mediawiki #51
|
@ -7,7 +7,7 @@
|
||||||
}: {
|
}: {
|
||||||
age.secrets.keycloak-database-password = {
|
age.secrets.keycloak-database-password = {
|
||||||
file = "${flake.self}/secrets/keycloak-database-password.age";
|
file = "${flake.self}/secrets/keycloak-database-password.age";
|
||||||
mode = "700";
|
mode = "600";
|
||||||
#owner = "keycloak";
|
#owner = "keycloak";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
232
hosts/nachtigall/apps/mediawiki.nix
Normal file
232
hosts/nachtigall/apps/mediawiki.nix
Normal file
|
@ -0,0 +1,232 @@
|
||||||
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
localSettingsPHP = pkgs.writeScript "LocalSettings.php" ''
|
||||||
|
<?php
|
||||||
|
# Protect against web entry
|
||||||
|
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
# error_reporting( -1 );
|
||||||
|
# ini_set( 'display_errors', 1 );
|
||||||
|
# $wgShowExceptionDetails = true;
|
||||||
|
$wgDBerrorLog = '/dev/stderr';
|
||||||
|
$wgDebugLogFile = "/dev/stderr";
|
||||||
|
|
||||||
|
$wgSitename = "pub.solar wiki";
|
||||||
|
$wgMetaNamespace = false;
|
||||||
|
|
||||||
|
## The URL base path to the directory containing the wiki;
|
||||||
|
## defaults for all runtime URL paths are based off of this.
|
||||||
|
## For more information on customizing the URLs
|
||||||
|
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
|
||||||
|
## https://www.mediawiki.org/wiki/Manual:Short_URL
|
||||||
|
$wgScriptPath = "https://wiki.pub.solar";
|
||||||
|
|
||||||
|
## https://www.mediawiki.org/wiki/Manual:Short_URL
|
||||||
|
## https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Known_issues
|
||||||
|
$wgArticlePath = "/index.php/$1";
|
||||||
|
|
||||||
|
## The protocol and server name to use in fully-qualified URLs
|
||||||
|
$wgServer = "https://wiki.pub.solar";
|
||||||
|
|
||||||
|
## The URL path to static resources (images, scripts, etc.)
|
||||||
|
$wgResourceBasePath = $wgScriptPath;
|
||||||
|
|
||||||
|
## The URL path to the logo. Make sure you change this from the default,
|
||||||
|
## or else you'll overwrite your logo when you upgrade!
|
||||||
|
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
|
||||||
|
|
||||||
|
## UPO means: this is also a user preference option
|
||||||
|
|
||||||
|
$wgEnableEmail = true;
|
||||||
|
$wgEnableUserEmail = true; # UPO
|
||||||
|
|
||||||
|
$wgPasswordSender = "admins@pub.solar";
|
||||||
|
|
||||||
|
$wgEnotifUserTalk = false; # UPO
|
||||||
|
$wgEnotifWatchlist = false; # UPO
|
||||||
|
$wgEmailAuthentication = true;
|
||||||
|
|
||||||
|
## Database settings
|
||||||
|
$wgDBtype = "postgres";
|
||||||
|
$wgDBserver = "host.docker.internal";
|
||||||
|
$wgDBport = "5432";
|
||||||
|
$wgDBname = "mediawiki";
|
||||||
|
$wgDBuser = "mediawiki";
|
||||||
|
$wgDBpassword = trim(file_get_contents("/run/mediawiki/database-password"));
|
||||||
|
|
||||||
|
## Shared memory settings
|
||||||
|
$wgMainCacheType = CACHE_NONE;
|
||||||
|
$wgMemCachedServers = [];
|
||||||
|
|
||||||
|
$wgEnableUploads = true;
|
||||||
|
$wgUploadDirectory = "/var/www/html/uploads";
|
||||||
|
|
||||||
|
$wgUseImageMagick = true;
|
||||||
|
$wgImageMagickConvertCommand = "/usr/bin/convert";
|
||||||
|
|
||||||
|
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
|
||||||
|
$wgUseInstantCommons = false;
|
||||||
|
|
||||||
|
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
|
||||||
|
# about this MediaWiki instance. The Wikimedia Foundation shares this data
|
||||||
|
# with MediaWiki developers to help guide future development efforts.
|
||||||
|
$wgPingback = true;
|
||||||
|
|
||||||
|
## If you use ImageMagick (or any other shell command) on a
|
||||||
|
## Linux server, this will need to be set to the name of an
|
||||||
|
## available UTF-8 locale
|
||||||
|
$wgShellLocale = "C.UTF-8";
|
||||||
|
|
||||||
|
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||||
|
$wgLanguageCode = "en";
|
||||||
|
|
||||||
|
$wgSecretKey = trim(file_get_contents("/run/mediawiki/secret-key"));
|
||||||
|
|
||||||
|
# Changing this will log out all existing sessions.
|
||||||
|
$wgAuthenticationTokenVersion = "";
|
||||||
|
|
||||||
|
## For attaching licensing metadata to pages, and displaying an
|
||||||
|
## appropriate copyright notice / icon. GNU Free Documentation
|
||||||
|
## License and Creative Commons licenses are supported so far.
|
||||||
|
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
|
||||||
|
$wgRightsUrl = "";
|
||||||
|
$wgRightsText = "";
|
||||||
|
$wgRightsIcon = "";
|
||||||
|
|
||||||
|
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||||
|
$wgDiff = "/usr/bin/diff";
|
||||||
|
$wgDiff3 = "/usr/bin/diff3";
|
||||||
|
|
||||||
|
# Enabled skins.
|
||||||
|
wfLoadSkin('MonoBook');
|
||||||
|
wfLoadSkin('Timeless');
|
||||||
|
wfLoadSkin('Vector');
|
||||||
|
|
||||||
|
# Enabled extensions.
|
||||||
|
wfLoadExtension('OpenIDConnect');
|
||||||
|
wfLoadExtension('PluggableAuth');
|
||||||
|
wfLoadExtension('VisualEditor');
|
||||||
|
|
||||||
|
# End of automatically generated settings.
|
||||||
|
# Add more configuration options below.
|
||||||
|
|
||||||
|
$wgLogo = "https://pub.solar/assets/pubsolar.svg";
|
||||||
|
$wgLogos = [
|
||||||
|
'svg' => "https://pub.solar/assets/pubsolar.svg",
|
||||||
|
'icon' => "https://pub.solar/assets/pubsolar.svg",
|
||||||
|
'wordmark' => [
|
||||||
|
'src'=> "https://pub.solar/assets/pubsolar.svg",
|
||||||
|
'width'=> 0,
|
||||||
|
'height'=> 0,
|
||||||
|
],
|
||||||
|
];
|
||||||
|
$wgFavicon = 'https://pub.solar/assets/pubsolar.svg';
|
||||||
|
|
||||||
|
$wgDefaultSkin = 'vector-2022';
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration
|
||||||
|
$wgPluggableAuth_EnableAutoLogin = false;
|
||||||
|
$wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID';
|
||||||
|
|
||||||
|
// https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak
|
||||||
|
$wgPluggableAuth_Config[] = [
|
||||||
|
'plugin' => 'OpenIDConnect',
|
||||||
|
'data' => [
|
||||||
|
'providerURL' => 'https://auth.pub.solar/realms/pub.solar',
|
||||||
|
'clientID' => 'mediawiki',
|
||||||
|
'clientsecret' => trim(file_get_contents('/run/mediawiki/oidc-client-secret'))
|
||||||
|
]
|
||||||
|
];
|
||||||
|
$wgOpenIDConnect_SingleLogout = true;
|
||||||
|
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||||
|
'';
|
||||||
|
|
||||||
|
uid = 986;
|
||||||
|
gid = 984;
|
||||||
|
in {
|
||||||
|
age.secrets.mediawiki-database-password = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-database-password.age";
|
||||||
|
path = "/run/mediawiki/database-password";
|
||||||
|
symlink = false;
|
||||||
|
mode = "440";
|
||||||
|
owner = "mediawiki";
|
||||||
|
group = "mediawiki";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mediawiki-oidc-client-secret = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age";
|
||||||
|
path = "/run/mediawiki/oidc-client-secret";
|
||||||
|
symlink = false;
|
||||||
|
mode = "440";
|
||||||
|
owner = "mediawiki";
|
||||||
|
group = "mediawiki";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.mediawiki-secret-key = {
|
||||||
|
file = "${flake.self}/secrets/mediawiki-secret-key.age";
|
||||||
|
path = "/run/mediawiki/secret-key";
|
||||||
|
symlink = false;
|
||||||
|
mode = "440";
|
||||||
|
owner = "mediawiki";
|
||||||
|
group = "mediawiki";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
authentication = ''
|
||||||
|
host mediawiki all 172.17.0.0/16 password
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."wiki.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:8293";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.mediawiki = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "mediawiki";
|
||||||
|
inherit uid;
|
||||||
|
};
|
||||||
|
users.groups.mediawiki = { inherit gid; };
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
|
||||||
|
containers."mediawiki" = {
|
||||||
|
image = "git.pub.solar/pub-solar/mediawiki-oidc-docker:latest";
|
||||||
|
user = "1000:${builtins.toString gid}";
|
||||||
|
autoStart = true;
|
||||||
|
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:8293:80"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--add-host=host.docker.internal:host-gateway"
|
||||||
|
"--pull=always"
|
||||||
|
];
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/run/mediawiki:/run/mediawiki"
|
||||||
|
"/var/lib/mediawiki/images:/var/www/html/images"
|
||||||
|
"/var/lib/mediawiki/uploads:/var/www/html/uploads"
|
||||||
|
"/var/lib/mediawiki/logs:/var/log/mediawiki"
|
||||||
|
"${localSettingsPHP}:/var/www/html/LocalSettings.php"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,11 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.postgresql.enable = true;
