mediawiki: install first extension for LDAP, LDAPProvider, fix deployment, bump flake

2022-08-07 14:58:25 +02:00 · 2022-08-07 14:58:25 +02:00 · 2ba58ac387
commit 2ba58ac387
parent eca3671dbf
3 changed files with 33 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1659693623,
-        "narHash": "sha256-v2GyTrEVXK5mHZl5CrZ/B4ozI3K1pb4PvdccCSdSpuI=",
+        "lastModified": 1659853578,
+        "narHash": "sha256-W9j4Pur9til2lB2XD/aHAm8yen2hqbs3Os19OxM4aJM=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "282c9f7ae5ed3078424dc6ba85422a533b5ca7aa",
+        "rev": "b94c35e0d375540691411639458c21dd508ef3ed",
        "type": "github"
      },
      "original": {
@ -261,11 +261,11 @@
    },
    "nixos": {
      "locked": {
-        "lastModified": 1659526864,
-        "narHash": "sha256-XFzXrc1+6DZb9hBgHfEzfwylPUSqVFJbQPs8eOgYufU=",
+        "lastModified": 1659768833,
+        "narHash": "sha256-G1T3le1SfZ0AIsWu4SnWr46A34OEiwFcHDKWHtBfBtg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "478f3cbc8448b5852539d785fbfe9a53304133be",
+        "rev": "72f492e275fc29d44b3a4daf952fbeffc4aed5b8",
        "type": "github"
      },
      "original": {
@ -292,11 +292,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1659522808,
-        "narHash": "sha256-HBcM19nGhI3IWwPNVlYb0MZ8VW6iKp4JbAVkeIHVykc=",
+        "lastModified": 1659713809,
+        "narHash": "sha256-M4aHuXXVnfprM8xPH2lLkYkkR0fmaG5QmvIc0DT/d4E=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "168d1c578909dc143ba52dbed661c36e76b12b36",
+        "rev": "93c57a988470c1948976b1bb70abbd5855c5b810",
        "type": "github"
      },
      "original": {
@ -308,11 +308,11 @@
    },
    "nixos-unstable-sandro": {
      "locked": {
-        "lastModified": 1659702219,
-        "narHash": "sha256-phTzSHCUwRH0Y2EFldPjQwncLk5MJ3bPqBJmqQ0CA+M=",
+        "lastModified": 1659824380,
+        "narHash": "sha256-LJsF0INP6ET2mVTdmxDvvsVJ9/iwgjKTAjNdBrt6Hr8=",
        "owner": "SuperSandro2000",
        "repo": "nixpkgs",
-        "rev": "0c0b82d56bc9ca870ba075547ccd81578d4aeab6",
+        "rev": "c3d8a08c5812461214b7692460ebfd8a2e851d19",
        "type": "github"
      },
      "original": {
@ -502,11 +502,11 @@
    "rust-analyzer-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1659617824,
-        "narHash": "sha256-DR7WwKhAtRJ0B7Pj/gZ2cjTfBYzVmVP8JcNvlSlN5u4=",
+        "lastModified": 1659798150,
+        "narHash": "sha256-jx1faxOzIPf/kxafSqNVE5qBA6ioyUiynCKMpY7rlz4=",
        "owner": "rust-lang",
        "repo": "rust-analyzer",
-        "rev": "0fe3bcfd3524a023a11c95d0615178e897f72200",
+        "rev": "d9e462fd97fe56a63da62d11bb5c4d2132e4c74a",
        "type": "github"
      },
      "original": {
@ -698,11 +698,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1659718702,
-        "narHash": "sha256-2PSoPY14ABsEjwi6JimnQVbBWmj+56IVs5nrkfn59/4=",
+        "lastModified": 1659733009,
+        "narHash": "sha256-hzL+u0USyWVLotVCQVpGuuZ5jLb13ckSjguTXJHVW+Y=",
        "ref": "refs/heads/master",
-        "rev": "39897ded63f5e55b3e603b2dc8ea0a2e58cd5e06",
-        "revCount": 1504,
+        "rev": "6655e5e6a9de229f55717f93c97bbaa281b374fc",
+        "revCount": 1508,
        "type": "git",
        "url": "https://gitea.c3d2.de/zentralwerk/network.git"
      },
--- a/hosts/mediawiki/default.nix
+++ b/hosts/mediawiki/default.nix
@ -36,18 +36,21 @@

  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    defaultSopsFile = ./hosts/mediawiki/secrets.yaml;
+    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "mediawiki/adminPassword" = {
        owner = config.systemd.services.mediawiki-init.serviceConfig.User;
      };
-      "mediawiki/upgradeKey" = {
+      "mediawiki/ldapprovider" = {
        owner = config.systemd.services.mediawiki-init.serviceConfig.User;
      };
      "mediawiki/secretKey" = {
        owner = config.systemd.services.mediawiki-init.serviceConfig.User;
        path = "/var/lib/mediawiki/secret.key";
      };
+      "mediawiki/upgradeKey" = {
+        owner = config.systemd.services.mediawiki-init.serviceConfig.User;
+      };
    };
  };

@ -156,6 +159,8 @@
        //TODO what about $wgUpgradeKey ?

        $wgScribuntoDefaultEngine = 'luastandalone';
+
+        $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}";
      '';
      # see https://extdist.wmflabs.org/dist/extensions/ for list of extensions
      # save them on https://web.archive.org/save and copy the final URL below
@ -188,6 +193,10 @@
          url = "https://web.archive.org/web/20220617074130/https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_38-223bbf8.tar.gz";
          sha256 = "sha256-A4tQuISJNzzXPXJXv9N1jMat1VuZ7khYzk2jxoUqzIk=";
        };
+        LDAPProvider = pkgs.fetchzip {
+          url = "https://web.archive.org/web/20220806214957/https://extdist.wmflabs.org/dist/extensions/LDAPProvider-master-80f8cc8.tar.gz";
+          sha256 = "sha256-Y59otw6onknVsjRhyH7L7I0MwnBkvQtuzwpj7c0GZzc=";
+        };
        ParserFunctions = pkgs.fetchzip {
          url = "https://web.archive.org/web/20220627203519/https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_38-bc6a7c6.tar.gz";
          sha256 = "sha256-iDv4VSSFnTKEhvlVQcHHVp2hSWwDbv6jNCq1kOGuswo=";
--- a/hosts/mediawiki/secrets.yaml
+++ b/hosts/mediawiki/secrets.yaml
@ -2,6 +2,7 @@ mediawiki:
    adminPassword: ENC[AES256_GCM,data:Q4OG4vr616VGR3+HAn7h3sp0EFYz5dtziA==,iv:sInQs2xiOs4r92jaJaEFGBPwM8ZkCmdgPIZVOAxzvSs=,tag:nZ0WZcg60iHjRTbYVJCyIw==,type:str]
    secretKey: ENC[AES256_GCM,data:Qmnvm+Lqa6+5I+Lj71WkW3ZrWr8hKB7KkvDkwbNAU8A1R4axJSbfXosZWelCqym36bjjxp1ThHXSyJ1M24PFG1B+tlODmLC+WbVm,iv:Gghszp+0dO5yQ/gTTRJ3cSASz62hVJP35cgvgWFJQ4c=,tag:EcGRs6mOgscoJIe2IFbjiw==,type:str]
    upgradeKey: ENC[AES256_GCM,data:d6nSrNN3bD9smLH4VaJBuA==,iv:XFivelGD25QQmZ44raSvGB89oBtxu9rKRxuHQ04+53w=,tag:eNHkNnfOF6JOQENope65tg==,type:str]
+    ldapprovider: ENC[AES256_GCM,data:Q1npwIIQCl21FzFQD/AYdFP+BO654z61lufCq1Fr5Xc4QxNOJ3J4DPlMwX3nxFai+rY5aZK6FBm0BwT2wUMWkq/Yzdinn7I6nAIgLWNi1Gw8z1KZGfegkoywct34eo68LDP5qdELaCMxnYG2OnqQbDSAaanuhL5EAzg/QoUP8CbTC8VYe9JhQKPfxpwdkVT/d8bpTE4VwJMUdubUfrwmaJzBHkFv4nqdpTBcZbevI4n2VBTA//knZw0BCrMQWtaIBJeS7ocDlg5NTak6Jy/smV0jWj4we5AMQNIOkTDcMOn5dDnbKwJgWnUmaCk60xPQd/WZd/8IZxkCcsLdYsEQrIfvlg4ui6FowGuuVxKuFvA3bC4o4IWA5BOGl6H0Bz3xZHIrvWt5Ov4PERhjMz3PsNJc0XA3opiHJtA1Q0gTQnRluwCpwPwQqDP1QCtcYyaGWWsrGphevmM41cFWmhJmcXSSRvMSeybd3LOfpLB1Mx62gljuiGlcb8E850Sc459I7Byth66c9S9vd3Ft0NO2/ulxvfzuBOIo7KV3DUmWS4vFDCxnI3Y13xamy82nefnyp8MvYAPaNAcRgl2M18zvgXnaaJbgp2uyV7IkHCgAxyDdRXaNOpDHIsKhtds2PYUuZIwCdmb1oliux7r4AskvkwXbrTHR66wANa0S6jVzlNu18q2Z2I5eyxL3cW8yhv0qr8f6bokBj3cLjeWGTZaELbsxRpPyiY7RkDA80+yklJ5y9CyrMkg9jwUQqg==,iv:q49SA9/vfnoIysVGE68LMf8dZ3/Cj7aEH0vCH/MAvJM=,tag:LJINBjCtMrAveBKY6mqz5Q==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -26,8 +27,8 @@ sops:
            eVlJdkhDWHRoRy92ZE9SNyt0Q2hyNHMKSfJDmCWOthsdxByJTDgUUPO0JspFXSTP
            TEA0l8DmrS98w5ewRYOTHuly+2ioP4NUFpA8JvUZ5gadgPzLDLeiig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-06-28T18:11:35Z"
-    mac: ENC[AES256_GCM,data:8LsOlEhDVprLv+L35o9PNQXHn07LR6BtFuOhYdOqMqx6cS6+TAk9I4Mejny3Zmct9vndmb8Q02CWjxnqvVTVhtbElgDd9/bbxhcGerInTDCrNHyHkn3N+2V9uOhq8yxRyIhh5gJ9i7EaEVeBZl6ejzXKTAxi8oG9wc8eiSxhHng=,iv:J59766XEhWB3m1o4RctkUG3hglfbAyAs7Q+3rruEQhE=,tag:nTuAFgiLQ94sqhphLI/l6Q==,type:str]
+    lastmodified: "2022-08-07T11:31:20Z"
+    mac: ENC[AES256_GCM,data:EbSJkthEK2xBaL3dttiYLVqBRMC6BwwbyovUrE3r2v7AJ4KP7mnJwrmvZ83ZFPyXeGUgcRwcpPgjImcSntUv9XLsau2Se9FKJPUn5JDcpmv49vxrkrYrDt/IuCgSFZk31pxqBcBb2clkJ/7eliEmnQsj/j8i9YzEg60reRxTAoQ=,iv:qGLm2+uAwNW5zURPT+afJ/pG4YomLp2NQz62Adguug8=,tag:6DqsrpjdR9xxDHuXe/8hOQ==,type:str]
    pgp:
        - created_at: "2022-07-15T23:30:12Z"
          enc: |