diff --git a/hosts/mediawiki/default.nix b/hosts/mediawiki/default.nix index d9379180..33ffc9fc 100644 --- a/hosts/mediawiki/default.nix +++ b/hosts/mediawiki/default.nix @@ -1,62 +1,17 @@ { config, lib, pkgs, ... }: +let + cfg = config.services.mediawiki; +in { - networking.hostName = "mediawiki"; - c3d2.deployment.server = "server10"; - services.postgresql = - let - cfg = config.services.mediawiki; - in - { - enable = true; - enableTCPIP = true; - package = pkgs.postgresql_11; - ensureDatabases = [ cfg.database.name ]; + networking.hostName = "mediawiki"; - ensureUsers = [{ - name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; - }]; - authentication = lib.mkForce '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - host all all 10.233.2.1/32 trust - host all all ::1/128 trust - ''; - }; + services = { + logrotate.checkConfig = false; - system.stateVersion = "22.05"; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - defaultSopsFile = ./secrets.yaml; - secrets = { - "mediawiki/adminPassword" = { - owner = config.systemd.services.mediawiki-init.serviceConfig.User; - }; - "mediawiki/ldapprovider" = { - owner = config.systemd.services.mediawiki-init.serviceConfig.User; - }; - "mediawiki/secretKey" = { - owner = config.systemd.services.mediawiki-init.serviceConfig.User; - path = "/var/lib/mediawiki/secret.key"; - }; - "mediawiki/upgradeKey" = { - owner = config.systemd.services.mediawiki-init.serviceConfig.User; - }; - }; - }; - - services.logrotate.checkConfig = false; - - services.mediawiki = - let - cfg = config.services.mediawiki; - in - { + mediawiki = { enable = true; virtualHost = { adminAddr = "no-reply@c3d2.de"; @@ -82,7 +37,7 @@ $wgArticlePath = '/$1'; $wgShowExceptionDetails = true; - $wgDBserver = "${cfg.database.socket}"; + $wgDBserver = "${config.services.mediawiki.database.socket}"; $wgDBmwschema = "mediawiki"; $wgLogo = "https://www.c3d2.de/images/ck.png"; @@ -226,4 +181,51 @@ }; uploadsDir = "/var/lib/mediawiki/uploads"; }; + + postgresql = { + enable = true; + authentication = lib.mkForce '' + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all 10.233.2.1/32 trust + host all all ::1/128 trust + ''; + enableTCPIP = true; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + }]; + package = pkgs.postgresql_11; + upgrade.stopServices = [ "httpd" ]; + }; + }; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ./secrets.yaml; + secrets = { + "mediawiki/adminPassword" = { + owner = config.systemd.services.mediawiki-init.serviceConfig.User; + }; + "mediawiki/ldapprovider" = { + owner = config.systemd.services.mediawiki-init.serviceConfig.User; + }; + "mediawiki/secretKey" = { + owner = config.systemd.services.mediawiki-init.serviceConfig.User; + path = "/var/lib/mediawiki/secret.key"; + }; + "mediawiki/upgradeKey" = { + owner = config.systemd.services.mediawiki-init.serviceConfig.User; + }; + }; + }; + + system.stateVersion = "22.05"; + + systemd.services.mediawiki-init = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; }