with database init
This commit is contained in:
parent
212ce96300
commit
43529e63fe
114
flake.nix
114
flake.nix
|
@ -3,10 +3,13 @@
|
|||
|
||||
outputs = { self, nixpkgs }: {
|
||||
|
||||
devShell.x86_64-linux = import ./shell.nix {
|
||||
pkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
};
|
||||
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules =
|
||||
[ ({ pkgs, ... }: {
|
||||
[ ({ config, pkgs, lib, ... }: {
|
||||
boot.isContainer = true;
|
||||
|
||||
# Let 'nixos-version --json' know about the Git revision
|
||||
|
@ -15,7 +18,72 @@
|
|||
|
||||
# Network configuration.
|
||||
networking.useDHCP = false;
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 5432 ];
|
||||
|
||||
services.postgresql =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
in {
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
package = pkgs.postgresql_14;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
|
||||
ensureUsers = [{
|
||||
name = cfg.database.user;
|
||||
ensurePermissions = { "DATABASE ${cfg.database.user}" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
authentication = lib.mkForce ''
|
||||
# Generated file; do not edit!
|
||||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all 10.233.2.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
'';};
|
||||
|
||||
|
||||
systemd.services.mediawiki-pg-init =
|
||||
let
|
||||
cfg = config.services.mediawiki;
|
||||
stateDir = "/var/lib/mediawiki";
|
||||
pkg = pkgs.mediawiki;
|
||||
inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types;
|
||||
mediawikiConfig = config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG;
|
||||
in {
|
||||
enable = false;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-mediawiki.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
script = ''
|
||||
if ! test -e "${stateDir}/secret.key"; then
|
||||
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
|
||||
fi
|
||||
echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \
|
||||
--confpath /tmp \
|
||||
--scriptpath / \
|
||||
--dbtype ${cfg.database.type} \
|
||||
--dbserver "${if cfg.database.socket != null then cfg.database.socket else "${cfg.database.host}:${toString cfg.database.port}"}" \
|
||||
--dbname ${cfg.database.name} \
|
||||
${optionalString (cfg.database.tablePrefix != null) "--dbprefix ${cfg.database.tablePrefix}"} \
|
||||
--dbuser ${cfg.database.user} \
|
||||
${optionalString (cfg.database.passwordFile != null) "--dbpassfile ${cfg.database.passwordFile}"} \
|
||||
--passfile ${cfg.passwordFile} \
|
||||
${cfg.name} \
|
||||
admin
|
||||
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "mediawiki";
|
||||
Group = config.services.httpd.group;
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
|
@ -23,25 +91,43 @@
|
|||
hostName = "mediawiki";
|
||||
adminAddr = "root@example.com";
|
||||
};
|
||||
extraConfig = ''
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDBserver = "localhost";
|
||||
$wgDBport = "5432";
|
||||
'';
|
||||
extensions = {
|
||||
Interwiki = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_36-08fe37f.tar.gz";
|
||||
sha256 = "sha256-77uvw/ETPeRNYRcIl2KqowmJ9D9R9wyyltpy5Cu11L4=";
|
||||
};
|
||||
Cite = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_36-77e6710.tar.gz";
|
||||
sha256 = "sha256-un6AjbqHre00a2IaEaUZnPPk+gMoet9pc+6mRLfh3I0=";
|
||||
};
|
||||
DynamicPageList = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_36-c00fbd6.tar.gz";
|
||||
sha256 = "sha256-QMBQcIN0+6VSjgVaA0bC90auZr8CBHBggoasfWi8Jzk=";
|
||||
};
|
||||
# Interwiki = pkgs.fetchzip {
|
||||
# url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_36-08fe37f.tar.gz";
|
||||
# sha256 = "sha256-77uvw/ETPeRNYRcIl2KqowmJ9D9R9wyyltpy5Cu11L4=";
|
||||
# };
|
||||
# Cite = pkgs.fetchzip {
|
||||
# url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_36-77e6710.tar.gz";
|
||||
# sha256 = "sha256-un6AjbqHre00a2IaEaUZnPPk+gMoet9pc+6mRLfh3I0=";
|
||||
# };
|
||||
# DynamicPageList = pkgs.fetchzip {
|
||||
# url = "https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_36-c00fbd6.tar.gz";
|
||||
# sha256 = "sha256-QMBQcIN0+6VSjgVaA0bC90auZr8CBHBggoasfWi8Jzk=";
|
||||
# };
|
||||
# Scribunto = pkgs.fetchzip {
|
||||
# url = "https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_36-cc217d4.tar.gz";
|
||||
# sha256 = "sha256-chFveLW4GdRmJbUE4Q2e2aEJ52zejpqF5B/YiZZ7L1k=";
|
||||
# };
|
||||
# Lockdown = pkgs.fetchzip {
|
||||
# url = "https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_36-1a3d68d.tar.gz";
|
||||
# sha256 = "sha256-AlJbXsqJfXqj0bU16fwxFSu0lfR+WzJxJiJSKp1keXk=";
|
||||
# };
|
||||
};
|
||||
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
|
||||
database = {
|
||||
type = "postgres";
|
||||
socket = "/run/postgresql";
|
||||
host = "127.0.0.1";
|
||||
port = 5432;
|
||||
user = "mediawiki";
|
||||
name = "wiki";
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue