c6ristian/nix-infra
0
0
Fork 0
forked from CCCHH/nix-infra
Code Pull requests Activity

Configure EH22 Wiki

Browse source
This commit is contained in:
June 2024-05-17 20:42:48 +02:00
parent 320f4afb4a
commit 475ab8cc66
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
5 changed files with 218 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/hosts/eh22-wiki/configuration.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
networking.hostName = "eh22-wiki";
system.stateVersion = "23.11";
}

9
config/hosts/eh22-wiki/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, pkgs, ... }:
{
imports = [
./configuration.nix
./dokuwiki.nix
./networking.nix
];
}

165
config/hosts/eh22-wiki/dokuwiki.nix Normal file
View file

@ -0,0 +1,165 @@
# Sources for this configuration:
# - https://www.dokuwiki.org/dokuwiki
# - https://www.dokuwiki.org/install
# - https://www.dokuwiki.org/requirements
# - https://www.dokuwiki.org/install:php
# - https://www.dokuwiki.org/security
# - https://www.dokuwiki.org/config:xsendfile
# - https://www.dokuwiki.org/install:nginx
# - https://www.dokuwiki.org/faq:uploadsize
# - https://nixos.wiki/wiki/Phpfpm
# - https://wiki.archlinux.org/title/Nginx#FastCGI
# - https://github.com/NixOS/nixpkgs/blob/84c0cb1471eee15e77ed97e7ae1e8cdae8835c61/nixos/modules/services/web-apps/dokuwiki.nix
# - https://git.hamburg.ccc.de/CCCHH/ansible-infra/src/commit/81c8bfe16b311d5bf4635947fa02dfb65aea7f91/playbooks/files/chaosknoten/configs/wiki/nginx/wiki.hamburg.ccc.de.conf
# - https://www.php.net/manual/en/install.fpm.php
# - https://www.php.net/manual/en/install.fpm.configuration.php
{ config, pkgs, ... }:
let
# This is also used for user and group names.
app = "dokuwiki";
domain = "eh22.easterhegg.eu";
dataDir = "/srv/www/${domain}";
in {
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${app} ${app}"
];
services.phpfpm.pools."${app}" = {
user = "${app}";
group = "${app}";
phpOptions = ''
short_open_tag = Off
open_basedir =
output_buffering = Off
output_handler =
zlib.output_compression = Off
implicit_flush = Off
allow_call_time_pass_reference = Off
max_execution_time = 30
max_input_time = 60
max_input_vars = 10000
memory_limit = 128M
error_reporting = E_ALL & ~E_NOTICE
display_errors = Off
display_startup_errors = Off
log_errors = On
; error_log should be handled by NixOS.
variables_order = "EGPCS"
register_argc_argv = Off
file_uploads = On
upload_max_filesize = 20M
post_max_size = 20M
session.use_cookies = 1
; Checked the default NixOS PHP extensions and the only one missing from
; DokuWikis list of PHP extensions was bz2, so add that.
; Checked with NixOS 23.11 on 2024-05-02.
extension = ${pkgs.phpExtensions.bz2}/lib/php/extensions/bz2.so
'';
extraConfig = ''
listen.owner = ${config.services.nginx.user};
listen.group = ${config.services.nginx.group};
pm = dynamic
pm.max_children = 32
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 500
'';
};
services.nginx = {
enable = true;
virtualHosts."acme-${domain}" = {
default = true;
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
virtualHosts."${domain}" = {
default = true;
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
locations = {
"~ /(conf|bin|inc|vendor)/" = {
extraConfig = "deny all;";
};
"~ /install.php" = {
extraConfig = "deny all;";
};
"~ ^/data/" = {
extraConfig = "internal;";
};
"~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 31d;";
};
"/" = {
index = "doku.php";
extraConfig = "try_files $uri $uri/ @dokuwiki;";
};
"@dokuwiki" = {
extraConfig = ''
# Rewrites "doku.php/" out of the URLs if the userwrite setting is
# set to .htaccess in the DokuWiki config page.
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
'';
};
"~ \\.php$" = {
extraConfig = ''
try_files $uri $uri/ /doku.php;
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass unix:${config.services.phpfpm.pools."${app}".socket};
'';
};
};
extraConfig = ''
# Set maximum file upload size to 20MB (same as upload_max_filesize and
# post_max_size in the phpOptions).
client_max_body_size 20M;
client_body_buffer_size 128k;
'';
};
};
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
networking.firewall.allowedUDPPorts = [ 8443 ];
users.users."${app}" = {
isSystemUser = true;
group = "${app}";
};
users.groups."${app}" = { };
}

23
config/hosts/eh22-wiki/networking.nix Normal file
View file

@ -0,0 +1,23 @@
# Sources for this configuration:
# - https://nixos.wiki/wiki/Networking
{ ... }:
{
networking.interfaces.net0 = {
ipv4.addresses = [
{
address = "172.31.17.156";
prefixLength = 25;
}
];
};
networking.defaultGateway = "172.31.17.129";
networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
networking.search = [ "hamburg.ccc.de" ];
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "BC:24:11:37:F0:AB";
linkConfig.Name = "net0";
};
}

14
flake.nix
View file

@ -211,6 +211,20 @@
./config/hosts/ptouch-print-server ./config/hosts/ptouch-print-server
]; ];
}; };
eh22-wiki = {
deployment = {
targetHost = "eh22-wiki-intern.hamburg.ccc.de";
targetPort = 22;
targetUser = "colmena-deploy";
tags = [ "chaosknoten" ];
};
imports = [
./config/common
./config/proxmox-vm
./config/hosts/eh22-wiki
];
};
}; };
packages.x86_64-linux = { packages.x86_64-linux = {