Merge pull request #31 from NixOS/joerg-ci

switch to production domain
2024-11-22 00:04:01 +01:00 · 2024-04-01 14:51:08 +02:00 · 2024-04-01 14:51:08 +02:00 · 4efa9b7048
commit 4efa9b7048
parent 3bbd6366a7 4c6a0f5d39
4 changed files with 24 additions and 61 deletions
--- a/modules/nixos-wiki/backup.nix
+++ b/modules/nixos-wiki/backup.nix
@ -17,12 +17,12 @@ let
    {
      name = "wiki-backup";
      runtimeInputs = [
-        pkgs.postgresql
+        config.services.postgresql.package
        pkgs.util-linux
      ];
      text = ''
        mkdir -p /var/lib/mediawiki/backup/
-        runuser -u postgres -- pg_dump --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
+        runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
        mv /var/lib/mediawiki/backup/{db.tmp,db}
      '';
    };
@ -42,53 +42,9 @@ let
        mv ${wikiDump}{.tmp,}
      '';
    };
-
-  old-wiki-restore = pkgs.writeShellApplication {
-    name = "old-wiki-restore";
-    runtimeInputs = [
-      pkgs.postgresql
-      pkgs.coreutils
-      pkgs.util-linux
-      mediawiki-maintenance
-    ];
-    text = ''
-      if $# != 1; then
-        echo "Usage: $0 <wikidump.xml.gz>" >&2
-        exit 1
-      fi
-      dump=$1
-
-      tmpdir=$(mktemp -d)
-      cleanup() { rm -rf "$tmpdir"; }
-      cd "$tmpdir"
-      chown mediawiki:nginx "$tmpdir"
-
-      rm -rf /var/lib/mediawiki-uploads
-      install -d -m 755 -o mediawiki -g nginx /var/lib/mediawiki-uploads
-      systemctl stop phpfpm-mediawiki.service
-      runuser -u postgres -- dropdb mediawiki
-      systemctl restart postgresql
-      runuser -u postgres -- psql -c "ALTER DATABASE mediawiki OWNER TO mediawiki"
-      systemctl restart mediawiki-init.service
-      cat <<EOF | runuser -u mediawiki -- mediawiki-maintenance deleteBatch.php
-      Main_Page
-      MediaWiki:About
-      EOF
-      trap cleanup EXIT
-      cp "$dump" "$tmpdir/wikidump.xml.gz"
-      chown mediawiki:nginx "$tmpdir/wikidump.xml.gz"
-      chmod 644 "$tmpdir/wikidump.xml.gz"
-      runuser -u mediawiki -- mediawiki-maintenance importDump.php --uploads "$tmpdir/wikidump.xml.gz"
-      runuser -u mediawiki -- mediawiki-maintenance rebuildrecentchanges.php
-      systemctl start phpfpm-mediawiki.service
-    '';
-  };
 in
 {
-  environment.systemPackages = [
-    mediawiki-maintenance
-    old-wiki-restore
-  ];
+  environment.systemPackages = [ mediawiki-maintenance ];

  systemd.services.wiki-backup = {
    path = [ pkgs.postgresql ];
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@ -38,6 +38,7 @@ in

  config = {
    services.mediawiki = {
+      name = "NixOS Wiki";
      enable = true;
      webserver = "nginx";
      database.type = "postgres";
@ -54,10 +55,11 @@ in
        hash = "sha256-hr/DLyL6IzQs67eA46RdmuVlfCiAbq+eZCRLfjLxUpc=";
      }; # Github login
      extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
-      extensions.StopForumSpam = pkgs.fetchzip {
-        url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
-        hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
-      };
+      #extensions.StopForumSpam = pkgs.fetchzip {
+      #  url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
+      #  hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
+      #};
+

      extraConfig = ''
        #$wgDebugLogFile = "/var/log/mediawiki/debug.log";
@ -100,10 +102,10 @@ in
        ];

        # Combat SPAM with IP-Blocklists (StopForumSpam extension)
-        $wgEnableDnsBlacklist = true;
-        $wgDnsBlacklistUrls = array(
-          'dnsbl.dronebl.org'
-        );
+        #$wgEnableDnsBlacklist = true;
+        #$wgDnsBlacklistUrls = array(
+        #  'dnsbl.dronebl.org'
+        #);

        # required for fancy VisualEditor extension
        $wgGroupPermissions['user']['writeapi'] = true;
@ -115,7 +117,8 @@ in
        $wgEditPageFrameOptions = "DENY";

        $wgEnableEmail = true;
-        $wgEmailConfirmToEdit = true;
+        # FIXME: we cannot enable this because of github login
+        $wgEmailConfirmToEdit = false;
        $wgAllowHTMLEmail = false;

        $wgEmergencyContact = "${cfg.emergencyContact}";
@ -124,9 +127,13 @@ in

        # To purge all page cache increase this using: date +%Y%m%d%H%M%S
        $wgCacheEpoch = 20231115172319;
+
+        $wgPygmentizePath = "${pkgs.python3Packages.pygments}/bin/pygmentize";
      '';
    };

+    services.postgresql.package = pkgs.postgresql_16;
+
    networking.firewall.allowedTCPPorts = [ 443 80 ];
    security.acme.acceptTerms = true;
    services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
--- a/targets/nixos-wiki.nixos.org/configuration.nix
+++ b/targets/nixos-wiki.nixos.org/configuration.nix
@ -21,13 +21,13 @@ in
  };

  services.nixos-wiki = {
-    hostname = "wiki.staging.julienmalka.me";
+    hostname = "wiki.nixos.org";
    adminPasswordFile = config.sops.secrets.nixos-wiki.path;
    githubClientId = "Iv1.fcbe65bcecdda275";
    githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
-    emergencyContact = "nixos-wiki@thalheim.io";
-    passwordSender = "nixos-wiki@thalheim.io";
-    noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
+    emergencyContact = "wiki@nixos.org";
+    passwordSender = "wiki@nixos.org";
+    noReplyAddress = "wiki-no-reply@nixos.org";
  };

  services.cloud-init.enable = lib.mkForce false;
--- a/targets/nixos-wiki.nixos.org/terraform.tf
+++ b/targets/nixos-wiki.nixos.org/terraform.tf
@ -11,7 +11,7 @@ terraform {

 module "wiki" {
  source           = "../../terraform/nixos-wiki"
-  domain           = "nixos-wiki2.thalheim.io"
+  domain           = "wiki.nixos.org"
  nixos_flake_attr = "nixos-wiki-nixos-org"
  nixos_vars_file  = "${path.module}/nixos-vars.json"
  sops_file        = abspath("${path.module}/secrets/secrets.yaml")