extern/nixos-wiki-infra
1
0
Fork 1
mirror of https://github.com/Mic92/nixos-wiki-infra.git synced 2025-02-16 18:31:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31 from NixOS/joerg-ci

Browse Source 
switch to production domain
This commit is contained in:
Jörg Thalheim 2024-04-01 14:51:08 +02:00 committed by GitHub
commit 4efa9b7048
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
modules/nixos-wiki/backup.nix
View File

@ -17,12 +17,12 @@ let
{ {
name = "wiki-backup"; name = "wiki-backup";
runtimeInputs = [ runtimeInputs = [
pkgs.postgresql config.services.postgresql.package
pkgs.util-linux pkgs.util-linux
]; ];
text = '' text = ''
mkdir -p /var/lib/mediawiki/backup/ mkdir -p /var/lib/mediawiki/backup/
runuser -u postgres -- pg_dump --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
mv /var/lib/mediawiki/backup/{db.tmp,db} mv /var/lib/mediawiki/backup/{db.tmp,db}
''; '';
}; };
@ -42,53 +42,9 @@ let
mv ${wikiDump}{.tmp,} mv ${wikiDump}{.tmp,}
''; '';
}; };
old-wiki-restore = pkgs.writeShellApplication {
name = "old-wiki-restore";
runtimeInputs = [
pkgs.postgresql
pkgs.coreutils
pkgs.util-linux
mediawiki-maintenance
];
text = ''
if $# != 1; then
echo "Usage: $0 <wikidump.xml.gz>" >&2
exit 1
fi
dump=$1
tmpdir=$(mktemp -d)
cleanup() { rm -rf "$tmpdir"; }
cd "$tmpdir"
chown mediawiki:nginx "$tmpdir"
rm -rf /var/lib/mediawiki-uploads
install -d -m 755 -o mediawiki -g nginx /var/lib/mediawiki-uploads
systemctl stop phpfpm-mediawiki.service
runuser -u postgres -- dropdb mediawiki
systemctl restart postgresql
runuser -u postgres -- psql -c "ALTER DATABASE mediawiki OWNER TO mediawiki"
systemctl restart mediawiki-init.service
cat <<EOF | runuser -u mediawiki -- mediawiki-maintenance deleteBatch.php
Main_Page
MediaWiki:About
EOF
trap cleanup EXIT
cp "$dump" "$tmpdir/wikidump.xml.gz"
chown mediawiki:nginx "$tmpdir/wikidump.xml.gz"
chmod 644 "$tmpdir/wikidump.xml.gz"
runuser -u mediawiki -- mediawiki-maintenance importDump.php --uploads "$tmpdir/wikidump.xml.gz"
runuser -u mediawiki -- mediawiki-maintenance rebuildrecentchanges.php
systemctl start phpfpm-mediawiki.service
'';
};
in in
{ {
environment.systemPackages = [ environment.systemPackages = [ mediawiki-maintenance ];
mediawiki-maintenance
old-wiki-restore
];
systemd.services.wiki-backup = { systemd.services.wiki-backup = {
path = [ pkgs.postgresql ]; path = [ pkgs.postgresql ];

25
modules/nixos-wiki/default.nix
View File

@ -38,6 +38,7 @@ in
config = { config = {
services.mediawiki = { services.mediawiki = {
name = "NixOS Wiki";
enable = true; enable = true;
webserver = "nginx"; webserver = "nginx";
database.type = "postgres"; database.type = "postgres";
@ -54,10 +55,11 @@ in
hash = "sha256-hr/DLyL6IzQs67eA46RdmuVlfCiAbq+eZCRLfjLxUpc="; hash = "sha256-hr/DLyL6IzQs67eA46RdmuVlfCiAbq+eZCRLfjLxUpc=";
}; # Github login }; # Github login
extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha extensions.ConfirmEdit = null; # Combat SPAM with a simple Captcha
extensions.StopForumSpam = pkgs.fetchzip { #extensions.StopForumSpam = pkgs.fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz"; # url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/StopForumSpam-REL1_41-73c94fb/StopForumSpam-REL1_41-861c37b.tar.gz";
hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E="; # hash = "sha256-/7gfBiKA9CliEPjXjcHrYKp4JMayXwtixlZFvnA5D2E=";
}; #};
extraConfig = '' extraConfig = ''
#$wgDebugLogFile = "/var/log/mediawiki/debug.log"; #$wgDebugLogFile = "/var/log/mediawiki/debug.log";
@ -100,10 +102,10 @@ in
]; ];
# Combat SPAM with IP-Blocklists (StopForumSpam extension) # Combat SPAM with IP-Blocklists (StopForumSpam extension)
$wgEnableDnsBlacklist = true; #$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( #$wgDnsBlacklistUrls = array(
'dnsbl.dronebl.org' # 'dnsbl.dronebl.org'
); #);
# required for fancy VisualEditor extension # required for fancy VisualEditor extension
$wgGroupPermissions['user']['writeapi'] = true; $wgGroupPermissions['user']['writeapi'] = true;
@ -115,7 +117,8 @@ in
$wgEditPageFrameOptions = "DENY"; $wgEditPageFrameOptions = "DENY";
$wgEnableEmail = true; $wgEnableEmail = true;
$wgEmailConfirmToEdit = true; # FIXME: we cannot enable this because of github login
$wgEmailConfirmToEdit = false;
$wgAllowHTMLEmail = false; $wgAllowHTMLEmail = false;
$wgEmergencyContact = "${cfg.emergencyContact}"; $wgEmergencyContact = "${cfg.emergencyContact}";
@ -124,9 +127,13 @@ in
# To purge all page cache increase this using: date +%Y%m%d%H%M%S # To purge all page cache increase this using: date +%Y%m%d%H%M%S
$wgCacheEpoch = 20231115172319; $wgCacheEpoch = 20231115172319;
$wgPygmentizePath = "${pkgs.python3Packages.pygments}/bin/pygmentize";
''; '';
}; };
services.postgresql.package = pkgs.postgresql_16;
networking.firewall.allowedTCPPorts = [ 443 80 ]; networking.firewall.allowedTCPPorts = [ 443 80 ];
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = { services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {

8
targets/nixos-wiki.nixos.org/configuration.nix
View File

@ -21,13 +21,13 @@ in
}; };
services.nixos-wiki = { services.nixos-wiki = {
hostname = "wiki.staging.julienmalka.me"; hostname = "wiki.nixos.org";
adminPasswordFile = config.sops.secrets.nixos-wiki.path; adminPasswordFile = config.sops.secrets.nixos-wiki.path;
githubClientId = "Iv1.fcbe65bcecdda275"; githubClientId = "Iv1.fcbe65bcecdda275";
githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path; githubClientSecretFile = config.sops.secrets.nixos-wiki-github-client-secret.path;
emergencyContact = "nixos-wiki@thalheim.io"; emergencyContact = "wiki@nixos.org";
passwordSender = "nixos-wiki@thalheim.io"; passwordSender = "wiki@nixos.org";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io"; noReplyAddress = "wiki-no-reply@nixos.org";
}; };
services.cloud-init.enable = lib.mkForce false; services.cloud-init.enable = lib.mkForce false;

2
targets/nixos-wiki.nixos.org/terraform.tf
View File

@ -11,7 +11,7 @@ terraform {
module "wiki" { module "wiki" {
source = "../../terraform/nixos-wiki" source = "../../terraform/nixos-wiki"
domain = "nixos-wiki2.thalheim.io" domain = "wiki.nixos.org"
nixos_flake_attr = "nixos-wiki-nixos-org" nixos_flake_attr = "nixos-wiki-nixos-org"
nixos_vars_file = "${path.module}/nixos-vars.json" nixos_vars_file = "${path.module}/nixos-vars.json"
sops_file = abspath("${path.module}/secrets/secrets.yaml") sops_file = abspath("${path.module}/secrets/secrets.yaml")