extern/nixos-wiki-infra
1
0
Fork 1
mirror of https://github.com/Mic92/nixos-wiki-infra.git synced 2024-11-23 16:53:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

switch to nixfmt

Browse Source
This commit is contained in:
Jörg Thalheim 2024-09-28 16:15:00 +02:00 committed by mergify[bot]
parent d7c7acb065
commit ada004ff16
14 changed files with 188 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
checks/flake-module.nix
View File

@ -1,9 +1,12 @@
{ self, ... }: {
{ self, ... }:
{
perSystem =
{ pkgs
, lib
, ...
}: {
{
pkgs,
lib,
...
}:
{
checks = lib.optionalAttrs pkgs.stdenv.isLinux {
test = import ./test.nix { inherit self pkgs; };
};

4
checks/lib.nix
View File

@ -15,6 +15,8 @@ in
# This makes `self` available in the NixOS configuration of our virtual machines.
# This is useful for referencing modules or packages from your own flake
# as well as importing from other flakes.
node.specialArgs = { inherit self; };
node.specialArgs = {
inherit self;
};
imports = [ test ];
}).config.result

4
checks/linkcheck/pkgs/default.nix
View File

@ -1,4 +1,6 @@
{ pkgs ? import <nixpkgs> { } }:
{
pkgs ? import <nixpkgs> { },
}:
{
wikiextractor = pkgs.callPackage ./wikiextractor.nix { };
}

10
checks/linkcheck/pkgs/wikiextractor.nix
View File

@ -1,8 +1,8 @@
{ lib
, python3
, fetchpatch
, fetchFromGitHub
,
{
lib,
python3,
fetchpatch,
fetchFromGitHub,
}:
python3.pkgs.buildPythonApplication rec {

49
checks/test.nix
View File

@ -2,28 +2,35 @@
name = "nixos-wiki";
nodes = {
# `self` here is set by using specialArgs in `lib.nix`
wiki = { self, pkgs, config, ... }: {
imports = [
self.nixosModules.nixos-wiki
];
networking.extraHosts = ''
127.0.0.1 nixos-wiki.example.com
'';
security.acme.defaults.email = "admin@example.com";
services.nixos-wiki = {
hostname = "nixos-wiki.example.com";
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
githubClientId = "Iv1.95ed182c83df1d22";
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
emergencyContact = "nixos-wiki@thalheim.io";
passwordSender = "nixos-wiki@thalheim.io";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
wiki =
{
self,
pkgs,
config,
...
}:
{
imports = [
self.nixosModules.nixos-wiki
];
networking.extraHosts = ''
127.0.0.1 nixos-wiki.example.com
'';
security.acme.defaults.email = "admin@example.com";
services.nixos-wiki = {
hostname = "nixos-wiki.example.com";
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
githubClientId = "Iv1.95ed182c83df1d22";
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
emergencyContact = "nixos-wiki@thalheim.io";
passwordSender = "nixos-wiki@thalheim.io";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
};
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = false;
forceSSL = false;
};
};
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = false;
forceSSL = false;
};
};
};
# This is the test code that will check if our service is running correctly:
testScript = ''

58
flake.nix
View File

@ -19,31 +19,39 @@
sops-nix.inputs.nixpkgs-stable.follows = "";
};
outputs = inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: {
systems = [
"aarch64-linux"
"x86_64-linux"
outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } (
{ self, lib, ... }:
{
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
imports = [
inputs.treefmt-nix.flakeModule
./targets/flake-module.nix
./modules/flake-module.nix
./checks/flake-module.nix
./formatter.nix
];
perSystem = { self', system, ... }: {
"x86_64-darwin"
"aarch64-darwin"
];
imports = [
inputs.treefmt-nix.flakeModule
./targets/flake-module.nix
./modules/flake-module.nix
./checks/flake-module.nix
./formatter.nix
];
perSystem =
{ self', system, ... }:
{
checks =
let
nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
in
nixosMachines // packages // devShells;
};
});
checks =
let
nixosMachines = lib.mapAttrs' (
name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
in
nixosMachines // packages // devShells;
};
}
);
}

9
formatter.nix
View File

@ -17,7 +17,8 @@
"targets/nixos-wiki.nixos.org/secrets/*"
];
programs.hclfmt.enable = true;
programs.nixpkgs-fmt.enable = true;
programs.nixfmt.enable = true;
programs.nixfmt.package = pkgs.nixfmt-rfc-style;
programs.deadnix.enable = true;
programs.ruff.format = true;
programs.ruff.check = true;
@ -39,8 +40,7 @@
provider.override (prev: {
homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
"registry.opentofu.org"
]
prev.homepage;
] prev.homepage;
});
in
[
@ -57,8 +57,7 @@
))
];
};
}
// (import ./checks/linkcheck/pkgs { inherit pkgs; });
} // (import ./checks/linkcheck/pkgs { inherit pkgs; });
devShells.linkcheck = pkgs.mkShell {
packages = [
pkgs.lychee

3
modules/flake-module.nix
View File

@ -1,4 +1,5 @@
{ inputs, ... }: {
{ inputs, ... }:
{
flake.nixosModules = {
hcloud.imports = [
inputs.srvos.nixosModules.server

1
modules/monitoring.nix
View File

@ -7,4 +7,3 @@
ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
'';
}

81
modules/nixos-wiki/backup.nix
View File

@ -2,46 +2,49 @@
let
wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst";
mediawiki-maintenance = pkgs.runCommand "mediawiki-maintenance"
{
nativeBuildInputs = [ pkgs.makeWrapper ];
preferLocalBuild = true;
} ''
mkdir -p $out/bin
makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
--set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
'';
wiki-backup = pkgs.writeShellApplication
{
name = "wiki-backup";
runtimeInputs = [
config.services.postgresql.package
pkgs.util-linux
];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
mv /var/lib/mediawiki/backup/{db.tmp,db}
mediawiki-maintenance =
pkgs.runCommand "mediawiki-maintenance"
{
nativeBuildInputs = [ pkgs.makeWrapper ];
preferLocalBuild = true;
}
''
mkdir -p $out/bin
makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
--set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
'';
};
wiki-backup = pkgs.writeShellApplication {
name = "wiki-backup";
runtimeInputs = [
config.services.postgresql.package
pkgs.util-linux
];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
mv /var/lib/mediawiki/backup/{db.tmp,db}
'';
};
# to restore:
# $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db
wiki-dump = pkgs.writeShellApplication
{
name = "wiki-dump";
runtimeInputs = [ pkgs.util-linux pkgs.coreutils ];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
--full --include-files --uploads --quiet | \
${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
mv ${wikiDump}{.tmp,}
'';
};
wiki-dump = pkgs.writeShellApplication {
name = "wiki-dump";
runtimeInputs = [
pkgs.util-linux
pkgs.coreutils
];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
--full --include-files --uploads --quiet | \
${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
mv ${wikiDump}{.tmp,}
'';
};
in
{
environment.systemPackages = [ mediawiki-maintenance ];
@ -74,7 +77,8 @@ in
};
};
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = wikiDump;
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias =
wikiDump;
sops.secrets.storagebox-ssh-key = {
sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key;
@ -113,7 +117,10 @@ in
monthly = 3;
};
paths = [ "/var/lib/mediawiki-uploads" "/var/lib/mediawiki/backup" ];
paths = [
"/var/lib/mediawiki-uploads"
"/var/lib/mediawiki/backup"
];
# Where to backup it to
repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo";

18
modules/nixos-wiki/default.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.services.nixos-wiki;
in
@ -175,7 +180,9 @@ in
# https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation
services.phpfpm.pools.mediawiki.phpOptions =
let
phpVersion = builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version);
phpVersion = builtins.replaceStrings [ "." ] [ "" ] (
lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version
);
extensions = pkgs."php${phpVersion}Extensions";
in
''
@ -202,9 +209,10 @@ in
'';
systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true;
networking.firewall.allowedTCPPorts = [ 443 80 ];
networking.firewall.allowedTCPPorts = [
443
80
];
security.acme.acceptTerms = true;
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = lib.mkDefault true;

28
modules/nixos-wiki/extensions.nix
View File

@ -1,7 +1,23 @@
{ fetchzip }: {
"MobileFrontend" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; };
"DarkMode" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; };
"QuickInstantCommons" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; };
"Translate" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; };
"UniversalLanguageSelector" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; };
{ fetchzip }:
{
"MobileFrontend" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz";
hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A=";
};
"DarkMode" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz";
hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg=";
};
"QuickInstantCommons" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz";
hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0=";
};
"Translate" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz";
hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w=";
};
"UniversalLanguageSelector" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz";
hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M=";
};
}

33
targets/flake-module.nix
View File

@ -4,22 +4,23 @@ let
configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
in
{
flake.nixosConfigurations = lib.listToAttrs
(builtins.map
(name:
lib.nameValuePair
(builtins.replaceStrings [ "." ] [ "-" ] name)
(lib.nixosSystem {
system = "x86_64-linux";
# Make flake available in modules
specialArgs = {
self = {
inputs = self.inputs;
nixosModules = self.nixosModules;
};
flake.nixosConfigurations = lib.listToAttrs (
builtins.map (
name:
lib.nameValuePair (builtins.replaceStrings [ "." ] [ "-" ] name) (
lib.nixosSystem {
system = "x86_64-linux";
# Make flake available in modules
specialArgs = {
self = {
inputs = self.inputs;
nixosModules = self.nixosModules;
};
};
modules = [ (./. + "/${name}/configuration.nix") ];
}))
configs);
modules = [ (./. + "/${name}/configuration.nix") ];
}
)
) configs
);
}

7
targets/nixos-wiki.nixos.org/configuration.nix
View File

@ -1,4 +1,9 @@
{ self, lib, config, ... }:
{
self,
lib,
config,
...
}:
let
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
in