{ lib, pkgs, config, ... }: let version = pkgs.mediawiki.version; major = lib.versions.major version; minor = lib.versions.minor version; in { age.secrets.mediawiki-admin-passwd = { file = ../../secrets/mediakiwi/mediawiki-admin-passwd.age; owner = "mediawiki"; }; age.secrets.mediawiki-ldap = { file = ../../secrets/mediakiwi/mediawiki-ldap.age; owner = "mediawiki"; }; services.phpfpm.pools.mediawiki.phpOptions = '' upload_max_filesize = 512M post_max_size = 512M max_execution_time = 1000 max_input_time = 2000 default_socket_timeout = 2000 ''; services.nginx.clientMaxBodySize = "512M"; services.mediawiki = { enable = true; name = "Wiki Crans"; nginx.hostName = "mediakiwi.crans.org"; webserver = "nginx"; passwordFile = config.age.secrets.mediawiki-admin-passwd.path; extraConfig = '' # Server settings $wgFavicon = 'https://www.crans.org/images/favicon.ico'; $wgLogo = 'https://www.crans.org/images/crans.svg'; # Files and Uploads $wgMaxUploadSize = 512 * 1024 * 1024; # E-mail settings $wgEnableEmail = true; # $wgSMTP = [ # 'host' => 'smtp.adm.crans.org', # 'IDHost' => 'crans.org', # 'localhost' => 'crans.org', # 'port' => , # 'auth' => false, # # 'username' => , # # 'password' => , # ]; $wgPasswordSender = 'root@crans.org'; $wgEmergencyContact = 'contact@crans.org'; $wgNoReplyAddress = 'root@crans.org'; $wgEnableUserEmail = false; # $wgEnableSpecialMute = true; $wgAllowHTMLEmail = true; $wgEnotifUseRealName = false; $wgEnotifFromEditor = false; $wgEnotifRevealEditorAddress = false; $wgEnotifUserTalk = true; $wgEnotifMinorEdits = true; $wgEnotifWatchlist = true; # Peut-être utilisé pour les Wikistes $wgUsersNotifiedOnAllChanges = []; # Auth $wgPluggableAuth_EnableLocalLogin = true; $LDAPAuthentication2AllowLocalLogin = true; $LDAPProviderDomainConfigs = "${config.age.secrets.mediawiki-ldap.path}"; $wgPluggableAuth_Config = [ "Compte Crans" => [ 'plugin' => 'LDAPAuthentication2', 'data' => [ 'domain' => 'crans' ] ], # "Note BDE" => [ # 'plugin' => 'OpenIDConnect', # ] ]; # Theme $wgDefaultSkin = 'citizen'; $wgCitizenThemeColor = '#AD1F1F'; $wgCitizenEnableARFonts = true; $wgCitizenEnableCJKFonts = true; $wgLanguageCode = 'fr'; # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false; # Extensions $wgWikiEditorRealtimePreview = true; # Custom Namespaces define("NS_ARCHIVE", 3000); define("NS_ARCHIVE_TALK", 3001); $wgExtraNamespaces[NS_ARCHIVE] = "Archive"; $wgExtraNamespaces[NS_ARCHIVE_TALK] = "Discussion_archive"; # Debug $wgShowExceptionDetails = true; $wgDebugToolbar = true; # $wgShowDebug = true; # $wgDevelopmentWarnings = true; ''; skins = { Citizen = pkgs.fetchFromGitHub { name = "Citizen"; owner = "StarCitizenTools"; repo = "mediawiki-skins-Citizen"; tag = "v3.2.0"; sha256 = "sha256-XtjYMBK2pINwbAzAKFJ+nWxcFXQd2E/Gqf3x+3Pa8VE="; }; }; extensions = { # Enables embedded extensions Math = null; MultimediaViewer = null; Nuke = null; SyntaxHighlight_GeSHi = null; TemplateData = null; VisualEditor = null; WikiEditor = null; # Bundled with next version, put as null in the next update TemplateStyles = pkgs.fetchFromGitHub { name = "TemplateStyles"; owner = "wikimedia"; repo = "mediawiki-extensions-TemplateStyles"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-fCBccHTIBJrUyxe6oP7VR84HO65ICETE73X4rswQo4c="; }; # Popups TextExtracts = null; PageImages = null; Popups = pkgs.fetchFromGitHub { name = "Popups"; owner = "wikimedia"; repo = "mediawiki-extensions-Popups"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-Vn/XGVYvM5doPtTEONESdVhgZlH/Fku74MeQbGrwU/E="; }; # Auth PluggableAuth = pkgs.fetchFromGitHub { name = "PluggableAuth"; owner = "wikimedia"; repo = "mediawiki-extensions-PluggableAuth"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-3+nzeWemVAHGmLz3ZMvDSvP2UCmsnEiGJcE/oEakr2s="; }; LDAPProvider = pkgs.fetchFromGitHub { name = "LDAPProvider"; owner = "wikimedia"; repo = "mediawiki-extensions-LDAPProvider"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-bpj+MS4XKLoDdtEK+Mv7Ifa6qz215jKhSL1DOOw4ZPs="; }; LDAPAuthentication2 = pkgs.fetchFromGitHub { name = "LDAPAuthentication2"; owner = "wikimedia"; repo = "mediawiki-extensions-LDAPAuthentication2"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc="; }; OpenIDConnect = pkgs.fetchFromGitHub { name = "OpenIDConnect"; owner = "wikimedia"; repo = "mediawiki-extensions-OpenIDConnect"; rev = "REL" + major + "_" + minor; # Le SHA doit être changé à chaque nouveau commit de traduction. # Pas de meilleure solution à ma connaissance pour suivre les releases. sha256 = "sha256-KoBULn53xnY+ydodeTGN7YEoqgLr9qhhuR5mNibbh5s="; }; }; }; }