From d10e4f8977876f49a46e886dc400535b92fcdc0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 6 Jul 2024 11:13:43 +0200
Subject: [PATCH] apply treemft

---
 .envrc.private-template                  |  8 +++---
 .sops.yaml                               | 11 ++++----
 LICENSE.md                               | 36 ++++++++++--------------
 README.md                                | 36 ++++++++++++++++--------
 modules/nixos-wiki/update-extensions.py  |  7 +++--
 targets/admins/apply.sh                  |  1 -
 terraform/nixos-wiki/decrypt-age-keys.sh |  2 +-
 7 files changed, 55 insertions(+), 46 deletions(-)

diff --git a/.envrc.private-template b/.envrc.private-template
index 71c0ace..a22e5ec 100644
--- a/.envrc.private-template
+++ b/.envrc.private-template
@@ -1,6 +1,6 @@
-# Go to https://gitlab.com/-/profile/personal_access_tokens      
-export GITLAB_USER=<your-gitlab-username>
-export GITLAB_TOKEN=<your-gitlab-token>
+# Go to https://gitlab.com/-/profile/personal_access_tokens
+export GITLAB_USER='<your-gitlab-username>'
+export GITLAB_TOKEN='<your-gitlab-token>'
 
 # https://console.hetzner.cloud/projects/2643361/security/tokens
-export HCLOUD_TOKEN=<your-hetzner-token>
+export HCLOUD_TOKEN='<your-hetzner-token>'
diff --git a/.sops.yaml b/.sops.yaml
index 9aaaeab..dd123e1 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,12 +3,11 @@ keys:
   - &nixos-wiki2 age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2
   - &lassulus age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
   - &julienmalka age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
-
 creation_rules:
   - path_regex: targets/nixos-wiki\.nixos\.org/secrets/*
     key_groups:
-    - age:
-      - *joerg
-      - *lassulus
-      - *julienmalka
-      - *nixos-wiki2
+      - age:
+          - *joerg
+          - *lassulus
+          - *julienmalka
+          - *nixos-wiki2
diff --git a/LICENSE.md b/LICENSE.md
index c49dc76..2f12ab5 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,26 +1,20 @@
-The MIT License (MIT)
-=====================
+# The MIT License (MIT)
 
 Copyright © `2023` `Jörg Thalheim`
 
-Permission is hereby granted, free of charge, to any person
-obtaining a copy of this software and associated documentation
-files (the “Software”), to deal in the Software without
-restriction, including without limitation the rights to use,
-copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the
-Software is furnished to do so, subject to the following
-conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the “Software”), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
index 3030ea7..9649aab 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,22 @@
 # nixos-wiki-infra
 
-This project contains the setup of [the official NixOS Wiki (wiki.nixos.org)](https://wiki.nixos.org).
+This project contains the setup of
+[the official NixOS Wiki (wiki.nixos.org)](https://wiki.nixos.org).
 
-Additionally, [this project's GitHub Issues](https://github.com/NixOS/nixos-wiki-infra/issues) host a space for coordination and discussion of wiki activities, in tandem with [the Matrix channel `#wiki:nixos.org`](https://matrix.to/#/#wiki:nixos.org).
+Additionally,
+[this project's GitHub Issues](https://github.com/NixOS/nixos-wiki-infra/issues)
+host a space for coordination and discussion of wiki activities, in tandem with
+[the Matrix channel `#wiki:nixos.org`](https://matrix.to/#/#wiki:nixos.org).
 
 ## Examples
 
-Checkout [./targets/nixos-wiki.nixos.org]() for an example terraform deployment on hetzner cloud.
+Checkout [./targets/nixos-wiki.nixos.org]() for an example terraform deployment
+on hetzner cloud.
 
 ## Downloading a dump of the wiki
 
-This is useful if you want to run your own instance.
-Every day an XML dump is updated here:
+This is useful if you want to run your own instance. Every day an XML dump is
+updated here:
 
 https://wiki.nixos.org/wikidump.xml.zst
 
@@ -39,13 +44,22 @@ We created the Oauth app with read-only access and minimal permissions:
 
 ![](./oauth-permissions.png)
 
-Unfortunately, GitHub misrepresents this information.
-Read more about this issue here: https://github.com/orgs/community/discussions/37117
+Unfortunately, GitHub misrepresents this information. Read more about this issue
+here: https://github.com/orgs/community/discussions/37117
 
 ## Roles
 
 Various roles are present on the wiki:
-* Bureaucrats can assign roles to others. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=bureaucrat), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#bureaucrat))
-* Administrators can perform almost all restricted actions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=sysop), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#sysop))
-* Moderators can perform a limited subset of restricted actions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=moderator), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#moderator))
-* Trusted users can perform page deletions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=trusted), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#trusted))
+
+- Bureaucrats can assign roles to others.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=bureaucrat),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#bureaucrat))
+- Administrators can perform almost all restricted actions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=sysop),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#sysop))
+- Moderators can perform a limited subset of restricted actions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=moderator),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#moderator))
+- Trusted users can perform page deletions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=trusted),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#trusted))
diff --git a/modules/nixos-wiki/update-extensions.py b/modules/nixos-wiki/update-extensions.py
index 51f9e1c..ef4f0d9 100755
--- a/modules/nixos-wiki/update-extensions.py
+++ b/modules/nixos-wiki/update-extensions.py
@@ -70,8 +70,11 @@ def mirror_extension(extension_name: str, mediawiki_version: str) -> Extension:
             run(["gh", "release", "upload", base_name, f"{tmpdir}/{base_name}"])
     for i in range(30):
         try:
-           data = run(["nix", "store", "prefetch-file", "--unpack", mirror_url, "--json"], stdout=subprocess.PIPE).stdout.strip()
-           hash = json.loads(data)["hash"]
+            data = run(
+                ["nix", "store", "prefetch-file", "--unpack", mirror_url, "--json"],
+                stdout=subprocess.PIPE,
+            ).stdout.strip()
+            hash = json.loads(data)["hash"]
         except subprocess.CalledProcessError:
             # sometimes github takes a while to make releases available
             print("nix-prefetch-url failed, retrying")
diff --git a/targets/admins/apply.sh b/targets/admins/apply.sh
index 33b532a..d3f6631 100755
--- a/targets/admins/apply.sh
+++ b/targets/admins/apply.sh
@@ -5,4 +5,3 @@ cd "$(dirname "$0")"
 rm -f .terraform.lock.hcl
 tofu init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
 tofu apply "$@"
-
diff --git a/terraform/nixos-wiki/decrypt-age-keys.sh b/terraform/nixos-wiki/decrypt-age-keys.sh
index c7ccfc0..3369763 100755
--- a/terraform/nixos-wiki/decrypt-age-keys.sh
+++ b/terraform/nixos-wiki/decrypt-age-keys.sh
@@ -5,6 +5,6 @@ set -euo pipefail -x
 mkdir -p var/lib/secrets
 
 umask 0177
-sops --extract '["age-key"]' -d "$SOPS_FILE" > ./var/lib/secrets/age
+sops --extract '["age-key"]' -d "$SOPS_FILE" >./var/lib/secrets/age
 # restore umask
 umask 0022