{ pkgs, ... }: { containers."phtanumb-wiki" = { autoStart = true; hostAddress = "127.0.0.1"; bindMounts = { "/var/mediawiki" = { hostPath = "/phtanum-b/wiki"; isReadOnly = false; }; }; forwardPorts = [ { protocol = "tcp"; hostPort = 5432; containerPort = 5432; } { protocol = "tcp"; hostPort = 8081; containerPort = 8081; } ]; config = { config, pkgs, ... }: { services.mediawiki = { enable = true; name = "phtanum-b"; virtualHost.listen = [ { ip = "127.0.0.2"; port = 8081; ssl = false; } ]; virtualHost.hostName = "wiki.phtanum-b.katzen.cafe"; virtualHost.adminAddr = "admin@katzen.cafe"; passwordFile = "/var/mediawiki/passwordFile"; extraConfig = '' # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; $wgDebugLogFile = "/var/log/mediawiki/debug-{$wgDBname}.log"; $wgPluggableAuth_Config["katzen.cafe authentication"] = [ 'plugin' => 'OpenIDConnect', 'data' => [ 'providerURL' => 'https://auth.katzen.cafe/realms/master/', 'clientID' => 'phtanumb-wiki', 'clientsecret' => '/var/mediawiki/keycloakClientSecret', ] ]; ''; extensions = { PluggableAuth = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_38-5331512.tar.gz"; sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q="; }; OpenIDConnect = pkgs.fetchzip { url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_38-8f8bab6.tar.gz"; sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU="; }; }; }; system.stateVersion = "22.11"; }; }; deployment.keys = { "passwordFile" = { keyCommand = [ "cat" "/home/jade/keys/phtanumb-wiki/passwordFile" ]; destDir = "/phtanum-b/wiki"; }; "keycloakClientSecret" = { keyCommand = [ "cat" "/home/jade/keys-tmp/phtanumb-wiki-keycloak-secret" ]; destDir = "/phtanum-b/wiki"; }; }; }