mirror of
https://github.com/Mic92/nixos-wiki-infra.git
synced 2024-11-07 08:55:21 +01:00
switch to nixfmt
This commit is contained in:
parent
d7c7acb065
commit
ada004ff16
@ -1,9 +1,12 @@
|
||||
{ self, ... }: {
|
||||
{ self, ... }:
|
||||
{
|
||||
perSystem =
|
||||
{ pkgs
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
checks = lib.optionalAttrs pkgs.stdenv.isLinux {
|
||||
test = import ./test.nix { inherit self pkgs; };
|
||||
};
|
||||
|
@ -15,6 +15,8 @@ in
|
||||
# This makes `self` available in the NixOS configuration of our virtual machines.
|
||||
# This is useful for referencing modules or packages from your own flake
|
||||
# as well as importing from other flakes.
|
||||
node.specialArgs = { inherit self; };
|
||||
node.specialArgs = {
|
||||
inherit self;
|
||||
};
|
||||
imports = [ test ];
|
||||
}).config.result
|
||||
|
@ -1,4 +1,6 @@
|
||||
{ pkgs ? import <nixpkgs> { } }:
|
||||
{
|
||||
pkgs ? import <nixpkgs> { },
|
||||
}:
|
||||
{
|
||||
wikiextractor = pkgs.callPackage ./wikiextractor.nix { };
|
||||
}
|
||||
|
@ -1,8 +1,8 @@
|
||||
{ lib
|
||||
, python3
|
||||
, fetchpatch
|
||||
, fetchFromGitHub
|
||||
,
|
||||
{
|
||||
lib,
|
||||
python3,
|
||||
fetchpatch,
|
||||
fetchFromGitHub,
|
||||
}:
|
||||
|
||||
python3.pkgs.buildPythonApplication rec {
|
||||
|
@ -2,28 +2,35 @@
|
||||
name = "nixos-wiki";
|
||||
nodes = {
|
||||
# `self` here is set by using specialArgs in `lib.nix`
|
||||
wiki = { self, pkgs, config, ... }: {
|
||||
imports = [
|
||||
self.nixosModules.nixos-wiki
|
||||
];
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 nixos-wiki.example.com
|
||||
'';
|
||||
security.acme.defaults.email = "admin@example.com";
|
||||
services.nixos-wiki = {
|
||||
hostname = "nixos-wiki.example.com";
|
||||
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
|
||||
githubClientId = "Iv1.95ed182c83df1d22";
|
||||
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
|
||||
emergencyContact = "nixos-wiki@thalheim.io";
|
||||
passwordSender = "nixos-wiki@thalheim.io";
|
||||
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
|
||||
wiki =
|
||||
{
|
||||
self,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.nixos-wiki
|
||||
];
|
||||
networking.extraHosts = ''
|
||||
127.0.0.1 nixos-wiki.example.com
|
||||
'';
|
||||
security.acme.defaults.email = "admin@example.com";
|
||||
services.nixos-wiki = {
|
||||
hostname = "nixos-wiki.example.com";
|
||||
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
|
||||
githubClientId = "Iv1.95ed182c83df1d22";
|
||||
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
|
||||
emergencyContact = "nixos-wiki@thalheim.io";
|
||||
passwordSender = "nixos-wiki@thalheim.io";
|
||||
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
|
||||
};
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
|
||||
enableACME = false;
|
||||
forceSSL = false;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
|
||||
enableACME = false;
|
||||
forceSSL = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
# This is the test code that will check if our service is running correctly:
|
||||
testScript = ''
|
||||
|
58
flake.nix
58
flake.nix
@ -19,31 +19,39 @@
|
||||
sops-nix.inputs.nixpkgs-stable.follows = "";
|
||||
};
|
||||
|
||||
outputs = inputs@{ flake-parts, ... }:
|
||||
flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: {
|
||||
systems = [
|
||||
"aarch64-linux"
|
||||
"x86_64-linux"
|
||||
outputs =
|
||||
inputs@{ flake-parts, ... }:
|
||||
flake-parts.lib.mkFlake { inherit inputs; } (
|
||||
{ self, lib, ... }:
|
||||
{
|
||||
systems = [
|
||||
"aarch64-linux"
|
||||
"x86_64-linux"
|
||||
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
imports = [
|
||||
inputs.treefmt-nix.flakeModule
|
||||
./targets/flake-module.nix
|
||||
./modules/flake-module.nix
|
||||
./checks/flake-module.nix
|
||||
./formatter.nix
|
||||
];
|
||||
perSystem = { self', system, ... }: {
|
||||
"x86_64-darwin"
|
||||
"aarch64-darwin"
|
||||
];
|
||||
imports = [
|
||||
inputs.treefmt-nix.flakeModule
|
||||
./targets/flake-module.nix
|
||||
./modules/flake-module.nix
|
||||
./checks/flake-module.nix
|
||||
./formatter.nix
|
||||
];
|
||||
perSystem =
|
||||
{ self', system, ... }:
|
||||
{
|
||||
|
||||
checks =
|
||||
let
|
||||
nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
|
||||
packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
|
||||
devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
|
||||
in
|
||||
nixosMachines // packages // devShells;
|
||||
};
|
||||
});
|
||||
checks =
|
||||
let
|
||||
nixosMachines = lib.mapAttrs' (
|
||||
name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
|
||||
) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
|
||||
packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
|
||||
devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
|
||||
in
|
||||
nixosMachines // packages // devShells;
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
@ -17,7 +17,8 @@
|
||||
"targets/nixos-wiki.nixos.org/secrets/*"
|
||||
];
|
||||
programs.hclfmt.enable = true;
|
||||
programs.nixpkgs-fmt.enable = true;
|
||||
programs.nixfmt.enable = true;
|
||||
programs.nixfmt.package = pkgs.nixfmt-rfc-style;
|
||||
programs.deadnix.enable = true;
|
||||
programs.ruff.format = true;
|
||||
programs.ruff.check = true;
|
||||
@ -39,8 +40,7 @@
|
||||
provider.override (prev: {
|
||||
homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
|
||||
"registry.opentofu.org"
|
||||
]
|
||||
prev.homepage;
|
||||
] prev.homepage;
|
||||
});
|
||||
in
|
||||
[
|
||||
@ -57,8 +57,7 @@
|
||||
))
|
||||
];
|
||||
};
|
||||
}
|
||||
// (import ./checks/linkcheck/pkgs { inherit pkgs; });
|
||||
} // (import ./checks/linkcheck/pkgs { inherit pkgs; });
|
||||
devShells.linkcheck = pkgs.mkShell {
|
||||
packages = [
|
||||
pkgs.lychee
|
||||
|
@ -1,4 +1,5 @@
|
||||
{ inputs, ... }: {
|
||||
{ inputs, ... }:
|
||||
{
|
||||
flake.nixosModules = {
|
||||
hcloud.imports = [
|
||||
inputs.srvos.nixosModules.server
|
||||
|
@ -7,4 +7,3 @@
|
||||
ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
|
||||
'';
|
||||
}
|
||||
|
||||
|
@ -2,46 +2,49 @@
|
||||
let
|
||||
wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst";
|
||||
|
||||
mediawiki-maintenance = pkgs.runCommand "mediawiki-maintenance"
|
||||
{
|
||||
nativeBuildInputs = [ pkgs.makeWrapper ];
|
||||
preferLocalBuild = true;
|
||||
} ''
|
||||
mkdir -p $out/bin
|
||||
makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
|
||||
--set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
|
||||
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
|
||||
'';
|
||||
|
||||
wiki-backup = pkgs.writeShellApplication
|
||||
{
|
||||
name = "wiki-backup";
|
||||
runtimeInputs = [
|
||||
config.services.postgresql.package
|
||||
pkgs.util-linux
|
||||
];
|
||||
text = ''
|
||||
mkdir -p /var/lib/mediawiki/backup/
|
||||
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
|
||||
mv /var/lib/mediawiki/backup/{db.tmp,db}
|
||||
mediawiki-maintenance =
|
||||
pkgs.runCommand "mediawiki-maintenance"
|
||||
{
|
||||
nativeBuildInputs = [ pkgs.makeWrapper ];
|
||||
preferLocalBuild = true;
|
||||
}
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
|
||||
--set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
|
||||
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
|
||||
'';
|
||||
};
|
||||
|
||||
wiki-backup = pkgs.writeShellApplication {
|
||||
name = "wiki-backup";
|
||||
runtimeInputs = [
|
||||
config.services.postgresql.package
|
||||
pkgs.util-linux
|
||||
];
|
||||
text = ''
|
||||
mkdir -p /var/lib/mediawiki/backup/
|
||||
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
|
||||
mv /var/lib/mediawiki/backup/{db.tmp,db}
|
||||
'';
|
||||
};
|
||||
|
||||
# to restore:
|
||||
# $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db
|
||||
|
||||
wiki-dump = pkgs.writeShellApplication
|
||||
{
|
||||
name = "wiki-dump";
|
||||
runtimeInputs = [ pkgs.util-linux pkgs.coreutils ];
|
||||
text = ''
|
||||
mkdir -p /var/lib/mediawiki/backup/
|
||||
runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
|
||||
--full --include-files --uploads --quiet | \
|
||||
${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
|
||||
mv ${wikiDump}{.tmp,}
|
||||
'';
|
||||
};
|
||||
wiki-dump = pkgs.writeShellApplication {
|
||||
name = "wiki-dump";
|
||||
runtimeInputs = [
|
||||
pkgs.util-linux
|
||||
pkgs.coreutils
|
||||
];
|
||||
text = ''
|
||||
mkdir -p /var/lib/mediawiki/backup/
|
||||
runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
|
||||
--full --include-files --uploads --quiet | \
|
||||
${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
|
||||
mv ${wikiDump}{.tmp,}
|
||||
'';
|
||||
};
|
||||
in
|
||||
{
|
||||
environment.systemPackages = [ mediawiki-maintenance ];
|
||||
@ -74,7 +77,8 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = wikiDump;
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias =
|
||||
wikiDump;
|
||||
|
||||
sops.secrets.storagebox-ssh-key = {
|
||||
sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key;
|
||||
@ -113,7 +117,10 @@ in
|
||||
monthly = 3;
|
||||
};
|
||||
|
||||
paths = [ "/var/lib/mediawiki-uploads" "/var/lib/mediawiki/backup" ];
|
||||
paths = [
|
||||
"/var/lib/mediawiki-uploads"
|
||||
"/var/lib/mediawiki/backup"
|
||||
];
|
||||
|
||||
# Where to backup it to
|
||||
repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo";
|
||||
|
@ -1,4 +1,9 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.nixos-wiki;
|
||||
in
|
||||
@ -175,7 +180,9 @@ in
|
||||
# https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation
|
||||
services.phpfpm.pools.mediawiki.phpOptions =
|
||||
let
|
||||
phpVersion = builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version);
|
||||
phpVersion = builtins.replaceStrings [ "." ] [ "" ] (
|
||||
lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version
|
||||
);
|
||||
extensions = pkgs."php${phpVersion}Extensions";
|
||||
in
|
||||
''
|
||||
@ -202,9 +209,10 @@ in
|
||||
'';
|
||||
systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true;
|
||||
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
443
|
||||
80
|
||||
];
|
||||
security.acme.acceptTerms = true;
|
||||
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
|
||||
enableACME = lib.mkDefault true;
|
||||
|
@ -1,7 +1,23 @@
|
||||
{ fetchzip }: {
|
||||
"MobileFrontend" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; };
|
||||
"DarkMode" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; };
|
||||
"QuickInstantCommons" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; };
|
||||
"Translate" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; };
|
||||
"UniversalLanguageSelector" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; };
|
||||
{ fetchzip }:
|
||||
{
|
||||
"MobileFrontend" = fetchzip {
|
||||
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz";
|
||||
hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A=";
|
||||
};
|
||||
"DarkMode" = fetchzip {
|
||||
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz";
|
||||
hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg=";
|
||||
};
|
||||
"QuickInstantCommons" = fetchzip {
|
||||
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz";
|
||||
hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0=";
|
||||
};
|
||||
"Translate" = fetchzip {
|
||||
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz";
|
||||
hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w=";
|
||||
};
|
||||
"UniversalLanguageSelector" = fetchzip {
|
||||
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz";
|
||||
hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M=";
|
||||
};
|
||||
}
|
||||
|
@ -4,22 +4,23 @@ let
|
||||
configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
|
||||
in
|
||||
{
|
||||
flake.nixosConfigurations = lib.listToAttrs
|
||||
(builtins.map
|
||||
(name:
|
||||
lib.nameValuePair
|
||||
(builtins.replaceStrings [ "." ] [ "-" ] name)
|
||||
(lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
# Make flake available in modules
|
||||
specialArgs = {
|
||||
self = {
|
||||
inputs = self.inputs;
|
||||
nixosModules = self.nixosModules;
|
||||
};
|
||||
flake.nixosConfigurations = lib.listToAttrs (
|
||||
builtins.map (
|
||||
name:
|
||||
lib.nameValuePair (builtins.replaceStrings [ "." ] [ "-" ] name) (
|
||||
lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
# Make flake available in modules
|
||||
specialArgs = {
|
||||
self = {
|
||||
inputs = self.inputs;
|
||||
nixosModules = self.nixosModules;
|
||||
};
|
||||
};
|
||||
|
||||
modules = [ (./. + "/${name}/configuration.nix") ];
|
||||
}))
|
||||
configs);
|
||||
modules = [ (./. + "/${name}/configuration.nix") ];
|
||||
}
|
||||
)
|
||||
) configs
|
||||
);
|
||||
}
|
||||
|
@ -1,4 +1,9 @@
|
||||
{ self, lib, config, ... }:
|
||||
{
|
||||
self,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
|
||||
in
|
||||
|
Loading…
Reference in New Issue
Block a user