{ pkgs, ... }: { containers."phtanumb-wiki" = { autoStart = true; hostAddress = "127.0.0.1"; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; isReadOnly = false; }; }; forwardPorts = [ { protocol = "tcp"; hostPort = 5432; containerPort = 5432; } { protocol = "tcp"; hostPort = 8081; containerPort = 8081; } ]; config = { config, pkgs, ... }: { services.mediawiki = { enable = true; name = "phtanum-b"; virtualHost.listen = [ { ip = "127.0.0.2"; port = 8081; ssl = false; } ]; virtualHost.hostName = "wiki.phtanum-b.katzen.cafe"; virtualHost.adminAddr = "admin@katzen.cafe"; passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # $wgShowExceptionDetails = true; # $wgDebugToolbar = true; # $wgShowDebug = true; # $wgDevelopmentWarnings = true; # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['oidc_editor']['edit'] = true; $wgGroupPermissions['oidc_editor']['createpage'] = true; $wgLogo = 'images/d/de/Phtanum-b-wikilogo.png'; $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin']['userrights'] = true; $wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log"; $oidcClientSecret = file_get_contents('/var/mediawiki/keycloakClientSecret', false, null, 0, 32); $wgPluggableAuth_Config[] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.katzen.cafe/realms/phtanum-b', 'clientID' => 'phtanumb-wiki', # hack to try dynamically get the secret 'clientsecret' => $oidcClientSecret, 'global_roles' => ['property' => ['realm_access', 'roles']], 'wiki_roles' => ['property' => ['resource_access', 'phtanumb-wiki', 'roles']] ] ]; ''; extensions = { PluggableAuth = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_38-5331512.tar.gz"; sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q="; }; OpenIDConnect = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_38-8f8bab6.tar.gz"; sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU="; }; }; }; system.stateVersion = "22.11"; }; }; deployment.keys = { "passwordFile" = { keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-passwordFile" ]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-keycloak-secret" ]; destDir = "/phtanum-b/wiki"; permissions = "0604"; }; }; }