Add wiki

docs/pandoc/script.js

@@ -0,0 +1,25 @@
+addEventListener('DOMContentLoaded', () => {
+  const fullpath = location.origin + location.pathname.replace(/\/$/, "");
+
+  document.querySelectorAll('nav a').forEach((el) => {
+    const url = new URL(el.href);
+    const fullurl = url.origin + url.pathname.replace(/\/$/, "");
+    console.log("fullurl", fullurl);
+    console.log("fullpath", fullpath);
+    console.log("locationpathname", location.pathname);
+    console.log("urlpathname", url.pathname);
+    const onHome = fullpath === location.origin
+    const urlIsHome = fullurl === location.origin
+    console.log("onhome", onHome);
+    console.log("urlIsHome", urlIsHome);
+    console.log("")
+
+    if (onHome && fullurl === fullpath) {
+      el.classList.add('active');
+    }
+    // The startsWith is for subpages
+    else if (!urlIsHome && fullpath.startsWith(fullurl)) {
+      el.classList.add('active');
+    }
+  });
+});

docs/pandoc/style.css

@@ -85,10 +85,6 @@ nav a.active {
   color: #faf8e4 !important;
 }
 
-a code {
-  text-decoration-line: underline;
-}
-
 footer {
   height: 2rem;
   position: absolute;
@@ -140,6 +136,25 @@ a:focus {
   outline: thin dotted;
 }
 
+a code {
+  text-decoration-line: underline;
+}
+
+strong a {
+  text-decoration-line: underline;
+  color: var(--fg0);
+}
+
+strong a:hover {
+  text-decoration-line: underline;
+  color: var(--fg0);
+}
+
+strong a:visited {
+  text-decoration-line: underline;
+  color: var(--fg0);
+}
+
 *::-moz-selection {
   /* background: var(--ltred); */
   background: rgba(255, 255, 0, 0.3);

docs/pandoc/template.html

@@ -36,18 +36,7 @@
     <!--[if lt IE 9]>
         <script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
     <![endif]-->
-    <script>
-        addEventListener('DOMContentLoaded', () => {
-            const fullpath = location.origin + location.pathname
-
-            document.querySelectorAll('nav a').forEach((el) => {
-                const url = new URL(el.href)
-                if (url.origin + url.pathname === fullpath) {
-                    el.classList.add('active')
-                }
-            })
-        })
-    </script>
+    <script src="/docs/pandoc/script.js"></script>
 </head>
 
 <body>
@@ -61,6 +50,7 @@
             <div class="content">
                 <a href="/">Home</a>
                 <a href="/options.html">Options</a>
+                <a href="/wiki">Wiki</a>
                 <a href="https://github.com/rasmus-kirk/nixarr">Github</a>
             </div>
         </nav>
@@ -100,9 +90,6 @@
         </div>
         <footer>
             <div class="content">
-                <div>
-                    Rasmus Kirk Jakobsen
-                </div>
                 $if(date)$
                     <div>$date$</div>
                 $endif$

docs/wiki/ddns/njalla/index.md

@@ -0,0 +1,68 @@
+---
+title: DDNS Using Njalla
+---
+
+Go to your domain on njalla:
+
+![Njalla Domain](/docs/wiki/ddns/njalla/domain.png)
+
+Then press "Add record" and select "Dynamic" and write your subdomain in
+the input box. It should now be added to your records. Click on the record,
+you should now see something like the following:
+
+![Njalla Record](/docs/wiki/ddns/njalla/record.png)
+
+With this, then your JSON file should contain:
+
+```json
+  {
+    "jellyfin.example.com": "48esqclnvqGiCZPbd"
+  }
+```
+
+Add this as a secret file to your secrets (See [this page](/wiki/secrets)
+for secrets management). This could be done, for example, in the following way:
+
+- Writing the specified JSON to `/data/.secret/njalla/keys-file.json`
+- Setting the owner as root: 
+  - `sudo chown root:root /data/.secret/njalla/keys-file.json`
+- Setting the permissions to 700 (read, write, execute for file owner, root): 
+  - `sudo chmod 700 /data/.secret/njalla/keys-file.json`
+
+And finally adding it to your nix configuration:
+
+```nix
+  nixarr.ddns.njalla = {
+    enable = true;
+    keysFile = "/data/.secret/njalla/keys-file.json";
+  };
+```
+
+After rebuilding, you can check the output of the DDNS script:
+
+```sh
+  sudo systemctl status ddnsNjalla.service
+```
+
+Where you should see something like:
+
+```
+  Mar 03 21:05:00 pi systemd[1]: Starting Sets the Njalla DDNS records...
+  Mar 03 21:05:02 pi ddns-njalla[26842]: {"status": 200, "message": "record updated", "value": {"A": "93.184.216.34"}}
+  Mar 03 21:05:02 pi ddns-njalla[26845]: {"status": 200, "message": "record updated", "value": {"A": "93.184.216.34"}}
+  Mar 03 21:05:02 pi systemd[1]: ddnsNjalla.service: Deactivated successfully.
+  Mar 03 21:05:02 pi systemd[1]: Finished Sets the Njalla DDNS records.
+  Mar 03 21:05:02 pi systemd[1]: ddnsNjalla.service: Consumed 560ms CPU time, received 11.7K IP traffic, sent 3.0K IP traffic.
+```
+
+Then run the following to get your public IP address:
+
+```sh
+  curl https://ipv4.icanhazip.com/ 
+```
+
+And if you check your njalla domain page, you should see your public IP on
+your Dynamic DNS record! 
+
+And after waiting a little you should be able to connect to your ip, using
+the set domain.

docs/wiki/index.md

@@ -0,0 +1,9 @@
+---
+title: Welcome to the Nixarr Wiki!
+---
+
+This is a list of existing articles:
+
+- **[Recommended Secrets Management](/wiki/secrets)**
+- **DDNS**
+  - **[Njalla](/wiki/ddns/njalla)**

docs/wiki/secrets/index.md

@@ -0,0 +1,52 @@
+---
+title: Recemmended Secrets Management
+---
+
+Secrets in nix can be difficult to handle. Your Nixos configuration is
+world-readable in the nix store. This means that _any_ user can read your
+config in `/nix/store` somewhere (_Not good!_). The way to solve this is to
+keep your secrets in files and pass these to nix. Below, I will present two
+ways of accomplishing this.
+
+**Warning:** Do _not_ let secrets live in your configuration directory either!
+
+## The simple way
+
+The simplest secrets management is to simply create a directory for all you
+secrets, for example:
+
+```sh
+  sudo mkdir -p /data/.secret
+  sudo chmod 700 /data/.secret
+```
+
+Then put your secrets, for example your wireguard configuration from your
+VPN-provider, in this directory:
+
+```sh
+  sudo mkdir -p /data/.secret/vpn
+  sudo mv /path/to/wireguard/config/wg.conf /data/.secret/vpn/wg.conf
+```
+
+And set the accompanying Nixarr option:
+
+```nix
+  nixarr.vpn = {
+    enable = true;
+    wgConf = "/data/.secret/vpn/wg.conf";
+  };
+```
+
+**Note:** This is impure, meaning that since the file is not part of the
+nix store, a nixos rollback will not restore a previous secret. This also
+means you have to rebuild Nixos using the `--impure` flag set.
+
+## Agenix - A Path to Purity
+
+The "right way" to do secret management is to have your secrets
+encrypted in your configuration directory. This can be accomplished using
+[agenix](https://github.com/ryantm/agenix). I won't go into the details of how
+to set it up since it's a more complex solution than the one above. However,
+including the right way doing it should help you if you're a more advanced
+user and want to do things the "right way".
+