WIP: setup mediawiki

add eirikwit to sops
flake update: matrix module bug fix
2024-03-23 22:11:08 +01:00 · 2024-03-16 22:38:16 +01:00 · 2024-03-13 07:41:12 +01:00 · 2024-03-13 06:33:43 +01:00 · 2024-03-05 05:52:31 +01:00 · 2024-03-05 05:28:23 +01:00
7 changed files with 134 additions and 70 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -3,6 +3,7 @@ keys:
  - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
  - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
  - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
  - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
  # Hosts
  - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
@ -18,6 +19,7 @@ creation_rules:
      - *host_jokum
      - *user_danio
      - *user_felixalb
      - *user_eirikwit
      pgp:
      - *user_oysteikt
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1702569759,
+        "lastModified": 1710169806,
-        "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
+        "narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
+        "rev": "fe064a639319ed61cdf12b8f6eded9523abcc498",
        "type": "github"
      },
      "original": {
@ -62,14 +62,16 @@
    },
    "matrix-next": {
      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
+        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1701507532,
+        "lastModified": 1710311999,
-        "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
+        "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
+        "rev": "6c9b67974b839740e2a738958512c7a704481157",
        "type": "github"
      },
      "original": {
@ -80,11 +82,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1702601832,
+        "lastModified": 1710248792,
-        "narHash": "sha256-z+GyetKtwj7ZVZrRcI73N8Xy1B3JGAqDyPniBFRpIgo=",
+        "narHash": "sha256-yFyWw4na+nJgtXwhHs2SJSy5Lcw94/FcMbBOorlGdfI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dff64d4ba6e9dc3f0a4ef8737f372a528d5bc8d1",
+        "rev": "efbb274f364c918b9937574de879b5874b5833cc",
        "type": "github"
      },
      "original": {
@ -93,44 +95,29 @@
        "type": "indirect"
      }
    },
    "nixpkgs-lib": {
      "locked": {
        "lastModified": 1673743903,
        "narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1702148972,
+        "lastModified": 1710033658,
-        "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
+        "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
+        "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "release-23.05",
+        "ref": "release-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1702635820,
+        "lastModified": 1710247538,
-        "narHash": "sha256-rClms9NTmSL/WIN5VmEccVhUExMkjCrRNswxU9QGNNo=",
+        "narHash": "sha256-Mm3aCwfAdYgG2zKf5SLRBktPH0swXN1yEetAMn05KAA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "02357adddd0889782362d999628de9d309d202dc",
+        "rev": "21adc4f16a8ab151fec83b9d9368cd62d9de86bc",
        "type": "github"
      },
      "original": {
@ -179,11 +166,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1702177193,
+        "lastModified": 1710195194,
-        "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
+        "narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
+        "rev": "e52d8117b330f690382f1d16d81ae43daeb4b880",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -15,6 +15,7 @@
    pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
    matrix-next.url = "github:dali99/nixos-matrix-modules";
    matrix-next.inputs.nixpkgs.follows = "nixpkgs";
    grzegorz.url = "github:Programvareverkstedet/grzegorz";
    grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@ -13,7 +13,7 @@
    ./services/nginx
    ./services/gitea/default.nix
    ./services/webmail
-    # ./services/mediawiki.nix
+    ./services/mediawiki.nix
  ];
  sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
--- a/hosts/bekkalokk/services/gitea/gitea-import-users.py
+++ b/hosts/bekkalokk/services/gitea/gitea-import-users.py
@ -32,7 +32,6 @@ def add_user(username, name):
            "full_name": name,
            "username": username,
            "login_name": username,
            "visibility": "public",
            "source_id": 1,  # 1 = SMTP
    }
@ -52,6 +51,7 @@ def add_user(username, name):
        existing_users[username] = user
    else:
        user["visibility"] = existing_users[username]["visibility"]
        r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
                           json=user,
                           headers={'Authorization': 'token ' + API_TOKEN})
--- a/hosts/bekkalokk/services/mediawiki.nix
+++ b/hosts/bekkalokk/services/mediawiki.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, values, ... }: let
+{ pkgs, lib, config, values, pkgs-unstable, ... }: let
  cfg = config.services.mediawiki;
  # "mediawiki"
@ -13,7 +13,7 @@ in {
      owner = user;
      group = group;
    };
-    "keys/postgres/mediawiki" = {
+    "mediawiki/database" = {
      restartUnits = [ "mediawiki-init.service" "phpfpm-mediawiki.service" ];
      owner = user;
      group = group;
@ -30,7 +30,7 @@ in {
      type = "postgres";
      host = "postgres.pvv.ntnu.no";
      port = config.services.postgresql.port;
-      passwordFile = config.sops.secrets."keys/postgres/mediawiki".path;
+      passwordFile = config.sops.secrets."mediawiki/database".path;
      createLocally = false;
      # TODO: create a normal database and copy over old data when the service is production ready
      name = "mediawiki_test";
@ -61,35 +61,45 @@ in {
    extensions = {
      DeleteBatch = pkgs.fetchzip {
-        url = "https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_39-995ea6f.tar.gz";
+        name = "mediawiki-delete-batch-source";
-	sha256 = "sha256-0F4GLCy2f5WcWIY2YgF1tVxgYbglR0VOsj/pMrW93b8=";
+        url = "https://extdist.wmflabs.org/dist/extensions/DeleteBatch-REL1_40-4fe36dc.tar.gz";
 	hash = "sha256-jmRkjHFQR9cjPr1eBHVDLHm0xO4OPn9HYiYwrkBT/aA=";
      };
      UserMerge = pkgs.fetchzip {
-        url = "https://extdist.wmflabs.org/dist/extensions/UserMerge-REL1_39-b10d50e.tar.gz";
+        name = "mediawiki-user-merge-source";
-	sha256 = "sha256-bXhj1+OlOUJDbvEuc8iwqb1LLEu6cN6+C/7cAvnWPOQ=";
+        url = "https://extdist.wmflabs.org/dist/extensions/UserMerge-REL1_40-7407806.tar.gz";
 	hash = "sha256-NHAw79pDxjia46J5DIGV9AoF9UazSahT8DZgUUn/pQE=";
      };
      PluggableAuth = pkgs.fetchzip {
-        url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-1210fc3.tar.gz";
+        name = "mediawiki-pluggable-auth-source";
-	sha256 = "sha256-F6bTMCzkK3kZwZGIsNE87WlZWqXXmTMhEjApO99YKR0=";
+        url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-eb10a76.tar.gz";
 	hash = "sha256-GFmtQc0SeBpvI+7iHOVw77JR2h+hwPxo8+wZ9RED8a8=";
      };
      SimpleSAMLphp = pkgs.fetchzip {
-        url = "https://extdist.wmflabs.org/dist/extensions/SimpleSAMLphp-REL1_39-dcf0acb.tar.gz";
+        name = "mediawiki-simple-saml-php-source";
-        sha256 = "sha256-tCvFmb2+q2rxms+lRo5pgoI3h6GjCwXAR8XisPg03TQ=";
+        url = "https://extdist.wmflabs.org/dist/extensions/SimpleSAMLphp-REL1_40-8043943.tar.gz";
        hash = "sha256-HJHcrv/FNqPJegrHo4VPVjw0alkyHwetFZiLwjHsf6Y=";
      };
    };
    extraConfig = let
-
+      SimpleSAMLphpRepo = pkgs-unstable.php.buildComposerProject rec {
      SimpleSAMLphpRepo = pkgs.stdenvNoCC.mkDerivation rec {