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
enableTCPIP = true;
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.postgresql = {
|
systemd.services.postgresql = {
|
||||||
after = [
|
after = [
|
||||||
"var-lib-postgresql.mount"
|
"var-lib-postgresql.mount"
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
{
|
{
|
||||||
age.secrets.searx-environment = {
|
age.secrets.searx-environment = {
|
||||||
file = "${flake.self}/secrets/searx-environment.age";
|
file = "${flake.self}/secrets/searx-environment.age";
|
||||||
mode = "700";
|
mode = "600";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."search.pub.solar" = {
|
services.nginx.virtualHosts."search.pub.solar" = {
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
./apps/keycloak.nix
|
./apps/keycloak.nix
|
||||||
./apps/mailman.nix
|
./apps/mailman.nix
|
||||||
./apps/mastodon.nix
|
./apps/mastodon.nix
|
||||||
|
./apps/mediawiki.nix
|
||||||
./apps/nextcloud.nix
|
./apps/nextcloud.nix
|
||||||
./apps/owncast.nix
|
./apps/owncast.nix
|
||||||
./apps/nginx-mastodon.nix
|
./apps/nginx-mastodon.nix
|
||||||
|
|
|
@ -6,4 +6,6 @@
|
||||||
'';
|
'';
|
||||||
storageDriver = "zfs";
|
storageDriver = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.trustedInterfaces = [ "docker0" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
users.users.${flake.self.username} = {
|
users.users.${flake.self.username} = {
|
||||||
name = flake.self.username;
|
name = flake.self.username;
|
||||||
group = flake.self.username;
|
group = flake.self.username;
|
||||||
extraGroups = ["wheel"];
|
extraGroups = ["wheel" "docker"];
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = flake.self.publicKeys.admins;
|
openssh.authorizedKeys.keys = flake.self.publicKeys.admins;
|
||||||
};
|
};
|
||||||
|
|
|
@ -10,6 +10,8 @@
|
||||||
(final: prev: {
|
(final: prev: {
|
||||||
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
mastodon = inputs.mastodon-fork.legacyPackages.${prev.system}.mastodon;
|
||||||
forgejo-actions-runner = inputs.unstable.legacyPackages.${prev.system}.forgejo-actions-runner;
|
forgejo-actions-runner = inputs.unstable.legacyPackages.${prev.system}.forgejo-actions-runner;
|
||||||
|
|
||||||
|
mediawiki = inputs.unstable.legacyPackages.${prev.system}.mediawiki;
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
27
secrets/mediawiki-admin-password.age
Normal file
27
secrets/mediawiki-admin-password.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg LcyG6l8PyH97exah393jsbCvMiPglSUdE9+xgiuxj24
|
||||||
|
+iL2WJUShBHg3Phy20pj6Ey7+CbW0kePMpRr0IFGMow
|
||||||
|
-> ssh-ed25519 uYcDNw 2aoZ0g9M/dy+JN+XGijHbSER9C2WnGcbfiH8qamDTHk
