extern/nixos-wiki-infra
1
0
Fork 1
mirror of https://github.com/Mic92/nixos-wiki-infra.git synced 2024-11-24 01:03:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

switch to nixfmt

Browse Source
This commit is contained in:
Jörg Thalheim 2024-09-28 16:15:00 +02:00 committed by mergify[bot]
parent d7c7acb065
commit ada004ff16
14 changed files with 188 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
checks/flake-module.nix
View File

@ -1,9 +1,12 @@
{ self, ... }: { { self, ... }:
{
perSystem = perSystem =
{ pkgs {
, lib pkgs,
, ... lib,
}: { ...
}:
{
checks = lib.optionalAttrs pkgs.stdenv.isLinux { checks = lib.optionalAttrs pkgs.stdenv.isLinux {
test = import ./test.nix { inherit self pkgs; }; test = import ./test.nix { inherit self pkgs; };
}; };

4
checks/lib.nix
View File

@ -15,6 +15,8 @@ in
# This makes `self` available in the NixOS configuration of our virtual machines. # This makes `self` available in the NixOS configuration of our virtual machines.
# This is useful for referencing modules or packages from your own flake # This is useful for referencing modules or packages from your own flake
# as well as importing from other flakes. # as well as importing from other flakes.
node.specialArgs = { inherit self; }; node.specialArgs = {
inherit self;
};
imports = [ test ]; imports = [ test ];
}).config.result }).config.result

4
checks/linkcheck/pkgs/default.nix
View File

@ -1,4 +1,6 @@
{ pkgs ? import <nixpkgs> { } }: {
pkgs ? import <nixpkgs> { },
}:
{ {
wikiextractor = pkgs.callPackage ./wikiextractor.nix { }; wikiextractor = pkgs.callPackage ./wikiextractor.nix { };
} }

10
checks/linkcheck/pkgs/wikiextractor.nix
View File

@ -1,8 +1,8 @@
{ lib {
, python3 lib,
, fetchpatch python3,
, fetchFromGitHub fetchpatch,
, fetchFromGitHub,
}: }:
python3.pkgs.buildPythonApplication rec { python3.pkgs.buildPythonApplication rec {

49
checks/test.nix
View File

@ -2,28 +2,35 @@
name = "nixos-wiki"; name = "nixos-wiki";
nodes = { nodes = {
# `self` here is set by using specialArgs in `lib.nix` # `self` here is set by using specialArgs in `lib.nix`
wiki = { self, pkgs, config, ... }: { wiki =
imports = [ {
self.nixosModules.nixos-wiki self,
]; pkgs,
networking.extraHosts = '' config,
127.0.0.1 nixos-wiki.example.com ...
''; }:
security.acme.defaults.email = "admin@example.com"; {
services.nixos-wiki = { imports = [
hostname = "nixos-wiki.example.com"; self.nixosModules.nixos-wiki
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3"; ];
githubClientId = "Iv1.95ed182c83df1d22"; networking.extraHosts = ''
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret"; 127.0.0.1 nixos-wiki.example.com
emergencyContact = "nixos-wiki@thalheim.io"; '';
passwordSender = "nixos-wiki@thalheim.io"; security.acme.defaults.email = "admin@example.com";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io"; services.nixos-wiki = {
hostname = "nixos-wiki.example.com";
adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3";
githubClientId = "Iv1.95ed182c83df1d22";
githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret";
emergencyContact = "nixos-wiki@thalheim.io";
passwordSender = "nixos-wiki@thalheim.io";
noReplyAddress = "nixos-wiki-no-reply@thalheim.io";
};
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = false;
forceSSL = false;
};
}; };
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = false;
forceSSL = false;
};
};
}; };
# This is the test code that will check if our service is running correctly: # This is the test code that will check if our service is running correctly:
testScript = '' testScript = ''

58
flake.nix
View File

@ -19,31 +19,39 @@
sops-nix.inputs.nixpkgs-stable.follows = ""; sops-nix.inputs.nixpkgs-stable.follows = "";
}; };
outputs = inputs@{ flake-parts, ... }: outputs =
flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: { inputs@{ flake-parts, ... }:
systems = [ flake-parts.lib.mkFlake { inherit inputs; } (
"aarch64-linux" { self, lib, ... }:
"x86_64-linux" {
systems = [
"aarch64-linux"
"x86_64-linux"
"x86_64-darwin" "x86_64-darwin"
"aarch64-darwin" "aarch64-darwin"
]; ];
imports = [ imports = [
inputs.treefmt-nix.flakeModule inputs.treefmt-nix.flakeModule
./targets/flake-module.nix ./targets/flake-module.nix
./modules/flake-module.nix ./modules/flake-module.nix
./checks/flake-module.nix ./checks/flake-module.nix
./formatter.nix ./formatter.nix
]; ];
perSystem = { self', system, ... }: { perSystem =
{ self', system, ... }:
{
checks = checks =
let let
nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations); nixosMachines = lib.mapAttrs' (
packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages; name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells; ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
in packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages;
nixosMachines // packages // devShells; devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
}; in
}); nixosMachines // packages // devShells;
};
}
);
} }

9
formatter.nix
View File

@ -17,7 +17,8 @@
"targets/nixos-wiki.nixos.org/secrets/*" "targets/nixos-wiki.nixos.org/secrets/*"
]; ];
programs.hclfmt.enable = true; programs.hclfmt.enable = true;
programs.nixpkgs-fmt.enable = true; programs.nixfmt.enable = true;
programs.nixfmt.package = pkgs.nixfmt-rfc-style;
programs.deadnix.enable = true; programs.deadnix.enable = true;
programs.ruff.format = true; programs.ruff.format = true;
programs.ruff.check = true; programs.ruff.check = true;
@ -39,8 +40,7 @@
provider.override (prev: { provider.override (prev: {
homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [ homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [
"registry.opentofu.org" "registry.opentofu.org"
] ] prev.homepage;
prev.homepage;
}); });
in in
[ [
@ -57,8 +57,7 @@
)) ))
]; ];
}; };
} } // (import ./checks/linkcheck/pkgs { inherit pkgs; });
// (import ./checks/linkcheck/pkgs { inherit pkgs; });
devShells.linkcheck = pkgs.mkShell { devShells.linkcheck = pkgs.mkShell {
packages = [ packages = [
pkgs.lychee pkgs.lychee

3
modules/flake-module.nix
View File

@ -1,4 +1,5 @@
{ inputs, ... }: { { inputs, ... }:
{
flake.nixosModules = { flake.nixosModules = {
hcloud.imports = [ hcloud.imports = [
inputs.srvos.nixosModules.server inputs.srvos.nixosModules.server

1
modules/monitoring.nix
View File

@ -7,4 +7,3 @@
ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true
''; '';
} }