        pname = "configuredSimpleSAML";
-	version = "2.0.4";
+	version = "2.1.0-rc1";
-        src = pkgs.fetchzip {
+        src = pkgs.fetchFromGitHub {
-          url = "https://github.com/simplesamlphp/simplesamlphp/releases/download/v${version}/simplesamlphp-${version}.tar.gz";
+          owner = "simplesamlphp";
-          sha256 = "sha256-pfMV/VmqqxgtG7Nx4s8MW4tWSaxOkVPtCRJwxV6RDSE=";
+          repo = "simplesamlphp";
          # name = "simple-saml-php-source";
          # url = "https://github.com/simplesamlphp/simplesamlphp/releases/download/v${version}/simplesamlphp-${version}.tar.gz";
          rev = "v${version}";
          hash = "sha256-E7S6T/EfuhNbe697OiklZ77wMRkOb/ABJXoL5MphMCY=";
        };
-	buildPhase = ''
+        composerStrictValidation = false;
-          cat > config/authsources.php << EOF
+
 	vendorHash = "sha256-vr9mWXN9v6tGNvPtxQ+pgf7OYj8dedzWfxt6Xw1nCm0=";
        configAuthsourcesPhp = ''
          <?php
          $config = array(
            'default-sp' => array(
@ -97,11 +107,51 @@ in {
              'idp' => 'https://idp.pvv.ntnu.no/',
            ),
          );
-	  EOF
+        '';
 	'';
-	installPhase = ''
+        # TODO: this could be fetched automagically with these:
-	  cp -r . $out
+        #   - https://simplesamlphp.org/docs/contrib_modules/metarefresh/simplesamlphp-automated_metadata.html
        #   - https://idp.pvv.ntnu.no/simplesaml/saml2/idp/metadata.php
        metadataSaml20IdpRemotePhp = ''
          <?php
          $metadata['https://idp.pvv.ntnu.no/'] = array (
            'metadata-set' => 'saml20-idp-remote',
            'entityid' => 'https://idp.pvv.ntnu.no/',
            'SingleSignOnService' =>
            array (
              0 =>
              array (
                'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SSOService.php',
              ),
            ),
            'SingleLogoutService' =>
            array (
              0 =>
              array (
                'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                'Location' => 'https://idp.pvv.ntnu.no/simplesaml/saml2/idp/SingleLogoutService.php',
              ),
            ),
            'certData' => 'pvvcert.pem',
            'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
          );
        '';
        pvvcert = ''
          MIIDpTCCAo2gAwIBAgIJAJIgibrB7NvsMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAk5PMR4wHAYDVQQKDBVQcm9ncmFtdmFyZXZlcmtzdGVkZXQxGDAWBgNVBAMMD2lkcC5wdnYubnRudS5ubzEgMB4GCSqGSIb3DQEJARYRZHJpZnRAcHZ2Lm50bnUubm8wHhcNMTcxMTEzMjI0NTQyWhcNMjcxMTEzMjI0NTQyWjBpMQswCQYDVQQGEwJOTzEeMBwGA1UECgwVUHJvZ3JhbXZhcmV2ZXJrc3RlZGV0MRgwFgYDVQQDDA9pZHAucHZ2Lm50bnUubm8xIDAeBgkqhkiG9w0BCQEWEWRyaWZ0QHB2di5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveLujCsgVCRA360y5yezy8FcSPhaqodggDqY12UTkYOMQLBFaph6uUL4oCUlXZqxScrAYVRt9yw+7BYpcm0p51VZzVCsfMxRVkn+O1eUvsaXq3f13f87QHKYP2f0uqkGf5PvnKIdSaI/ix8WJhD8XT+h0OkHEcaBvUtSG7zbEhvG21WPHwgw2rvZSneArQ8tOitZC0u8VXSfdhtf6ynRseo0xC95634UwQAZivhQ2v4A6Tp57QG5DCXIJ9/z3PkINx3KB/hOeh0EP6Dpbp+7V0/t9778E3whpm4llrH144kzROhA7EgUgkZOjAVjxGCYlcj3xQPnnItihVOZ5B5qLwIDAQABo1AwTjAdBgNVHQ4EFgQUPLhrB+Qb/Kzz7Car9GJkKmEkz6swHwYDVR0jBBgwFoAUPLhrB+Qb/Kzz7Car9GJkKmEkz6swDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAd+4E6t0j8/p8rbZE8y/gZ9GsiRhxkR4l6JbMRUfEpqHKi415qstChRcP2Lo3Yd5qdmj9tLDWoPsqet1QgyTTmQTgUmPhhMOQDqSh90LuqEJseKWafXGS/SfWLH6MWVmzDV5YofJEw2ThPiU58GiS06OLS2poq1eAesa2LQ22J8yYisXM4sxImIFte+LYQ1+1evfBWcvU1vrGsQ0VLJHdef9WoXp1swUFhq4Zk0c7gjHiB1CFVlExAAlk9L6W3CVXmKIYlf4eUnEBGkC061Ir42+uhAMWO9Y/L1NEuboTyd2KAI/6JdKdzpmfk7zPVxWlNxNCZ7OPNuvOKp6VlpB2EA==
        '';
        passAsFile = [
          "configAuthsourcesPhp"
          "metadataSaml20IdpRemotePhp"
          "pvvcert"
        ];
 	postPatch = ''
          install -Dm444 "$configAuthsourcesPhpPath" "config/authsources.php"
          install -Dm444 "$metadataSaml20IdpRemotePhpPath" "metadata/saml20-idp-remote.php"
          install -Dm444 "$pvvcertPath" "cert/pvvcert.pem"
 	'';
      };
@ -172,4 +222,23 @@ in {
    ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick
  '';
  services.nginx.virtualHosts."bekkalokk.pvv.ntnu.no" = {
    forceSSL = true;
    enableACME = true;
    root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
    locations =  {
      "/" = {
        extraConfig = ''
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_index index.php;
          fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
          include ${pkgs.nginx}/conf/fastcgi_params;
          include ${pkgs.nginx}/conf/fastcgi.conf;
        '';
      };
      "/images".root = config.services.mediawiki.uploadsDir;
    };
  };
 }
--- a/hosts/bicep/services/matrix/element.nix
+++ b/hosts/bicep/services/matrix/element.nix
@ -24,21 +24,26 @@ in {
        features = {
          feature_latex_maths = true;
          feature_pinning = true;
          feature_render_reaction_images = true;
          feature_state_counters = true;
-          feature_custom_status = false;
+          # element call group calls
          feature_group_calls = true;
        };
        default_theme = "dark";
        # Servers in this list should provide some sort of valuable scoping
        # matrix.org is not useful compared to matrixrooms.info,
        # because it has so many general members, rooms of all topics are on it.
        # Something matrixrooms.info is already providing.
        room_directory.servers = [
          "pvv.ntnu.no"
-          "matrix.omegav.no"
+          "matrixrooms.info" # Searches all public room directories
-          "matrix.org"
+          "matrix.omegav.no" # Friends
-          "libera.chat"
+          "gitter.im" # gitter rooms
-          "gitter.im"
+          "mozilla.org" # mozilla and friends
-          "mozilla.org"
+          "kde.org" # KDE rooms
-          "kde.org"
+          "fosdem.org" # FOSDEM
-          "t2bot.io"
+          "dodsorf.as" # PVV Member
-          "fosdem.org"
+          "nani.wtf" # PVV Member
          "dodsorf.as"
        ];
        enable_presence_by_hs_url = {
          "https://matrix.org" = false;
Author	SHA1	Message	Date
Oystein Kristoffer Tveit	5378466d7f	WIP: setup mediawiki Eval nix flake / evals (push) Failing after 1m49s Details	2024-03-23 22:11:08 +01:00
Daniel Lovbrotte Olsen	fe4dd21acb	add eirikwit to sops Eval nix flake / evals (push) Failing after 1m44s Details	2024-03-16 22:38:16 +01:00
Daniel Lovbrotte Olsen	0336744124	flake update: matrix module bug fix Eval nix flake / evals (push) Failing after 1m55s Details	2024-03-13 07:41:12 +01:00
Daniel Lovbrotte Olsen	b4d6e00622	Update flake.lock to get new matrix module Eval nix flake / evals (push) Failing after 1m51s Details	2024-03-13 06:33:43 +01:00
Daniel Lovbrotte Olsen	7c6d4d31c7	bicep/matrix/element: update room directories Eval nix flake / evals (push) Failing after 1m44s Details	2024-03-05 05:52:31 +01:00
Daniel Lovbrotte Olsen	9f46be1ca1	bicep/matrix: update element lab flags and room directoriy listings Eval nix flake / evals (push) Failing after 1m44s Details	2024-03-05 05:28:23 +01:00
Jo Vassbotn Remvik	545583cf04	bekkalokk/gitea: Do not change the user visibility Eval nix flake / evals (push) Failing after 1m55s Details	2024-03-03 00:29:24 +01:00
Felix Albrigtsen	62b269637a	bekkalokk/gitea: unset visibility when updating users Eval nix flake / evals (push) Failing after 1m50s Details	2024-02-12 11:24:14 +01:00