perf: 0 perf mediawiki will never run
Some checks failed
Flake checks / Check (push) Failing after 52s
Some checks failed
Flake checks / Check (push) Failing after 52s
This commit is contained in:
parent
04b7041ce0
commit
6b2e8cfae1
|
@ -4,46 +4,141 @@
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
OpenIDConnectPHP = pkgs.fetchzip {
|
localSettingsPHP = pkgs.writeScript "LocalSettings.php" ''
|
||||||
url = "https://github.com/jumbojett/OpenID-Connect-PHP/archive/refs/tags/v0.9.10.tar.gz";
|
<?php
|
||||||
sha256 = "sha256-ezAUq/BgA1CITnO/tmUkvro7VRNAstnEdUp9WksOL7w=";
|
# Protect against web entry
|
||||||
};
|
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
phpseclib = pkgs.fetchzip {
|
error_reporting( -1 );
|
||||||
url = "https://github.com/phpseclib/phpseclib/archive/refs/tags/3.0.33.tar.gz";
|
ini_set( 'display_errors', 1 );
|
||||||
sha256 = "sha256-d/9Jg1kzhkWwy/YrVq+JbTWplwICqnifMu34ns+JjL4=";
|
$wgDBerrorLog = '/var/log/mediawiki/dberror.log';
|
||||||
};
|
$wgDebugLogFile = "/var/log/mediawiki/debug.log";
|
||||||
|
$wgShowExceptionDetails = true;
|
||||||
|
|
||||||
constant_time_encoding = pkgs.fetchzip {
|
$wgSitename = "pub.solar wiki";
|
||||||
url = "https://github.com/paragonie/constant_time_encoding/archive/refs/tags/v2.6.3.tar.gz";
|
$wgMetaNamespace = false;
|
||||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
|
||||||
};
|
|
||||||
|
|
||||||
mediawikiWithComposer = pkgs.stdenv.mkDerivation {
|
## The URL base path to the directory containing the wiki;
|
||||||
name = "mediawiki-oidc";
|
## defaults for all runtime URL paths are based off of this.
|
||||||
src = pkgs.mediawiki;
|
## For more information on customizing the URLs
|
||||||
version = pkgs.mediawiki.version;
|
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
|
||||||
|
## https://www.mediawiki.org/wiki/Manual:Short_URL
|
||||||
|
$wgScriptPath = "https://wiki.pub.solar";
|
||||||
|
|
||||||
installPhase = ''
|
## The protocol and server name to use in fully-qualified URLs
|
||||||
mkdir -p $out
|
$wgServer = "https://wiki.pub.solar";
|
||||||
cp -r * $out
|
|
||||||
|
|
||||||
mkdir -p $out/share/mediawiki/vendor/jumbojett
|
## The URL path to static resources (images, scripts, etc.)
|
||||||
cp -r ${OpenIDConnectPHP} $out/share/mediawiki/vendor/jumbojett/OpenID-Connect-PHP
|
$wgResourceBasePath = $wgScriptPath;
|
||||||
mkdir -p $out/share/mediawiki/vendor/phpseclib
|
|
||||||
cp -r ${phpseclib} $out/share/mediawiki/vendor/phpseclib/phpseclib
|
## The URL path to the logo. Make sure you change this from the default,
|
||||||
mkdir -p $out/share/mediawiki/vendor/paragonie
|
## or else you'll overwrite your logo when you upgrade!
|
||||||
cp -r ${constant_time_encoding} $out/share/mediawiki/vendor/paragonie/constant_time_encoding
|
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
|
||||||
'';
|
|
||||||
};
|
## UPO means: this is also a user preference option
|
||||||
|
|
||||||
|
$wgEnableEmail = true;
|
||||||
|
$wgEnableUserEmail = true; # UPO
|
||||||
|
|
||||||
|
$wgPasswordSender = "admins@pub.solar";
|
||||||
|
|
||||||
|
$wgEnotifUserTalk = false; # UPO
|
||||||
|
$wgEnotifWatchlist = false; # UPO
|
||||||
|
$wgEmailAuthentication = true;
|
||||||
|
|
||||||
|
## Database settings
|
||||||
|
$wgDBtype = "mysql";
|
||||||
|
$wgDBserver = "mediawiki-db";
|
||||||
|
$wgDBport = "3306";
|
||||||
|
$wgDBname = "mediawiki";
|
||||||
|
$wgDBuser = "mediawiki";
|
||||||
|
$wgDBpassword = file_get_contents("/run/agenix/mediawiki-database-password");
|
||||||
|
|
||||||
|
## Shared memory settings
|
||||||
|
$wgMainCacheType = CACHE_NONE;
|
||||||
|
$wgMemCachedServers = [];
|
||||||
|
|
||||||
|
$wgEnableUploads = true;
|
||||||
|
$wgUploadDirectory = "/var/www/html/uploads";
|
||||||
|
|
||||||
|
|
||||||
|
$wgUseImageMagick = true;
|
||||||
|
$wgImageMagickConvertCommand = "/usr/bin/convert";
|
||||||
|
|
||||||
|
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
|
||||||
|
$wgUseInstantCommons = false;
|
||||||
|
|
||||||
|
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
|
||||||
|
# about this MediaWiki instance. The Wikimedia Foundation shares this data
|
||||||
|
# with MediaWiki developers to help guide future development efforts.
|
||||||
|
$wgPingback = true;
|
||||||
|
|
||||||
|
## If you use ImageMagick (or any other shell command) on a
|
||||||
|
## Linux server, this will need to be set to the name of an
|
||||||
|
## available UTF-8 locale
|
||||||
|
$wgShellLocale = "C.UTF-8";
|
||||||
|
|
||||||
|
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||||
|
$wgLanguageCode = "en";
|
||||||
|
|
||||||
|
$wgSecretKey = file_get_contents("/run/agenix/mediawiki-secret-key");
|
||||||
|
|
||||||
|
# Changing this will log out all existing sessions.
|
||||||
|
$wgAuthenticationTokenVersion = "";
|
||||||
|
|
||||||
|
## For attaching licensing metadata to pages, and displaying an
|
||||||
|
## appropriate copyright notice / icon. GNU Free Documentation
|
||||||
|
## License and Creative Commons licenses are supported so far.
|
||||||
|
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
|
||||||
|
$wgRightsUrl = "";
|
||||||
|
$wgRightsText = "";
|
||||||
|
$wgRightsIcon = "";
|
||||||
|
|
||||||
|
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||||
|
$wgDiff = "/usr/bin/diff";
|
||||||
|
$wgDiff3 = "/usr/bin/diff3";
|
||||||
|
|
||||||
|
# Enabled skins.
|
||||||
|
wfLoadSkin('MonoBook');
|
||||||
|
wfLoadSkin('Timeless');
|
||||||
|
wfLoadSkin('Vector');
|
||||||
|
|
||||||
|
# Enabled extensions.
|
||||||
|
wfLoadExtension('OpenIDConnect');
|
||||||
|
wfLoadExtension('PluggableAuth');
|
||||||
|
wfLoadExtension('VisualEditor');
|
||||||
|
|
||||||
|
|
||||||
|
# End of automatically generated settings.
|
||||||
|
# Add more configuration options below.
|
||||||
|
|
||||||
|
// $wgLogos = 'https://pub.solar/assets/pubsolar.svg';
|
||||||
|
|
||||||
|
$wgDefaultSkin = 'vector-2022';
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||||
|
$wgPluggableAuth_EnableAutoLogin = true;
|
||||||
|
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||||
|
$wgPluggableAuth_Config[] = [
|
||||||
|
'plugin' => 'OpenIDConnect',
|
||||||
|
'data' => [
|
||||||
|
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||||
|
'clientID' => 'mediawiki',
|
||||||
|
'clientsecret' => readfile('/run/agenix/mediawiki-oidc-client-secret')
|
||||||
|
]
|
||||||
|
];
|
||||||
|
$wgOpenIDConnect_SingleLogout = true;
|
||||||
|
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
age.secrets.mediawiki-admin-password = {
|
|
||||||
file = "${flake.self}/secrets/mediawiki-admin-password.age";
|
|
||||||
mode = "600";
|
|
||||||
owner = "mediawiki";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets.mediawiki-database-password = {
|
age.secrets.mediawiki-database-password = {
|
||||||
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||||
mode = "600";
|
mode = "600";
|
||||||
|
@ -56,6 +151,12 @@ in {
|
||||||
owner = "mediawiki";
|
owner = "mediawiki";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
age.secrets.mediawiki-secret-key = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-secret-key.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "mediawiki";
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."wiki.pub.solar" = {
|
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -63,69 +164,28 @@ in {
|
||||||
locations."/".proxyPass = "http://127.0.0.1:8293";
|
locations."/".proxyPass = "http://127.0.0.1:8293";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mediawiki = {
|
virtualisation = {
|
||||||
enable = true;
|
oci-containers = {
|
||||||
url = "https://wiki.pub.solar";
|
backend = "docker";
|
||||||
name = "pub.solar wiki";
|
|
||||||
package = mediawikiWithComposer;
|
|
||||||
passwordFile = config.age.secrets.mediawiki-admin-password.path;
|
|
||||||
|
|
||||||
httpd.virtualHost = {
|
containers."mediawiki" = {
|
||||||
hostName = "wiki.pub.solar";
|
image = "git.pub.solar/pub-solar/mediawiki-oidc-docker";
|
||||||
adminAddr = "admins@pub.solar";
|
user = "${builtins.toString config.users.users.mediawiki.uid}:www-data";
|
||||||
listen = [{ ip = "127.0.0.1"; port = 8293; }];
|
autoStart = true;
|
||||||
};
|
|
||||||
|
|
||||||
database = {
|
ports = [
|
||||||
type = "postgres";
|
"127.0.0.1:8293:80"
|
||||||
user = "mediawiki";
|
];
|
||||||
name = "mediawiki";
|
|
||||||
passwordFile = config.age.secrets.mediawiki-database-password.path;
|
|
||||||
socket = "/run/postgresql";
|
|
||||||
createLocally = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = ''
|
volumes = [
|
||||||
error_reporting( -1 );
|
"/run/agenix/mediawiki-database-password:/run/agenix/mediawiki-database-password"
|
||||||
ini_set( 'display_errors', 1 );
|
"/run/agenix/mediawiki-oidc-client-secret:/run/agenix/mediawiki-oidc-client-secret"
|
||||||
$wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log";
|
"/run/agenix/mediawiki-secret-key:/run/agenix/mediawiki-secret-key"
|
||||||
|
"/var/lib/mediawiki/images:/var/www/html/images"
|
||||||
// $wgLogos = 'https://pub.solar/assets/pubsolar.svg';
|
"/var/lib/mediawiki/uploads:/var/www/html/uploads"
|
||||||
|
"/var/lib/mediawiki/logs:/var/log/mediawiki"
|
||||||
$wgDefaultSkin = 'vector-2022';
|
"${localSettingsPHP}:/var/www/html/LocalSettings.php"
|
||||||
|
];
|
||||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
|
||||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
|
||||||
|
|
||||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
|
||||||
$wgPluggableAuth_EnableAutoLogin = true;
|
|
||||||
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
|
||||||
|
|
||||||
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
|
||||||
