forked from Drift/pvv-nixos-config
bekkalokk/mediawiki: fix path, upgrade security
This commit is contained in:
parent
a55c908fe7
commit
2cb7e06369
|
@ -64,12 +64,10 @@ in {
|
||||||
name = "mediawiki";
|
name = "mediawiki";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Host through nginx
|
webserver = "nginx";
|
||||||
webserver = "none";
|
nginx.hostName = "wiki.pvv.ntnu.no";
|
||||||
poolConfig = let
|
|
||||||
listenUser = config.services.nginx.user;
|
poolConfig = {
|
||||||
listenGroup = config.services.nginx.group;
|
|
||||||
in {
|
|
||||||
inherit user group;
|
inherit user group;
|
||||||
"pm" = "dynamic";
|
"pm" = "dynamic";
|
||||||
"pm.max_children" = 32;
|
"pm.max_children" = 32;
|
||||||
|
@ -77,8 +75,6 @@ in {
|
||||||
"pm.start_servers" = 2;
|
"pm.start_servers" = 2;
|
||||||
"pm.min_spare_servers" = 2;
|
"pm.min_spare_servers" = 2;
|
||||||
"pm.max_spare_servers" = 4;
|
"pm.max_spare_servers" = 4;
|
||||||
"listen.owner" = listenUser;
|
|
||||||
"listen.group" = listenGroup;
|
|
||||||
|
|
||||||
"catch_workers_output" = true;
|
"catch_workers_output" = true;
|
||||||
"php_admin_flag[log_errors]" = true;
|
"php_admin_flag[log_errors]" = true;
|
||||||
|
@ -108,9 +104,7 @@ in {
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
$wgGroupPermissions['*']['read'] = true;
|
$wgGroupPermissions['*']['read'] = true;
|
||||||
|
|
||||||
# Misc. URL rules
|
# Allow subdirectories in article URLs
|
||||||
$wgUsePathInfo = true;
|
|
||||||
$wgScriptExtension = ".php";
|
|
||||||
$wgNamespacesWithSubpages[NS_MAIN] = true;
|
$wgNamespacesWithSubpages[NS_MAIN] = true;
|
||||||
|
|
||||||
# Styling
|
# Styling
|
||||||
|
@ -159,20 +153,9 @@ in {
|
||||||
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
|
services.nginx.virtualHosts."wiki.pvv.ntnu.no" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
|
|
||||||
locations = {
|
locations = {
|
||||||
"/" = {
|
"= /wiki/Main_Page" = lib.mkForce {
|
||||||
index = "index.php";
|
return = "301 /wiki/Programvareverkstedet";
|
||||||
};
|
|
||||||
|
|
||||||
"~ /(.+\\.php)" = {
|
|
||||||
extraConfig = ''
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
# based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx
|
||||||
|
@ -194,23 +177,22 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"/images/".alias = "${config.services.mediawiki.uploadsDir}/";
|
|
||||||
|
|
||||||
"= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
|
"= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
|
||||||
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
|
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
|
||||||
"= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
|
"= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
|
||||||
buildInputs = with pkgs; [ imagemagick ];
|
buildInputs = with pkgs; [ imagemagick ];
|
||||||
} ''
|
} ''
|
||||||
convert \
|
convert \
|
||||||
-resize x64 \
|
-resize x64 \
|
||||||
-gravity center \
|
-gravity center \
|
||||||
-crop 64x64+0+0 \
|
-crop 64x64+0+0 \
|
||||||
${../../../../assets/logo_blue_regular.png} \
|
${../../../../assets/logo_blue_regular.png} \
|
||||||
-flatten \
|
-flatten \
|
||||||
-colors 256 \
|
-colors 256 \
|
||||||
-background transparent \
|
-background transparent \
|
||||||
$out
|
$out
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue