1
0
Fork 0

bekkalokk/mediawiki: fix path, upgrade security

This commit is contained in:
Felix Albrigtsen 2024-04-02 20:03:45 +02:00 committed by h7x4
parent a55c908fe7
commit 2cb7e06369
Signed by untrusted user: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 16 additions and 34 deletions

View File

@ -64,12 +64,10 @@ in {
name = "mediawiki"; name = "mediawiki";
}; };
# Host through nginx webserver = "nginx";
webserver = "none"; nginx.hostName = "wiki.pvv.ntnu.no";
poolConfig = let
listenUser = config.services.nginx.user; poolConfig = {
listenGroup = config.services.nginx.group;
in {
inherit user group; inherit user group;
"pm" = "dynamic"; "pm" = "dynamic";
"pm.max_children" = 32; "pm.max_children" = 32;
@ -77,8 +75,6 @@ in {
"pm.start_servers" = 2; "pm.start_servers" = 2;
"pm.min_spare_servers" = 2; "pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4; "pm.max_spare_servers" = 4;
"listen.owner" = listenUser;
"listen.group" = listenGroup;
"catch_workers_output" = true; "catch_workers_output" = true;
"php_admin_flag[log_errors]" = true; "php_admin_flag[log_errors]" = true;
@ -108,9 +104,7 @@ in {
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = true; $wgGroupPermissions['*']['read'] = true;
# Misc. URL rules # Allow subdirectories in article URLs
$wgUsePathInfo = true;
$wgScriptExtension = ".php";
$wgNamespacesWithSubpages[NS_MAIN] = true; $wgNamespacesWithSubpages[NS_MAIN] = true;
# Styling # Styling
@ -159,20 +153,9 @@ in {
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = { services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
locations = { locations = {
"/" = { "= /wiki/Main_Page" = lib.mkForce {
index = "index.php"; return = "301 /wiki/Programvareverkstedet";
};
"~ /(.+\\.php)" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
}; };
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
@ -194,23 +177,22 @@ in {
''; '';
}; };
"/images/".alias = "${config.services.mediawiki.uploadsDir}/";
"= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg; "= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png; "= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
"= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" { "= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
buildInputs = with pkgs; [ imagemagick ]; buildInputs = with pkgs; [ imagemagick ];
} '' } ''
convert \ convert \
-resize x64 \ -resize x64 \
-gravity center \ -gravity center \
-crop 64x64+0+0 \ -crop 64x64+0+0 \
${../../../../assets/logo_blue_regular.png} \ ${../../../../assets/logo_blue_regular.png} \
-flatten \ -flatten \
-colors 256 \ -colors 256 \
-background transparent \ -background transparent \
$out $out
''; '';
}; };
}; };
} }