$wgPluggableAuth_Config[] = [
|
|
||||||
'plugin' => 'OpenIDConnect',
|
|
||||||
'data' => [
|
|
||||||
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
|
||||||
'clientID' => 'mediawiki',
|
|
||||||
'clientsecret' => readfile('${config.age.secrets.mediawiki-oidc-client-secret.path}')
|
|
||||||
]
|
|
||||||
];
|
|
||||||
$wgOpenIDConnect_SingleLogout = true;
|
|
||||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
|
||||||
'';
|
|
||||||
|
|
||||||
extensions = {
|
|
||||||
# some extensions are included and can enabled by passing null
|
|
||||||
VisualEditor = null;
|
|
||||||
|
|
||||||
PluggableAuth = pkgs.fetchzip {
|
|
||||||
url = "https://github.com/wikimedia/mediawiki-extensions-PluggableAuth/archive/master.tar.gz";
|
|
||||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
|
||||||
};
|
|
||||||
|
|
||||||
OpenIDConnect = pkgs.fetchzip {
|
|
||||||
url = "https://github.com/wikimedia/mediawiki-extensions-OpenIDConnect/archive/master.tar.gz";
|
|
||||||
sha256 = "sha256-mFPunUr50tRrEUcqu1p7xWt+eTbvBVamuP34Bhffx+0=";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,11 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.postgresql.enable = true;
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
enableTCPIP = true;
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.postgresql = {
|
systemd.services.postgresql = {
|
||||||
after = [
|
after = [
|
||||||
"var-lib-postgresql.mount"
|
"var-lib-postgresql.mount"
|
||||||
|
|
|
@ -9,6 +9,7 @@
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
||||||
|
mediawiki = inputs.unstable.legacyPackages.${prev.system}.mediawiki;
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
28
secrets/mediawiki-secret-key.age
Normal file
28
secrets/mediawiki-secret-key.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg MGfeCP81T9itCIgFoOcDoJfLtvfOb1dEtx4SjRfQMDU
|
||||||
|
QJcTZDMx6qZfTtQxRpDAb5oA7PWqAgVDiZ5m9PeD3OU
|
||||||
|
-> ssh-ed25519 uYcDNw 3uX4IxJVdepJ/258XhKUEOeX00nbKQ3+8WskCE/Oex0
|
||||||
|
WaTAvd0zrcyFFwz7QWwaEsBrtp08g3wbANJvoL+hkfc
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
kgdsJuX6ZiMPJx5OjJuu0pjLqIr7vmw6SSRAWVR2RgxUbZ2L0khOUCOSbeHExpju
|
||||||
|
RtadRLVKgxGkGAYqaivcUj0fu71RbxAfsCkY6hwrXGAwWLLcviTeZpRJUcVWWdkW
|
||||||
|
DkZKVukqq2XeB33CqVcTanEVgTmwfuASVb5WL/FBrDpITV0oTcyJB5k57Qor7utC
|
||||||
|
9PBYJmkq8ZDbpcZQM210XYCJdOhK4J4j0Rbq3Er6a9mlxVWuGUiBUUXluwDBN7iG
|
||||||
|
sEha1Y6GvWfaqy3Y0Y+XxkNx3KsRnRvT3h9lmCM/RVaIGIeOTgF/ZRSKoUuMZ9nY
|
||||||
|
+XCXTGOhUZZBb/d0Edh+0EF7JCNOHA0Uygu+8RjxxNTMxLDV2eR5N+yYH4tbPuQj
|
||||||
|
QI3Wo8H5iDwwCnyDwmXwkRWd9aEhfG16S3NqbyCfEA/xIUgQnIEx7DEjLJwDrb4v
|
||||||
|
IVL6cxqSU/GCV2x7HyHf4syZBSQ6oC2Cy5sEJ5WV1m7+S35Vh5UQcxh+oNk1Gxji
|
||||||
|
Y6yhem70RFLauzxldNcpI/xKTsj+mfrI21+fb6InVSHzlME0ggcMdz5mp799TEeg
|
||||||
|
GYO+lIlfKIPWcQYI6Ci+Qbs1bGZ8kJy82C6arW6rooPQTdqnOgJE++1lj9dZO6bx
|
||||||
|
W9oEdGnkIN/QH8RWVLi9bgznVmlzLLpYqM/d+bpEA+k
|
||||||
|
-> ssh-ed25519 YFSOsg ccuBr0eGaJ/t2lWMhKNP/c2TtpmGYaenxQSQI9DJv3c
|
||||||
|
uLGi3j4gt5xRj3MOsLUjkkA9dCS12feyLQf1YZtDvgg
|
||||||
|
-> ssh-ed25519 iHV63A GHevWTk7/M0TtlIo/uZnCn84jq9I2jP9ehkt6PxRgEc
|
||||||
|
nF5O/yCV/3zduBtGw6VbwPS2jFHJlUgHiSytDOPSzaU
|
||||||
|
-> ssh-ed25519 BVsyTA Tw/06YNSoYYlrtfocjh0pitrWJc8zNAr8RLc42mMjWI
|
||||||
|
RaA9t5VwYWYHFquZuXmNrGVkdDOJDh3dgVG+31UxhM8
|
||||||
|
-> %zh9-grease 6 rETV7H
|
||||||
|
1TID2TYG2RCwwRws8vOvdfDM0zQcqRTDqfJbZsbOAiZQnOU3Lt8g+rwcSgOB7kX4
|
||||||
|
lx5lPRHxCa+86NljA+tW5l5u1JZurA
|
||||||
|
--- wBDm8U0KDrRkdoeUfQq0Zk81611Im9hlSo96NE4FB9w
|
||||||
|
È•<EFBFBD>µ7ø¨]åDB³¼ÑžÜ³ïD[DCàÙá±Ë«JØJrE+Ý¿‚pàÙè3xát¼JªLÓ²©ƒ1
|
|
@ -44,4 +44,5 @@ in {
|
||||||
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue