{ flake , config , lib , pkgs , ... }: let localSettingsPHP = pkgs.writeScript "LocalSettings.php" '' "https://pub.solar/assets/pubsolar.svg", 'icon' => "https://pub.solar/assets/pubsolar.svg", 'wordmark' => [ 'src'=> "https://pub.solar/assets/pubsolar.svg", 'width'=> 0, 'height'=> 0, ], ]; $wgFavicon = 'https://pub.solar/assets/pubsolar.svg'; $wgDefaultSkin = 'vector-2022'; // https://www.mediawiki.org/wiki/Extension:PluggableAuth#Installation $wgGroupPermissions['*']['autocreateaccount'] = true; // https://www.mediawiki.org/wiki/Extension:PluggableAuth#Configuration $wgPluggableAuth_EnableAutoLogin = false; $wgPluggableAuth_ButtonLabel = 'Login with pub.solar ID'; // https://www.mediawiki.org/wiki/Extension:OpenID_Connect#Keycloak $wgPluggableAuth_Config[] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.pub.solar/realms/pub.solar', 'clientID' => 'mediawiki', 'clientsecret' => trim(file_get_contents('/run/mediawiki/oidc-client-secret')) ] ]; $wgOpenIDConnect_SingleLogout = true; $wgOpenIDConnect_MigrateUsersByEmail = true; ''; uid = 986; gid = 984; in { age.secrets.mediawiki-database-password = { file = "${flake.self}/secrets/mediawiki-database-password.age"; path = "/run/mediawiki/database-password"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; age.secrets.mediawiki-oidc-client-secret = { file = "${flake.self}/secrets/mediawiki-oidc-client-secret.age"; path = "/run/mediawiki/oidc-client-secret"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; age.secrets.mediawiki-secret-key = { file = "${flake.self}/secrets/mediawiki-secret-key.age"; path = "/run/mediawiki/secret-key"; symlink = false; mode = "440"; owner = "mediawiki"; group = "mediawiki"; }; services.postgresql = { authentication = '' host mediawiki all 172.17.0.0/16 password ''; }; services.nginx.virtualHosts."wiki.pub.solar" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:8293"; }; users.users.mediawiki = { isSystemUser = true; group = "mediawiki"; inherit uid; }; users.groups.mediawiki = { inherit gid; }; virtualisation = { oci-containers = { backend = "docker"; containers."mediawiki" = { image = "git.pub.solar/pub-solar/mediawiki-oidc-docker:1.41.0"; user = "1000:${builtins.toString gid}"; autoStart = true; ports = [ "127.0.0.1:8293:80" ]; extraOptions = [ "--add-host=host.docker.internal:host-gateway" "--pull=always" ]; volumes = [ "/run/mediawiki:/run/mediawiki" "/var/lib/mediawiki/images:/var/www/html/images" "/var/lib/mediawiki/uploads:/var/www/html/uploads" "/var/lib/mediawiki/logs:/var/log/mediawiki" "${localSettingsPHP}:/var/www/html/LocalSettings.php" ]; }; }; }; }