From f703ee79fc91fbfac3a1b96251db77f5cb51b33a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 13:25:32 +0200
Subject: [PATCH 1/7] upgrade to postgresql 16

---
 modules/nixos-wiki/backup.nix  | 6 +++---
 modules/nixos-wiki/default.nix | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/nixos-wiki/backup.nix b/modules/nixos-wiki/backup.nix
index a493f68..57d0b23 100644
--- a/modules/nixos-wiki/backup.nix
+++ b/modules/nixos-wiki/backup.nix
@@ -17,12 +17,12 @@ let
     {
       name = "wiki-backup";
       runtimeInputs = [
-        pkgs.postgresql
+        config.services.postgresql.package
         pkgs.util-linux
       ];
       text = ''
         mkdir -p /var/lib/mediawiki/backup/
-        runuser -u postgres -- pg_dump --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
+        runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
         mv /var/lib/mediawiki/backup/{db.tmp,db}
       '';
     };
@@ -46,7 +46,7 @@ let
   old-wiki-restore = pkgs.writeShellApplication {
     name = "old-wiki-restore";
     runtimeInputs = [
-      pkgs.postgresql
+      config.services.postgresql.package
       pkgs.coreutils
       pkgs.util-linux
       mediawiki-maintenance
diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index 51b52a8..90df4e8 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -127,6 +127,8 @@ in
       '';
     };
 
+    services.postgresql.package = pkgs.postgresql_16;
+
     networking.firewall.allowedTCPPorts = [ 443 80 ];
     security.acme.acceptTerms = true;
     services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {

From 76501abda38efbc999b7e4131d853a7fec089475 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 13:30:03 +0200
Subject: [PATCH 2/7] switch to production domain

---
 targets/nixos-wiki.nixos.org/configuration.nix | 8 ++++----
 targets/nixos-wiki.nixos.org/terraform.tf      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/targets/nixos-wiki.nixos.org/configuration.nix b/targets/nixos-wiki.nixos.org/configuration.nix
index b43a8c9..65d7485 100644
--- a/targets/nixos-wiki.nixos.org/configuration.nix
+++ b/targets/nixos-wiki.nixos.org/configuration.nix
@@ -21,13 +21,13 @@ in
   };
 
   services.nixos-wiki = {
-    hostname = "wiki.staging.julienmalka.me";
+    hostname = "wiki.nixos.org";
     adminPasswordFile = config.sops.secrets.nixos-wiki.path;
     githubClientId = "Iv1.fcbe65bcecdda275";
     githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
-    emergencyContact = "nixos-wiki@thalheim.io";
-    passwordSender = "nixos-wiki@thalheim.io";
-    noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
+    emergencyContact = "wiki@nixos.org";
+    passwordSender = "wiki@nixos.org";
+    noReplyAddress = "wiki-no-reply@nixos.org";
   };
 
   services.cloud-init.enable = lib.mkForce false;
diff --git a/targets/nixos-wiki.nixos.org/terraform.tf b/targets/nixos-wiki.nixos.org/terraform.tf
index 6c02ea0..ae637ab 100644
--- a/targets/nixos-wiki.nixos.org/terraform.tf
+++ b/targets/nixos-wiki.nixos.org/terraform.tf
@@ -11,7 +11,7 @@ terraform {
 
 module "wiki" {
   source           = "../../terraform/nixos-wiki"
-  domain           = "nixos-wiki2.thalheim.io"
+  domain           = "wiki.nixos.org"
   nixos_flake_attr = "nixos-wiki-nixos-org"
   nixos_vars_file  = "${path.module}/nixos-vars.json"
   sops_file        = abspath("${path.module}/secrets/secrets.yaml")

From 62f57c9fdb5c092dfa2086c98ad16aa1b347848d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 14:02:59 +0200
Subject: [PATCH 3/7] nixos-wiki: disable ConfirmToEdit option for now

---
 modules/nixos-wiki/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index 90df4e8..ab2cd90 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -115,7 +115,8 @@ in
         $wgEditPageFrameOptions = "DENY";
 
         $wgEnableEmail = true;
-        $wgEmailConfirmToEdit = true;
+        # FIXME: we cannot enable this because of github login
+        $wgEmailConfirmToEdit = false;
         $wgAllowHTMLEmail = false;
 
         $wgEmergencyContact = "${cfg.emergencyContact}";

From 51120d6ee3e774357fc8f26c7d9f9a0492c431ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 14:19:45 +0200
Subject: [PATCH 4/7] set missing pygment executable path

---
 modules/nixos-wiki/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index ab2cd90..c287622 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -125,6 +125,8 @@ in
 
         # To purge all page cache increase this using: date +%Y%m%d%H%M%S
         $wgCacheEpoch = 20231115172319;
+
+        $wgPygmentizePath = "${pkgs.python3Packages.pygments}/bin/pygmentize";
       '';
     };
 

From a9cc9cab6bb96c1d3f0a15484ca137e9404e10b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 14:19:59 +0200
Subject: [PATCH 5/7] fix broken "StopForumSpam" extension

---
 modules/nixos-wiki/default.nix | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index c287622..b5435d1 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -54,10 +54,11 @@ in
         hash = "sha256-hr/DLyL6IzQs67eA46RdmuVlfCiAbq+eZCRLfjLxUpc=";
       }; # Github login
       extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
-      extensions.StopForumSpam = pkgs.fetchzip {
-        url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
-        hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
-      };
+      #extensions.StopForumSpam = pkgs.fetchzip {
+      #  url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
+      #  hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
+      #};
+
 
       extraConfig = ''
         #$wgDebugLogFile = "/var/log/mediawiki/debug.log";
@@ -100,10 +101,10 @@ in
         ];
 
         # Combat SPAM with IP-Blocklists (StopForumSpam extension)
-        $wgEnableDnsBlacklist = true;
-        $wgDnsBlacklistUrls = array(
-          'dnsbl.dronebl.org'
-        );
+        #$wgEnableDnsBlacklist = true;
+        #$wgDnsBlacklistUrls = array(
+        #  'dnsbl.dronebl.org'
+        #);
 
         # required for fancy VisualEditor extension
         $wgGroupPermissions['user']['writeapi'] = true;

From b6ddf221419ab2009b27d5a9cafe09179c88eccc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 14:33:59 +0200
Subject: [PATCH 6/7] change wiki name

---
 modules/nixos-wiki/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix
index b5435d1..1c1aa73 100644
--- a/modules/nixos-wiki/default.nix
+++ b/modules/nixos-wiki/default.nix
@@ -38,6 +38,7 @@ in
 
   config = {
     services.mediawiki = {
+      name = "NixOS Wiki";
       enable = true;
       webserver = "nginx";
       database.type = "postgres";

From 4c6a0f5d397beccbcaa26d97bf9a8b11bf80f585 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Apr 2024 14:49:19 +0200
Subject: [PATCH 7/7] drop old-wiki restore

---
 modules/nixos-wiki/backup.nix | 46 +----------------------------------
 1 file changed, 1 insertion(+), 45 deletions(-)

diff --git a/modules/nixos-wiki/backup.nix b/modules/nixos-wiki/backup.nix
index 57d0b23..8e17ac1 100644
--- a/modules/nixos-wiki/backup.nix
+++ b/modules/nixos-wiki/backup.nix
@@ -42,53 +42,9 @@ let
         mv ${wikiDump}{.tmp,}
       '';
     };
-
-  old-wiki-restore = pkgs.writeShellApplication {
-    name = "old-wiki-restore";
-    runtimeInputs = [
-      config.services.postgresql.package
-      pkgs.coreutils
-      pkgs.util-linux
-      mediawiki-maintenance
-    ];
-    text = ''
-      if $# != 1; then
-        echo "Usage: $0 <wikidump.xml.gz>" >&2
-        exit 1
-      fi
-      dump=$1
-
-      tmpdir=$(mktemp -d)
-      cleanup() { rm -rf "$tmpdir"; }
-      cd "$tmpdir"
-      chown mediawiki:nginx "$tmpdir"
-
-      rm -rf /var/lib/mediawiki-uploads
-      install -d -m 755 -o mediawiki -g nginx /var/lib/mediawiki-uploads
-      systemctl stop phpfpm-mediawiki.service
-      runuser -u postgres -- dropdb mediawiki
-      systemctl restart postgresql
-      runuser -u postgres -- psql -c "ALTER DATABASE mediawiki OWNER TO mediawiki"
-      systemctl restart mediawiki-init.service
-      cat <<EOF | runuser -u mediawiki -- mediawiki-maintenance deleteBatch.php
-      Main_Page
-      MediaWiki:About
-      EOF
-      trap cleanup EXIT
-      cp "$dump" "$tmpdir/wikidump.xml.gz"
-      chown mediawiki:nginx "$tmpdir/wikidump.xml.gz"
-      chmod 644 "$tmpdir/wikidump.xml.gz"
-      runuser -u mediawiki -- mediawiki-maintenance importDump.php --uploads "$tmpdir/wikidump.xml.gz"
-      runuser -u mediawiki -- mediawiki-maintenance rebuildrecentchanges.php
-      systemctl start phpfpm-mediawiki.service
-    '';
-  };
 in
 {
-  environment.systemPackages = [
-    mediawiki-maintenance
-    old-wiki-restore
-  ];
+  environment.systemPackages = [ mediawiki-maintenance ];
 
   systemd.services.wiki-backup = {
     path = [ pkgs.postgresql ];