c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

wiki.c3d2.de added

This commit is contained in:
Winzlieb - 2022-06-23 01:32:21 +02:00
parent 4a0d7bed10
commit 38ebf6e3fa
1 changed files with 200 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
hosts/containers/mediawiki/default.nix Normal file
View File

@ -0,0 +1,200 @@
{ zentralwerk, config, lib, pkgs, ... }:
let
ourMediawiki = pkgs.mediawiki.overrideAttrs ({pname, ...}: rec {
version = "1.38.1";
src = with lib; pkgs.fetchurl {
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/${pname}-${version}.tar.gz";
sha256 = "sha256-EXNlUloN7xsgnKUIV9ZXNrYlRbh3p1NIpXqF0SZDezE=";
};
});
in {
networking.hostName = "mediawiki";
networking.interfaces.eth0 = {
ipv4.addresses = [{
address = config.c3d2.hosts.wiki.ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
useDHCP = false;
};
networking.defaultGateway = "172.20.73.1";
networking.firewall.allowedTCPPorts = [ 80 443 ];
c3d2.autoUpdate = true;
services.nginx = {
enable = true;
virtualHosts."wiki.c3d2.de" = {
default = true;
forceSSL = true;
#can only be set after subdomain was changed
enableACME = true;
};
};
boot.isContainer = true;
# Let 'nixos-version --json' know about the Git revision
# of this flake.
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
# Network configuration.
networking.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 80 5432 ];
services.postgresql =
let
cfg = config.services.mediawiki;
in {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_11;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all ::1/128 trust
'';};
system.stateVersion = "22.05";
services.mediawiki = let
cfg = config.services.mediawiki;
in {
enable = true;
package = ourMediawiki;
virtualHosts."wiki.c3d2.de" = {
default = true;
adminAddr = "root@example.com";
};
#skins = {
# Vector = "${ourMediawiki}/share/mediawiki/skins/Vector";
# Hector = "${ourMediawiki}/share/mediawiki/skins/Hector";
#};
name = "C3D2";
extraConfig = ''
$wgShowExceptionDetails = true;
$wgDBserver = "${cfg.database.socket}";
$wgDBmwschema = "mediawiki";
$wgLogo = "https://www.c3d2.de/images/ck.png";
$wgEmergencyContact = "wiki@c3d2.de";
$wgPasswordSender = "wiki@c3d2.de";
$wgLanguageCode = "de";
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = true;
$wgGroupPermissions['sysop']['interwiki'] = true;
$wgGroupPermissions['sysop']['userrights'] = true;
define("NS_INTERN", 100);
define("NS_INTERN_TALK", 101);
$wgExtraNamespaces[NS_INTERN] = "Intern";
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
$wgGroupPermissions['intern']['move'] = true;
$wgGroupPermissions['intern']['move-subpages'] = true;
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
$wgGroupPermissions['intern']['read'] = true;
$wgGroupPermissions['intern']['edit'] = true;
$wgGroupPermissions['intern']['createpage'] = true;
$wgGroupPermissions['intern']['createtalk'] = true;
$wgGroupPermissions['intern']['writeapi'] = true;
$wgGroupPermissions['intern']['upload'] = true;
$wgGroupPermissions['intern']['reupload'] = true;
$wgGroupPermissions['intern']['reupload-shared'] = true;
$wgGroupPermissions['intern']['minoredit'] = true;
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
$wgGroupPermissions['intern']['sendemail'] = true;
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
define("NS_I4R", 102);
define("NS_I4R_TALK", 103);
$wgExtraNamespaces[NS_I4R] = "IT4Refugees";
$wgExtraNamespaces[NS_I4R_TALK] = "IT4Refugees_Diskussion";
$wgGroupPermissions['i4r']['move'] = true;
$wgGroupPermissions['i4r']['move-subpages'] = true;
$wgGroupPermissions['i4r']['move-rootuserpages'] = true; // can move root userpages
$wgGroupPermissions['i4r']['read'] = true;
$wgGroupPermissions['i4r']['edit'] = true;
$wgGroupPermissions['i4r']['createpage'] = true;
$wgGroupPermissions['i4r']['createtalk'] = true;
$wgGroupPermissions['i4r']['writeapi'] = true;
$wgGroupPermissions['i4r']['upload'] = true;
$wgGroupPermissions['i4r']['reupload'] = true;
$wgGroupPermissions['i4r']['reupload-shared'] = true;
$wgGroupPermissions['i4r']['minoredit'] = true;
$wgGroupPermissions['i4r']['purge'] = true; // can use ?action=purge without clicking "ok"
$wgGroupPermissions['i4r']['sendemail'] = true;
$wgNamespacePermissionLockdown[NS_I4R]['*'] = array('i4r');
$wgNamespacePermissionLockdown[NS_I4R_TALK]['*'] = array('i4r');
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
$wgEnableAPI = true;
$wgAllowUserCss = true;
$wgUseAjax = true;
$wgEnableMWSuggest = true;
$wgScribuntoDefaultEngine = 'luastandalone';
'';
extensions = {
Interwiki = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_38-223bbf8.tar.gz";
sha256 = "sha256-A4tQuISJNzzXPXJXv9N1jMat1VuZ7khYzk2jxoUqzIk=";
};
Cite = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-7fdd57d.tar.gz";
sha256 = "sha256-/s9byrAVjky0EeiokUEchG3ICw+Q2T6HLjbzHnl3uVE=";
};
ConfirmEdit = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-9ae04a5.tar.gz";
sha256 = "sha256-iiRT98uUmy1gvKzl/5ijheAAjUK3BLewt8IG8qdCHsA=";
};
CiteThisPage = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-157e3bc.tar.gz";
sha256 = "sha256-q2z4y4Afcq98/Dh6kQqZxeUg9fYFv9ntR+UyelHLDKc=";
};
ParserFunctions = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_38-c2ccf36.tar.gz";
sha256 = "sha256-z3Gwl/xzFBUUAm9u6ixgfJgrO5oTopXGuXEpaewUG1Y=";
};
SyntaxHightlight = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_38-150f839.tar.gz";
sha256 = "sha256-miXbsf2TdalEkUGiVrh55q3NuEtmnQQbb0f1XBmSilw=";
};
intersection = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_38-8525097.tar.gz";
sha256 = "sha256-shgA0XLG6pgikqldOfda40hV9zC1eBp+NalGhevFq2Q=";
};
Scribunto = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_38-bd2f615.tar.gz";
sha256 = "sha256-e70P8/0CsWWftyh2LhFw/Fv3E34Bl8HIZxVszuUl8Pk=";
};
Lockdown = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
};
};
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
database = {
type = "postgres";
socket = "/run/postgresql";
user = "mediawiki";
name = "mediawiki";
};
uploadsDir = "/var/lib/mediawiki/uploads";
};
}