AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add kiwix web app

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-10-01 23:41:40 +03:00
parent 5f54779a06
commit 099646c511
5 changed files with 119 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
machines/Home-Hypervisor/dns-mapping.nix
View File

@ -61,6 +61,7 @@
"turn.ataraxiadev.com" = "coturn.pve"; "turn.ataraxiadev.com" = "coturn.pve";
"vw.ataraxiadev.com" = "ataraxiadev.com"; "vw.ataraxiadev.com" = "ataraxiadev.com";
"webmail.ataraxiadev.com" = "ataraxiadev.com"; "webmail.ataraxiadev.com" = "ataraxiadev.com";
"wiki.ataraxiadev.com" = "ataraxiadev.com";
"www.ataraxiadev.com" = "ataraxiadev.com"; "www.ataraxiadev.com" = "ataraxiadev.com";
}; };
}; };

2
machines/NixOS-VPS/hardware/dns-mapping.nix
View File

@ -43,6 +43,7 @@
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; } { name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; } { name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "webmail.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; } { name = "webmail.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; } { name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; } { name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
@ -87,5 +88,6 @@
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; } { name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; } { name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "webmail.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; } { name = "webmail.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
]; ];
} }

102
modules/kiwix-serve.nix Normal file
View File

@ -0,0 +1,102 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.kiwix-serve;
in
{
options = {
services.kiwix-serve = {
enable = mkOption {
default = false;
type = types.bool;
};
package = mkOption {
type = types.package;
default = pkgs.kiwix-tools;
defaultText = literalExpression "pkgs.kiwix-tools";
description = lib.mdDoc "The package that provides `bin/kiwix-serve`";
};
port = mkOption {
type = types.port;
default = 80;
description = lib.mdDoc "Port number to listen on";
};
listenAddress = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc "IP address to listen on";
};
zimPaths = mkOption {
default = null;
type = types.nullOr (types.nonEmptyListOf (types.either types.str types.path));
description = lib.mdDoc "ZIM file path(s)";
};
zimDir = mkOption {
default = null;
type = types.nullOr (types.either types.str types.path);
description = lib.mdDoc "ZIM directory";
};
};
};
config = mkIf cfg.enable {
systemd.services.kiwix-serve = {
description = "Deliver ZIM file(s) articles via HTTP";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = let
bindsPrivilegedPort = (0 < cfg.port && cfg.port < 1024);
maybeZimPaths = lib.optionals (cfg.zimPaths != null) cfg.zimPaths;
maybeZimDir = lib.optionals (cfg.zimDir != null) ["-l" "/tmp/library.xml"];
args = ["-i" cfg.listenAddress] ++ ["-p" cfg.port] ++ maybeZimDir ++ maybeZimPaths;
manage-lib = pkgs.writeShellScript "kiwix-manage-library" ''
for f in "${cfg.zimDir}"/*.zim; do
if [[ -f "$f" ]]; then
( set -x; ${cfg.package}/bin/kiwix-manage "/tmp/library.xml" add $f )
fi
done
'';
in {
ExecStartPre = lib.mkIf (cfg.zimDir != null) manage-lib;
ExecStart = "${cfg.package}/bin/kiwix-serve ${lib.escapeShellArgs args}";
Type = "simple";
Restart = "on-failure";
TimeoutStartSec = 600;
AmbientCapabilities = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
DeviceAllow = "";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateIPC = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [];
SystemCallErrorNumber = "EPERM";
};
};
};
}

7
profiles/servers/nginx.nix
View File

@ -79,6 +79,7 @@ in {
"cache.ataraxiadev.com" "cache.ataraxiadev.com"
"docs.ataraxiadev.com" "docs.ataraxiadev.com"
"cal.ataraxiadev.com" "cal.ataraxiadev.com"
"wiki.ataraxiadev.com"
"matrix.ataraxiadev.com" "matrix.ataraxiadev.com"
"dimension.ataraxiadev.com" "dimension.ataraxiadev.com"
@ -371,6 +372,12 @@ in {
'' + proxySettings; '' + proxySettings;
}; };
} // default; } // default;
"wiki.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8190";
extraConfig = proxySettings;
};
};
}; };
}; };

7
profiles/servers/wiki.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, lib, ... }: {
services.kiwix-serve = {
enable = true;
port = 8190;
zimDir = "/media/nas/media-stack/torrents/other";
};
}