mirror of
https://github.com/Mic92/nixos-wiki-infra.git
synced 2025-06-26 12:41:34 +02:00
Merge pull request #266 from NixOS/interactive_vm
add interactive VM script
This commit is contained in:
lassulus
GitHub
commit
0ececb1ddd
11
README.md
11
README.md
@ -77,6 +77,17 @@ $ nix develop .#linkcheck
|
||||
$ ./checks/linkcheck/lychee.sh
|
||||
```
|
||||
|
||||
## interactive VM
|
||||
|
||||
You can also run the wiki in an interactive vm by running
|
||||
|
||||
```nix
|
||||
nix run .#interactive-vm
|
||||
```
|
||||
|
||||
you can then access the wiki at localhost:4360 follow the output of the script
|
||||
for more details (like passwords)
|
||||
|
||||
## FAQ:
|
||||
|
||||
### When logging in with "GitHub auth", the app shows "Act on your behalf" as a permission.
|
||||
|
||||
@ -35,10 +35,16 @@
|
||||
./targets/flake-module.nix
|
||||
./modules/flake-module.nix
|
||||
./checks/flake-module.nix
|
||||
./vm/flake-module.nix
|
||||
./formatter.nix
|
||||
];
|
||||
perSystem =
|
||||
{ self', system, ... }:
|
||||
{
|
||||
self',
|
||||
system,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
checks =
|
||||
|
||||
@ -38,6 +38,11 @@ in
|
||||
type = lib.types.str;
|
||||
description = "default Reply-To address in emails";
|
||||
};
|
||||
testMode = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "Enable test mode, which disables github login and uses a fixed admin password";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -49,7 +54,7 @@ in
|
||||
database.type = "postgres";
|
||||
nginx.hostName = config.services.nixos-wiki.hostname;
|
||||
uploadsDir = "/var/lib/mediawiki-uploads/";
|
||||
passwordFile = cfg.adminPasswordFile;
|
||||
passwordFile = if cfg.testMode then pkgs.writeText "pass" "nixos-wiki00" else cfg.adminPasswordFile;
|
||||
|
||||
extensions = {
|
||||
SyntaxHighlight_GeSHi = null; # provides <SyntaxHighlight> tags
|
||||
@ -89,6 +94,7 @@ in
|
||||
#$wgShowExceptionDetails = true;
|
||||
|
||||
# allow local login
|
||||
${lib.optionalString (!cfg.testMode) ''
|
||||
$wgAuthManagerOAuthConfig = [
|
||||
'github' => [
|
||||
'clientId' => '${cfg.githubClientId}',
|
||||
@ -98,6 +104,7 @@ in
|
||||
'urlResourceOwnerDetails' => 'https://api.github.com/user'
|
||||
],
|
||||
];
|
||||
''}
|
||||
|
||||
# Enable account creation globally
|
||||
$wgGroupPermissions['*']['createaccount'] = true;
|
||||
@ -150,9 +157,11 @@ in
|
||||
$wgEmailConfirmToEdit = false;
|
||||
$wgAllowHTMLEmail = false;
|
||||
|
||||
${lib.optionalString (!cfg.testMode) ''
|
||||
$wgEmergencyContact = "${cfg.emergencyContact}";
|
||||
$wgPasswordSender = "${cfg.passwordSender}";
|
||||
$wgNoReplyAddress = "${cfg.noReplyAddress}";
|
||||
''}
|
||||
|
||||
# To purge all page cache increase this using: date +%Y%m%d%H%M%S
|
||||
$wgCacheEpoch = 20231115172319;
|
||||
@ -244,8 +253,8 @@ in
|
||||
limit_req_status 429;
|
||||
'';
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
|
||||
enableACME = lib.mkDefault true;
|
||||
forceSSL = lib.mkDefault true;
|
||||
enableACME = lib.mkDefault (!cfg.testMode);
|
||||
forceSSL = lib.mkDefault (!cfg.testMode);
|
||||
extraConfig = ''
|
||||
limit_req zone=ip burst=20 nodelay;
|
||||
'';
|
||||
|
||||
80
vm/flake-module.nix
Normal file
80
vm/flake-module.nix
Normal file
@ -0,0 +1,80 @@
|
||||
{ self, lib, ... }:
|
||||
{
|
||||
perSystem =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
packages = lib.optionalAttrs pkgs.stdenv.isLinux {
|
||||
interactive-vm = pkgs.writeShellApplication {
|
||||
name = "interactive-vm";
|
||||
runtimeInputs = [
|
||||
];
|
||||
text =
|
||||
let
|
||||
debugVm =
|
||||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
# The qemu-vm NixOS module gives us the `vm` attribute that we will later
|
||||
# use, and other VM-related settings
|
||||
"${modulesPath}/virtualisation/qemu-vm.nix"
|
||||
];
|
||||
|
||||
# Forward the hosts's port 2222 to the guest's SSH port.
|
||||
# Also, forward the other ports 1:1 from host to guest.
|
||||
virtualisation.forwardPorts = [
|
||||
{
|
||||
from = "host";
|
||||
host.port = 2222;
|
||||
guest.port = 22;
|
||||
}
|
||||
{
|
||||
from = "host";
|
||||
host.port = 4360;
|
||||
guest.port = 4360;
|
||||
}
|
||||
];
|
||||
virtualisation.memorySize = 2048;
|
||||
|
||||
# Root user without password and enabled SSH for playing around
|
||||
networking.firewall.enable = false;
|
||||
services.openssh.enable = true;
|
||||
services.openssh.permitRootLogin = "yes";
|
||||
users.extraUsers.root.password = "nixos-wiki00"; # same as the admin user on the test wiki
|
||||
environment.systemPackages = with pkgs; [
|
||||
iptables
|
||||
];
|
||||
services.nginx.defaultListen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 4360;
|
||||
}
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ 4360 ];
|
||||
};
|
||||
vmConfig = pkgs.nixos [
|
||||
debugVm
|
||||
self.nixosModules.nixos-wiki
|
||||
{
|
||||
security.acme.defaults.email = "example@example.com";
|
||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
services.nixos-wiki = {
|
||||
hostname = "localhost:4360";
|
||||
testMode = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
in
|
||||
''
|
||||
NIXOS_DISK_IMAGE=/tmp/wiki-vm.qcow2
|
||||
export NIXOS_DISK_IMAGE
|
||||
echo 'access the wiki after startup at http://localhost:4360'
|
||||
echo 'user: admin, password: nixos-wiki00'
|
||||
echo 'you can also SSH into the VM with: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@localhost -p 2222'
|
||||
echo 'password: nixos-wiki00'
|
||||
${vmConfig.config.system.build.vm}/bin/run-nixos-vm
|
||||
# TODO maybe clean up the qcow image?
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user