|
||||||
|
uJvrHKDoKGFMTDYIoI1R+9GsRHbwOi+lncga7n+MZIY
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
XaTAfhahB+pcCodZp7lh3tGH7JRyvErDWPCgL2Uz7Z/MTeLqsqc/bWHHodGMvvba
|
||||||
|
gizm978vCp5jC7gz7Gior9y9//QlIC3nLklOXPtGRALMWxI72aYeWXuz6NclTfmB
|
||||||
|
8ADxCFJ/t+DHlphNvmYTm4OYbSd0rLUR2uhPB9bfcrs+Xn28IglP/3CnWtb0bKgU
|
||||||
|
xFu5ghqmzaZwYEsk1rBkslSpjClfsrAuptahAeAoP6ZB3UAcyGxYTl1JWZ8NsGx5
|
||||||
|
wciyUdaMKernsAM9GOFFmA7ax6QtR70u57KCcsV9CyhBaB8W6vTlVomTGuxvA0tR
|
||||||
|
jM518FxK/R4DQ+DXyYy2t6k7AolN6owu04cxJQZIlplwBYA1jaqNUkbSs7OdnKqz
|
||||||
|
IQfmJ6EIJRqr+FAV4g4JrhfU9RMJiZsxN1sCIpUEH38RLY2VU0JTFhR5rFqLEaYH
|
||||||
|
q1phO0NBtEKbjZBH3WNdeaOl2420WTebMZXu8i+wwA9ApLAdmh9BdiJCRgxwXuxo
|
||||||
|
7vj5/QdRAtGZwscCol58s9fOtLz4euTSvEMp58uiQUg0Tlx8UTG+PIGYlIXQ2VuU
|
||||||
|
jbZiHU5u4yFIkQqlqwo9ffQtn6gH8GT7P5tdFKMucsrwZF7ui6FfuDCLk+TBWhGS
|
||||||
|
Y5k9Y7u3tXnIATksKUV+SfOEwqDyNU58Y0MA6M/HaU0
|
||||||
|
-> ssh-ed25519 YFSOsg +3UYmfhtMlKT3bodpFR9S52lmpN3Cu7wT/lwm4kZrC8
|
||||||
|
VtlMr493XZe7O6QsYf9rwq58JPox/wQvnGLXJN5CB5I
|
||||||
|
-> ssh-ed25519 iHV63A 9uadUaJT6jEsyMFMEfohMCUgxSXB7bsa++70P1a0LFM
|
||||||
|
BW99xSdQTBBjFkEmlNTB1N3jxmGY+0oYnps8RoidUvw
|
||||||
|
-> ssh-ed25519 BVsyTA Iuixq7laf7fN20bXYoc1O89cJWExzSxD/XkOg6BjKSc
|
||||||
|
Bq3+y48SSkaDnuYmp38yGXNkp93qUNJemfTxtVnpUD0
|
||||||
|
-> 4-grease ($vN N
|
||||||
|
b6PMSRSIUZMlLXQx9xaM9KMlk1kzMotNwC1L
|
||||||
|
--- AKDHmogRbZ+hiS/5jYlvBFRG0vfY31lMbH/vqAlTfLY
|
||||||
|
-m ó™Îé8…ÉšüAºq¯ëÉAf—hÆ]DváâÐ.ðhœüWþS¸ëŒÈ~È«p'œË.&-Éȇ_
|
28
secrets/mediawiki-database-password.age
Normal file
28
secrets/mediawiki-database-password.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg z0obMnCseK5QoAge88uhbvcI5fk07UOBZk/rEXQCagU
|
||||||
|
RtYb7D5diitYmAh+K0TbPlF2ps2LaBeVeQ8iabUA/3U
|
||||||
|
-> ssh-ed25519 uYcDNw xy8dFpnQszNlQernP7dkw/VIF1++KiTsIGDJsDHusSQ
|
||||||
|
l82JxR2oJ71rRSZYPeXvNZyuEa2o2/uxDCJawOj9m4k
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
NKl5eefpdKltFPeg5bO8vw4xa6qVo5nRMF4xTO7t6wcRagADcDWYp0ZfYoHABOFH
|
||||||
|
yBL1YQ2VXAMmbchJKrIy4N9oy26cGifxzFBgkPlnKOxUUXuaXgv2vMTTOUUB5mlp
|
||||||
|
gax7uq+J1qLtkc/yfvt/OOWv9qRf9vHhIWuG6/vbv+8ATWbMANLZB6GPBlW5dWJG
|
||||||
|
A4ZV88Zd/zenB3d+bo5Gh9/RxazGfb98GwMFoHv67WUn/W542IDZyywTz/8cQB7I
|
||||||
|
8POfee3cuiQ1K19vn4rbHldVxYCmbESS3KR6gzPk0HAi6KFxW29NqHsX//ObPkL3
|
||||||
|
wYsKyYtsJLOy1gAKIcHG/6kysh3MstFq3Q977kuskk79JXIjiiPNFfQOh/WZKXvl
|
||||||
|
EwuaTTvyzzXuPBRSaTMYUv3NwlT7IBeZ1D/hOmmmN4GmbE0qIp9hDQbwSrf4+3Z3
|
||||||
|
irVMOee5SmLYwsj5cZPU7AdNs3Q1o0C2ooTA/WYFMdUKeI1ZhtNAekbuXseH2zr4
|
||||||
|
N/j+XMSx7KAIB0Pb5yqkI/DliZpacG5DT6f+qgDYyEh0XEf7Eazn02EnquayB1Sr
|
||||||
|
sgdZ7SO+ntPzc2l/JbhFN5SpH6iQJVohwkjBXQUQyJuLZBYdh4M0x4KF0P6xVO+P
|
||||||
|
iBGM3/9jm86AOa6yhlfh8Z6h9ckKk5DNkMTJn+2fQc4
|
||||||
|
-> ssh-ed25519 YFSOsg ZpPUH11hi+hg1Euil1aJNXqrOKjQrucI8Mi9KVrMnwE
|
||||||
|
xPoiMVzjfWUpUUC3EZUiogLJZfKWs2/jwGZfsx27CKQ
|
||||||
|
-> ssh-ed25519 iHV63A t4j7mr+hoW5fR9+ry3/tqKvQERZs/h7Qn9LEeeSWFhc
|
||||||
|
XZjUNUWkWnJG7l8vahfppxZ/kjH1VRf8YNpt8x2H67M
|
||||||
|
-> ssh-ed25519 BVsyTA SztbpuYbTH+FkumMGCAQ4fQ/rRRZgGg2yCPHjS8qtTI
|
||||||
|
F98vVoeITz/WJnJamw1I4zLHBcF46FYxKibwmbInFoA
|
||||||
|
-> %R9cvM-grease 8#EQ8Q l:Yu\
|
||||||
|
VBsYA1Kyd/sz6RVeZNHBMvKlYmwKcuvWKyGOLzzcaz6C6kzHNgtWXcLRC0A9wMDt
|
||||||
|
xQkX8fYdijHTcclcGerWUa8iqnpd7rAgo8RjG5e5JzhW
|
||||||
|
--- k9Ai5b4pxmq4DnN/3a6UyllvEzFaEFv0ePExwfUpplA
|
||||||
|
đŔ5ć<–…lEÚN
ĺŮWՀϢ%bě<÷±ŰńĹ"aš)™‚šň8ąđ*ĆĹ”c<E2809D>ÓC¶0|V§qvSŮ
|
27
secrets/mediawiki-oidc-client-secret.age
Normal file
27
secrets/mediawiki-oidc-client-secret.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg wNZLc0SqLieSDPQzQEcJML08uiCKPLJoI95maDa4a3E
|
||||||
|
KXWlP0ZPWl3WiSX04UKtwHdhezMdLT3nskLl7E7OSHs
|
||||||
|
-> ssh-ed25519 uYcDNw yA4rP44m2CJgvuSG4NrRFY1BWAXbdzov5AK/eYDu42Q
|
||||||
|
vfZ6m1Vw0WNsnCmXe4jOtSvHMHXVxRBvP2Fkqki/xK8
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
Milr41weYJCyX92mWcSBSJEeUetq76tzjwsCjJtfpvG5ASsiu/Wj7jtngOO9wER2
|
||||||
|
8kgh3DVQVlZV9kwHoC8zM3C+qYU4HQf74Sr9TXXcZko9HBZA17O3I5IBnp5cmVsq
|
||||||
|
ZBE1gpuT+J/xSA14w4Kf7LbobNpYuMrEGoquWAH9ESjPt7HY067rGe8nBy2RoAM5
|
||||||
|
FyXQ8uoPw6wDB5Ak6HGT3pdzazjtDugJdaO/9CT07lI+XvSAD5CBvtfjoWAdTphC
|
||||||
|
+6S1t9gcNZrd+oQ3LZ1mSnvjVc+O4YHjzy56zo3Zh1KJLxMbdkO1st72fsNTNXjI
|
||||||
|
gj3ZYmodz/lfTxQABreQdo9AUCBBQkoyGv2uilYbJPTTeUxCXUnGGkDqW4e0p/8z
|
||||||
|
ukHiqeeMw4XqPXAduVlNIpsvW1s0sDB3Kx8t+KJirr4PHfIIulHbnjPxKQyXaj86
|
||||||
|
nzSYSuzftOquAz8CIokgRyFhgJtRD2lzNhXbt6GvU4VLagtmbFQmhyqVJzzvmnE3
|
||||||
|
7cu6Fcc07IiA7CuhweAmWA8/vjBtbyQMqVAHVn+ijT4WKb7gDfcL/w/MZaq5XOa0
|
||||||
|
9zyoTa7y7ttC3AqzDWlfOEK9TC+ysKB6LgTwktNS3u0Msh2DYNqLsyN+ktDyb27F
|
||||||
|
YzT4Wu5ZoYcCkgNwvAyU2hPfYzv66mQo1I0BXKYaiQg
|
||||||
|
-> ssh-ed25519 YFSOsg BJMjSn6gwtaOheT9Fnes45QZ5BSBGnhhGTPFO5DJIU0
|
||||||
|
cyhAM4/waWjH/N6WWy/8w4M4PQt+QzpgMy+7M5DBTj0
|
||||||
|
-> ssh-ed25519 iHV63A JTvN/gJpphteU1WpESnZ9iTeePj986kuYxI2poVYdxc
|
||||||
|
kJCBRrqzEW7c/Y6HiiJLmBzlsBtvZsK++NsEVoZHScs
|
||||||
|
-> ssh-ed25519 BVsyTA 9cJBL0f0XAQWat68M3mMVSAKpnKNNzAqAmcuQ8fJiic
|
||||||
|
TSA6SRwonr8e1kMrGyf89F/TPmU2S1SmOlH2KbJmFTc
|
||||||
|
-> *OkMh]47-grease ,|3o ^Ai N WuMh
|
||||||
|
YpKgkp1VxwVinaiFO0pFDw
|
||||||
|
--- 4278uiwRYOTQM1T7Cs/1Hzn3AiRkyvXuqtE+9wyfD+A
|
||||||
|
Õ<C4lûU÷tOXÍLºið•Ö´¿¶8x<1A>Ö˜
<0A>|PY•w<E280A2>–nt-ÇËnªÅ®u™™zôg¤øuHpq½j™
|
28
secrets/mediawiki-secret-key.age
Normal file
28
secrets/mediawiki-secret-key.age
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg MGfeCP81T9itCIgFoOcDoJfLtvfOb1dEtx4SjRfQMDU
|
||||||
|
QJcTZDMx6qZfTtQxRpDAb5oA7PWqAgVDiZ5m9PeD3OU
|
||||||
|
-> ssh-ed25519 uYcDNw 3uX4IxJVdepJ/258XhKUEOeX00nbKQ3+8WskCE/Oex0
|
||||||
|
WaTAvd0zrcyFFwz7QWwaEsBrtp08g3wbANJvoL+hkfc
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
kgdsJuX6ZiMPJx5OjJuu0pjLqIr7vmw6SSRAWVR2RgxUbZ2L0khOUCOSbeHExpju
|
||||||
|
RtadRLVKgxGkGAYqaivcUj0fu71RbxAfsCkY6hwrXGAwWLLcviTeZpRJUcVWWdkW
|
||||||
|
DkZKVukqq2XeB33CqVcTanEVgTmwfuASVb5WL/FBrDpITV0oTcyJB5k57Qor7utC
|
||||||
|
9PBYJmkq8ZDbpcZQM210XYCJdOhK4J4j0Rbq3Er6a9mlxVWuGUiBUUXluwDBN7iG
|
||||||
|
sEha1Y6GvWfaqy3Y0Y+XxkNx3KsRnRvT3h9lmCM/RVaIGIeOTgF/ZRSKoUuMZ9nY
|
||||||
|
+XCXTGOhUZZBb/d0Edh+0EF7JCNOHA0Uygu+8RjxxNTMxLDV2eR5N+yYH4tbPuQj
|
||||||
|
QI3Wo8H5iDwwCnyDwmXwkRWd9aEhfG16S3NqbyCfEA/xIUgQnIEx7DEjLJwDrb4v
|
||||||
|
IVL6cxqSU/GCV2x7HyHf4syZBSQ6oC2Cy5sEJ5WV1m7+S35Vh5UQcxh+oNk1Gxji
|
||||||
|
Y6yhem70RFLauzxldNcpI/xKTsj+mfrI21+fb6InVSHzlME0ggcMdz5mp799TEeg
|
||||||
|
GYO+lIlfKIPWcQYI6Ci+Qbs1bGZ8kJy82C6arW6rooPQTdqnOgJE++1lj9dZO6bx
|
||||||
|
W9oEdGnkIN/QH8RWVLi9bgznVmlzLLpYqM/d+bpEA+k
|
||||||
|
-> ssh-ed25519 YFSOsg ccuBr0eGaJ/t2lWMhKNP/c2TtpmGYaenxQSQI9DJv3c
|
||||||
|
uLGi3j4gt5xRj3MOsLUjkkA9dCS12feyLQf1YZtDvgg
|
||||||
|
-> ssh-ed25519 iHV63A GHevWTk7/M0TtlIo/uZnCn84jq9I2jP9ehkt6PxRgEc
|
||||||
|
nF5O/yCV/3zduBtGw6VbwPS2jFHJlUgHiSytDOPSzaU
|
||||||
|
-> ssh-ed25519 BVsyTA Tw/06YNSoYYlrtfocjh0pitrWJc8zNAr8RLc42mMjWI
|
||||||
|
RaA9t5VwYWYHFquZuXmNrGVkdDOJDh3dgVG+31UxhM8
|
||||||
|
-> %zh9-grease 6 rETV7H
|
||||||
|
1TID2TYG2RCwwRws8vOvdfDM0zQcqRTDqfJbZsbOAiZQnOU3Lt8g+rwcSgOB7kX4
|
||||||
|
lx5lPRHxCa+86NljA+tW5l5u1JZurA
|
||||||
|
--- wBDm8U0KDrRkdoeUfQq0Zk81611Im9hlSo96NE4FB9w
|
||||||
|
È•<EFBFBD>µ7ø¨]åDB³¼ÑžÜ³ïD[DCàÙá±Ë«JØJrE+Ý¿‚pàÙè3xát¼JªLÓ²©ƒ1
|
|
@ -54,4 +54,9 @@ in {
|
||||||
|
|
||||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys;
|
"drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys;
|
||||||
"drone-secrets.age".publicKeys = flora6Keys ++ baseKeys;
|
"drone-secrets.age".publicKeys = flora6Keys ++ baseKeys;
|
||||||
|
|
||||||
|
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
|
@ -118,6 +118,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
address = "nachtigall.pub.solar."
|
address = "nachtigall.pub.solar."
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "wiki"
|
||||||
|
type = "CNAME"
|
||||||
|
address = "nachtigall.pub.solar."
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "mastodon"
|
hostname = "mastodon"
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
|
|
Loading…
Reference in a new issue