{ pkgs, pkgsOld, ... }: { containers."phtanumb-wiki" = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.1"; localAddress = "10.0.1.2"; nixpkgs = pkgs.path; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; isReadOnly = false; }; }; # extraVeths = { # "phtanumb" = { # hostAddress = "10.0.1.1"; # localAddress = "10.0.1.2"; # }; # }; config = { config, pkgs, ... }: { environment.systemPackages = with pkgs; [luajit]; networking.firewall.enable = false; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; services.mediawiki = { enable = true; name = "phtanum-b"; virtualHost = { hostName = "wiki.phtanum-b.katzen.cafe"; adminAddr = "admin@katzen.cafe"; listen = [ { ip = "10.0.1.2"; port = 80; # TODO for when not in train: set this true and deploy ssl = false; } ]; }; passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; # $wgShowDebug = true; # $wgDevelopmentWarnings = true; # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['oidc_editor']['edit'] = true; $wgGroupPermissions['oidc_editor']['createpage'] = true; $wgLogo = 'images/d/de/Phtanum-b-wikilogo.png'; $wgScribuntoDefaultEngine = 'luastandalone'; $wgScribuntoEngineConf['luastandalone']['luaPath'] = '${pkgs.luajit}/bin/lua'; $wgScribuntoUseGeSHi = true; $wgScribuntoUseCodeEditor = true; $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; $wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log"; $oidcClientSecret = file_get_contents('/var/mediawiki/keycloakClientSecret', false, null, 0, 32); $wgPluggableAuth_Config[] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.katzen.cafe/realms/phtanum-b', 'clientID' => 'phtanumb-wiki', # hack to try dynamically get the secret 'clientsecret' => $oidcClientSecret, 'global_roles' => ['property' => ['realm_access', 'roles']], 'wiki_roles' => ['property' => ['resource_access', 'phtanumb-wiki', 'roles']] ] ]; ''; extensions = { PluggableAuth = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_38-5331512.tar.gz"; sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q="; }; OpenIDConnect = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_38-8f8bab6.tar.gz"; sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU="; }; TemplateStyles = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/TemplateStyles-REL1_38-a2d1ae3.tar.gz"; sha256 = "sha256-AFTfKP5McB/UikA9RRAmw1vLrb7zWjbBLtJhsEP9sTY="; }; # this is cursed. why do the extensions 404??? #JsonConfig = pkgs.fetchzip { #url = "https://extdist.wmflabs.org/dist/extensions/JsonConfig-REL1_39-9840e0b.tar.gz"; #sha256 = "sha256-m6JfUftyokJUauAg8SV8p1daUiOpFMvxNMa3el/RrJ0="; #}; TemplateData = null; Scribunto = null; ParserFunctions = null; #VisualEditor = null; WikiEditor = null; CodeEditor = null; }; }; system.stateVersion = "22.11"; }; }; deployment.keys = { "passwordFile" = { keyCommand = ["pass" "wikis/phtanumb/password"]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"]; destDir = "/phtanum-b/wiki"; permissions = "0604"; }; }; }