apply treemft

.envrc.private-template

@@ -1,6 +1,6 @@
-# Go to https://gitlab.com/-/profile/personal_access_tokens      
+# Go to https://gitlab.com/-/profile/personal_access_tokens
-export GITLAB_USER=<your-gitlab-username>
+export GITLAB_USER='<your-gitlab-username>'
-export GITLAB_TOKEN=<your-gitlab-token>
+export GITLAB_TOKEN='<your-gitlab-token>'
 
 # https://console.hetzner.cloud/projects/2643361/security/tokens
-export HCLOUD_TOKEN=<your-hetzner-token>
+export HCLOUD_TOKEN='<your-hetzner-token>'

.sops.yaml

@@ -3,12 +3,11 @@ keys:
   - &nixos-wiki2 age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2
   - &lassulus age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2
   - &julienmalka age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy
-
 creation_rules:
   - path_regex: targets/nixos-wiki\.nixos\.org/secrets/*
     key_groups:
-    - age:
+      - age:
-      - *joerg
+          - *joerg
-      - *lassulus
+          - *lassulus
-      - *julienmalka
+          - *julienmalka
-      - *nixos-wiki2
+          - *nixos-wiki2

LICENSE.md

@@ -1,26 +1,20 @@
-The MIT License (MIT)
+# The MIT License (MIT)
-=====================
 
 Copyright © `2023` `Jörg Thalheim`
 
-Permission is hereby granted, free of charge, to any person
+Permission is hereby granted, free of charge, to any person obtaining a copy of
-obtaining a copy of this software and associated documentation
+this software and associated documentation files (the “Software”), to deal in
-files (the “Software”), to deal in the Software without
+the Software without restriction, including without limitation the rights to
-restriction, including without limitation the rights to use,
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-copy, modify, merge, publish, distribute, sublicense, and/or sell
+the Software, and to permit persons to whom the Software is furnished to do so,
-copies of the Software, and to permit persons to whom the
+subject to the following conditions:
-Software is furnished to do so, subject to the following
-conditions:
 
-The above copyright notice and this permission notice shall be
+The above copyright notice and this permission notice shall be included in all
-included in all copies or substantial portions of the Software.
+copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
 
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,17 +1,22 @@
 # nixos-wiki-infra
 
-This project contains the setup of [the official NixOS Wiki (wiki.nixos.org)](https://wiki.nixos.org).
+This project contains the setup of
+[the official NixOS Wiki (wiki.nixos.org)](https://wiki.nixos.org).
 
-Additionally, [this project's GitHub Issues](https://github.com/NixOS/nixos-wiki-infra/issues) host a space for coordination and discussion of wiki activities, in tandem with [the Matrix channel `#wiki:nixos.org`](https://matrix.to/#/#wiki:nixos.org).
+Additionally,
+[this project's GitHub Issues](https://github.com/NixOS/nixos-wiki-infra/issues)
+host a space for coordination and discussion of wiki activities, in tandem with
+[the Matrix channel `#wiki:nixos.org`](https://matrix.to/#/#wiki:nixos.org).
 
 ## Examples
 
-Checkout [./targets/nixos-wiki.nixos.org]() for an example terraform deployment on hetzner cloud.
+Checkout [./targets/nixos-wiki.nixos.org]() for an example terraform deployment
+on hetzner cloud.
 
 ## Downloading a dump of the wiki
 
-This is useful if you want to run your own instance.
+This is useful if you want to run your own instance. Every day an XML dump is
-Every day an XML dump is updated here:
+updated here:
 
 https://wiki.nixos.org/wikidump.xml.zst
 
@@ -39,13 +44,22 @@ We created the Oauth app with read-only access and minimal permissions:
 
 ![](./oauth-permissions.png)
 
-Unfortunately, GitHub misrepresents this information.
+Unfortunately, GitHub misrepresents this information. Read more about this issue
-Read more about this issue here: https://github.com/orgs/community/discussions/37117
+here: https://github.com/orgs/community/discussions/37117
 
 ## Roles
 
 Various roles are present on the wiki:
-* Bureaucrats can assign roles to others. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=bureaucrat), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#bureaucrat))
+
-* Administrators can perform almost all restricted actions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=sysop), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#sysop))
+- Bureaucrats can assign roles to others.
-* Moderators can perform a limited subset of restricted actions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=moderator), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#moderator))
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=bureaucrat),
-* Trusted users can perform page deletions. ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=trusted), [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#trusted))
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#bureaucrat))
+- Administrators can perform almost all restricted actions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=sysop),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#sysop))
+- Moderators can perform a limited subset of restricted actions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=moderator),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#moderator))
+- Trusted users can perform page deletions.
+  ([members](https://wiki.nixos.org/w/index.php?title=Special:ListUsers&group=trusted),
+  [permissions](https://wiki.nixos.org/wiki/Special:ListGroupRights#trusted))

modules/nixos-wiki/update-extensions.py

@@ -70,8 +70,11 @@ def mirror_extension(extension_name: str, mediawiki_version: str) -> Extension:
             run(["gh", "release", "upload", base_name, f"{tmpdir}/{base_name}"])
     for i in range(30):
         try:
-           data = run(["nix", "store", "prefetch-file", "--unpack", mirror_url, "--json"], stdout=subprocess.PIPE).stdout.strip()
+            data = run(
-           hash = json.loads(data)["hash"]
+                ["nix", "store", "prefetch-file", "--unpack", mirror_url, "--json"],
+                stdout=subprocess.PIPE,
+            ).stdout.strip()
+            hash = json.loads(data)["hash"]
         except subprocess.CalledProcessError:
             # sometimes github takes a while to make releases available
             print("nix-prefetch-url failed, retrying")

targets/admins/apply.sh

@@ -5,4 +5,3 @@ cd "$(dirname "$0")"
 rm -f .terraform.lock.hcl
 tofu init -backend-config="password=$GITLAB_TOKEN" -backend-config="username=$GITLAB_USER"
 tofu apply "$@"
-

terraform/nixos-wiki/decrypt-age-keys.sh

@@ -5,6 +5,6 @@ set -euo pipefail -x
 mkdir -p var/lib/secrets
 
 umask 0177
-sops --extract '["age-key"]' -d "$SOPS_FILE" > ./var/lib/secrets/age
+sops --extract '["age-key"]' -d "$SOPS_FILE" >./var/lib/secrets/age
 # restore umask
 umask 0022