Format with nixpkgs-fmt
This commit is contained in:
parent
3ecb195a5d
commit
b4d2a7f959
|
@ -1,19 +1,20 @@
|
|||
{ zentralwerk, config, lib, pkgs, ... }:
|
||||
let
|
||||
ourMediawiki = pkgs.mediawiki.overrideAttrs ({pname, ...}: rec {
|
||||
ourMediawiki = pkgs.mediawiki.overrideAttrs ({ pname, ... }: rec {
|
||||
version = "1.38.1";
|
||||
src = with lib; pkgs.fetchurl {
|
||||
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/${pname}-${version}.tar.gz";
|
||||
sha256 = "sha256-EXNlUloN7xsgnKUIV9ZXNrYlRbh3p1NIpXqF0SZDezE=";
|
||||
};
|
||||
});
|
||||
in {
|
||||
in
|
||||
{
|
||||
networking.hostName = "mediawiki";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
c3d2.deployment = {
|
||||
server = "server10";
|
||||
mounts = [ "etc" "home" "var"];
|
||||
mounts = [ "etc" "home" "var" ];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
|
@ -29,7 +30,8 @@ in {
|
|||
services.postgresql =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in {
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
package = pkgs.postgresql_11;
|
||||
|
@ -38,173 +40,175 @@ in {
|
|||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';};
|
||||
}];
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
sops.secrets = {
|
||||
"mediawiki/adminPassword" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/upgradeKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/secretKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
};
|
||||
sops.secrets = {
|
||||
"mediawiki/adminPassword" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/upgradeKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
};
|
||||
"mediawiki/secretKey" = {
|
||||
owner = config.systemd.services.mediawiki.serviceConfig.User;
|
||||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
};
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
services.logrotate.checkConfig = false;
|
||||
services.logrotate.checkConfig = false;
|
||||
|
||||
services.mediawiki = let
|
||||
cfg = config.services.mediawiki;
|
||||
in {
|
||||
services.mediawiki =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
package = ourMediawiki;
|
||||
virtualHost = {
|
||||
hostName = "wiki.c3d2.de";
|
||||
adminAddr = "root@example.com";
|
||||
};
|
||||
#skins = {
|
||||
# Vector = "${ourMediawiki}/share/mediawiki/skins/Vector";
|
||||
# Hector = "${ourMediawiki}/share/mediawiki/skins/Hector";
|
||||
#};
|
||||
name = "C3D2";
|
||||
#skins = {
|
||||
# Vector = "${ourMediawiki}/share/mediawiki/skins/Vector";
|
||||
# Hector = "${ourMediawiki}/share/mediawiki/skins/Hector";
|
||||
#};
|
||||
name = "C3D2";
|
||||
|
||||
extraConfig = ''
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "${cfg.database.socket}";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
extraConfig = ''
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "${cfg.database.socket}";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgEmergencyContact = "wiki@c3d2.de";
|
||||
$wgPasswordSender = "wiki@c3d2.de";
|
||||
$wgLanguageCode = "de";
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgEmergencyContact = "wiki@c3d2.de";
|
||||
$wgPasswordSender = "wiki@c3d2.de";
|
||||
$wgLanguageCode = "de";
|
||||
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
$wgGroupPermissions['user']['edit'] = true;
|
||||
$wgGroupPermissions['sysop']['interwiki'] = true;
|
||||
$wgGroupPermissions['sysop']['userrights'] = true;
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
$wgGroupPermissions['user']['edit'] = true;
|
||||
$wgGroupPermissions['sysop']['interwiki'] = true;
|
||||
$wgGroupPermissions['sysop']['userrights'] = true;
|
||||
|
||||
define("NS_INTERN", 100);
|
||||
define("NS_INTERN_TALK", 101);
|
||||
define("NS_INTERN", 100);
|
||||
define("NS_INTERN_TALK", 101);
|
||||
|
||||
$wgExtraNamespaces[NS_INTERN] = "Intern";
|
||||
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
|
||||
$wgExtraNamespaces[NS_INTERN] = "Intern";
|
||||
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
|
||||
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move-subpages'] = true;
|
||||
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move-subpages'] = true;
|
||||
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
|
||||
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
|
||||
|
||||
define("NS_I4R", 102);
|
||||
define("NS_I4R_TALK", 103);
|
||||
$wgExtraNamespaces[NS_I4R] = "IT4Refugees";
|
||||
$wgExtraNamespaces[NS_I4R_TALK] = "IT4Refugees_Diskussion";
|
||||
$wgGroupPermissions['i4r']['move'] = true;
|
||||
$wgGroupPermissions['i4r']['move-subpages'] = true;
|
||||
$wgGroupPermissions['i4r']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['i4r']['read'] = true;
|
||||
$wgGroupPermissions['i4r']['edit'] = true;
|
||||
$wgGroupPermissions['i4r']['createpage'] = true;
|
||||
$wgGroupPermissions['i4r']['createtalk'] = true;
|
||||
$wgGroupPermissions['i4r']['writeapi'] = true;
|
||||
$wgGroupPermissions['i4r']['upload'] = true;
|
||||
$wgGroupPermissions['i4r']['reupload'] = true;
|
||||
$wgGroupPermissions['i4r']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['i4r']['minoredit'] = true;
|
||||
$wgGroupPermissions['i4r']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['i4r']['sendemail'] = true;
|
||||
$wgNamespacePermissionLockdown[NS_I4R]['*'] = array('i4r');
|
||||
$wgNamespacePermissionLockdown[NS_I4R_TALK]['*'] = array('i4r');
|
||||
define("NS_I4R", 102);
|
||||
define("NS_I4R_TALK", 103);
|
||||
$wgExtraNamespaces[NS_I4R] = "IT4Refugees";
|
||||
$wgExtraNamespaces[NS_I4R_TALK] = "IT4Refugees_Diskussion";
|
||||
$wgGroupPermissions['i4r']['move'] = true;
|
||||
$wgGroupPermissions['i4r']['move-subpages'] = true;
|
||||
$wgGroupPermissions['i4r']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['i4r']['read'] = true;
|
||||
$wgGroupPermissions['i4r']['edit'] = true;
|
||||
$wgGroupPermissions['i4r']['createpage'] = true;
|
||||
$wgGroupPermissions['i4r']['createtalk'] = true;
|
||||
$wgGroupPermissions['i4r']['writeapi'] = true;
|
||||
$wgGroupPermissions['i4r']['upload'] = true;
|
||||
$wgGroupPermissions['i4r']['reupload'] = true;
|
||||
$wgGroupPermissions['i4r']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['i4r']['minoredit'] = true;
|
||||
$wgGroupPermissions['i4r']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['i4r']['sendemail'] = true;
|
||||
$wgNamespacePermissionLockdown[NS_I4R]['*'] = array('i4r');
|
||||
$wgNamespacePermissionLockdown[NS_I4R_TALK]['*'] = array('i4r');
|
||||
|
||||
$wgGroupPermissions['sysop']['deletelogentry'] = true;
|
||||
$wgGroupPermissions['sysop']['deleterevision'] = true;
|
||||
$wgGroupPermissions['sysop']['deletelogentry'] = true;
|
||||
$wgGroupPermissions['sysop']['deleterevision'] = true;
|
||||
|
||||
$wgEnableAPI = true;
|
||||
$wgAllowUserCss = true;
|
||||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
$wgEnableAPI = true;
|
||||
$wgAllowUserCss = true;
|
||||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
'';
|
||||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||
# save them on https://web.archive.org/save and copy the final URL below
|
||||
extensions = {
|
||||
Interwiki = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220617074130/https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_38-223bbf8.tar.gz";
|
||||
sha256 = "sha256-A4tQuISJNzzXPXJXv9N1jMat1VuZ7khYzk2jxoUqzIk=";
|
||||
};
|
||||
Cite = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
|
||||
sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
|
||||
};
|
||||
ConfirmEdit = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
|
||||
sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
|
||||
};
|
||||
CiteThisPage = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
|
||||
sha256 = "sha256-r1NgrhSratleQ356imxmF7KmAANvWvKpAgnLkm8IdKY=";
|
||||
};
|
||||
ParserFunctions = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203519/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_38-bc6a7c6.tar.gz";
|
||||
sha256 = "sha256-iDv4VSSFnTKEhvlVQcHHVp2hSWwDbv6jNCq1kOGuswo=";
|
||||
};
|
||||
SyntaxHightlight = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203440/https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_38-79031cd.tar.gz";
|
||||
sha256 = "sha256-r1NgrhSratleQ356imxmF7KmAANvWvKpAgnLkm8IdKY=";
|
||||
};
|
||||
intersection = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203336/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_38-8525097.tar.gz";
|
||||
sha256 = "sha256-shgA0XLG6pgikqldOfda40hV9zC1eBp+NalGhevFq2Q=";
|
||||
};
|
||||
#DynamicPageList = pkgs.fetchzip {
|
||||
# url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
|
||||
# sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
|
||||
#};
|
||||
Scribunto = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627202748/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_38-9b9271a.tar.gz";
|
||||
sha256 = "sha256-4sy2ZCnDFzx43WzfS4Enh+I0o0+sFl1RnNV4xGiyU0k=";
|
||||
};
|
||||
Lockdown = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
|
||||
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
||||
};
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
'';
|
||||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||
# save them on https://web.archive.org/save and copy the final URL below
|
||||
extensions = {
|
||||
Interwiki = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220617074130/https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_38-223bbf8.tar.gz";
|
||||
sha256 = "sha256-A4tQuISJNzzXPXJXv9N1jMat1VuZ7khYzk2jxoUqzIk=";
|
||||
};
|
||||
Cite = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
|
||||
sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
|
||||
};
|
||||
ConfirmEdit = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
|
||||
sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
|
||||
};
|
||||
CiteThisPage = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
|
||||
sha256 = "sha256-r1NgrhSratleQ356imxmF7KmAANvWvKpAgnLkm8IdKY=";
|
||||
};
|
||||
ParserFunctions = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203519/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_38-bc6a7c6.tar.gz";
|
||||
sha256 = "sha256-iDv4VSSFnTKEhvlVQcHHVp2hSWwDbv6jNCq1kOGuswo=";
|
||||
};
|
||||
SyntaxHightlight = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203440/https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_38-79031cd.tar.gz";
|
||||
sha256 = "sha256-r1NgrhSratleQ356imxmF7KmAANvWvKpAgnLkm8IdKY=";
|
||||
};
|
||||
intersection = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203336/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_38-8525097.tar.gz";
|
||||
sha256 = "sha256-shgA0XLG6pgikqldOfda40hV9zC1eBp+NalGhevFq2Q=";
|
||||
};
|
||||
#DynamicPageList = pkgs.fetchzip {
|
||||
# url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
|
||||
# sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
|
||||
#};
|
||||
Scribunto = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627202748/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_38-9b9271a.tar.gz";
|
||||
sha256 = "sha256-4sy2ZCnDFzx43WzfS4Enh+I0o0+sFl1RnNV4xGiyU0k=";
|
||||
};
|
||||
Lockdown = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
|
||||
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
|
||||
};
|
||||
};
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
};
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
};
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
};
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue