This commit is contained in:
parent
765cccd2ad
commit
77a2c2a1f1
|
@ -50,12 +50,12 @@
|
|||
$wgEmailAuthentication = true;
|
||||
|
||||
## Database settings
|
||||
$wgDBtype = "mysql";
|
||||
$wgDBserver = "mediawiki-db";
|
||||
$wgDBport = "3306";
|
||||
$wgDBtype = "postgres";
|
||||
$wgDBserver = "host.docker.internal";
|
||||
$wgDBport = "5432";
|
||||
$wgDBname = "mediawiki";
|
||||
$wgDBuser = "mediawiki";
|
||||
$wgDBpassword = file_get_contents("/run/agenix/mediawiki-database-password");
|
||||
$wgDBpassword = trim(file_get_contents("/run/mediawiki/database-password"));
|
||||
|
||||
## Shared memory settings
|
||||
$wgMainCacheType = CACHE_NONE;
|
||||
|
@ -84,7 +84,7 @@
|
|||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "en";
|
||||
|
||||
$wgSecretKey = file_get_contents("/run/agenix/mediawiki-secret-key");
|
||||
$wgSecretKey = trim(file_get_contents("/run/mediawiki/secret-key"));
|
||||
|
||||
# Changing this will log out all existing sessions.
|
||||
$wgAuthenticationTokenVersion = "";
|
||||
|
@ -132,29 +132,47 @@
|
|||
'data' => [
|
||||
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||
'clientID' => 'mediawiki',
|
||||
'clientsecret' => readfile('/run/agenix/mediawiki-oidc-client-secret')
|
||||
'clientsecret' => trim(file_get_contents('/run/mediawiki/oidc-client-secret'))
|
||||
]
|
||||
];
|
||||
$wgOpenIDConnect_SingleLogout = true;
|
||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||
'';
|
||||
|
||||
uid = 986;
|
||||
gid = 984;
|
||||
in {
|
||||
age.secrets.mediawiki-database-password = {
|
||||
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||
mode = "600";
|
||||
path = "/run/mediawiki/database-password";
|
||||
symlink = false;
|
||||
mode = "440";
|
||||
owner = "mediawiki";
|
||||
group = "mediawiki";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-oidc-client-secret = {
|
||||
file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age";
|
||||
mode = "600";
|
||||
path = "/run/mediawiki/oidc-client-secret";
|
||||
symlink = false;
|
||||
mode = "440";
|
||||
owner = "mediawiki";
|
||||
group = "mediawiki";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-secret-key = {
|
||||
file = "${flake.self}/secrets/mediawiki-secret-key.age";
|
||||
mode = "600";
|
||||
path = "/run/mediawiki/secret-key";
|
||||
symlink = false;
|
||||
mode = "440";
|
||||
owner = "mediawiki";
|
||||
group = "mediawiki";
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
authentication = ''
|
||||
host mediawiki all 172.17.0.0/16 password
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||
|
@ -164,23 +182,33 @@ in {
|
|||
locations."/".proxyPass = "http://127.0.0.1:8293";
|
||||
};
|
||||
|
||||
users.users.mediawiki = {
|
||||
isSystemUser = true;
|
||||
group = "mediawiki";
|
||||
inherit uid;
|
||||
};
|
||||
users.groups.mediawiki = { inherit gid; };
|
||||
|
||||
virtualisation = {
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
|
||||
containers."mediawiki" = {
|
||||
image = "git.pub.solar/pub-solar/mediawiki-oidc-docker";
|
||||
user = "${builtins.toString config.users.users.mediawiki.uid}:www-data";
|
||||
image = "git.pub.solar/pub-solar/mediawiki-oidc-docker:latest";
|
||||
user = "1000:${builtins.toString gid}";
|
||||
autoStart = true;
|
||||
|
||||
ports = [
|
||||
"127.0.0.1:8293:80"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--add-host=host.docker.internal:host-gateway"
|
||||
"--pull=always"
|
||||
];
|
||||
|
||||
volumes = [
|
||||
"/run/agenix/mediawiki-database-password:/run/agenix/mediawiki-database-password"
|
||||
"/run/agenix/mediawiki-oidc-client-secret:/run/agenix/mediawiki-oidc-client-secret"
|
||||
"/run/agenix/mediawiki-secret-key:/run/agenix/mediawiki-secret-key"
|
||||
"/run/mediawiki:/run/mediawiki"
|
||||
"/var/lib/mediawiki/images:/var/www/html/images"
|
||||
"/var/lib/mediawiki/uploads:/var/www/html/uploads"
|
||||
"/var/lib/mediawiki/logs:/var/log/mediawiki"
|
||||
|
|
|
@ -6,4 +6,6 @@
|
|||
'';
|
||||
storageDriver = "zfs";
|
||||
};
|
||||
|
||||
networking.firewall.trustedInterfaces = [ "docker0" ];
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
users.users.${flake.self.username} = {
|
||||
name = flake.self.username;
|
||||
group = flake.self.username;
|
||||
extraGroups = ["wheel"];
|
||||
extraGroups = ["wheel" "docker"];
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = flake.self.publicKeys.admins;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue