feat: add mediawiki
This commit is contained in:
parent
cc37ffc5bf
commit
8509611e9d
121
hosts/nachtigall/apps/mediawiki.nix
Normal file
121
hosts/nachtigall/apps/mediawiki.nix
Normal file
|
@ -0,0 +1,121 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
OpenIDConnectPHP = pkgs.fetchzip {
|
||||
url = "https://github.com/jumbojett/OpenID-Connect-PHP/archive/refs/tags/v0.9.10.tar.gz";
|
||||
sha256 = "sha256-ezAUq/BgA1CITnO/tmUkvro7VRNAstnEdUp9WksOL7w=";
|
||||
};
|
||||
|
||||
phpseclib = pkgs.fetchzip {
|
||||
url = "https://github.com/phpseclib/phpseclib/archive/refs/tags/3.0.33.tar.gz";
|
||||
sha256 = "sha256-d/9Jg1kzhkWwy/YrVq+JbTWplwICqnifMu34ns+JjL4=";
|
||||
};
|
||||
|
||||
constant_time_encoding = pkgs.fetchzip {
|
||||
url = "https://github.com/paragonie/constant_time_encoding/archive/refs/tags/v2.6.3.tar.gz";
|
||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||
};
|
||||
|
||||
mediawikiWithComposer = pkgs.stdenv.mkDerivation {
|
||||
name = "mediawiki-oidc";
|
||||
src = pkgs.mediawiki;
|
||||
version = pkgs.mediawiki.version;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/mediawiki/vendor/jumbojett
|
||||
cp -r ${OpenIDConnectPHP} $out/share/mediawiki/vendor/jumbojett/OpenID-Connect-PHP
|
||||
mkdir -p $out/share/mediawiki/vendor/phpseclib
|
||||
cp -r ${phpseclib} $out/share/mediawiki/vendor/phpseclib/phpseclib
|
||||
mkdir -p $out/share/mediawiki/vendor/paragonie
|
||||
cp -r ${constant_time_encoding} $out/share/mediawiki/vendor/paragonie/constant_time_encoding
|
||||
'';
|
||||
};
|
||||
in {
|
||||
age.secrets.mediawiki-admin-password = {
|
||||
file = "${flake.self}/secrets/mediawiki-admin-password.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-database-password = {
|
||||
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
age.secrets.mediawiki-oidc-client-secret = {
|
||||
file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/".extraConfig = ''
|
||||
uwsgi_pass unix:/run/searx/searx.sock;
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "searx" ];
|
||||
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
url = "https://wiki.pub.solar";
|
||||
name = "pub.solar wiki";
|
||||
package = mediawikiWithComposer;
|
||||
passwordFile = config.age.secrets.mediawiki-admin-password.path;
|
||||
|
||||
httpd.virtualHost = {
|
||||
hostName = "wiki.pub.solar";
|
||||
adminAddr = "admins@pub.solar";
|
||||
};
|
||||
|
||||
database = {
|
||||
type = "postgres";
|
||||
user = "mediawiki";
|
||||
name = "mediawiki";
|
||||
passwordFile = config.age.secrets.mediawiki-database-password.path;
|
||||
socket = "/run/mysqld/mysqld.sock";
|
||||
createLocally = false;
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||
$wgPluggableAuth_EnableAutoLogin = true;
|
||||
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||
|
||||
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||
$wgPluggableAuth_Config[] = [
|
||||
'plugin' => 'OpenIDConnect',
|
||||
'data' => [
|
||||
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||
'clientID' => 'mediawiki',
|
||||
'clientsecret' => readfile(${config.age.secrets.mediawiki-oidc-client-secret.path})
|
||||
]
|
||||
];
|
||||
$wgOpenIDConnect_SingleLogout = true;
|
||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||
'';
|
||||
|
||||
extensions = {
|
||||
# some extensions are included and can enabled by passing null
|
||||
VisualEditor = null;
|
||||
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-PluggableAuth/archive/master.tar.gz";
|
||||
sha256 = "sha256-S8d2YQIBmC9q2Jscw6XflaxQ4e+XE7ukQDuwXStyKGQ=";
|
||||
};
|
||||
|
||||
OpenIDConnect = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-OpenIDConnect/archive/master.tar.gz";
|
||||
sha256 = "sha256-mFPunUr50tRrEUcqu1p7xWt+eTbvBVamuP34Bhffx+0=";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,7 +8,7 @@
|
|||
{
|
||||
age.secrets.searx-environment = {
|
||||
file = "${flake.self}/secrets/searx-environment.age";
|
||||
mode = "700";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."search.pub.solar" = {
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
./apps/keycloak.nix
|
||||
./apps/mailman.nix
|
||||
./apps/mastodon.nix
|
||||
./apps/mediawiki.nix
|
||||
./apps/nextcloud.nix
|
||||
./apps/owncast.nix
|
||||
./apps/nginx-mastodon.nix
|
||||
|
|
27
secrets/mediawiki-admin-password.age
Normal file
27
secrets/mediawiki-admin-password.age
Normal file
|
@ -0,0 +1,27 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg LcyG6l8PyH97exah393jsbCvMiPglSUdE9+xgiuxj24
|
||||
+iL2WJUShBHg3Phy20pj6Ey7+CbW0kePMpRr0IFGMow
|
||||
-> ssh-ed25519 uYcDNw 2aoZ0g9M/dy+JN+XGijHbSER9C2WnGcbfiH8qamDTHk
|
||||
uJvrHKDoKGFMTDYIoI1R+9GsRHbwOi+lncga7n+MZIY
|
||||
-> ssh-rsa kFDS0A
|
||||
XaTAfhahB+pcCodZp7lh3tGH7JRyvErDWPCgL2Uz7Z/MTeLqsqc/bWHHodGMvvba
|
||||
gizm978vCp5jC7gz7Gior9y9//QlIC3nLklOXPtGRALMWxI72aYeWXuz6NclTfmB
|
||||
8ADxCFJ/t+DHlphNvmYTm4OYbSd0rLUR2uhPB9bfcrs+Xn28IglP/3CnWtb0bKgU
|
||||
xFu5ghqmzaZwYEsk1rBkslSpjClfsrAuptahAeAoP6ZB3UAcyGxYTl1JWZ8NsGx5
|
||||
wciyUdaMKernsAM9GOFFmA7ax6QtR70u57KCcsV9CyhBaB8W6vTlVomTGuxvA0tR
|
||||
jM518FxK/R4DQ+DXyYy2t6k7AolN6owu04cxJQZIlplwBYA1jaqNUkbSs7OdnKqz
|
||||
IQfmJ6EIJRqr+FAV4g4JrhfU9RMJiZsxN1sCIpUEH38RLY2VU0JTFhR5rFqLEaYH
|
||||
q1phO0NBtEKbjZBH3WNdeaOl2420WTebMZXu8i+wwA9ApLAdmh9BdiJCRgxwXuxo
|
||||
7vj5/QdRAtGZwscCol58s9fOtLz4euTSvEMp58uiQUg0Tlx8UTG+PIGYlIXQ2VuU
|
||||
jbZiHU5u4yFIkQqlqwo9ffQtn6gH8GT7P5tdFKMucsrwZF7ui6FfuDCLk+TBWhGS
|
||||
Y5k9Y7u3tXnIATksKUV+SfOEwqDyNU58Y0MA6M/HaU0
|
||||
-> ssh-ed25519 YFSOsg +3UYmfhtMlKT3bodpFR9S52lmpN3Cu7wT/lwm4kZrC8
|
||||
VtlMr493XZe7O6QsYf9rwq58JPox/wQvnGLXJN5CB5I
|
||||
-> ssh-ed25519 iHV63A 9uadUaJT6jEsyMFMEfohMCUgxSXB7bsa++70P1a0LFM
|
||||
BW99xSdQTBBjFkEmlNTB1N3jxmGY+0oYnps8RoidUvw
|
||||
-> ssh-ed25519 BVsyTA Iuixq7laf7fN20bXYoc1O89cJWExzSxD/XkOg6BjKSc
|
||||
Bq3+y48SSkaDnuYmp38yGXNkp93qUNJemfTxtVnpUD0
|
||||
-> 4-grease ($vN N
|
||||
b6PMSRSIUZMlLXQx9xaM9KMlk1kzMotNwC1L
|
||||
--- AKDHmogRbZ+hiS/5jYlvBFRG0vfY31lMbH/vqAlTfLY
|
||||
-m ó™Îé8…ÉšüAºq¯ëÉAf—hÆ]DváâÐ.ðhœüWþS¸ëŒÈ~È«p'œË.&-Éȇ_
|
28
secrets/mediawiki-database-password.age
Normal file
28
secrets/mediawiki-database-password.age
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg z0obMnCseK5QoAge88uhbvcI5fk07UOBZk/rEXQCagU
|
||||
RtYb7D5diitYmAh+K0TbPlF2ps2LaBeVeQ8iabUA/3U
|
||||
-> ssh-ed25519 uYcDNw xy8dFpnQszNlQernP7dkw/VIF1++KiTsIGDJsDHusSQ
|
||||
l82JxR2oJ71rRSZYPeXvNZyuEa2o2/uxDCJawOj9m4k
|
||||
-> ssh-rsa kFDS0A
|
||||
NKl5eefpdKltFPeg5bO8vw4xa6qVo5nRMF4xTO7t6wcRagADcDWYp0ZfYoHABOFH
|
||||
yBL1YQ2VXAMmbchJKrIy4N9oy26cGifxzFBgkPlnKOxUUXuaXgv2vMTTOUUB5mlp
|
||||
gax7uq+J1qLtkc/yfvt/OOWv9qRf9vHhIWuG6/vbv+8ATWbMANLZB6GPBlW5dWJG
|
||||
A4ZV88Zd/zenB3d+bo5Gh9/RxazGfb98GwMFoHv67WUn/W542IDZyywTz/8cQB7I
|
||||
8POfee3cuiQ1K19vn4rbHldVxYCmbESS3KR6gzPk0HAi6KFxW29NqHsX//ObPkL3
|
||||
wYsKyYtsJLOy1gAKIcHG/6kysh3MstFq3Q977kuskk79JXIjiiPNFfQOh/WZKXvl
|
||||
EwuaTTvyzzXuPBRSaTMYUv3NwlT7IBeZ1D/hOmmmN4GmbE0qIp9hDQbwSrf4+3Z3
|
||||
irVMOee5SmLYwsj5cZPU7AdNs3Q1o0C2ooTA/WYFMdUKeI1ZhtNAekbuXseH2zr4
|
||||
N/j+XMSx7KAIB0Pb5yqkI/DliZpacG5DT6f+qgDYyEh0XEf7Eazn02EnquayB1Sr
|
||||
sgdZ7SO+ntPzc2l/JbhFN5SpH6iQJVohwkjBXQUQyJuLZBYdh4M0x4KF0P6xVO+P
|
||||
iBGM3/9jm86AOa6yhlfh8Z6h9ckKk5DNkMTJn+2fQc4
|
||||
-> ssh-ed25519 YFSOsg ZpPUH11hi+hg1Euil1aJNXqrOKjQrucI8Mi9KVrMnwE
|
||||
xPoiMVzjfWUpUUC3EZUiogLJZfKWs2/jwGZfsx27CKQ
|
||||
-> ssh-ed25519 iHV63A t4j7mr+hoW5fR9+ry3/tqKvQERZs/h7Qn9LEeeSWFhc
|
||||
XZjUNUWkWnJG7l8vahfppxZ/kjH1VRf8YNpt8x2H67M
|
||||
-> ssh-ed25519 BVsyTA SztbpuYbTH+FkumMGCAQ4fQ/rRRZgGg2yCPHjS8qtTI
|
||||
F98vVoeITz/WJnJamw1I4zLHBcF46FYxKibwmbInFoA
|
||||
-> %R9cvM-grease 8#EQ8Q l:Yu\
|
||||
VBsYA1Kyd/sz6RVeZNHBMvKlYmwKcuvWKyGOLzzcaz6C6kzHNgtWXcLRC0A9wMDt
|
||||
xQkX8fYdijHTcclcGerWUa8iqnpd7rAgo8RjG5e5JzhW
|
||||
--- k9Ai5b4pxmq4DnN/3a6UyllvEzFaEFv0ePExwfUpplA
|
||||
đŔ5ć<–…lEÚN
ĺŮWՀϢ%bě<÷±ŰńĹ"aš)™‚šň8ąđ*ĆĹ”c<E2809D>ÓC¶0|V§qvSŮ
|
28
secrets/mediawiki-oidc-client-secret.age
Normal file
28
secrets/mediawiki-oidc-client-secret.age
Normal file
|
@ -0,0 +1,28 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg tg3ltwXFSRyIajjOf6IkNiwWmVo7aqznL18SZuWtBkI
|
||||
HWOHGsPyd6YP1axJulRzGMnfyaE/IsNP07n+vDeauq0
|
||||
-> ssh-ed25519 uYcDNw u4SsEiGvGb1FszMlipuTEhVjaY1nfVOAc9VbV73j21E
|
||||
yq2sydDWrUI2Kcy3DVG+P4u03lj4CQIQCV3h8I5C7zw
|
||||
-> ssh-rsa kFDS0A
|
||||
SdVWMuqmiLnboD4hQTUBYSPyBCznqKytYIQe//VnpTaUHeOlnfQeDLNs/Tiqx8Qq
|
||||
gLAsGyyY3DwRJiENbplPGvkYyY6nzzx6tIj7oVvVqjUi4563K2PMyBV0kDBgDtuE
|
||||
YOb5dZOLE4zar3prtaCY1RCh1RPqSNgp5dwwp4KtskYYCRioP2mM2NYYdlh4YmG7
|
||||
SdxdhXWNj2qGzOklV1QL73cUNIy+qbv0PNpdSEUEDdVtaf7tPkR86c75mbC6ktn4
|
||||
zDTYXoc7aTtluWY0GXOLFP4UoBvNjApYpxuIc+F3SKOHsEouzBPCRv0ZjCyJMCt7
|
||||
hg4JehN/cQCIxmck5iTo2iJw9cOdhA5zUR/AGLHTdxqvjn9pdxbLE7i2klCbDiCw
|
||||
4iV2/Vrqog6sffa0pNLBTV/V3+I8Fsv8SwnDja6Q8Rvz7xOccwiAQweTiyLjHznZ
|
||||
F1hlWXoLjKqfkbh15vOedU9YM7a34xaMr6eN4Xn28o6vYy3twbYrOPZ1qCVmi6Da
|
||||
onFt7Fvu1T4yTc0nlBnifMfJYpJ4H79VtBx23kZzuNuwcmfPNN/j/9dONrC/CSDM
|
||||
UatqKmmis7tYUhlrx8MY/laYIdGRqhtIqABKDAhiTWmho2EKUskv6qD7ZuduU3aX
|
||||
HpAAiVAf8DfXIGShGda6akO1niS9eBF02lm5lnBWcQs
|
||||
-> ssh-ed25519 YFSOsg SChexNNQyPLdPRsCFgYZFSRC/KgCcbM/ArfXS5woKyU
|
||||
lGF+ttGHa3D9xoe0o+KWl4YFEsq2HV4kmAYlIRUwMY8
|
||||
-> ssh-ed25519 iHV63A opYm+eq5781ggiOzuASwLPIeOVxOlq8jgbSNIXVL010
|
||||
R3hhUfWq5kmGbvRIAAjXtCbvIIGnfBx1jHjNaBR6gIc
|
||||
-> ssh-ed25519 BVsyTA /bWN++yXbaPFb8Q06RgImILWVzoCtqhomggKRZaRbWM
|
||||
fWMX0zX/PFq1wJBGR9XbPbLN2JkL4m46gGYM/s03qkc
|
||||
-> *rvVIlaT-grease T=C@?06?
|
||||
tRxiwZdbPDQbLn2jnKNRtkJdcZxtd1oVqKCGHdB2
|
||||
--- ifjAMRTPxaL0FEvYCn2q0/K6nRuJO9pGevN8ZT9eu8E
|
||||
|
||||
ºç¦]`†ÖóårÕ7úVùÙ«îU(þÝÝÊoù_€
|
|
@ -40,4 +40,8 @@ in {
|
|||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue