2023-10-24 17:33:05 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
2023-11-19 11:13:15 +01:00
|
|
|
let
|
|
|
|
|
cfg = config.services.nixos-wiki;
|
|
|
|
|
in
|
2023-10-24 17:33:05 +02:00
|
|
|
{
|
|
|
|
|
options = {
|
|
|
|
|
services.nixos-wiki = {
|
|
|
|
|
hostname = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "The hostname of the wiki";
|
|
|
|
|
};
|
2023-11-19 11:13:15 +01:00
|
|
|
adminPasswordFile = lib.mkOption {
|
|
|
|
|
type = lib.types.path;
|
|
|
|
|
description = "The password file for the wiki admin";
|
|
|
|
|
};
|
2023-10-24 17:33:05 +02:00
|
|
|
githubClientId = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "The github client id for the wiki";
|
|
|
|
|
};
|
2023-11-19 11:13:15 +01:00
|
|
|
githubClientSecretFile = lib.mkOption {
|
|
|
|
|
type = lib.types.path;
|
|
|
|
|
description = "The github client secret for the wiki";
|
|
|
|
|
};
|
|
|
|
|
emergencyContact = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "The emergency contact for the wiki";
|
|
|
|
|
};
|
|
|
|
|
passwordSender = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "default FROM address in emails";
|
|
|
|
|
};
|
|
|
|
|
noReplyAddress = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "default Reply-To address in emails";
|
|
|
|
|
};
|
2023-10-24 17:33:05 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
services.mediawiki = {
|
2024-04-01 14:33:59 +02:00
|
|
|
name = "NixOS Wiki";
|
2023-10-24 17:33:05 +02:00
|
|
|
enable = true;
|
|
|
|
|
webserver = "nginx";
|
|
|
|
|
database.type = "postgres";
|
|
|
|
|
nginx.hostName = config.services.nixos-wiki.hostname;
|
|
|
|
|
uploadsDir = "/var/lib/mediawiki-uploads/";
|
2023-11-19 11:13:15 +01:00
|
|
|
passwordFile = cfg.adminPasswordFile;
|
2023-10-24 17:33:05 +02:00
|
|
|
|
|
|
|
|
extensions.SyntaxHighlight_GeSHi = null; # provides <SyntaxHighlight> tags
|
|
|
|
|
extensions.ParserFunctions = null;
|
|
|
|
|
extensions.Cite = null;
|
|
|
|
|
extensions.VisualEditor = null;
|
|
|
|
|
extensions.AuthManagerOAuth = pkgs.fetchzip {
|
2023-11-19 11:13:15 +01:00
|
|
|
url = "https://github.com/mohe2015/AuthManagerOAuth/releases/download/v0.3.2/AuthManagerOAuth.zip";
|
|
|
|
|
hash = "sha256-hr/DLyL6IzQs67eA46RdmuVlfCiAbq+eZCRLfjLxUpc=";
|
2023-10-24 17:33:05 +02:00
|
|
|
}; # Github login
|
|
|
|
|
extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
|
2024-04-01 16:28:26 +02:00
|
|
|
# https://www.mediawiki.org/wiki/Extension:MobileFrontend/
|
|
|
|
|
extensions.MobileFrontend = pkgs.fetchzip {
|
|
|
|
|
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_41-6dbf6c2.tar.gz/MobileFrontend-REL1_41-6dbf6c2.tar.gz";
|
|
|
|
|
hash = "sha256-LsKPlVId7DzbkS7xc+fSYBiasq4AofCjCfbBaN/eSE8=";
|
|
|
|
|
}; # Responsive skin
|
2024-04-01 17:21:04 +02:00
|
|
|
extensions.DarkMode = pkgs.fetchzip {
|
|
|
|
|
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_41-d647ab5.tar.gz/DarkMode-REL1_41-d647ab5.tar.gz";
|
|
|
|
|
hash = "sha256-ERvWGDKfT6nqFbz7q8iqZFe2uhwoSQ2ePUy4tlPDaOE=";
|
|
|
|
|
};
|
2024-04-01 16:28:26 +02:00
|
|
|
|
2024-04-01 14:19:59 +02:00
|
|
|
#extensions.StopForumSpam = pkgs.fetchzip {
|
|
|
|
|
# url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
|
|
|
|
|
# hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
|
|
|
|
|
#};
|
|
|
|
|
|
2023-10-24 17:33:05 +02:00
|
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
#$wgDebugLogFile = "/var/log/mediawiki/debug.log";
|
|
|
|
|
|
|
|
|
|
# allow local login
|
|
|
|
|
$wgAuthManagerOAuthConfig = [
|
|
|
|
|
'github' => [
|
2023-11-19 11:13:15 +01:00
|
|
|
'clientId' => '${cfg.githubClientId}',
|
|
|
|
|
'clientSecret' => file_get_contents("${cfg.githubClientSecretFile}"),
|
2023-10-24 17:33:05 +02:00
|
|
|
'urlAuthorize' => 'https://github.com/login/oauth/authorize',
|
|
|
|
|
'urlAccessToken' => 'https://github.com/login/oauth/access_token',
|
|
|
|
|
'urlResourceOwnerDetails' => 'https://api.github.com/user'
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Enable account creation globally
|
|
|
|
|
$wgGroupPermissions['*']['createaccount'] = true;
|
|
|
|
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
|
|
|
|
|
|
|
|
|
# Disable anonymous editing
|
|
|
|
|
$wgGroupPermissions['*']['edit'] = false;
|
|
|
|
|
|
|
|
|
|
# Allow svg upload
|
|
|
|
|
$wgFileExtensions[] = 'svg';
|
|
|
|
|
$wgSVGConverterPath = "${pkgs.imagemagick}/bin";
|
|
|
|
|
|
|
|
|
|
# Pretty URLs
|
|
|
|
|
$wgUsePathInfo = true;
|
|
|
|
|
|
2024-04-01 16:58:13 +02:00
|
|
|
# cache pages with db
|
|
|
|
|
$wgMainCacheType = CACHE_DB;
|
2023-10-24 17:33:05 +02:00
|
|
|
|
|
|
|
|
#$wgFavicon = "/favicon.ico";
|
|
|
|
|
$wgDefaultSkin = 'vector-2022';
|
|
|
|
|
# configure logos for vector-2022: https://www.mediawiki.org/wiki/Manual:$wgLogos
|
|
|
|
|
$wgLogos = [
|
|
|
|
|
'1x' => '/nixos.png',
|
|
|
|
|
'icon' => '/nixos.png',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Combat SPAM with IP-Blocklists (StopForumSpam extension)
|
2024-04-01 14:19:59 +02:00
|
|
|
#$wgEnableDnsBlacklist = true;
|
|
|
|
|
#$wgDnsBlacklistUrls = array(
|
|
|
|
|
# 'dnsbl.dronebl.org'
|
|
|
|
|
#);
|
2023-10-24 17:33:05 +02:00
|
|
|
|
|
|
|
|
# required for fancy VisualEditor extension
|
|
|
|
|
$wgGroupPermissions['user']['writeapi'] = true;
|
|
|
|
|
|
|
|
|
|
# Enable content security policy
|
|
|
|
|
$wgCSPHeader = true;
|
|
|
|
|
|
|
|
|
|
# Disallow framing
|
|
|
|
|
$wgEditPageFrameOptions = "DENY";
|
|
|
|
|
|
|
|
|
|
$wgEnableEmail = true;
|
2024-04-01 14:02:59 +02:00
|
|
|
# FIXME: we cannot enable this because of github login
|
|
|
|
|
$wgEmailConfirmToEdit = false;
|
2023-10-24 17:33:05 +02:00
|
|
|
$wgAllowHTMLEmail = false;
|
2023-11-19 11:13:15 +01:00
|
|
|
|
|
|
|
|
$wgEmergencyContact = "${cfg.emergencyContact}";
|
|
|
|
|
$wgPasswordSender = "${cfg.passwordSender}";
|
|
|
|
|
$wgNoReplyAddress = "${cfg.noReplyAddress}";
|
2023-11-15 17:24:07 +01:00
|
|
|
|
|
|
|
|
# To purge all page cache increase this using: date +%Y%m%d%H%M%S
|
|
|
|
|
$wgCacheEpoch = 20231115172319;
|
2024-04-01 14:19:45 +02:00
|
|
|
|
|
|
|
|
$wgPygmentizePath = "${pkgs.python3Packages.pygments}/bin/pygmentize";
|
2024-04-02 15:13:01 +02:00
|
|
|
|
2024-04-02 15:24:20 +02:00
|
|
|
# add extra groups
|
|
|
|
|
## add trusted group
|
2024-04-02 15:13:01 +02:00
|
|
|
$wgGroupPermissions['trusted'] = $wgGroupPermissions['user'];
|
|
|
|
|
$wgGroupPermissions['trusted']['delete'] = true;
|
2024-04-02 15:24:20 +02:00
|
|
|
|
|
|
|
|
## add moderator group
|
|
|
|
|
$wgGroupPermissions['moderator'] = $wgGroupPermissions['user'];
|
|
|
|
|
$wgGroupPermissions['moderator']['delete'] = true;
|
|
|
|
|
$wgGroupPermissions['moderator']['blockusers'] = true;
|
|
|
|
|
$wgGroupPermissions['moderator']['rollback'] = true;
|
|
|
|
|
$wgGroupPermissions['moderator']['viewdeleted'] = true;
|
|
|
|
|
$wgGroupPermissions['moderator']['oversight'] = true;
|
|
|
|
|
$wgGroupPermissions['moderator']['protect'] = true;
|
2023-10-24 17:33:05 +02:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-04-01 13:25:32 +02:00
|
|
|
services.postgresql.package = pkgs.postgresql_16;
|
|
|
|
|
|
2023-10-24 18:59:19 +02:00
|
|
|
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
2023-10-24 17:33:05 +02:00
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
|
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
|
|
|
|
|
enableACME = lib.mkDefault true;
|
2023-11-19 11:13:15 +01:00
|
|
|
forceSSL = lib.mkDefault true;
|
2023-10-24 17:33:05 +02:00
|
|
|
locations."=/nixos.png".alias = ./nixos.png;
|
2024-04-01 22:28:47 +02:00
|
|
|
locations."=/favicon.ico".alias = ./favicon.ico;
|
2023-10-24 17:33:05 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
