forked from c3d2/nix-config
Update mediawiki to 1.40
This commit is contained in:
parent
898a748bb4
commit
0000003775
|
@ -13,11 +13,6 @@
|
|||
assertion = lib.versions.major pkgs.ceph.version != 16;
|
||||
message = "Please pin ceph to major version 16!";
|
||||
}
|
||||
{
|
||||
assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.39;
|
||||
# https://www.mediawiki.org/wiki/Version_lifecycle
|
||||
message = "Please keep mediawiki on LTS versions which is required by the LDAP extension";
|
||||
}
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
|
|
@ -4,6 +4,13 @@ let
|
|||
cfg = config.services.mediawiki;
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = lib.versions.majorMinor pkgs.mediawiki.version != 1.40;
|
||||
# https://www.mediawiki.org/wiki/Version_lifecycle
|
||||
message = "Please keep mediawiki on LTS versions which is required by the LDAP extension";
|
||||
}
|
||||
];
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 1024;
|
||||
|
@ -40,14 +47,14 @@ in
|
|||
#};
|
||||
name = "C3D2";
|
||||
|
||||
extraConfig = ''
|
||||
extraConfig = /* php */ ''
|
||||
$wgArticlePath = '/$1';
|
||||
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "${config.services.mediawiki.database.socket}";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
$wgDBmwschema = "mediawiki";
|
||||
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgLogo = "https://www.c3d2.de/images/ck.png";
|
||||
$wgEmergencyContact = "wiki@c3d2.de";
|
||||
$wgPasswordSender = "wiki@c3d2.de";
|
||||
$wgLanguageCode = "de";
|
||||
|
@ -63,20 +70,20 @@ in
|
|||
$wgExtraNamespaces[NS_INTERN] = "Intern";
|
||||
$wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
|
||||
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move'] = true;
|
||||
$wgGroupPermissions['intern']['move-subpages'] = true;
|
||||
$wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
$wgGroupPermissions['intern']['read'] = true;
|
||||
$wgGroupPermissions['intern']['edit'] = true;
|
||||
$wgGroupPermissions['intern']['createpage'] = true;
|
||||
$wgGroupPermissions['intern']['createtalk'] = true;
|
||||
$wgGroupPermissions['intern']['writeapi'] = true;
|
||||
$wgGroupPermissions['intern']['upload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload'] = true;
|
||||
$wgGroupPermissions['intern']['reupload-shared'] = true;
|
||||
$wgGroupPermissions['intern']['minoredit'] = true;
|
||||
$wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok"
|
||||
$wgGroupPermissions['intern']['sendemail'] = true;
|
||||
|
||||
$wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
|
||||
$wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
|
||||
|
@ -114,8 +121,17 @@ in
|
|||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
wfLoadExtension('Cite');
|
||||
wfLoadExtension('CiteThisPage');
|
||||
wfLoadExtension('ConfirmEdit');
|
||||
wfLoadExtension('ParserFunctions');
|
||||
wfLoadExtension('WikiEditor');
|
||||
|
||||
// TODO: what about $wgUpgradeKey ?
|
||||
|
||||
// TODO: does this even work?
|
||||
// https://www.mediawiki.org/wiki/Extension:Scribunto#Requirements mentions quite some extra steps which we didn't do
|
||||
wfLoadExtension('Scribunto');
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
|
||||
# LDAP
|
||||
|
@ -125,58 +141,34 @@ in
|
|||
# see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
|
||||
# save them on https://web.archive.org/save and copy the final URL below
|
||||
extensions = {
|
||||
Cite = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516204128/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_39-2540df4.tar.gz";
|
||||
sha256 = "sha256-fXE+W1nRPvMK7fOJa7q0fY3CpT0TrxDUv5R4WKPXxPc=";
|
||||
};
|
||||
CiteThisPage = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516204058/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_39-1c86120.tar.gz";
|
||||
sha256 = "sha256-GU3L8rqU9RI7VDK4kcCBLDoBD26Sqk1Bu6hANhlByeQ=";
|
||||
};
|
||||
ConfirmEdit = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203822/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_39-09a7ebc.tar.gz";
|
||||
sha256 = "sha256-G+ZYmPEva8C9arcpmvREX5yvA12PE3/zjpDpzW6dP9o=";
|
||||
};
|
||||
Lockdown = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203722/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_39-12dd618.tar.gz";
|
||||
sha256 = "sha256-V4Tdo04YtH6g15QgAW9RPqlVOwMOAyrGGIPbs9jH45A=";
|
||||
url = "https://web.archive.org/web/20230710141042/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_40-7d900ed.tar.gz";
|
||||
sha256 = "sha256-TgoL9IcwY4EBNUsoVBqpUehVO7TEDT22FoH7Ep4dMxw=";
|
||||
};
|
||||
# TODO: replace with https://www.mediawiki.org/wiki/Extension:DynamicPageList3
|
||||
intersection = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203704/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_39-dbb8cfd.tar.gz";
|
||||
sha256 = "sha256-E6n+i7+SRHvmSLEIAiUR/LyGFcSkkrwTXl9INa/a4yw=";
|
||||
url = "https://web.archive.org/web/20230710142223/https://extdist.wmflabs.org/dist/extensions/intersection-REL1_40-f3c1559.tar.gz";
|
||||
sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o=";
|
||||
};
|
||||
# requires PluggableAuth
|
||||
LDAPAuthentication2 = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516203001/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_39-35908c0.tar.gz";
|
||||
url = "https://web.archive.org/web/20230710142325/https://extdist.wmflabs.org/dist/extensions/LDAPAuthentication2-REL1_40-2864ae9.tar.gz";
|
||||
sha256 = "sha256-LWXpmgzUpgEaPe/4cwF2cmJxPkW8ywT7gRAlB58mDfY=";
|
||||
};
|
||||
LDAPProvider = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202850/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_39-1b79e16.tar.gz";
|
||||
sha256 = "sha256-rJGdS1mbmSdHUIgbNeRMJ56vTVihEgXzOvR6k1guDU8=";
|
||||
};
|
||||
ParserFunctions = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202737/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_39-3eb1eb9.tar.gz";
|
||||
sha256 = "sha256-wAoMVNerfa7FUP+NH51cYZf+QKQl+pdSBoKsbAS6LBE=";
|
||||
url = "https://web.archive.org/web/20230710141035/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-REL1_40-99edc23.tar.gz";
|
||||
sha256 = "sha256-DYq5CCm//rc6Mei9K6S2Ue+hzz6PYHnwpbJouFS5j+o=";
|
||||
};
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202627/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-1210fc3.tar.gz";
|
||||
sha256 = "sha256-F6bTMCzkK3kZwZGIsNE87WlZWqXXmTMhEjApO99YKR0=";
|
||||
};
|
||||
Scribunto = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202513/https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_39-ebb91f2.tar.gz";
|
||||
sha256 = "sha256-WHgVyY2JpUp8lFpvtKYS3wNe7UzzYLtwsRqtIdZBhek=";
|
||||
};
|
||||
WikiEditor = pkgs.fetchzip {
|
||||
url = "https://web.archive.org/web/20230516202249/https://extdist.wmflabs.org/dist/extensions/WikiEditor-REL1_39-ed89fa9.tar.gz";
|
||||
sha256 = "sha256-Aypjzv0cjoJvPuqSqlvMrlvd8n5EtE4TC8eyxFGwmLQ=";
|
||||
url = "https://web.archive.org/web/20230710142618/https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-519c6d2.tar.gz";
|
||||
sha256 = "sha256-N1+OV1UdzvU4iXhaS/+fuEoAXqrkVyyEPDirk0vrT8A=";
|
||||
};
|
||||
};
|
||||
# initial admin user password
|
||||
passwordFile = config.sops.secrets."mediawiki/adminPassword".path;
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
};
|
||||
uploadsDir = "/var/lib/mediawiki/uploads";
|
||||
};
|
||||
|
@ -187,14 +179,14 @@ in
|
|||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
authentication = lib.mkForce ''
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';
|
||||
enableTCPIP = true;
|
||||
# authentication = lib.mkForce ''
|
||||
# # TYPE DATABASE USER ADDRESS METHOD
|
||||
# local all all trust
|
||||
# host all all 127.0.0.1/32 trust
|
||||
# host all all 10.233.2.1/32 trust
|
||||
# host all all ::1/128 trust
|
||||
# '';
|
||||
# enableTCPIP = true;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
|
@ -216,8 +208,8 @@ in
|
|||
path = "/var/lib/mediawiki/secret.key";
|
||||
};
|
||||
"mediawiki/upgradeKey".owner = config.systemd.services.mediawiki-init.serviceConfig.User;
|
||||
"restic/password".owner = "root";
|
||||
"restic/repository/server8".owner = "root";
|
||||
"restic/password" = { };
|
||||
"restic/repository/server8" = { };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue