Skip to content

Commit

Permalink
Add wiki
Browse files Browse the repository at this point in the history
  • Loading branch information
rasmus-kirk committed Mar 3, 2024
1 parent bfb6223 commit 0089e91
Show file tree
Hide file tree
Showing 9 changed files with 187 additions and 19 deletions.
11 changes: 11 additions & 0 deletions docs/pandoc/script.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
addEventListener('DOMContentLoaded', () => {
const fullpath = location.origin + location.pathname

document.querySelectorAll('nav a').forEach((el) => {
const url = new URL(el.href)
const fullurl = url.origin + url.pathname //.replace(/\/$/, "")
if (fullurl === fullpath) {
el.classList.add('active')
}
})
})
23 changes: 19 additions & 4 deletions docs/pandoc/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,6 @@ nav a.active {
color: #faf8e4 !important;
}

a code {
text-decoration-line: underline;
}

footer {
height: 2rem;
position: absolute;
Expand Down Expand Up @@ -140,6 +136,25 @@ a:focus {
outline: thin dotted;
}

a code {
text-decoration-line: underline;
}

strong a {
text-decoration-line: underline;
color: var(--fg0);
}

strong a:hover {
text-decoration-line: underline;
color: var(--fg0);
}

strong a:visited {
text-decoration-line: underline;
color: var(--fg0);
}

*::-moz-selection {
/* background: var(--ltred); */
background: rgba(255, 255, 0, 0.3);
Expand Down
17 changes: 2 additions & 15 deletions docs/pandoc/template.html
Original file line number Diff line number Diff line change
Expand Up @@ -36,18 +36,7 @@
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
<script>
addEventListener('DOMContentLoaded', () => {
const fullpath = location.origin + location.pathname

document.querySelectorAll('nav a').forEach((el) => {
const url = new URL(el.href)
if (url.origin + url.pathname === fullpath) {
el.classList.add('active')
}
})
})
</script>
<script src="/docs/pandoc/script.js"></script>
</head>

<body>
Expand All @@ -61,6 +50,7 @@
<div class="content">
<a href="/">Home</a>
<a href="/options.html">Options</a>
<a href="/wiki">Wiki</a>
<a href="https://github.com/rasmus-kirk/nixarr">Github</a>
</div>
</nav>
Expand Down Expand Up @@ -100,9 +90,6 @@ <h2 id="$idprefix$toc-title">$toc-title$</h2>
</div>
<footer>
<div class="content">
<div>
Rasmus Kirk Jakobsen
</div>
$if(date)$
<div>$date$</div>
$endif$
Expand Down
Binary file added docs/wiki/ddns/njalla/domain.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
68 changes: 68 additions & 0 deletions docs/wiki/ddns/njalla/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
---
title: DDNS Using Njalla
---

Go to your domain on njalla:

![Njalla Domain](/docs/wiki/ddns/njalla/domain.png)

Then press "Add record" and select "Dynamic" and write your subdomain in
the input box. It should now be added to your records. Click on the record,
you should now see something like the following:

![Njalla Record](/docs/wiki/ddns/njalla/record.png)

With this, then your JSON file should contain:

```json
{
"jellyfin.example.com": "48esqclnvqGiCZPbd"
}
```

Add this as a secret file to your secrets (See [this page](/wiki/secrets)
for secrets management). This could be done, for example, in the following way:

- Writing the specified JSON to `/data/.secret/njalla/keys-file.json`
- Setting the owner as root:
- `sudo chown root:root /data/.secret/njalla/keys-file.json`
- Setting the permissions to 700 (read, write, execute for file owner, root):
- `sudo chmod 700 /data/.secret/njalla/keys-file.json`

And finally adding it to your nix configuration:

```nix
nixarr.ddns.njalla = {
enable = true;
keysFile = "/data/.secret/njalla/keys-file.json";
};
```

After rebuilding, you can check the output of the DDNS script:

```sh
sudo systemctl status ddnsNjalla.service
```

Where you should see something like:

```
Mar 03 21:05:00 pi systemd[1]: Starting Sets the Njalla DDNS records...
Mar 03 21:05:02 pi ddns-njalla[26842]: {"status": 200, "message": "record updated", "value": {"A": "93.184.216.34"}}
Mar 03 21:05:02 pi ddns-njalla[26845]: {"status": 200, "message": "record updated", "value": {"A": "93.184.216.34"}}
Mar 03 21:05:02 pi systemd[1]: ddnsNjalla.service: Deactivated successfully.
Mar 03 21:05:02 pi systemd[1]: Finished Sets the Njalla DDNS records.
Mar 03 21:05:02 pi systemd[1]: ddnsNjalla.service: Consumed 560ms CPU time, received 11.7K IP traffic, sent 3.0K IP traffic.
```

Then run the following to get your public IP address:

```sh
curl https://ipv4.icanhazip.com/
```

And if you check your njalla domain page, you should see your public IP on
your Dynamic DNS record!

And after waiting a little you should be able to connect to your ip, using
the set domain.
Binary file added docs/wiki/ddns/njalla/record.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
9 changes: 9 additions & 0 deletions docs/wiki/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: Welcome to the Nixarr Wiki!
---

This is a list of existing articles:

- **[Recommended Secrets Management](/wiki/secrets)**
- **DDNS**
- **[Njalla](/wiki/ddns/njalla)**
52 changes: 52 additions & 0 deletions docs/wiki/secrets/index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
title: Recemmended Secrets Management
---

Secrets in nix can be difficult to handle. Your Nixos configuration is
world-readable in the nix store. This means that _any_ user can read your
config in `/nix/store` somewhere (_Not good!_). The way to solve this is to
keep your secrets in files and pass these to nix. Below, I will present two
ways of accomplishing this.

**Warning:** Do _not_ let secrets live in your configuration directory either!

## The simple way

The simplest secrets management is to simply create a directory for all you
secrets, for example:

```sh
sudo mkdir -p /data/.secret
sudo chmod 700 /data/.secret
```

Then put your secrets, for example your wireguard configuration from your
VPN-provider, in this directory:

```sh
sudo mkdir -p /data/.secret/vpn
sudo mv /path/to/wireguard/config/wg.conf /data/.secret/vpn/wg.conf
```

And set the accompanying Nixarr option:

```nix
nixarr.vpn = {
enable = true;
wgConf = "/data/.secret/vpn/wg.conf";
};
```

**Note:** This is impure, meaning that since the file is not part of the
nix store, a nixos rollback will not restore a previous secret. This also
means you have to rebuild Nixos using the `--impure` flag set.

## Agenix - A Path to Purity

The "right way" to do secret management is to have your secrets
encrypted in your configuration directory. This can be accomplished using
[agenix](https://github.com/ryantm/agenix). I won't go into the details of how
to set it up since it's a more complex solution than the one above. However,
including the right way doing it should help you if you're a more advanced
user and want to do things the "right way".

26 changes: 26 additions & 0 deletions mkDocs.nix
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,32 @@ in
# Generate md docs
cat ${optionsDocNixos.optionsCommonMark} > "$tmpdir"/nixos-options.md
buildwiki () {
file_path="$1"
filename=$(basename -- "$file_path")
dir_path=$(dirname "$file_path" | sed 's|^docs/||')
filename_no_ext="''${filename%.*}"
mkdir -p "$out"/"$dir_path"
pandoc \
--standalone \
--metadata date="$(date -u '+%Y-%m-%d - %H:%M:%S %Z')" \
--highlight-style docs/pandoc/gruvbox.theme \
--lua-filter docs/pandoc/lua/anchor-links.lua \
--css /docs/pandoc/style.css \
--template docs/pandoc/template.html \
-V lang=en \
-V --mathjax \
-f markdown+smart \
-o $out/"$dir_path"/"$filename_no_ext".html \
"$file_path"
}
find docs/wiki -type f -name "*.md" | while IFS= read -r file; do
buildwiki "$file"
done
pandoc \
--standalone \
--metadata title="Nixarr - Option Documentation" \
Expand Down

0 comments on commit 0089e91

Please sign in to comment.