Meta/Setup

5th March 2020 at 5:26pm

This is how I set up TiddlyWiki. Some highlights:

  • TiddlyWiki is not installed globally, and it's managed using a systemd service.
  • Uses the ListenCommand to run the Node.js TiddlyWiki server.
  • Fronted by Caddy 2 (beta) using a reverse proxy.
  • Uses an SSL certificate from Let's Encrypt.
  • My wiki directory is backed up to several computers using Resilio Sync. They're effectively read-only copies, but I hear there are methods that allow remote editing.

TiddlyWiki

Create a directory for TiddlyWiki and install via npm:

sudo mkdir /var/lib/tiddlywiki
cd /var/lib/tiddlywiki
npm install tiddlywiki
npx tiddlywiki /var/sync/BTSync/wiki --init server

Create a service file at /etc/systemd/system/tiddlywiki.service (docs):

[Unit]
Description=TiddlyWiki
After=syslog.target

[Service]
SyslogIdentifier=tiddlywiki
Restart=always
StandardOutput=syslog
EnvironmentFile=/etc/tiddlywiki.conf
ExecStart=/usr/lib/tiddlywiki/node_modules/.bin/tiddlywiki ${WIKI} --listen port=${PORT}
WorkingDirectory=/usr/lib/tiddlywiki
User=annika
Group=annika

[Install]
WantedBy=multi-user.target

Create the /etc/tiddlywiki.conf EnvironmentFile used by the service:

WIKI=/var/sync/BTSync/wiki
PORT=8919

Start the service:

sudo systemctl daemon-reload
sudo systemctl start tiddlywiki

Let's Encrypt

We'll set up the cert before we set up Caddy, so the certs with appropriate permissions are ready to go. Strictly speaking I don't really need this on my home network, but Caddy 2 (still in beta) doesn't make it easy to disable SSL, so I just followed through with the exercise.

Install certbot and the DigitalOcean plugin:

sudo apt install certbot python3-certbot-dns-digitalocean

Create the API key file for DO at /etc/digitalocean.ini:

dns_digitalocean_token = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Get the cert:

sudo certbot certonly -n --agree-tos --email annika@example.com --dns-digitalocean --dns-digitalocean-credentials /etc/digitalocean.ini -d bucket.stop.wtf

Update the renew flow using sudo systemctl edit certbot. This will create an override.conf file at /etc/systemd/system/certbot.service.d/override.conf. Add the following contents:

[Service]
ExecStart=/usr/bin/certbot -q renew --deploy-hook /usr/lib/tiddlywiki/update-certs

Create the update-certs file:

sudo touch /usr/lib/tiddlywiki/update-certs
sudo chmod 755 /usr/lib/tiddlywiki/update-certs
sudo vim /usr/lib/tiddlywiki/update-certs

The file should have these contents:

#!/bin/bash

cp "$RENEWED_LINEAGE/fullchain.pem" "$RENEWED_LINEAGE/privkey.pem" /etc/caddy/ssl
chown caddy:caddy /etc/caddy/ssl/*.pem
systemctl reload caddy.service

Run the script to move the current certs:

sudo RENEWED_LINEAGE=bucket.stop.wtf /usr/lib/tiddlywiki/update-certs

Caddy 2

Install Caddy 2.

Make some directories:

sudo mkdir /etc/caddy /etc/caddy/ssl

Create a Caddyfile at /etc/caddy/Caddyfile:

Create a systemd service file at /etc/systemd/system/caddy.service:

[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --resume --environ
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Load the new service file and start Caddy:

sudo systemctl daemon-reload
sudo systemctl start caddy