From c992331bbd8633f197fd034dbc9b394fa0704179 Mon Sep 17 00:00:00 2001
From: Fugi <me@fugi.dev>
Date: Mon, 12 Jun 2023 23:36:57 +0200
Subject: [PATCH] Fix wiki setup and database connection

---
 modules/wiki.nix | 174 +++++++++++++----------------------------------
 1 file changed, 47 insertions(+), 127 deletions(-)

diff --git a/modules/wiki.nix b/modules/wiki.nix
index 0026c19..9bcabe2 100644
--- a/modules/wiki.nix
+++ b/modules/wiki.nix
@@ -1,4 +1,8 @@
 { config, pkgs, lib, ... }:
+let
+  domain = "wiki.${config.fsr.domain}";
+  listenPort = 8080;
+in
 {
   sops.secrets = {
     "mediawiki/postgres".owner = config.users.users.mediawiki.name;
@@ -6,116 +10,59 @@
     "mediawiki/ldapprovider".owner = config.users.users.mediawiki.name;
   };
 
-  #  users.users.mediawiki.extraGroups = [ "postgres" ];
-  nixpkgs.overlays = [
-    (final: prev: {
-      final.config.systemd.services.mediawiki-init.script = ''
-        	
-        	'';
-    })
-  ];
   services = {
     mediawiki = {
       enable = true;
-      name = "FSR Wiki";
       passwordFile = config.sops.secrets."mediawiki/initial_admin".path;
-      database = {
-        type = "postgres";
-        #        socket = "/run/postgresql";
-        user = "mediawiki";
-        name = "mediawiki";
-        host = "localhost";
-        port = 5432;
-        passwordFile = config.sops.secrets."mediawiki/postgres".path;
-        createLocally = false;
-      };
-
-      #      virtualHost = {
-      #        hostName = "wiki.quitte.tassilo-tanneberger.de";
-      #        adminAddr = "root@ifsr.de";
-      #        forceSSL = true;
-      #        enableACME = true;
-      #      };
+      database.type = "postgres";
+      url = "https://${domain}";
 
       httpd.virtualHost = {
-        hostName = "wiki.${config.fsr.domain}";
         adminAddr = "root@ifsr.de";
-        #forceSSL = true;
-        #enableACME = true;
+        listen = [{
+          ip = "127.0.0.1";
+          port = listenPort;
+          ssl = false;
+        }];
+        extraConfig = ''
+          RewriteEngine On
+          RewriteCond %{REQUEST_URI} !^/rest\.php
+          RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
+          RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
+          RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
+        '';
       };
 
-      httpd.virtualHost.listen = [
-        {
-          ip = "127.0.0.1";
-          port = 8080;
-          ssl = false;
-        }
-      ];
-
       extraConfig = ''
-        	$wgDBport = "5432";
-        	$wgDBmwschema = "mediawiki";
+        $wgSitename = "FSR Wiki";
+        $wgArticlePath = '/$1';
 
-        	$wgDBserver = "localhost";
-        	$wgDBname = "mediawiki";
+        // $wgLogo =  "https://www.c3d2.de/images/ck.png";
+        $wgEmergencyContact = "root@ifsr.de";
+        $wgPasswordSender   = "root@ifsr.de";
+        $wgLanguageCode = "de";
 
+        $wgGroupPermissions['*']['edit'] = false;
+        $wgGroupPermissions['user']['edit'] = true;
+        $wgGroupPermissions['sysop']['interwiki'] = true;
+        $wgGroupPermissions['sysop']['userrights'] = true;
+        $wgGroupPermissions['sysop']['deletelogentry'] = true;
+        $wgGroupPermissions['sysop']['deleterevision'] = true;
 
-                /////// $wgArticlePath = '/$1';
+        $wgEnableAPI = true;
+        $wgAllowUserCss = true;
+        $wgUseAjax = true;
+        $wgEnableMWSuggest = true;
 
-                // $wgLogo =  "https://www.c3d2.de/images/ck.png";
-                $wgEmergencyContact = "root@ifsr.de";
-                $wgPasswordSender   = "root@ifsr.de";
-                $wgLanguageCode = "de";
+        //TODO what about $wgUpgradeKey ?
 
-                $wgGroupPermissions['*']['edit'] = false;
-                $wgGroupPermissions['user']['edit'] = true;
-                $wgGroupPermissions['sysop']['interwiki'] = true;
-                $wgGroupPermissions['sysop']['userrights'] = true;
+        $wgScribuntoDefaultEngine = 'luastandalone';
 
-                define("NS_INTERN", 100);
-                define("NS_INTERN_TALK", 101);
-
-                $wgExtraNamespaces[NS_INTERN] = "Intern";
-                $wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion";
-
-                $wgGroupPermissions['intern']['move']             = true;
-                $wgGroupPermissions['intern']['move-subpages']    = true;
-                $wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages
-                $wgGroupPermissions['intern']['read']             = true;
-                $wgGroupPermissions['intern']['edit']             = true;
-                $wgGroupPermissions['intern']['createpage']       = true;
-                $wgGroupPermissions['intern']['createtalk']       = true;
-                $wgGroupPermissions['intern']['writeapi']         = true;
-                $wgGroupPermissions['intern']['upload']           = true;
-                $wgGroupPermissions['intern']['reupload']         = true;
-                $wgGroupPermissions['intern']['reupload-shared']  = true;
-                $wgGroupPermissions['intern']['minoredit']        = true;
-                $wgGroupPermissions['intern']['purge']            = true; // can use ?action=purge without clicking "ok"
-                $wgGroupPermissions['intern']['sendemail']        = true;
-
-                $wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern');
-                $wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern');
-
-                $wgGroupPermissions['sysop']['deletelogentry'] = true;
-                $wgGroupPermissions['sysop']['deleterevision'] = true;
-
-                wfLoadExtension('ConfirmEdit/QuestyCaptcha');
-                $wgCaptchaClass = 'QuestyCaptcha';
-                $wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<</>>' );
-
-                $wgEnableAPI = true;
-                $wgAllowUserCss = true;
-                $wgUseAjax = true;
-                $wgEnableMWSuggest = true;
-
-                //TODO what about $wgUpgradeKey ?
-
-                $wgScribuntoDefaultEngine = 'luastandalone';
-
-                # LDAP
-                $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}";
-                $wgPluggableAuth_EnableLocalLogin = true;
+        # LDAP
+        $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}";
+        $wgPluggableAuth_EnableLocalLogin = true;
       '';
+
       extensions = {
         CiteThisPage = pkgs.fetchzip {
           url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
@@ -164,44 +111,17 @@
         };
       };
     };
-    postgresql = {
-      enable = true;
-      ensureUsers = [
-        {
-          name = "mediawiki";
-          ensurePermissions = {
-            "DATABASE \"mediawiki\"" = "ALL PRIVILEGES";
-          };
-        }
-      ];
-      ensureDatabases = [
-        "mediawiki"
-      ];
-    };
+
     nginx = {
       recommendedProxySettings = true;
-      virtualHosts = {
-        "wiki.${config.fsr.domain}" = {
-          enableACME = true;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:8080";
-            proxyWebsockets = true;
-          };
+      virtualHosts.${domain} = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString listenPort}";
+          proxyWebsockets = true;
         };
       };
     };
-
-  };
-  systemd.services.mediawiki-pgsetup = {
-    description = "Prepare Mediawiki postgres database";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "networking.target" "postgresql.service" ];
-    serviceConfig.Type = "oneshot";
-
-    path = [ pkgs.sudo config.services.postgresql.package ];
-    script = ''
-      sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE mediawiki WITH PASSWORD '$(cat ${config.sops.secrets."mediawiki/postgres".path})'"
-    '';
   };
 }