From 0000003775a17a0a38832b121bb6e33d6ae32b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 10 Jul 2023 16:33:08 +0200 Subject: [PATCH] Update mediawiki to 1.40 --- config/default.nix | 5 -- hosts/mediawiki/default.nix | 114 +++++++++++++++++------------------- 2 files changed, 53 insertions(+), 66 deletions(-) diff --git a/config/default.nix b/config/default.nix index 88624159..0d309a30 100644 --- a/config/default.nix +++ b/config/default.nix @@ -13,11 +13,6 @@ assertion = lib.versions.major pkgs.ceph.version != 16; message = "Please pin ceph to major version 16!"; } - { - assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.39; - # https://www.mediawiki.org/wiki/Version_lifecycle - message = "Please keep mediawiki on LTS versions which is required by the LDAP extension"; - } ]; boot = { diff --git a/hosts/mediawiki/default.nix b/hosts/mediawiki/default.nix index 7146f54c..82e3381a 100644 --- a/hosts/mediawiki/default.nix +++ b/hosts/mediawiki/default.nix @@ -4,6 +4,13 @@ let cfg = config.services.mediawiki; in { + assertions = [ + { + assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.40; + # https://www.mediawiki.org/wiki/Version_lifecycle + message = "Please keep mediawiki on LTS versions which is required by the LDAP extension"; + } + ]; c3d2.deployment.server = "server10"; microvm.mem = 1024; @@ -40,14 +47,14 @@ in #}; name = "C3D2"; - extraConfig = '' + extraConfig = /* php */ '' $wgArticlePath = '/$1'; $wgShowExceptionDetails = true; $wgDBserver = "${config.services.mediawiki.database.socket}"; - $wgDBmwschema = "mediawiki"; + $wgDBmwschema = "mediawiki"; - $wgLogo = "https://www.c3d2.de/images/ck.png"; + $wgLogo = "https://www.c3d2.de/images/ck.png"; $wgEmergencyContact = "wiki@c3d2.de"; $wgPasswordSender = "wiki@c3d2.de"; $wgLanguageCode = "de"; @@ -63,20 +70,20 @@ in $wgExtraNamespaces[NS_INTERN] = "Intern"; $wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion"; - $wgGroupPermissions['intern']['move'] = true; + $wgGroupPermissions['intern']['move'] = true; $wgGroupPermissions['intern']['move-subpages'] = true; $wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages - $wgGroupPermissions['intern']['read'] = true; - $wgGroupPermissions['intern']['edit'] = true; - $wgGroupPermissions['intern']['createpage'] = true; - $wgGroupPermissions['intern']['createtalk'] = true; - $wgGroupPermissions['intern']['writeapi'] = true; - $wgGroupPermissions['intern']['upload'] = true; - $wgGroupPermissions['intern']['reupload'] = true; - $wgGroupPermissions['intern']['reupload-shared'] = true; - $wgGroupPermissions['intern']['minoredit'] = true; - $wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok" - $wgGroupPermissions['intern']['sendemail'] = true; + $wgGroupPermissions['intern']['read'] = true; + $wgGroupPermissions['intern']['edit'] = true; + $wgGroupPermissions['intern']['createpage'] = true; + $wgGroupPermissions['intern']['createtalk'] = true; + $wgGroupPermissions['intern']['writeapi'] = true; + $wgGroupPermissions['intern']['upload'] = true; + $wgGroupPermissions['intern']['reupload'] = true; + $wgGroupPermissions['intern']['reupload-shared'] = true; + $wgGroupPermissions['intern']['minoredit'] = true; + $wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok" + $wgGroupPermissions['intern']['sendemail'] = true; $wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern'); $wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern'); @@ -114,8 +121,17 @@ in $wgUseAjax = true; $wgEnableMWSuggest = true; - //TODO what about $wgUpgradeKey ? + wfLoadExtension('Cite'); + wfLoadExtension('CiteThisPage'); + wfLoadExtension('ConfirmEdit'); + wfLoadExtension('ParserFunctions'); + wfLoadExtension('WikiEditor'); + // TODO: what about $wgUpgradeKey ? + + // TODO: does this even work? + // https://www.mediawiki.org/wiki/Extension:Scribunto#Requirements mentions quite some extra steps which we didn't do + wfLoadExtension('Scribunto'); $wgScribuntoDefaultEngine = 'luastandalone'; # LDAP @@ -125,58 +141,34 @@ in # see https://extdist.wmflabs.org/dist/extensions/ for list of extensions # save them on https://web.archive.org/save and copy the final URL below extensions = { - Cite = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516204128/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_39-2540df4.tar.gz"; - sha256 = "sha256-fXE+W1nRPvMK7fOJa7q0fY3CpT0TrxDUv5R4WKPXxPc="; - }; - CiteThisPage = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516204058/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_39-1c86120.tar.gz"; - sha256 = "sha256-GU3L8rqU9RI7VDK4kcCBLDoBD26Sqk1Bu6hANhlByeQ="; - }; - ConfirmEdit = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516203822/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_39-09a7ebc.tar.gz"; - sha256 = "sha256-G+ZYmPEva8C9arcpmvREX5yvA12PE3/zjpDpzW6dP9o="; - }; Lockdown = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516203722/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_39-12dd618.tar.gz"; - sha256 = "sha256-V4Tdo04YtH6g15QgAW9RPqlVOwMOAyrGGIPbs9jH45A="; + url = "https://web.archive.org/web/20230710141042/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_40-7d900ed.tar.gz"; + sha256 = "sha256-TgoL9IcwY4EBNUsoVBqpUehVO7TEDT22FoH7Ep4dMxw="; }; + # TODO: replace with https://www.mediawiki.org/wiki/Extension:DynamicPageList3 intersection = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516203704/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_39-dbb8cfd.tar.gz"; - sha256 = "sha256-E6n+i7+SRHvmSLEIAiUR/LyGFcSkkrwTXl9INa/a4yw="; + url = "https://web.archive.org/web/20230710142223/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_40-f3c1559.tar.gz"; + sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o="; }; # requires PluggableAuth LDAPAuthentication2 = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516203001/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_39-35908c0.tar.gz"; + url = "https://web.archive.org/web/20230710142325/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_40-2864ae9.tar.gz"; sha256 = "sha256-LWXpmgzUpgEaPe/4cwF2cmJxPkW8ywT7gRAlB58mDfY="; }; LDAPProvider = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516202850/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_39-1b79e16.tar.gz"; - sha256 = "sha256-rJGdS1mbmSdHUIgbNeRMJ56vTVihEgXzOvR6k1guDU8="; - }; - ParserFunctions = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516202737/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_39-3eb1eb9.tar.gz"; - sha256 = "sha256-wAoMVNerfa7FUP+NH51cYZf+QKQl+pdSBoKsbAS6LBE="; + url = "https://web.archive.org/web/20230710141035/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_40-99edc23.tar.gz"; + sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o="; }; PluggableAuth = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516202627/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-1210fc3.tar.gz"; - sha256 = "sha256-F6bTMCzkK3kZwZGIsNE87WlZWqXXmTMhEjApO99YKR0="; - }; - Scribunto = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516202513/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_39-ebb91f2.tar.gz"; - sha256 = "sha256-WHgVyY2JpUp8lFpvtKYS3wNe7UzzYLtwsRqtIdZBhek="; - }; - WikiEditor = pkgs.fetchzip { - url = "https://web.archive.org/web/20230516202249/https://extdist.wmflabs.org/dist/extensions/WikiEditor-REL1_39-ed89fa9.tar.gz"; - sha256 = "sha256-Aypjzv0cjoJvPuqSqlvMrlvd8n5EtE4TC8eyxFGwmLQ="; + url = "https://web.archive.org/web/20230710142618/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-519c6d2.tar.gz"; + sha256 = "sha256-N1+OV1UdzvU4iXhaS/+fuEoAXqrkVyyEPDirk0vrT8A="; }; }; + # initial admin user password passwordFile = config.sops.secrets."mediawiki/adminPassword".path; database = { type = "postgres"; socket = "/run/postgresql"; - user = "mediawiki"; - name = "mediawiki"; }; uploadsDir = "/var/lib/mediawiki/uploads"; }; @@ -187,14 +179,14 @@ in postgresql = { enable = true; - authentication = lib.mkForce '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - host all all 10.233.2.1/32 trust - host all all ::1/128 trust - ''; - enableTCPIP = true; + # authentication = lib.mkForce '' + # # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + # host all all 127.0.0.1/32 trust + # host all all 10.233.2.1/32 trust + # host all all ::1/128 trust + # ''; + # enableTCPIP = true; ensureDatabases = [ cfg.database.name ]; ensureUsers = [{ name = cfg.database.user; @@ -216,8 +208,8 @@ in path = "/var/lib/mediawiki/secret.key"; }; "mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User; - "restic/password".owner = "root"; - "restic/repository/server8".owner = "root"; + "restic/password" = { }; + "restic/repository/server8" = { }; }; };