diff --git a/flake.nix b/flake.nix index dea917c..6c4b5ca 100644 --- a/flake.nix +++ b/flake.nix @@ -3,10 +3,13 @@ outputs = { self, nixpkgs }: { + devShell.x86_64-linux = import ./shell.nix { + pkgs = import nixpkgs { system = "x86_64-linux"; }; + }; nixosConfigurations.container = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = - [ ({ pkgs, ... }: { + [ ({ config, pkgs, lib, ... }: { boot.isContainer = true; # Let 'nixos-version --json' know about the Git revision @@ -15,7 +18,72 @@ # Network configuration. networking.useDHCP = false; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 5432 ]; + + services.postgresql = + let + cfg = config.services.mediawiki; + in { + enable = true; + enableTCPIP = true; + package = pkgs.postgresql_14; + ensureDatabases = [ cfg.database.name ]; + + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.user}" = "ALL PRIVILEGES"; }; + } + ]; + authentication = lib.mkForce '' + # Generated file; do not edit! + # TYPE DATABASE USER ADDRESS METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all 10.233.2.1/32 trust + host all all ::1/128 trust + '';}; + + + systemd.services.mediawiki-pg-init = + let + cfg = config.services.mediawiki; + stateDir = "/var/lib/mediawiki"; + pkg = pkgs.mediawiki; + inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types; + mediawikiConfig = config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG; + in { + enable = false; + wantedBy = [ "multi-user.target" ]; + before = [ "phpfpm-mediawiki.service" ]; + after = [ "postgresql.service" ]; + script = '' + if ! test -e "${stateDir}/secret.key"; then + tr -dc A-Za-z0-9 /dev/null | head -c 64 > ${stateDir}/secret.key + fi + echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ + --confpath /tmp \ + --scriptpath / \ + --dbtype ${cfg.database.type} \ + --dbserver "${if cfg.database.socket != null then cfg.database.socket else "${cfg.database.host}:${toString cfg.database.port}"}" \ + --dbname ${cfg.database.name} \ + ${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \ + --dbuser ${cfg.database.user} \ + ${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \ + --passfile ${cfg.passwordFile} \ + ${cfg.name} \ + admin + ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick + ''; + + serviceConfig = { + Type = "oneshot"; + User = "mediawiki"; + Group = config.services.httpd.group; + PrivateTmp = true; + }; + }; services.mediawiki = { enable = true; @@ -23,25 +91,43 @@ hostName = "mediawiki"; adminAddr = "root@example.com"; }; + extraConfig = '' + $wgShowExceptionDetails = true; + $wgDBserver = "localhost"; + $wgDBport = "5432"; + ''; extensions = { - Interwiki = pkgs.fetchzip { - url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_36-08fe37f.tar.gz"; - sha256 = "sha256-77uvw/ETPeRNYRcIl2KqowmJ9D9R9wyyltpy5Cu11L4="; - }; - Cite = pkgs.fetchzip { - url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_36-77e6710.tar.gz"; - sha256 = "sha256-un6AjbqHre00a2IaEaUZnPPk+gMoet9pc+6mRLfh3I0="; - }; - DynamicPageList = pkgs.fetchzip { - url = "https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_36-c00fbd6.tar.gz"; - sha256 = "sha256-QMBQcIN0+6VSjgVaA0bC90auZr8CBHBggoasfWi8Jzk="; - }; +# Interwiki = pkgs.fetchzip { +# url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_36-08fe37f.tar.gz"; +# sha256 = "sha256-77uvw/ETPeRNYRcIl2KqowmJ9D9R9wyyltpy5Cu11L4="; +# }; +# Cite = pkgs.fetchzip { +# url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_36-77e6710.tar.gz"; +# sha256 = "sha256-un6AjbqHre00a2IaEaUZnPPk+gMoet9pc+6mRLfh3I0="; +# }; +# DynamicPageList = pkgs.fetchzip { +# url = "https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_36-c00fbd6.tar.gz"; +# sha256 = "sha256-QMBQcIN0+6VSjgVaA0bC90auZr8CBHBggoasfWi8Jzk="; +# }; # Scribunto = pkgs.fetchzip { # url = "https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_36-cc217d4.tar.gz"; # sha256 = "sha256-chFveLW4GdRmJbUE4Q2e2aEJ52zejpqF5B/YiZZ7L1k="; +# }; +# Lockdown = pkgs.fetchzip { +# url = "https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_36-1a3d68d.tar.gz"; +# sha256 = "sha256-AlJbXsqJfXqj0bU16fwxFSu0lfR+WzJxJiJSKp1keXk="; # }; }; passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!"; + database = { + type = "postgres"; + socket = "/run/postgresql"; + host = "127.0.0.1"; + port = 5432; + user = "mediawiki"; + name = "wiki"; + + }; }; })