feat: add mediawiki
This commit is contained in:
parent
cc37ffc5bf
commit
8509611e9d
121
hosts/nachtigall/apps/mediawiki.nix
Normal file
121
hosts/nachtigall/apps/mediawiki.nix
Normal file
|
@ -0,0 +1,121 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
OpenIDConnectPHP = pkgs.fetchzip {
|
||||||
|
url = "https://github.com/jumbojett/OpenID-Connect-PHP/archive/refs/tags/v0.9.10.tar.gz";
|
||||||
|
sha256 = "sha256-ezAUq/BgA1CITnO/tmUkvro7VRNAstnEdUp9WksOL7w=";
|
||||||
|
};
|
||||||
|
|
||||||
|
phpseclib = pkgs.fetchzip {
|
||||||
|
url = "https://github.com/phpseclib/phpseclib/archive/refs/tags/3.0.33.tar.gz";
|
||||||
|
sha256 = "sha256-d/9Jg1kzhkWwy/YrVq+JbTWplwICqnifMu34ns+JjL4=";
|
||||||
|
};
|
||||||
|
|
||||||
|
constant_time_encoding = pkgs.fetchzip {
|
||||||
|
url = "https://github.com/paragonie/constant_time_encoding/archive/refs/tags/v2.6.3.tar.gz";
|
||||||
|
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||||
|
};
|
||||||
|
|
||||||
|
mediawikiWithComposer = pkgs.stdenv.mkDerivation {
|
||||||
|
name = "mediawiki-oidc";
|
||||||
|
src = pkgs.mediawiki;
|
||||||
|
version = pkgs.mediawiki.version;
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/share/mediawiki/vendor/jumbojett
|
||||||
|
cp -r ${OpenIDConnectPHP} $out/share/mediawiki/vendor/jumbojett/OpenID-Connect-PHP
|
||||||
|
mkdir -p $out/share/mediawiki/vendor/phpseclib
|
||||||
|
cp -r ${phpseclib} $out/share/mediawiki/vendor/phpseclib/phpseclib
|
||||||
|
mkdir -p $out/share/mediawiki/vendor/paragonie
|
||||||
|
cp -r ${constant_time_encoding} $out/share/mediawiki/vendor/paragonie/constant_time_encoding
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
age.secrets.mediawiki-admin-password = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-admin-password.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mediawiki-database-password = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mediawiki-oidc-client-secret = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
uwsgi_pass unix:/run/searx/searx.sock;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.nginx.extraGroups = [ "searx" ];
|
||||||
|
|
||||||
|
services.mediawiki = {
|
||||||
|
enable = true;
|
||||||
|
url = "https://wiki.pub.solar";
|
||||||
|
name = "pub.solar wiki";
|
||||||
|
package = mediawikiWithComposer;
|
||||||
|
passwordFile = config.age.secrets.mediawiki-admin-password.path;
|
||||||
|
|
||||||
|
httpd.virtualHost = {
|
||||||
|
hostName = "wiki.pub.solar";
|
||||||
|
adminAddr = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
user = "mediawiki";
|
||||||
|
name = "mediawiki";
|
||||||
|
passwordFile = config.age.secrets.mediawiki-database-password.path;
|
||||||
|
socket = "/run/mysqld/mysqld.sock";
|
||||||
|
createLocally = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||||
|
$wgPluggableAuth_EnableAutoLogin = true;
|
||||||
|
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||||
|
$wgPluggableAuth_Config[] = [
|
||||||
|
'plugin' => 'OpenIDConnect',
|
||||||
|
'data' => [
|
||||||
|
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||||
|
'clientID' => 'mediawiki',
|
||||||
|
'clientsecret' => readfile(${config.age.secrets.mediawiki-oidc-client-secret.path})
|
||||||
|
]
|
||||||
|
];
|
||||||
|
$wgOpenIDConnect_SingleLogout = true;
|
||||||
|
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||||
|
'';
|
||||||
|
|
||||||
|
extensions = {
|
||||||
|
# some extensions are included and can enabled by passing null
|
||||||
|
VisualEditor = null;
|
||||||
|
|
||||||
|
PluggableAuth = pkgs.fetchzip {
|
||||||
|
url = "https://github.com/wikimedia/mediawiki-extensions-PluggableAuth/archive/master.tar.gz";
|
||||||
|
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||||
|
};
|
||||||
|
|
||||||
|
OpenIDConnect = pkgs.fetchzip {
|
||||||
|
url = "https://github.com/wikimedia/mediawiki-extensions-OpenIDConnect/archive/master.tar.gz";
|
||||||
|
sha256 = "sha256-mFPunUr50tRrEUcqu1p7xWt+eTbvBVamuP34Bhffx+0=";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,7 +8,7 @@
|
||||||
{
|
{
|
||||||
age.secrets.searx-environment = {
|
age.secrets.searx-environment = {
|
||||||
file = "${flake.self}/secrets/searx-environment.age";
|
file = "${flake.self}/secrets/searx-environment.age";
|
||||||
mode = "700";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."search.pub.solar" = {
|
services.nginx.virtualHosts."search.pub.solar" = {
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
./apps/keycloak.nix
|
./apps/keycloak.nix
|
||||||
./apps/mailman.nix
|
./apps/mailman.nix
|
||||||
./apps/mastodon.nix
|
./apps/mastodon.nix
|
||||||
|
./apps/mediawiki.nix
|
||||||
./apps/nextcloud.nix
|
./apps/nextcloud.nix
|
||||||
./apps/owncast.nix
|
./apps/owncast.nix
|
||||||
./apps/nginx-mastodon.nix
|
./apps/nginx-mastodon.nix
|
||||||
|
|
27
secrets/mediawiki-admin-password.age
Normal file
27
secrets/mediawiki-admin-password.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg LcyG6l8PyH97exah393jsbCvMiPglSUdE9+xgiuxj24
|
||||||
|
+iL2WJUShBHg3Phy20pj6Ey7+CbW0kePMpRr0IFGMow
|
||||||
|
-> ssh-ed25519 uYcDNw 2aoZ0g9M/dy+JN+XGijHbSER9C2WnGcbfiH8qamDTHk
|
||||||
|
uJvrHKDoKGFMTDYIoI1R+9GsRHbwOi+lncga7n+MZIY
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
XaTAfhahB+pcCodZp7lh3tGH7JRyvErDWPCgL2Uz7Z/MTeLqsqc/bWHHodGMvvba
|
||||||
|
gizm978vCp5jC7gz7Gior9y9//QlIC3nLklOXPtGRALMWxI72aYeWXuz6NclTfmB
|
||||||
|
8ADxCFJ/t+DHlphNvmYTm4OYbSd0rLUR2uhPB9bfcrs+Xn28IglP/3CnWtb0bKgU
|
||||||
|
xFu5ghqmzaZwYEsk1rBkslSpjClfsrAuptahAeAoP6ZB3UAcyGxYTl1JWZ8NsGx5
|
||||||
|
wciyUdaMKernsAM9GOFFmA7ax6QtR70u57KCcsV9CyhBaB8W6vTlVomTGuxvA0tR
|
||||||
|
jM518FxK/R4DQ+DXyYy2t6k7AolN6owu04cxJQZIlplwBYA1jaqNUkbSs7OdnKqz
|
||||||
|
IQfmJ6EIJRqr+FAV4g4JrhfU9RMJiZsxN1sCIpUEH38RLY2VU0JTFhR5rFqLEaYH
|
||||||
|
q1phO0NBtEKbjZBH3WNdeaOl2420WTebMZXu8i+wwA9ApLAdmh9BdiJCRgxwXuxo
|
||||||
|
7vj5/QdRAtGZwscCol58s9fOtLz4euTSvEMp58uiQUg0Tlx8UTG+PIGYlIXQ2VuU
|
||||||
|
jbZiHU5u4yFIkQqlqwo9ffQtn6gH8GT7P5tdFKMucsrwZF7ui6FfuDCLk+TBWhGS
|
||||||
|
Y5k9Y7u3tXnIATksKUV+SfOEwqDyNU58Y0MA6M/HaU0
|
||||||
|
-> ssh-ed25519 YFSOsg +3UYmfhtMlKT3bodpFR9S52lmpN3Cu7wT/lwm4kZrC8
|
||||||
|
VtlMr493XZe7O6QsYf9rwq58JPox/wQvnGLXJN5CB5I
|
||||||
|
-> ssh-ed25519 iHV63A 9uadUaJT6jEsyMFMEfohMCUgxSXB7bsa++70P1a0LFM
|
||||||
|
BW99xSdQTBBjFkEmlNTB1N3jxmGY+0oYnps8RoidUvw
|
||||||
|
-> ssh-ed25519 BVsyTA Iuixq7laf7fN20bXYoc1O89cJWExzSxD/XkOg6BjKSc
|
||||||
|
Bq3+y48SSkaDnuYmp38yGXNkp93qUNJemfTxtVnpUD0
|
||||||
|
-> 4-grease ($vN N
|
||||||
|
b6PMSRSIUZMlLXQx9xaM9KMlk1kzMotNwC1L
|
||||||
|
--- AKDHmogRbZ+hiS/5jYlvBFRG0vfY31lMbH/vqAlTfLY
|
||||||
|
-m ó™Îé8…ÉšüAºq¯ëÉAf—hÆ]DváâÐ.ðhœüWþS¸ëŒÈ~È«p'œË.&-Éȇ_
|
28
secrets/mediawiki-database-password.age
Normal file
28
secrets/mediawiki-database-password.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg z0obMnCseK5QoAge88uhbvcI5fk07UOBZk/rEXQCagU
|
||||||
|
RtYb7D5diitYmAh+K0TbPlF2ps2LaBeVeQ8iabUA/3U
|
||||||
|
-> ssh-ed25519 uYcDNw xy8dFpnQszNlQernP7dkw/VIF1++KiTsIGDJsDHusSQ
|
||||||
|
l82JxR2oJ71rRSZYPeXvNZyuEa2o2/uxDCJawOj9m4k
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
NKl5eefpdKltFPeg5bO8vw4xa6qVo5nRMF4xTO7t6wcRagADcDWYp0ZfYoHABOFH
|
||||||
|
yBL1YQ2VXAMmbchJKrIy4N9oy26cGifxzFBgkPlnKOxUUXuaXgv2vMTTOUUB5mlp
|
||||||
|
gax7uq+J1qLtkc/yfvt/OOWv9qRf9vHhIWuG6/vbv+8ATWbMANLZB6GPBlW5dWJG
|
||||||
|
A4ZV88Zd/zenB3d+bo5Gh9/RxazGfb98GwMFoHv67WUn/W542IDZyywTz/8cQB7I
|
||||||
|
8POfee3cuiQ1K19vn4rbHldVxYCmbESS3KR6gzPk0HAi6KFxW29NqHsX//ObPkL3
|
||||||
|
wYsKyYtsJLOy1gAKIcHG/6kysh3MstFq3Q977kuskk79JXIjiiPNFfQOh/WZKXvl
|
||||||
|
EwuaTTvyzzXuPBRSaTMYUv3NwlT7IBeZ1D/hOmmmN4GmbE0qIp9hDQbwSrf4+3Z3
|
||||||
|
irVMOee5SmLYwsj5cZPU7AdNs3Q1o0C2ooTA/WYFMdUKeI1ZhtNAekbuXseH2zr4
|
||||||
|
N/j+XMSx7KAIB0Pb5yqkI/DliZpacG5DT6f+qgDYyEh0XEf7Eazn02EnquayB1Sr
|
||||||
|
sgdZ7SO+ntPzc2l/JbhFN5SpH6iQJVohwkjBXQUQyJuLZBYdh4M0x4KF0P6xVO+P
|
||||||
|
iBGM3/9jm86AOa6yhlfh8Z6h9ckKk5DNkMTJn+2fQc4
|
||||||
|
-> ssh-ed25519 YFSOsg ZpPUH11hi+hg1Euil1aJNXqrOKjQrucI8Mi9KVrMnwE
|
||||||
|
xPoiMVzjfWUpUUC3EZUiogLJZfKWs2/jwGZfsx27CKQ
|
||||||
|
-> ssh-ed25519 iHV63A t4j7mr+hoW5fR9+ry3/tqKvQERZs/h7Qn9LEeeSWFhc
|
||||||
|
XZjUNUWkWnJG7l8vahfppxZ/kjH1VRf8YNpt8x2H67M
|
||||||
|
-> ssh-ed25519 BVsyTA SztbpuYbTH+FkumMGCAQ4fQ/rRRZgGg2yCPHjS8qtTI
|
||||||
|
F98vVoeITz/WJnJamw1I4zLHBcF46FYxKibwmbInFoA
|
||||||
|
-> %R9cvM-grease 8#EQ8Q l:Yu\
|
||||||
|
VBsYA1Kyd/sz6RVeZNHBMvKlYmwKcuvWKyGOLzzcaz6C6kzHNgtWXcLRC0A9wMDt
|
||||||
|
xQkX8fYdijHTcclcGerWUa8iqnpd7rAgo8RjG5e5JzhW
|
||||||
|
--- k9Ai5b4pxmq4DnN/3a6UyllvEzFaEFv0ePExwfUpplA
|
||||||
|
đŔ5ć<–…lEÚN
ĺŮWՀϢ%bě<÷±ŰńĹ"aš)™‚šň8ąđ*ĆĹ”c<E2809D>ÓC¶0|V§qvSŮ
|
28
secrets/mediawiki-oidc-client-secret.age
Normal file
28
secrets/mediawiki-oidc-client-secret.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg tg3ltwXFSRyIajjOf6IkNiwWmVo7aqznL18SZuWtBkI
|
||||||
|
HWOHGsPyd6YP1axJulRzGMnfyaE/IsNP07n+vDeauq0
|
||||||
|
-> ssh-ed25519 uYcDNw u4SsEiGvGb1FszMlipuTEhVjaY1nfVOAc9VbV73j21E
|
||||||
|
yq2sydDWrUI2Kcy3DVG+P4u03lj4CQIQCV3h8I5C7zw
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
SdVWMuqmiLnboD4hQTUBYSPyBCznqKytYIQe//VnpTaUHeOlnfQeDLNs/Tiqx8Qq
|
||||||
|
gLAsGyyY3DwRJiENbplPGvkYyY6nzzx6tIj7oVvVqjUi4563K2PMyBV0kDBgDtuE
|
||||||
|
YOb5dZOLE4zar3prtaCY1RCh1RPqSNgp5dwwp4KtskYYCRioP2mM2NYYdlh4YmG7
|
||||||
|
SdxdhXWNj2qGzOklV1QL73cUNIy+qbv0PNpdSEUEDdVtaf7tPkR86c75mbC6ktn4
|
||||||
|
zDTYXoc7aTtluWY0GXOLFP4UoBvNjApYpxuIc+F3SKOHsEouzBPCRv0ZjCyJMCt7
|
||||||
|
hg4JehN/cQCIxmck5iTo2iJw9cOdhA5zUR/AGLHTdxqvjn9pdxbLE7i2klCbDiCw
|
||||||
|
4iV2/Vrqog6sffa0pNLBTV/V3+I8Fsv8SwnDja6Q8Rvz7xOccwiAQweTiyLjHznZ
|
||||||
|
F1hlWXoLjKqfkbh15vOedU9YM7a34xaMr6eN4Xn28o6vYy3twbYrOPZ1qCVmi6Da
|
||||||
|
onFt7Fvu1T4yTc0nlBnifMfJYpJ4H79VtBx23kZzuNuwcmfPNN/j/9dONrC/CSDM
|
||||||
|
UatqKmmis7tYUhlrx8MY/laYIdGRqhtIqABKDAhiTWmho2EKUskv6qD7ZuduU3aX
|
||||||
|
HpAAiVAf8DfXIGShGda6akO1niS9eBF02lm5lnBWcQs
|
||||||
|
-> ssh-ed25519 YFSOsg SChexNNQyPLdPRsCFgYZFSRC/KgCcbM/ArfXS5woKyU
|
||||||
|
lGF+ttGHa3D9xoe0o+KWl4YFEsq2HV4kmAYlIRUwMY8
|
||||||
|
-> ssh-ed25519 iHV63A opYm+eq5781ggiOzuASwLPIeOVxOlq8jgbSNIXVL010
|
||||||
|
R3hhUfWq5kmGbvRIAAjXtCbvIIGnfBx1jHjNaBR6gIc
|
||||||
|
-> ssh-ed25519 BVsyTA /bWN++yXbaPFb8Q06RgImILWVzoCtqhomggKRZaRbWM
|
||||||
|
fWMX0zX/PFq1wJBGR9XbPbLN2JkL4m46gGYM/s03qkc
|
||||||
|
-> *rvVIlaT-grease T=C@?06?
|
||||||
|
tRxiwZdbPDQbLn2jnKNRtkJdcZxtd1oVqKCGHdB2
|
||||||
|
--- ifjAMRTPxaL0FEvYCn2q0/K6nRuJO9pGevN8ZT9eu8E
|
||||||
|
|
||||||
|
ºç¦]`†ÖóårÕ7úVùÙ«îU(þÝÝÊoù_€
|
|
@ -40,4 +40,8 @@ in {
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue