winzlieb/mediawiki-nix-container
winzlieb
/
mediawiki-nix-container
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
mediawiki-nix-container/flake.nix

173 lines
6.5 KiB
Nix
Raw Blame History

{
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
outputs = { self, nixpkgs }: {
devShell.x86_64-linux = import ./shell.nix {
pkgs = import nixpkgs { system = "x86_64-linux"; };
};
defaultPackage.x86_64-linux =
let
pkgs = import nixpkgs { system = "x86_64-linux"; };
lib = pkgs.lib;
in
pkgs.mediawiki.overrideAttrs ({ pname, ... }: rec {
version = "1.27.0";
src = with lib; pkgs.fetchurl {
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/${pname}-${version}.tar.gz";
sha256 = "sha256-x50AMSpLdJkn5PP5YAs7z5/pFKiYt/5PhRjp9Zro0Sg=";
};
});
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules =
[ ({ config, pkgs, lib, ... }:
let
mediaWikiOld = pkgs.mediawiki.overrideAttrs ({pname, ...}: rec {
version = "1.28.0";
src = with lib; pkgs.fetchurl {
url = "https://releases.wikimedia.org/mediawiki/${versions.majorMinor version}/${pname}-${version}.tar.gz";
sha256 = "sha256-0bjNu0Nb9Z2o9RiwUnfMmms1078W4n6LtJ68+n1/hHE=";
};
});
in
{
imports = [ ./module/mediawiki.nix ];
boot.isContainer = true;
# Let 'nixos-version --json' know about the Git revision
# of this flake.
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
# Network configuration.
networking.useDHCP = false;
networking.firewall.allowedTCPPorts = [ 80 5432 ];
services.mysql = {
enable = false;
};
services.postgresql =
let
cfg = config.services.mediawiki;
in {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_11;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
authentication = lib.mkForce ''
# Generated file; do not edit!
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.233.2.1/32 trust
host all all 169.254.155.231/32 trust
host all all ::1/128 trust
'';};
system.stateVersion = "22.05";
systemd.services.mediawiki-pg-init = let
cfg = config.services.mymediawiki;
stateDir = "/var/lib/mediawiki";
pkg = mediaWikiOld;
inherit (lib) concatStringsSep literalExample mapAttrsToList optional optionals optionalString types;
mediawikiConfig = config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG;
in {
enable = true;
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-mediawiki.service" ];
after = [ "postgresql.service" ];
script = ''
if ! test -e "${stateDir}/secret.key"; then
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
fi
${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
'';
serviceConfig = {
Type = "oneshot";
User = "mediawiki";
Group = config.services.httpd.group;
PrivateTmp = true;
};
};
services.mymediawiki = {
enable = true;
package = mediaWikiOld;
virtualHost = {
hostName = "mediawiki";
adminAddr = "root@example.com";
};
#skins = {
# Vector = "${mediaWikiOld}/share/mediawiki/skins/Vector";
# Hector = "${mediaWikiOld}/share/mediawiki/skins/Hector";
#};
extraConfig = ''
$wgShowExceptionDetails = true;
$wgDBserver = "/run/postgresql";
$wgDBport = "5432";
# $wgDBuser = "mediawiki";
# $wgDBname = "mediawiki";
$wgDBmwschema = "mediawiki";
'';
extensions = {
# Interwiki = pkgs.fetchzip {
# url = "https://extdist.wmflabs.org/dist/extensions/Interwiki-REL1_36-08fe37f.tar.gz";
# sha256 = "sha256-77uvw/ETPeRNYRcIl2KqowmJ9D9R9wyyltpy5Cu11L4=";
# };
# Cite = pkgs.fetchzip {
# url = "https://extdist.wmflabs.org/dist/extensions/Cite-REL1_36-77e6710.tar.gz";
# sha256 = "sha256-un6AjbqHre00a2IaEaUZnPPk+gMoet9pc+6mRLfh3I0=";
# };
#DynamicPageList = pkgs.fetchzip {
# url = "https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_36-6a4424f.tar.gz";
# sha256 = "sha256-HIl4EnUgiZQzUvWFF9e7enyAYWM4e16oRSYXMdtblic=";
#};
#Scribunto = pkgs.fetchzip {
# url = "https://extdist.wmflabs.org/dist/extensions/Scribunto-REL1_36-cc217d4.tar.gz";
# sha256 = "sha256-chFveLW4GdRmJbUE4Q2e2aEJ52zejpqF5B/YiZZ7L1k=";
#};
#Lockdown = pkgs.fetchzip {
# url = "https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_36-1a3d68d.tar.gz";
# sha256 = "sha256-AlJbXsqJfXqj0bU16fwxFSu0lfR+WzJxJiJSKp1keXk=";
#};
};
passwordFile = pkgs.writeText "password" "topSecretF0rAll!!!!";
#database = {
# type = "mysql";
# createLocally = true;
#};
database = {
type = "postgres";
# socket = "/run/postgresql";
# host = "localhost";
# port = 5432;
user = "mediawiki";
name = "mediawiki";
passwordFile = pkgs.writeText "password" "";
};
};
})
];
};
};
}
Reference in New Issue View Git Blame Copy Permalink