c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Format

This commit is contained in:
Sandro - 2023-01-07 02:42:09 +01:00
parent 976fe6dee6
commit 14febedd5d
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 55 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
hosts/mediawiki/default.nix
View File

@ -1,62 +1,17 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.mediawiki;
in
{
networking.hostName = "mediawiki";
c3d2.deployment.server = "server10";
services.postgresql =
let
cfg = config.services.mediawiki;
in
{
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_11;
ensureDatabases = [ cfg.database.name ];
networking.hostName = "mediawiki";
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}];
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all ::1/128 trust
'';
};
services = {
logrotate.checkConfig = false;
system.stateVersion = "22.05";
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
secrets = {
"mediawiki/adminPassword" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
"mediawiki/ldapprovider" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
"mediawiki/secretKey" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
path = "/var/lib/mediawiki/secret.key";
};
"mediawiki/upgradeKey" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
};
};
services.logrotate.checkConfig = false;
services.mediawiki =
let
cfg = config.services.mediawiki;
in
{
mediawiki = {
enable = true;
virtualHost = {
adminAddr = "no-reply@c3d2.de";
@ -82,7 +37,7 @@
$wgArticlePath = '/$1';
$wgShowExceptionDetails = true;
$wgDBserver = "${cfg.database.socket}";
$wgDBserver = "${config.services.mediawiki.database.socket}";
$wgDBmwschema = "mediawiki";
$wgLogo = "https://www.c3d2.de/images/ck.png";
@ -226,4 +181,51 @@
};
uploadsDir = "/var/lib/mediawiki/uploads";
};
postgresql = {
enable = true;
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all ::1/128 trust
'';
enableTCPIP = true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}];
package = pkgs.postgresql_11;
upgrade.stopServices = [ "httpd" ];
};
};
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
secrets = {
"mediawiki/adminPassword" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
"mediawiki/ldapprovider" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
"mediawiki/secretKey" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
path = "/var/lib/mediawiki/secret.key";
};
"mediawiki/upgradeKey" = {
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
};
};
};
system.stateVersion = "22.05";
systemd.services.mediawiki-init = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
};
}