servo: install mediawiki
This commit is contained in:
parent
df6e8f1562
commit
01db7e1f23
|
@ -19,5 +19,6 @@
|
|||
./prosody.nix
|
||||
./transmission.nix
|
||||
./trust-dns
|
||||
./wikipedia.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -291,6 +291,39 @@ in
|
|||
locations."/".proxyPass = "http://127.0.0.1:4533";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."w.uninsane.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
inherit kTLS;
|
||||
locations."/".proxyPass = "http://127.0.0.1:8013";
|
||||
};
|
||||
|
||||
# services.nginx.virtualHosts."w.uninsane.org" = let
|
||||
# fpm = config.services.phpfpm.pools.mediawiki;
|
||||
# in {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# inherit kTLS;
|
||||
# # we want fcgi, actually
|
||||
# # locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
|
||||
# locations."/".extraConfig = ''
|
||||
# # fastcgi_pass unix:${fpm.socket}|fcgi://localhost/;
|
||||
# fastcgi_pass unix:${fpm.socket};
|
||||
# # some of this might be wrong
|
||||
# fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
# set $path_info $fastcgi_path_info;
|
||||
# fastcgi_param PATH_INFO $path_info;
|
||||
# include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
# include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
# '';
|
||||
|
||||
# # locations."/" = {
|
||||
# # tryFiles = "$uri $uri/ index.php";
|
||||
# # index = "index.php index.html index.htm";
|
||||
# # };
|
||||
# # TODO: consider /images directory
|
||||
# };
|
||||
|
||||
services.nginx.virtualHosts."rss.uninsane.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
|
|
@ -50,6 +50,7 @@ nixcache CNAME native
|
|||
pl-dev CNAME native
|
||||
rss CNAME native
|
||||
sink CNAME native
|
||||
w CNAME native
|
||||
|
||||
xmpp CNAME native
|
||||
conference.xmpp CNAME native
|
||||
|
|
62
hosts/servo/services/wikipedia.nix
Normal file
62
hosts/servo/services/wikipedia.nix
Normal file
|
@ -0,0 +1,62 @@
|
|||
# docs: <https://nixos.wiki/wiki/MediaWiki>
|
||||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
sops.secrets."mediawiki_pw" = {
|
||||
owner = config.users.users.mediawiki.name;
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
};
|
||||
# # mediawiki wants to serv itself over apache httpd:
|
||||
# # that doesn't work because nginx already binds port 80
|
||||
# services.httpd.enable = lib.mkForce false;
|
||||
# services.httpd.user = "nginx";
|
||||
# services.httpd.group = "nginx";
|
||||
|
||||
users.users.mediawiki.uid = config.sane.allocations.mediawiki-uid;
|
||||
|
||||
services.mediawiki.enable = true;
|
||||
services.mediawiki.name = "Uninsane Wiki";
|
||||
services.mediawiki.passwordFile = config.sops.secrets.mediawiki_pw.path;
|
||||
services.mediawiki.extraConfig = ''
|
||||
# Disable anonymous editing
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
'';
|
||||
services.mediawiki.virtualHost.listen = [
|
||||
{
|
||||
ip = "127.0.0.1";
|
||||
port = 8013;
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
services.mediawiki.virtualHost.hostName = "w.uninsane.org";
|
||||
services.mediawiki.virtualHost.adminAddr = "admin+mediawiki@uninsane.org";
|
||||
# services.mediawiki.extensions = TODO: wikipedia sync extension?
|
||||
|
||||
# original apache config for MW
|
||||
# services.httpd = {
|
||||
# enable = true;
|
||||
# extraModules = [ "proxy_fcgi" ];
|
||||
# virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost {
|
||||
# documentRoot = mkForce "${pkg}/share/mediawiki";
|
||||
# extraConfig = ''
|
||||
# <Directory "${pkg}/share/mediawiki">
|
||||
# <FilesMatch "\.php$">
|
||||
# <If "-f %{REQUEST_FILENAME}">
|
||||
# SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/"
|
||||
# </If>
|
||||
# </FilesMatch>
|
||||
|
||||
# Require all granted
|
||||
# DirectoryIndex index.php
|
||||
# AllowOverride All
|
||||
# </Directory>
|
||||
# '' + optionalString (cfg.uploadsDir != null) ''
|
||||
# Alias "/images" "${cfg.uploadsDir}"
|
||||
# <Directory "${cfg.uploadsDir}">
|
||||
# Require all granted
|
||||
# </Directory>
|
||||
# '';
|
||||
# } ];
|
||||
# };
|
||||
|
||||
}
|
|
@ -23,8 +23,10 @@ in
|
|||
sane.allocations.greeter-uid = mkId 999;
|
||||
sane.allocations.greeter-gid = mkId 999;
|
||||
|
||||
# new servo users
|
||||
sane.allocations.freshrss-uid = mkId 2401;
|
||||
sane.allocations.freshrss-gid = mkId 2401;
|
||||
sane.allocations.mediawiki-uid = mkId 2402;
|
||||
|
||||
sane.allocations.colin-uid = mkId 1000;
|
||||
sane.allocations.guest-uid = mkId 1100;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
mediawiki_pw: ENC[AES256_GCM,data:g7qM+CMU12apnGQ=,iv:q5K8sBAaUi47Hr0DAWiU1o5CVIO6zkdVVGJ5Zk4P9HA=,tag:CFpSmsflkNFG4kIBzrr5yQ==,type:str]
|
||||
duplicity_passphrase: ENC[AES256_GCM,data:LgPORB0HhIAfpJdQrwjS+/TWdOeddQ2YNYqfRbWhhuNlImuOlniPzrPaaFv+Mfght7OHs7rnuVr3tOHfeIEBo9S2z05ABOulttHEyeuyJZPE1/0t8IBz2gcNNWs4nhCYbVX3y/rSAG8bhz1Vdb2B/MiCicfJEZAqpXkRilQELXTR5cF5NnmEcR7zOso=,iv:NvwZhBbkYnTDt3izwwQPj4U4XAmiOD5Dv3sF50JA97o=,tag:HSJ5xr/WXn6MQdyV8QYWYw==,type:str]
|
||||
#ENC[AES256_GCM,data:5uf2kYCg8ZqoOLv50QNI73MYV0HDl4ML2xEKHPOEvCf/Z3aeM6ED,iv:ljqw6IBTPDodejMO2dcjLYyv+LlS/7r9nQ7RyiKC2Dg=,tag:Jko9tIhER4ByDbv5qhsfaQ==,type:comment]
|
||||
ddns_he: ENC[AES256_GCM,data:zAKbEAIMIsENUctG9bNAAjAty6g+w3QW5VM=,iv:ncIjblXnTiU3TQcHJutz9lCl0wBdWs+FybY0sZcnaH0=,tag:7O6EIob2/if1fcVDVEkVzQ==,type:str]
|
||||
|
@ -59,8 +60,8 @@ sops:
|
|||
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
|
||||
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-12-08T14:21:43Z"
|
||||
mac: ENC[AES256_GCM,data:Hvc2H6aRvdZEjm1yqZRxxSFQ35CBHHgvwkXCyFwiC2SfFinM//ncRrh3j8uvXPXmA1BZ0eieP4RN5JwgwmvXLd3B46XO5gx4RQBqHBiFLeJ7ox24ePrCm77Mx8YWJdlRC5PJhMvcdqHa5R/q164dR1ebhx6lqUtKcz61/rKLHRs=,iv:VGcjU+tqPC4Des3yfAo6nxPIzlPxhztEvGy/XSHlvuw=,tag:w7nZlT01DC82F3/CmFLb9A==,type:str]
|
||||
lastmodified: "2022-12-15T09:12:44Z"
|
||||
mac: ENC[AES256_GCM,data:QQiTsQogs6MP9X0lrpf2FeSia6SeQP5/9dtUrWQOd2Vh/s0fBJfIGUdLeLgt5itvaD5QywY6lN9Rsx++BUN0rrwUu/uF42KOMC7wjHdSv07CYuDfvlFZItuIo5eWlfcEq9+p6/VwUXY0TU3M6Ex+mABT5XK67tnLuh/SoHUl+DA=,iv:12sa+wFdO5T7pZrLM3mnEwoJ0WmXZZLKpucEgMYQHMI=,tag:zZEz6+vTma6KDMwXi/fNZA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in New Issue
Block a user