/${wikiName}";
+      };
+      subdomain = wikiSubdomain;
+      paths = {
+        path0 = "${servicePath}/${wikiLabel}/BackupDir";
+      };
+      ports = {
+        port0 = 3033;
+      };
+      ssl = {
+        cert = "${sslPath}/${wikiSubdomain}.${domain1}/fullchain.pem";
+        key = "${sslPath}/${wikiSubdomain}.${domain1}/key.pem";
+      };
+    };
    writefreely = let
      writefreelyDomain = "blog";
    in {
@ -352,8 +374,8 @@ in {
        port0 = 8093;
      };
      ssl = {
-        cert = "${sslPath}/${writefreelyDomain}.${domain0}/fullchain.pem";
-        key = "${sslPath}/${writefreelyDomain}.${domain0}/key.pem";
+        cert = "${sslPath}/${writefreelyDomain}.${domain1}/fullchain.pem";
+        key = "${sslPath}/${writefreelyDomain}.${domain1}/key.pem";
      };
    };
  };
--- a/home-manager/modules/firefox/config/bookmarks.nix
+++ b/home-manager/modules/firefox/config/bookmarks.nix
@ -495,6 +495,18 @@
        tags = ["ollama" "chat" "ai"];
        keyword = "Ollama";
      }
+      {
+        name = "Owncast (Admin)";
+        url = "http://192.168.50.140:9454";
+        tags = ["owncast" "own" "cast" "stream"];
+        keyword = "Owncast";
+      }
+      {
+        name = "Owncast (Server)";
+        url = "http://stream.the-nutrivore.social";
+        tags = ["owncast" "own" "cast" "stream"];
+        keyword = "Owncast";
+      }
      {
        name = "PeerTube";
        url = "https://video.the-nutrivore.social";
--- a/home-manager/modules/obs-studio/default.nix
+++ b/home-manager/modules/obs-studio/default.nix
@ -5,6 +5,7 @@
      plugins = with pkgs.obs-studio-plugins; [
        obs-tuna
        obs-vkcapture
+        obs-multi-rtmp
      ];
    };
  };
--- a/nixos/modules/services/acme.nix
+++ b/nixos/modules/services/acme.nix
@ -25,6 +25,7 @@
  ];

  domain1SubdomainNames = [
+    "wiki"
    "nextcloud"
    "castopod"
    "forgejo"
--- a/nixos/modules/services/default.nix
+++ b/nixos/modules/services/default.nix
@ -14,6 +14,7 @@
    ./owncast.nix
    ./samba.nix
    ./vaultwarden.nix
+    ./wiki.nix

    # These are all broken.

--- a/nixos/modules/services/owncast.nix
+++ b/nixos/modules/services/owncast.nix
@ -1,8 +1,8 @@
 {flake, ...}: let
  inherit (flake.config.people) user0;
  inherit (flake.config.people.user.${user0}) domain;
-  inherit (flake.config.system.device) server wildcard;
-  inherit (flake.config.service.instance.owncast) paths ports subdomain ssl name;
+  inherit (flake.config.system.device) wildcard;
+  inherit (flake.config.service.instance.owncast) ports subdomain ssl;
  localhost = wildcard.ip.address1;
  host = "${subdomain}.${domain.url1}";
 in {
@ -25,16 +25,6 @@ in {
      };
    };
  };
-  # fileSystems."/var/lib/${name}" = {
-  #   device = paths.path0;
-  #   fsType = "none";
-  #   options = ["bind"];
-  #   depends = [server.storage0.mount];
-  # };
-
-  # systemd.tmpfiles.rules = [
-  #   "Z ${paths.path0} 755 ${name} ${name} -"
-  # ];

  networking = {
    firewall = {
--- a/nixos/modules/services/wiki.nix
+++ b/nixos/modules/services/wiki.nix
@ -0,0 +1,77 @@
+{
+  flake,
+  config,
+  ...
+}: let
+  inherit (flake.config.people) user0;
+  inherit (flake.config.people.user.${user0}) domain;
+  inherit (flake.config.system.device) server wildcard;
+  inherit (flake.config.service.instance.wiki) paths ports subdomain ssl sops name;
+  localhost = wildcard.ip.address1;
+  host = "${subdomain}.${domain.url1}";
+in {
+  services = {
+    wiki-js = {
+      enable = true;
+      environmentFile = config.sops.secrets."wiki-pass".path;
+      settings = {
+        port = ports.port0;
+        bindIP = localhost;
+        db = {
+          type = "postgres";
+        };
+      };
+    };
+
+    caddy = {
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            reverse_proxy ${localhost}:${toString ports.port0}
+
+            tls ${ssl.cert} ${ssl.key}
+          '';
+        };
+      };
+    };
+  };
+
+  sops = let
+    sopsSecrets = ["pass"];
+    sopsPath = secret: {
+      path = "${sops.path0}/${name}-${secret}";
+      owner = name;
+      mode = "600";
+    };
+  in {
+    secrets = builtins.listToAttrs (
+      map
+      (secret: {
+        name = "${name}-${secret}";
+        value = sopsPath secret;
+      })
+      sopsSecrets
+    );
+  };
+
+  fileSystems."/var/lib/${name}" = {
+    device = paths.path0;
+    fsType = "none";
+    options = ["bind"];
+    depends = [server.storage0.mount];
+  };
+
+  systemd.tmpfiles.rules = [
+    "Z ${paths.path0} 755 ${name} ${name} -"
+    "Z ${sops.path0} 755 ${name} ${name} -"
+  ];
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        ports.port0
+        ports.port1
+      ];
+    };
+  };
+}
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -30,6 +30,7 @@ nextcloud-user0: ENC[AES256_GCM,data:yUZruPJ4s2Svvh6Q0f4C4lgcKCcWJDMw8CpT8cXv3m4
 nextcloud-user1: ENC[AES256_GCM,data:6EsbSeWWftPjZQM=,iv:LTcx6fx55d3+SepFIoy/6cBdbgaauDeo0gvq9ACCtHA=,tag:uzoATR3ZL2Uk5z6aMiD/yw==,type:str]
 nextcloud-user2: ENC[AES256_GCM,data:axrWMmouq5gwqdGL,iv:BPHEn47z2g7gocKO4g5vV4ZSGb+AMA3vGYheAy1zR5Q=,tag:QOWg4fdKxMhGk2qRehH2EQ==,type:str]
 nextcloud-user3: ENC[AES256_GCM,data:g6ldEdtBuEmPAQYAQfaO,iv:6fElE2vZh9l/KgJuNevklpIlZZdqGHgwhnOzq1n3ojE=,tag:T0Q1IkdVTeW2T1FmGnjz8A==,type:str]
+wiki-pass: ENC[AES256_GCM,data:/LjMYk+crjKvB7WQky9sEBnj3UyrJPxao/HCXp0CzGWzkLLJiTtxdw==,iv:OSVwkVPI9oHnfgiuVMof3QzHHakMEnvLYY+8mXZ5sm4=,tag:UgnfnhYjWqYKNwH/k60vrA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -45,8 +46,8 @@ sops:
            bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
            aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-06T19:27:03Z"
-    mac: ENC[AES256_GCM,data:alv7AQtp/8dBH+bMZ4oONvl/wgTxnft5GBunByXnjN8eJSOyJgjUTcQomHMEGY5n50/j9Oza7YjYnUJUXnZopgxrcGb1BTKlpuI4n9P07UikNuYCknZ1FUPqsiYxAOtnp4SK7X6lQjchWwWuM8wpC1Xf2gjHGdylq0Fk8xZ33hM=,iv:nPK99qlDX9jRWEmCmLoHNCccURt+/TD5lLtt01cT2f0=,tag:mW8UIHxG79OTmF51BWQEVg==,type:str]
+    lastmodified: "2024-10-19T20:03:47Z"
+    mac: ENC[AES256_GCM,data:Bcrv7Yf7eDxZxtM9wKK86qvEYv7EquIsi5oWdQk/LdLZ+FGkwj10+0OE+M9voHso2+ACH2AbqLvMiKVdigcHsalJbHiSL61CGuYtEUTMnmGgxJ5Bgk7hvmbFnUAEdW3WqiQ83igrtPcJ3WQEM2x8QGYVVHq921eI9+zEcFWgnn0=,iv:CfIT66FeuWUllniFrrUHjJuNPt7YbqTDcDefpJ9D93M=,tag:85oq6jeC9V2AS2DrGB+ONw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0