fruitbasket/modules/wiki.nix

114 lines
3.9 KiB
Nix
Raw Normal View History

2023-09-17 20:14:32 +02:00
{ config, pkgs, ... }:
2023-06-12 23:36:57 +02:00
let
domain = "wiki.${config.networking.domain}";
2023-06-12 23:36:57 +02:00
listenPort = 8080;
in
2022-09-06 17:11:05 +02:00
{
2022-09-06 20:29:31 +02:00
sops.secrets = {
"mediawiki/initial_admin".owner = config.users.users.mediawiki.name;
2023-06-16 15:55:15 +02:00
"mediawiki/oidc_secret".owner = config.users.users.mediawiki.name;
2022-09-06 20:29:31 +02:00
};
2022-11-18 17:51:09 +01:00
2023-07-26 17:02:34 +02:00
systemd.services.mediawiki-init.after = [ "postgresql.service" ];
2022-09-06 17:16:31 +02:00
services = {
mediawiki = {
enable = true;
2022-09-06 20:29:31 +02:00
passwordFile = config.sops.secrets."mediawiki/initial_admin".path;
2023-06-12 23:36:57 +02:00
database.type = "postgres";
url = "https://${domain}";
2022-11-18 17:51:09 +01:00
2023-05-25 22:58:14 +02:00
httpd.virtualHost = {
2022-11-18 17:51:09 +01:00
adminAddr = "root@ifsr.de";
2023-06-12 23:36:57 +02:00
listen = [{
2022-11-18 17:51:09 +01:00
ip = "127.0.0.1";
2023-06-12 23:36:57 +02:00
port = listenPort;
2022-11-18 17:51:09 +01:00
ssl = false;
2023-06-12 23:36:57 +02:00
}];
2023-08-09 23:02:20 +02:00
# Short url support (e.g. https://wiki.ifsr.de/Page instead of .../index.php?title=Page)
# Recommended config taken from https://www.mediawiki.org/wiki/Manual:Short_URL/Apache
# See paragraph "If you are using a root url ..."
2023-06-12 23:36:57 +02:00
extraConfig = ''
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rest\.php
2023-08-23 16:34:42 +02:00
RewriteCond %{REQUEST_URI} !^/images
2023-06-12 23:36:57 +02:00
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
'';
};
2022-09-06 20:29:31 +02:00
extraConfig = ''
2023-08-24 16:48:19 +02:00
$wgSitename = "FSR Wiki";
$wgArticlePath = '/$1';
2022-09-06 20:29:31 +02:00
2023-08-26 17:15:10 +02:00
$wgLogo = "/images/3/3b/LogoiFSR.png";
2023-08-24 16:48:19 +02:00
$wgLanguageCode = "de";
2022-09-06 20:29:31 +02:00
2023-08-24 16:48:19 +02:00
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['sysop']['userrights'] = true;
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
2022-09-06 20:29:31 +02:00
2023-08-24 16:48:19 +02:00
$wgEnableAPI = true;
$wgAllowUserCss = true;
$wgUseAjax = true;
$wgEnableMWSuggest = true;
$wgDefaultSkin = 'timeless';
2022-09-06 20:29:31 +02:00
2023-08-24 16:48:19 +02:00
//TODO what about $wgUpgradeKey ?
2022-09-06 20:29:31 +02:00
2023-08-24 16:48:19 +02:00
# Auth
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
# https://www.mediawiki.org/wiki/Extension:OpenID_Connect
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_Config["iFSR Login"] = [
"plugin" => "OpenIDConnect",
"data" => [
"providerURL" => "${config.services.portunus.domain}/dex",
"clientID" => "wiki",
"clientsecret" => file_get_contents('${config.sops.secrets."mediawiki/oidc_secret".path}'),
],
];
2022-09-06 20:29:31 +02:00
'';
2023-06-12 23:36:57 +02:00
2022-09-06 20:35:26 +02:00
extensions = {
PluggableAuth = pkgs.fetchzip {
2023-12-15 11:15:30 +01:00
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-2d86d50.tar.gz";
hash = "sha256-NAdjc8pqAjSZrsN2IQ/rESyZYEnesBT0cGg8CrIlvFM=";
2022-09-06 20:35:26 +02:00
};
2023-06-16 15:55:15 +02:00
OpenIDConnect = pkgs.fetchzip {
2023-12-15 11:15:30 +01:00
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_40-e97e0b1.tar.gz";
hash = "sha256-UrxaszLL3e4PZmTOnGkNliQ8fjGVD37Xj7BjhvhQDJU=";
2022-09-06 20:35:26 +02:00
};
2023-07-23 23:57:29 +02:00
VisualEditor = pkgs.fetchzip {
2023-12-15 11:15:30 +01:00
url = "https://extdist.wmflabs.org/dist/extensions/VisualEditor-REL1_40-c6aec49.tar.gz";
hash = "sha256-p66C7ks0ocy5sL7LTkFQuDA3/2uSXdfldUXoOQ6afWM=";
2023-07-23 23:57:29 +02:00
};
2022-09-06 20:35:26 +02:00
};
2022-09-06 17:11:05 +02:00
};
2023-06-12 23:36:57 +02:00
2023-06-16 15:55:15 +02:00
portunus.dex.oidcClients = [{
id = "wiki";
callbackURL = "https://${domain}/Spezial:PluggableAuthLogin";
}];
2022-09-07 12:42:14 +02:00
nginx = {
recommendedProxySettings = true;
2023-06-12 23:36:57 +02:00
virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString listenPort}";
proxyWebsockets = true;
2022-09-07 12:42:14 +02:00
};
2023-08-24 16:28:07 +02:00
locations."~ ^/ese(/?[^\\n|\\r]*)$".return = "301 https://wiki.ese.ifsr.de$1";
locations."~ ^/fsr(/?[^\\n|\\r]*)$".return = "301 https://wiki.ifsr.de$1";
locations."~ ^/vernetzung(/?[^\\n|\\r]*)$".return = "301 https://vernetzung.ifsr.de$1";
2022-09-07 12:42:14 +02:00
};
};
2022-09-06 17:16:31 +02:00
};
}