Home

infra @main - refs - log -
- 
https://git.jolheiser.com/infra.git
dragonwell flake
tree log patch
add wiki Signed-off-by: jolheiser <git@jolheiser.com>
Signature
-----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgBTEvCQk6VqUAdN2RuH6bj1dNkY oOpbPWj+jw4ua1B1cAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQD2BgiVZ/PH4rtn4N8Id/By8x4gjxIWQkV7lFy8lix6BonfjqtOKOmE/nkejRDlnCG I43VWACjMPetjqN81E3g4= -----END SSH SIGNATURE-----
jolheiser <git@jolheiser.com>
2 weeks ago
5 changed files, 86 additions(+), 0 deletions(-)
dragonwell/caddy.nixdragonwell/default.nixdragonwell/gollum.nixdragonwell/oa2p.nixsecrets/oa2p.agesecrets/secrets.nix
M dragonwell/caddy.nix -> dragonwell/caddy.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

diff --git a/dragonwell/caddy.nix b/dragonwell/caddy.nix
index 0c33111ab09f72db12947314284b87445ef0f808..3f36e5dcbbe5daf33f90a423cc2c3f5862fc07ca 100644
--- a/dragonwell/caddy.nix
+++ b/dragonwell/caddy.nix
@@ -80,6 +80,32 @@       '';
       "memos.jolheiser.com".extraConfig = ''
         reverse_proxy localhost:6366
       '';
+      "oa2p.jolheiser.com".extraConfig = ''
+        reverse_proxy localhost:6227
+      '';
+      "wiki.jolheiser.com".extraConfig = ''
+        	handle /oauth2/* {
+        		reverse_proxy localhost:6227 {
+        			header_up X-Real-IP {remote_host}
+        			header_up X-Forwarded-Uri {uri}
+        		}
+        	}
+
+        	handle {
+        		forward_auth localhost:6227 {
+        			uri /oauth2/auth
+
+        			header_up X-Real-IP {remote_host}
+
+        			@error status 401
+        			handle_response @error {
+        				redir * /oauth2/sign_in?rd={scheme}://{host}{uri}
+        			}
+        		}
+
+        		reverse_proxy localhost:9454
+        	}
+      '';
       "budget.jolheiser.com".extraConfig = ''
         handle_path /static/* {
           root * ${pkgs.jolheiser.mint}/lib/mint/static/
M dragonwell/default.nix -> dragonwell/default.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

diff --git a/dragonwell/default.nix b/dragonwell/default.nix
index 1c3ea962f0bca67f05cc1105df49a85652c64e7e..92b754277fdd5a5c1213a7e94c51f96a3502efd1 100644
--- a/dragonwell/default.nix
+++ b/dragonwell/default.nix
@@ -11,11 +11,13 @@     ./forge-lines.nix
     ./foundry.nix
     #./git-bug.nix
     ./git-pr.nix
+    ./gollum.nix
     ./horcrux.nix
     ./mealie.nix
     ./memos.nix
     ./miniserve.nix
     ./mint.nix
+    ./oa2p.nix
     ./pocket-id.nix
     ./pubserve.nix
     ./restic.nix
I dragonwell/gollum.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

diff --git a/dragonwell/gollum.nix b/dragonwell/gollum.nix
new file mode 100644
index 0000000000000000000000000000000000000000..0cb4a5099f7b66a6b6408c5cbabbd66f3852ccf9
--- /dev/null
+++ b/dragonwell/gollum.nix
@@ -0,0 +1,39 @@
+{ pkgs, config, ... }:
+{
+  services.gollum = {
+    enable = true;
+    stateDir = "/var/lib/ugit/repos/wiki.git";
+    emoji = true;
+    h1-title = true;
+    port = 9454;
+    branch = "main";
+    user = "ugit";
+    group = "ugit";
+  };
+
+  # Hack to work with bare repos
+  systemd.services.gollum =
+    let
+      cfg = config.services.gollum;
+    in
+    {
+      preStart = pkgs.lib.mkForce ''
+        git init --bare ${cfg.stateDir}
+      '';
+      serviceConfig.ExecStart = pkgs.lib.mkForce ''
+        ${cfg.package}/bin/gollum \
+              --port ${toString cfg.port} \
+              --host ${cfg.address} \
+              --config ${pkgs.writeText "gollum-config.rb" cfg.extraConfig} \
+              --ref ${cfg.branch} \
+              ${pkgs.lib.optionalString cfg.math "--math"} \
+              ${pkgs.lib.optionalString cfg.emoji "--emoji"} \
+              ${pkgs.lib.optionalString cfg.h1-title "--h1-title"} \
+              ${pkgs.lib.optionalString cfg.no-edit "--no-edit"} \
+              ${pkgs.lib.optionalString (cfg.allowUploads != null) "--allow-uploads ${cfg.allowUploads}"} \
+              ${pkgs.lib.optionalString (cfg.user-icons != null) "--user-icons ${cfg.user-icons}"} \
+              --bare \
+              ${cfg.stateDir}
+      '';
+    };
+}
I dragonwell/oa2p.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff --git a/dragonwell/oa2p.nix b/dragonwell/oa2p.nix
new file mode 100644
index 0000000000000000000000000000000000000000..08b18722d34b5afa7e42043e63bd972e38f7b99f
--- /dev/null
+++ b/dragonwell/oa2p.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  age.secrets.oa2p.file = ../secrets/oa2p.age;
+  services.oauth2-proxy = {
+    enable = true;
+    provider = "oidc";
+    httpAddress = "localhost:6227";
+    reverseProxy = true;
+    cookie = {
+      secure = true;
+      domain = "wiki.jolheiser.com";
+    };
+    email.domains = [ "*" ];
+    keyFile = config.age.secrets.oa2p.path;
+    redirectURL = "https://wiki.jolheiser.com/oauth2/callback";
+    oidcIssuerUrl = "https://id.jolheiser.com";
+  };
+}
I secrets/oa2p.age
1
2
3
4

diff --git a/secrets/oa2p.age b/secrets/oa2p.age
new file mode 100644
index 0000000000000000000000000000000000000000..afa7b429d438c4a27797d98816ab7b6ccaaad790
Binary files /dev/null and b/secrets/oa2p.age differ
M secrets/secrets.nix -> secrets/secrets.nix
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 354ead0d1c8d2df1cf51935d29b2be6df06e4808..ca90266465f13a5d9bb57209ec60f78ebffe6f09 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -44,4 +44,5 @@   "horcrux.age".publicKeys = dragonwellKeys;
   "mint.age".publicKeys = dragonwellKeys;
   "cifs.age".publicKeys = jasmineKeys;
   "beanboy.age".publicKeys = peachKeys;
+  "oa2p.age".publicKeys = dragonwellKeys;
 }