81
modules/nixos-wiki/backup.nix
View File

@ -2,46 +2,49 @@
let let
wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst"; wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst";
mediawiki-maintenance = pkgs.runCommand "mediawiki-maintenance" mediawiki-maintenance =
{ pkgs.runCommand "mediawiki-maintenance"
nativeBuildInputs = [ pkgs.makeWrapper ]; {
preferLocalBuild = true; nativeBuildInputs = [ pkgs.makeWrapper ];
} '' preferLocalBuild = true;
mkdir -p $out/bin }
makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \ ''
--set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \ mkdir -p $out/bin
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \
''; --set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \
--add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php
wiki-backup = pkgs.writeShellApplication
{
name = "wiki-backup";
runtimeInputs = [
config.services.postgresql.package
pkgs.util-linux
];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
mv /var/lib/mediawiki/backup/{db.tmp,db}
''; '';
};
wiki-backup = pkgs.writeShellApplication {
name = "wiki-backup";
runtimeInputs = [
config.services.postgresql.package
pkgs.util-linux
];
text = ''
mkdir -p /var/lib/mediawiki/backup/
runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp
mv /var/lib/mediawiki/backup/{db.tmp,db}
'';
};
# to restore: # to restore:
# $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db # $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db
wiki-dump = pkgs.writeShellApplication wiki-dump = pkgs.writeShellApplication {
{ name = "wiki-dump";
name = "wiki-dump"; runtimeInputs = [
runtimeInputs = [ pkgs.util-linux pkgs.coreutils ]; pkgs.util-linux
text = '' pkgs.coreutils
mkdir -p /var/lib/mediawiki/backup/ ];
runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \ text = ''
--full --include-files --uploads --quiet | \ mkdir -p /var/lib/mediawiki/backup/
${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \
mv ${wikiDump}{.tmp,} --full --include-files --uploads --quiet | \
''; ${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp
}; mv ${wikiDump}{.tmp,}
'';
};
in in
{ {
environment.systemPackages = [ mediawiki-maintenance ]; environment.systemPackages = [ mediawiki-maintenance ];
@ -74,7 +77,8 @@ in
}; };
}; };
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = wikiDump; services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias =
wikiDump;
sops.secrets.storagebox-ssh-key = { sops.secrets.storagebox-ssh-key = {
sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key; sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key;
@ -113,7 +117,10 @@ in
monthly = 3; monthly = 3;
}; };
paths = [ "/var/lib/mediawiki-uploads" "/var/lib/mediawiki/backup" ]; paths = [
"/var/lib/mediawiki-uploads"
"/var/lib/mediawiki/backup"
];
# Where to backup it to # Where to backup it to
repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo"; repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo";

18
modules/nixos-wiki/default.nix
View File

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.services.nixos-wiki; cfg = config.services.nixos-wiki;
in in
@ -175,7 +180,9 @@ in
# https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation # https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation
services.phpfpm.pools.mediawiki.phpOptions = services.phpfpm.pools.mediawiki.phpOptions =
let let
phpVersion = builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version); phpVersion = builtins.replaceStrings [ "." ] [ "" ] (
lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version
);
extensions = pkgs."php${phpVersion}Extensions"; extensions = pkgs."php${phpVersion}Extensions";
in in
'' ''
@ -202,9 +209,10 @@ in
''; '';
systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true; systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true;
networking.firewall.allowedTCPPorts = [
443
networking.firewall.allowedTCPPorts = [ 443 80 ]; 80
];
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = { services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = {
enableACME = lib.mkDefault true; enableACME = lib.mkDefault true;

28
modules/nixos-wiki/extensions.nix
View File

@ -1,7 +1,23 @@
{ fetchzip }: { { fetchzip }:
"MobileFrontend" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; }; {
"DarkMode" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; }; "MobileFrontend" = fetchzip {
"QuickInstantCommons" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; }; url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz";
"Translate" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; }; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A=";
"UniversalLanguageSelector" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; }; };
"DarkMode" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz";
hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg=";
};
"QuickInstantCommons" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz";
hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0=";
};
"Translate" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz";
hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w=";
};
"UniversalLanguageSelector" = fetchzip {
url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz";
hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M=";
};
} }

33
targets/flake-module.nix
View File

@ -4,22 +4,23 @@ let
configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries; configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries;
in in
{ {
flake.nixosConfigurations = lib.listToAttrs flake.nixosConfigurations = lib.listToAttrs (
(builtins.map builtins.map (
(name: name:
lib.nameValuePair lib.nameValuePair (builtins.replaceStrings [ "." ] [ "-" ] name) (
(builtins.replaceStrings [ "." ] [ "-" ] name) lib.nixosSystem {
(lib.nixosSystem { system = "x86_64-linux";
system = "x86_64-linux"; # Make flake available in modules
# Make flake available in modules specialArgs = {
specialArgs = { self = {
self = { inputs = self.inputs;
inputs = self.inputs; nixosModules = self.nixosModules;
nixosModules = self.nixosModules;
};
}; };
};
modules = [ (./. + "/${name}/configuration.nix") ]; modules = [ (./. + "/${name}/configuration.nix") ];
})) }
configs); )
) configs
);
} }

7
targets/nixos-wiki.nixos.org/configuration.nix
View File

@ -1,4 +1,9 @@
{ self, lib, config, ... }: {
self,
lib,
config,
...
}:
let let
nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json); nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
in in