Format
This commit is contained in:
parent
976fe6dee6
commit
14febedd5d
|
@ -1,62 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
networking.hostName = "mediawiki";
|
||||
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
services.postgresql =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
package = pkgs.postgresql_11;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
networking.hostName = "mediawiki";
|
||||
|
||||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||
}];
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
services = {
|
||||
logrotate.checkConfig = false;
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"mediawiki/adminPassword" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/ldapprovider" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/secretKey" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
"mediawiki/upgradeKey" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.logrotate.checkConfig = false;
|
||||
|
||||
services.mediawiki =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
mediawiki = {
|
||||
enable = true;
|
||||
virtualHost = {
|
||||
adminAddr = "no-reply@c3d2.de";
|
||||
|
@ -82,7 +37,7 @@
|
|||
$wgArticlePath = '/$1';
|
||||
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "${cfg.database.socket}";
|
||||
$wgDBserver = "${config.services.mediawiki.database.socket}";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
|
@ -226,4 +181,51 @@
|
|||
};
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
enableTCPIP = true;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||
}];
|
||||
package = pkgs.postgresql_11;
|
||||
upgrade.stopServices = [ "httpd" ];
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets = {
|
||||
"mediawiki/adminPassword" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/ldapprovider" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/secretKey" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
"mediawiki/upgradeKey" = {
|
||||
owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
systemd.services.mediawiki-init = {
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue