phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add test instance of wiki-js

Browse source
This commit is contained in:
Paul-Henri Froidmont 2022-10-19 07:30:00 +02:00
parent 4ba62ee56f
commit 74aa19941d
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 57 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
dns.tf
View file

@ -96,6 +96,14 @@ resource "hetznerdns_record" "elefan-test_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "wikijs-test_a" {
zone_id = data.hetznerdns_zone.froidmont_zone.id
name = "wikijs-test"
value = data.hcloud_floating_ip.main_ip.ip_address
type = "A"
ttl = 600
}
resource "hetznerdns_record" "transmission_a" { resource "hetznerdns_record" "transmission_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "transmission" name = "transmission"

27
modules/postgresql.nix
View file

@ -4,17 +4,13 @@
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_12; package = pkgs.postgresql_12;
initialScript = pkgs.writeText "postgres-init.sql" ''
CREATE ROLE "synapse";
CREATE ROLE "nextcloud";
CREATE ROLE "roundcube";
'';
enableTCPIP = true; enableTCPIP = true;
identMap = '' identMap = ''
root_as_others root postgres root_as_others root postgres
root_as_others root synapse root_as_others root synapse
root_as_others root nextcloud root_as_others root nextcloud
root_as_others root roundcube root_as_others root roundcube
root_as_others root wikijs-test
''; '';
authentication = '' authentication = ''
local all postgres peer local all postgres peer
@ -39,6 +35,11 @@
key = "roundcube/db_password"; key = "roundcube/db_password";
restartUnits = [ "postgresql-setup.service" ]; restartUnits = [ "postgresql-setup.service" ];
}; };
wikiJsTestDbPassword = {
owner = config.services.postgresql.superUser;
key = "wikijs-test/db_password";
restartUnits = [ "postgresql-setup.service" ];
};
}; };
systemd.services.postgresql-setup = let pgsql = config.services.postgresql; in systemd.services.postgresql-setup = let pgsql = config.services.postgresql; in
@ -51,13 +52,25 @@
pkgs.util-linux pkgs.util-linux
]; ];
script = '' script = ''
set -eu set -u
PSQL() { PSQL() {
psql --port=${toString pgsql.port} "$@" psql --port=${toString pgsql.port} "$@"
} }
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "synapse"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE ROLE "wikijs-test"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'synapse'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "synapse" OWNER "synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'nextcloud'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "nextcloud" OWNER "nextcloud"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"' PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'roundcube'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "roundcube" OWNER "roundcube"'
PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = 'wikijs-test'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "wikijs-test" OWNER "wikijs-test"'
PSQL -tAc "ALTER ROLE synapse LOGIN"
PSQL -tAc "ALTER ROLE nextcloud LOGIN"
PSQL -tAc "ALTER ROLE roundcube LOGIN"
PSQL -tAc "ALTER ROLE \"wikijs-test\" LOGIN"
synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')" synapse_password="$(<'${config.sops.secrets.synapseDbPassword.path}')"
PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'" PSQL -tAc "ALTER ROLE synapse WITH PASSWORD '$synapse_password'"
@ -65,6 +78,8 @@
PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'" PSQL -tAc "ALTER ROLE nextcloud WITH PASSWORD '$nextcloud_password'"
roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')" roundcube_password="$(<'${config.sops.secrets.roundcubeDbPassword.path}')"
PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'" PSQL -tAc "ALTER ROLE roundcube WITH PASSWORD '$roundcube_password'"
wikijstest_password="$(<'${config.sops.secrets.wikiJsTestDbPassword.path}')"
PSQL -tAc "ALTER ROLE \"wikijs-test\" WITH PASSWORD '$wikijstest_password'"
''; '';
serviceConfig = { serviceConfig = {

23
profiles/backend.nix
View file

@ -18,6 +18,10 @@
owner = config.services.borgbackup.jobs.data.user; owner = config.services.borgbackup.jobs.data.user;
key = "borg/client_keys/backend1/private"; key = "borg/client_keys/backend1/private";
}; };
wikiJsEnvFile = {
key = "wikijs-test/service_env_file";
restartUnits = [ "wiki-js.service" ];
};
}; };
custom = { custom = {
@ -63,7 +67,26 @@
services.murmur.enable = true; services.murmur.enable = true;
}; };
services.wiki-js = {
enable = true;
settings = {
db.type = "postgres";
db.host = "10.0.1.11";
db.db = "wikijs-test";
db.user = "wikijs-test";
db.pass = "$(DB_PASS)";
};
environmentFile = config.sops.secrets.wikiJsEnvFile.path;
};
services.nginx.virtualHosts."wikijs-test.froidmont.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.wiki-js.settings.port}";
};
};
networking.interfaces.enp1s0 = { networking.interfaces.enp1s0 = {
useDHCP = true; useDHCP = true;

7
secrets.enc.yml
View file

@ -14,6 +14,9 @@ nextcloud:
roundcube: roundcube:
db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str] db_password: ENC[AES256_GCM,data:t2/gRhkkwd7eXKvRowNnBfOiJS4nWZlZpjtmmw+XcARbcYyf4Z3+jG6anzqxYjHHGzza23qcpfiSB4t7,iv:H7vdeBgVY3aSsMCyBBbCb0qqbDHTA/S3fwK1lDBebDI=,tag:LbeMqj3xdWz8e6XSEV+jtw==,type:str]
pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str] pg_pass_file: ENC[AES256_GCM,data:pXWi2lC3Na8K/P+F0nUW00mq2vApw/pf5stJvlfuwEdan1GKBa9jSqJE17mq7weaMkhI1vBwDdfu/P1y7hEBzRNU3CA=,iv:3bC2mKUt8jI+Avm8UQq6b15JA2F7/usfDEh6XYJ9OZA=,tag:0pYQyWDh3w00XRQe13IrCw==,type:str]
wikijs-test:
db_password: ENC[AES256_GCM,data:lhVNTxKokGqlIssD6YMoso6KKdwxqRETg1M9DYwyGBRdq+/R4gnfUoeTiycpvyqQ9Auc8qKv00NdrhDv,iv:XyT5/0hihwEQRpDwc9OwtdrkiVQ1HlWMZgf+stHOdDs=,tag:dc76QhT//EkQw8+N8Hgmdw==,type:str]
service_env_file: ENC[AES256_GCM,data:W2SvBQFvPHIXvGQ9YY06IZDisstfTk31C71fPSsuOe3PNs0wt27079WwU4dQRcoaGvQBJs9nvI7k7OhClq/OZL2cwDU=,iv:z4sISj2G6WMenRn6/7SVKKmtmU+OweMT4MSNxaWT4+c=,tag:kngFN+KZ/M9qMJjmfgGbjA==,type:str]
murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str] murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str]
transmission: transmission:
rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str] rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str]
@ -54,8 +57,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2022-09-15T05:50:09Z" lastmodified: "2022-10-19T04:39:50Z"
mac: ENC[AES256_GCM,data:mmKdFdYWID4oTFCsRrq3idCr+2m/VA22sPOB8V1IVTQISrAQ8j9zwO5JymgXq3+X/1ghNoaFsqmFamzN+uZQ4bd7K2lG2LXzLlzDV4NanPRJGq0szHQ3/DF/hPJij85GREs9OKoPu5zrHVub3B/kymtotc+xUs9x/MdnR+IA9qY=,iv:LdBCUee6YNSMjNtDktsV8LVQIbQVv0ABQgoOSYyu0mg=,tag:WtvpYnxwNRveA+pYd0IGcA==,type:str] mac: ENC[AES256_GCM,data:EVAuXn/AK8ntHymfA9gOgo7d0MZUdGJvt7nrm4nt4IlKQCigBjaF5JRslcbGrzOnw5/hRHC1iVj9YqzkOC1iV00y/k7mNK5wxR1c0+NcFFm/HmJRnxH2Dncs2faJ25q6tmZBLG2iSlesXoiR0CAlMywIJDkpYh/bBRHJoc1NqC0=,iv:px8sFUbAu5KjLe3H8mfKxSSlkxLm1xuWAyTLwDkI/v0=,tag:/3KnzWNtNuIPV5ZjHu4fxA==,type:str]
pgp: pgp:
- created_at: "2021-11-29T00:57:34Z" - created_at: "2021-11-29T00:57:34Z"
enc: | enc: |