{ flake, config, lib, pkgs, ... }: let localSettingsPHP = pkgs.writeScript "LocalSettings.php" '' <?php # Protect against web entry if ( !defined( 'MEDIAWIKI' ) ) { exit; } # error_reporting( -1 ); # ini_set( 'display_errors', 1 ); # $wgShowExceptionDetails = true; # $wgDBerrorLog = '/dev/stderr'; # $wgDebugLogFile = "/dev/stderr"; $wgSitename = "pub.solar wiki"; $wgMetaNamespace = false; ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs ## (like /w/index.php/Page_title to /wiki/Page_title) please see: ## https://www.mediawiki.org/wiki/Manual:Short_URL $wgScriptPath = "https://wiki.${config.pub-solar-os.networking.domain}"; ## https://www.mediawiki.org/wiki/Manual:Short_URL ## https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Known_issues $wgArticlePath = "/index.php/$1"; ## The protocol and server name to use in fully-qualified URLs $wgServer = "https://wiki.${config.pub-solar-os.networking.domain}"; ## The URL path to static resources (images, scripts, etc.) $wgResourceBasePath = $wgScriptPath; ## The URL path to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! $wgLogo = "https://pub.solar/assets/pubsolar.svg"; ## UPO means: this is also a user preference option $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO $wgPasswordSender = "admins@pub.solar"; $wgEnotifUserTalk = false; # UPO $wgEnotifWatchlist = false; # UPO $wgEmailAuthentication = true; ## Database settings $wgDBtype = "postgres"; $wgDBserver = "host.docker.internal"; $wgDBport = "5432"; $wgDBname = "mediawiki"; $wgDBuser = "mediawiki"; $wgDBpassword = trim(file_get_contents("/run/mediawiki/database-password")); ## Shared memory settings $wgMainCacheType = CACHE_NONE; $wgMemCachedServers = []; $wgEnableUploads = true; $wgUploadDirectory = "/var/www/html/uploads"; $wgUploadPath = $wgScriptPath . "/uploads"; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert"; # InstantCommons allows wiki to use images from https://commons.wikimedia.org $wgUseInstantCommons = true; # Periodically send a pingback to https://www.mediawiki.org/ with basic data # about this MediaWiki instance. The Wikimedia Foundation shares this data # with MediaWiki developers to help guide future development efforts. $wgPingback = true; ## If you use ImageMagick (or any other shell command) on a ## Linux server, this will need to be set to the name of an ## available UTF-8 locale $wgShellLocale = "C.UTF-8"; # Site language code, should be one of the list in ./languages/data/Names.php $wgLanguageCode = "en"; $wgSecretKey = trim(file_get_contents("/run/mediawiki/secret-key")); # Changing this will log out all existing sessions. $wgAuthenticationTokenVersion = ""; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation ## License and Creative Commons licenses are supported so far. $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = ""; $wgRightsText = ""; $wgRightsIcon = ""; # Path to the GNU diff3 utility. Used for conflict resolution. $wgDiff = "/usr/bin/diff"; $wgDiff3 = "/usr/bin/diff3"; # Enabled skins. wfLoadSkin('MonoBook'); wfLoadSkin('Timeless'); wfLoadSkin('Vector'); # Enabled extensions. wfLoadExtension('OpenIDConnect'); wfLoadExtension('PluggableAuth'); wfLoadExtension('VisualEditor'); wfLoadExtension('TemplateStyles'); # End of automatically generated settings. # Add more configuration options below. $wgLogos = [ 'svg' => "https://pub.solar/assets/pubsolar.svg", 'icon' => "https://pub.solar/assets/pubsolar.svg", 'wordmark' => [ 'src'=> "https://pub.solar/assets/pubsolar.svg", 'width'=> 0, 'height'=> 0, ], ]; $wgFavicon = 'https://pub.solar/assets/pubsolar.svg'; $wgDefaultSkin = 'vector-2022'; // https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation $wgGroupPermissions['*']['autocreateaccount'] = true; // https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration $wgPluggableAuth_EnableAutoLogin = false; $wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID'; // https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak $wgPluggableAuth_Config[] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}', 'clientID' => 'mediawiki', 'clientsecret' => trim(file_get_contents('/run/mediawiki/oidc-client-secret')) ] ]; $wgOpenIDConnect_SingleLogout = true; $wgOpenIDConnect_MigrateUsersByEmail = true; ''; uid = 986; gid = 984; in { age.secrets.mediawiki-database-password = { file = "${flake.self}/secrets/mediawiki-database-password.age"; path = "/run/mediawiki/database-password"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; age.secrets.mediawiki-oidc-client-secret = { file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age"; path = "/run/mediawiki/oidc-client-secret"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; age.secrets.mediawiki-secret-key = { file = "${flake.self}/secrets/mediawiki-secret-key.age"; path = "/run/mediawiki/secret-key"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; services.postgresql = { authentication = '' host mediawiki all 172.17.0.0/16 password ''; }; services.nginx.virtualHosts."wiki.${config.pub-solar-os.networking.domain}" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:8293"; }; users.users.mediawiki = { isSystemUser = true; group = "mediawiki"; inherit uid; }; users.groups.mediawiki = { inherit gid; }; virtualisation = { oci-containers = { backend = "docker"; containers."mediawiki" = { image = "git.pub.solar/pub-solar/mediawiki-oidc-docker:1.41.1"; user = "1000:${builtins.toString gid}"; autoStart = true; ports = [ "127.0.0.1:8293:80" ]; extraOptions = [ "--add-host=host.docker.internal:host-gateway" "--pull=always" ]; volumes = [ "/run/mediawiki:/run/mediawiki" "/var/lib/mediawiki/images:/var/www/html/images" "/var/lib/mediawiki/uploads:/var/www/html/uploads" "/var/lib/mediawiki/logs:/var/log/mediawiki" "${localSettingsPHP}:/var/www/html/LocalSettings.php" ]; }; }; }; }