perf: 0 perf mediawiki will never run
Some checks failed
Flake checks / Check (push) Failing after 52s
Some checks failed
Flake checks / Check (push) Failing after 52s
This commit is contained in:
parent
04b7041ce0
commit
6b2e8cfae1
|
@ -4,46 +4,141 @@
|
|||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
OpenIDConnectPHP = pkgs.fetchzip {
|
||||
url = "https://github.com/jumbojett/OpenID-Connect-PHP/archive/refs/tags/v0.9.10.tar.gz";
|
||||
sha256 = "sha256-ezAUq/BgA1CITnO/tmUkvro7VRNAstnEdUp9WksOL7w=";
|
||||
};
|
||||
}: let
|
||||
localSettingsPHP = pkgs.writeScript "LocalSettings.php" ''
|
||||
<?php
|
||||
# Protect against web entry
|
||||
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
phpseclib = pkgs.fetchzip {
|
||||
url = "https://github.com/phpseclib/phpseclib/archive/refs/tags/3.0.33.tar.gz";
|
||||
sha256 = "sha256-d/9Jg1kzhkWwy/YrVq+JbTWplwICqnifMu34ns+JjL4=";
|
||||
};
|
||||
error_reporting( -1 );
|
||||
ini_set( 'display_errors', 1 );
|
||||
$wgDBerrorLog = '/var/log/mediawiki/dberror.log';
|
||||
$wgDebugLogFile = "/var/log/mediawiki/debug.log";
|
||||
$wgShowExceptionDetails = true;
|
||||
|
||||
constant_time_encoding = pkgs.fetchzip {
|
||||
url = "https://github.com/paragonie/constant_time_encoding/archive/refs/tags/v2.6.3.tar.gz";
|
||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||
};
|
||||
$wgSitename = "pub.solar wiki";
|
||||
$wgMetaNamespace = false;
|
||||
|
||||
mediawikiWithComposer = pkgs.stdenv.mkDerivation {
|
||||
name = "mediawiki-oidc";
|
||||
src = pkgs.mediawiki;
|
||||
version = pkgs.mediawiki.version;
|
||||
## The URL base path to the directory containing the wiki;
|
||||
## defaults for all runtime URL paths are based off of this.
|
||||
## For more information on customizing the URLs
|
||||
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
|
||||
## https://www.mediawiki.org/wiki/Manual:Short_URL
|
||||
$wgScriptPath = "https://wiki.pub.solar";
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out
|
||||
## The protocol and server name to use in fully-qualified URLs
|
||||
$wgServer = "https://wiki.pub.solar";
|
||||
|
||||
mkdir -p $out/share/mediawiki/vendor/jumbojett
|
||||
cp -r ${OpenIDConnectPHP} $out/share/mediawiki/vendor/jumbojett/OpenID-Connect-PHP
|
||||
mkdir -p $out/share/mediawiki/vendor/phpseclib
|
||||
cp -r ${phpseclib} $out/share/mediawiki/vendor/phpseclib/phpseclib
|
||||
mkdir -p $out/share/mediawiki/vendor/paragonie
|
||||
cp -r ${constant_time_encoding} $out/share/mediawiki/vendor/paragonie/constant_time_encoding
|
||||
'';
|
||||
};
|
||||
## The URL path to static resources (images, scripts, etc.)
|
||||
$wgResourceBasePath = $wgScriptPath;
|
||||
|
||||
## The URL path to the logo. Make sure you change this from the default,
|
||||
## or else you'll overwrite your logo when you upgrade!
|
||||
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
|
||||
|
||||
## UPO means: this is also a user preference option
|
||||
|
||||
$wgEnableEmail = true;
|
||||
$wgEnableUserEmail = true; # UPO
|
||||
|
||||
$wgPasswordSender = "admins@pub.solar";
|
||||
|
||||
$wgEnotifUserTalk = false; # UPO
|
||||
$wgEnotifWatchlist = false; # UPO
|
||||
$wgEmailAuthentication = true;
|
||||
|
||||
## Database settings
|
||||
$wgDBtype = "mysql";
|
||||
$wgDBserver = "mediawiki-db";
|
||||
$wgDBport = "3306";
|
||||
$wgDBname = "mediawiki";
|
||||
$wgDBuser = "mediawiki";
|
||||
$wgDBpassword = file_get_contents("/run/agenix/mediawiki-database-password");
|
||||
|
||||
## Shared memory settings
|
||||
$wgMainCacheType = CACHE_NONE;
|
||||
$wgMemCachedServers = [];
|
||||
|
||||
$wgEnableUploads = true;
|
||||
$wgUploadDirectory = "/var/www/html/uploads";
|
||||
|
||||
|
||||
$wgUseImageMagick = true;
|
||||
$wgImageMagickConvertCommand = "/usr/bin/convert";
|
||||
|
||||
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
|
||||
$wgUseInstantCommons = false;
|
||||
|
||||
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
|
||||
# about this MediaWiki instance. The Wikimedia Foundation shares this data
|
||||
# with MediaWiki developers to help guide future development efforts.
|
||||
$wgPingback = true;
|
||||
|
||||
## If you use ImageMagick (or any other shell command) on a
|
||||
## Linux server, this will need to be set to the name of an
|
||||
## available UTF-8 locale
|
||||
$wgShellLocale = "C.UTF-8";
|
||||
|
||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "en";
|
||||
|
||||
$wgSecretKey = file_get_contents("/run/agenix/mediawiki-secret-key");
|
||||
|
||||
# Changing this will log out all existing sessions.
|
||||
$wgAuthenticationTokenVersion = "";
|
||||
|
||||
## For attaching licensing metadata to pages, and displaying an
|
||||
## appropriate copyright notice / icon. GNU Free Documentation
|
||||
## License and Creative Commons licenses are supported so far.
|
||||
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
|
||||
$wgRightsUrl = "";
|
||||
$wgRightsText = "";
|
||||
$wgRightsIcon = "";
|
||||
|
||||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||
$wgDiff = "/usr/bin/diff";
|
||||
$wgDiff3 = "/usr/bin/diff3";
|
||||
|
||||
# Enabled skins.
|
||||
wfLoadSkin('MonoBook');
|
||||
wfLoadSkin('Timeless');
|
||||
wfLoadSkin('Vector');
|
||||
|
||||
# Enabled extensions.
|
||||
wfLoadExtension('OpenIDConnect');
|
||||
wfLoadExtension('PluggableAuth');
|
||||
wfLoadExtension('VisualEditor');
|
||||
|
||||
|
||||
# End of automatically generated settings.
|
||||
# Add more configuration options below.
|
||||
|
||||
// $wgLogos = 'https://pub.solar/assets/pubsolar.svg';
|
||||
|
||||
$wgDefaultSkin = 'vector-2022';
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||
$wgPluggableAuth_EnableAutoLogin = true;
|
||||
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||
$wgPluggableAuth_Config[] = [
|
||||
'plugin' => 'OpenIDConnect',
|
||||
'data' => [
|
||||
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||
'clientID' => 'mediawiki',
|
||||
'clientsecret' => readfile('/run/agenix/mediawiki-oidc-client-secret')
|
||||
]
|
||||
];
|
||||
$wgOpenIDConnect_SingleLogout = true;
|
||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||
'';
|
||||
in {
|
||||
age.secrets.mediawiki-admin-password = {
|
||||
file = "${flake.self}/secrets/mediawiki-admin-password.age";
|
||||
mode = "600";
|
||||
owner = "mediawiki";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-database-password = {
|
||||
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||
mode = "600";
|
||||
|
@ -56,6 +151,12 @@ in {
|
|||
owner = "mediawiki";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-secret-key = {
|
||||
file = "${flake.self}/secrets/mediawiki-secret-key.age";
|
||||
mode = "600";
|
||||
owner = "mediawiki";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -63,69 +164,28 @@ in {
|
|||
locations."/".proxyPass = "http://127.0.0.1:8293";
|
||||
};
|
||||
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
url = "https://wiki.pub.solar";
|
||||
name = "pub.solar wiki";
|
||||
package = mediawikiWithComposer;
|
||||
passwordFile = config.age.secrets.mediawiki-admin-password.path;
|
||||
virtualisation = {
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
|
||||
httpd.virtualHost = {
|
||||
hostName = "wiki.pub.solar";
|
||||
adminAddr = "admins@pub.solar";
|
||||
listen = [{ ip = "127.0.0.1"; port = 8293; }];
|
||||
};
|
||||
containers."mediawiki" = {
|
||||
image = "git.pub.solar/pub-solar/mediawiki-oidc-docker";
|
||||
user = "${builtins.toString config.users.users.mediawiki.uid}:www-data";
|
||||
autoStart = true;
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
passwordFile = config.age.secrets.mediawiki-database-password.path;
|
||||
socket = "/run/postgresql";
|
||||
createLocally = false;
|
||||
};
|
||||
ports = [
|
||||
"127.0.0.1:8293:80"
|
||||
];
|
||||
|
||||
extraConfig = ''
|
||||
error_reporting( -1 );
|
||||
ini_set( 'display_errors', 1 );
|
||||
$wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log";
|
||||
|
||||
// $wgLogos = 'https://pub.solar/assets/pubsolar.svg';
|
||||
|
||||
$wgDefaultSkin = 'vector-2022';
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||
$wgPluggableAuth_EnableAutoLogin = true;
|
||||
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||
$wgPluggableAuth_Config[] = [
|
||||
'plugin' => 'OpenIDConnect',
|
||||
'data' => [
|
||||
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||
'clientID' => 'mediawiki',
|
||||
'clientsecret' => readfile('${config.age.secrets.mediawiki-oidc-client-secret.path}')
|
||||
]
|
||||
];
|
||||
$wgOpenIDConnect_SingleLogout = true;
|
||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||
'';
|
||||
|
||||
extensions = {
|
||||
# some extensions are included and can enabled by passing null
|
||||
VisualEditor = null;
|
||||
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-PluggableAuth/archive/master.tar.gz";
|
||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||
};
|
||||
|
||||
OpenIDConnect = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-OpenIDConnect/archive/master.tar.gz";
|
||||
sha256 = "sha256-mFPunUr50tRrEUcqu1p7xWt+eTbvBVamuP34Bhffx+0=";
|
||||
volumes = [
|
||||
"/run/agenix/mediawiki-database-password:/run/agenix/mediawiki-database-password"
|
||||
"/run/agenix/mediawiki-oidc-client-secret:/run/agenix/mediawiki-oidc-client-secret"
|
||||
"/run/agenix/mediawiki-secret-key:/run/agenix/mediawiki-secret-key"
|
||||
"/var/lib/mediawiki/images:/var/www/html/images"
|
||||
"/var/lib/mediawiki/uploads:/var/www/html/uploads"
|
||||
"/var/lib/mediawiki/logs:/var/log/mediawiki"
|
||||
"${localSettingsPHP}:/var/www/html/LocalSettings.php"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,7 +1,11 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
};
|
||||
|
||||
systemd.services.postgresql = {
|
||||
after = [
|
||||
"var-lib-postgresql.mount"
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
||||
mediawiki = inputs.unstable.legacyPackages.${prev.system}.mediawiki;
|
||||
})
|
||||
];
|
||||
});
|
||||
|
|
28
secrets/mediawiki-secret-key.age
Normal file
28
secrets/mediawiki-secret-key.age
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg MGfeCP81T9itCIgFoOcDoJfLtvfOb1dEtx4SjRfQMDU
|
||||
QJcTZDMx6qZfTtQxRpDAb5oA7PWqAgVDiZ5m9PeD3OU
|
||||
-> ssh-ed25519 uYcDNw 3uX4IxJVdepJ/258XhKUEOeX00nbKQ3+8WskCE/Oex0
|
||||
WaTAvd0zrcyFFwz7QWwaEsBrtp08g3wbANJvoL+hkfc
|
||||
-> ssh-rsa kFDS0A
|
||||
kgdsJuX6ZiMPJx5OjJuu0pjLqIr7vmw6SSRAWVR2RgxUbZ2L0khOUCOSbeHExpju
|
||||
RtadRLVKgxGkGAYqaivcUj0fu71RbxAfsCkY6hwrXGAwWLLcviTeZpRJUcVWWdkW
|
||||
DkZKVukqq2XeB33CqVcTanEVgTmwfuASVb5WL/FBrDpITV0oTcyJB5k57Qor7utC
|
||||
9PBYJmkq8ZDbpcZQM210XYCJdOhK4J4j0Rbq3Er6a9mlxVWuGUiBUUXluwDBN7iG
|
||||
sEha1Y6GvWfaqy3Y0Y+XxkNx3KsRnRvT3h9lmCM/RVaIGIeOTgF/ZRSKoUuMZ9nY
|
||||
+XCXTGOhUZZBb/d0Edh+0EF7JCNOHA0Uygu+8RjxxNTMxLDV2eR5N+yYH4tbPuQj
|
||||
QI3Wo8H5iDwwCnyDwmXwkRWd9aEhfG16S3NqbyCfEA/xIUgQnIEx7DEjLJwDrb4v
|
||||
IVL6cxqSU/GCV2x7HyHf4syZBSQ6oC2Cy5sEJ5WV1m7+S35Vh5UQcxh+oNk1Gxji
|
||||
Y6yhem70RFLauzxldNcpI/xKTsj+mfrI21+fb6InVSHzlME0ggcMdz5mp799TEeg
|
||||
GYO+lIlfKIPWcQYI6Ci+Qbs1bGZ8kJy82C6arW6rooPQTdqnOgJE++1lj9dZO6bx
|
||||
W9oEdGnkIN/QH8RWVLi9bgznVmlzLLpYqM/d+bpEA+k
|
||||
-> ssh-ed25519 YFSOsg ccuBr0eGaJ/t2lWMhKNP/c2TtpmGYaenxQSQI9DJv3c
|
||||
uLGi3j4gt5xRj3MOsLUjkkA9dCS12feyLQf1YZtDvgg
|
||||
-> ssh-ed25519 iHV63A GHevWTk7/M0TtlIo/uZnCn84jq9I2jP9ehkt6PxRgEc
|
||||
nF5O/yCV/3zduBtGw6VbwPS2jFHJlUgHiSytDOPSzaU
|
||||
-> ssh-ed25519 BVsyTA Tw/06YNSoYYlrtfocjh0pitrWJc8zNAr8RLc42mMjWI
|
||||
RaA9t5VwYWYHFquZuXmNrGVkdDOJDh3dgVG+31UxhM8
|
||||
-> %zh9-grease 6 rETV7H
|
||||
1TID2TYG2RCwwRws8vOvdfDM0zQcqRTDqfJbZsbOAiZQnOU3Lt8g+rwcSgOB7kX4
|
||||
lx5lPRHxCa+86NljA+tW5l5u1JZurA
|
||||
--- wBDm8U0KDrRkdoeUfQq0Zk81611Im9hlSo96NE4FB9w
|
||||
È•<EFBFBD>µ7ø¨]åDB³¼ÑžÜ³ïD[DCàÙá±Ë«JØJrE+Ý¿‚pàÙè3xát¼JªLÓ²©ƒ1
|
|
@ -44,4 +44,5 @@ in {
|
|||
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue