add wiki-js

2022-02-23 19:45:27 +02:00 · 2022-02-23 19:45:27 +02:00 · 3f726cdf60
parent a0a6c99fe8
commit 3f726cdf60
3 changed files with 66 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -27,6 +27,7 @@ in
    ./resources/limits.nix
    ./videomeet/jitsi.nix
    ./git/gitea.nix
+    ./local/services/wiki-js.nix
  ];

  nixpkgs.overlays = [ (nix-overlay) ];
--- a/local/services/wiki-js.nix
+++ b/local/services/wiki-js.nix
@ -0,0 +1,30 @@
+{ lib, ... }:
+{
+  systemd.services.wiki-js = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };
+
+  services.postgresql = {
+    enable = lib.mkOverride 1100 true;
+    ensureDatabases = [ "wiki" ];
+    ensureUsers = [
+      { name = "wiki-js";
+        ensurePermissions."DATABASE wiki" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  services.wiki-js = {
+    enable = true;
+    settings = {
+      bindIP = "127.0.0.1";
+      port = 3010;
+      db = {
+        host = "/run/postgresql";
+        user = "wiki-js";
+      };
+    };
+    stateDirectoryName = "wiki-js";
+  };
+}
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@ -150,6 +150,41 @@ in
          };
        };
      };
+      "wiki.${domain}" = {
+        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
+        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+        root = "/var/empty";
+        forceSSL = true;
+        extraConfig = ''
+          add_header Strict-Transport-Security $hsts_header;
+          #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+          add_header 'Referrer-Policy' 'origin-when-cross-origin';
+          add_header X-Frame-Options DENY;
+          add_header X-Content-Type-Options nosniff;
+          add_header X-XSS-Protection "1; mode=block";
+          proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+          expires 10m;
+        '';
+        locations = {
+          "/_assets/" = {
+            extraConfig = ''
+              alias ${pkgs.wiki-js}/assets/;
+              try_files $uri =404;
+              expires 7d;
+              access_log off;
+              log_not_found off;
+            '';
+          };
+          "/" = {
+            proxyPass = "http://127.0.0.1:3010";
+            extraConfig = ''
+              proxy_http_version 1.1;
+              proxy_set_header   Upgrade $http_upgrade;
+              proxy_set_header   Connection "upgrade";
+            '';
+          };
+        };
+      };
    };
  };
 }