nixos/modules/services/mediawiki.nix

{ lib, pkgs, config, ... }:

let
  version = pkgs.mediawiki.version;
  major = lib.versions.major version;
  minor = lib.versions.minor version;
in
{
  age.secrets.mediawiki-admin-passwd = {
    file = ../../secrets/mediakiwi/mediawiki-admin-passwd.age;
    owner = "mediawiki";
  };

  age.secrets.mediawiki-ldap = {
    file = ../../secrets/mediakiwi/mediawiki-ldap.age;
    owner = "mediawiki";
  };

  services.mediawiki = {
    enable = true;

    name = "Wiki Crans";

    nginx.hostName = "mediakiwi.crans.org";

    webserver = "nginx";

    passwordFile = config.age.secrets.mediawiki-admin-passwd.path;

    extraConfig = ''
      # Server settings
      $wgFavicon = 'https://www.crans.org/images/favicon.ico';
      $wgLogo = 'https://www.crans.org/images/crans.svg';

      # E-mail settings
      $wgEnableEmail = true;
      # $wgSMTP = [
      #   'host'      => 'smtp.adm.crans.org',
      #   'IDHost'    => 'crans.org',
      #   'localhost' => 'crans.org',
      #   'port'      => ,
      #   'auth'      => false,
      #   # 'username'  => ,
      #   # 'password'  => ,
      # ];
      $wgPasswordSender = 'root@crans.org';
      $wgEmergencyContact = 'contact@crans.org';
      $wgNoReplyAddress = 'root@crans.org';
      $wgEnableUserEmail = false;
      # $wgEnableSpecialMute = true;
      $wgAllowHTMLEmail = true;

      $wgEnotifUseRealName = false;
      $wgEnotifFromEditor = false;
      $wgEnotifRevealEditorAddress = false;
      $wgEnotifUserTalk = true;
      $wgEnotifMinorEdits = true;
      $wgEnotifWatchlist = true;
      # Peut-être utilisé pour les Wikistes
      $wgUsersNotifiedOnAllChanges = [];

      # Auth
      $wgPluggableAuth_EnableLocalLogin = true;
      $LDAPAuthentication2AllowLocalLogin = true;
      $LDAPProviderDomainConfigs = "${config.age.secrets.mediawiki-ldap.path}";
      $wgPluggableAuth_Config = [
        "Compte Crans" => [
          'plugin' => 'LDAPAuthentication2',
          'data' => [
            'domain' => 'crans'
          ]
        ],
        # "Note BDE" => [
        #   'plugin' => 'OpenIDConnect',
        # ]
      ];
    
      # Theme
      $wgDefaultSkin = 'citizen';
      $wgCitizenThemeColor = '#AD1F1F';
      $wgCitizenEnableARFonts = true;
      $wgCitizenEnableCJKFonts = true;

      $wgLanguageCode = 'fr';

      # Disable anonymous editing
      $wgGroupPermissions['*']['edit'] = false;

      # Extensions
      $wgWikiEditorRealtimePreview = true;

      # Debug
      $wgShowExceptionDetails = true;
      $wgDebugToolbar = true;
      # $wgShowDebug = true;
      # $wgDevelopmentWarnings = true;
    '';

    skins = {
      Citizen = pkgs.fetchFromGitHub {
        name = "Citizen";
        owner = "StarCitizenTools";
        repo = "mediawiki-skins-Citizen";
        tag = "v3.2.0";
        sha256 = "sha256-XtjYMBK2pINwbAzAKFJ+nWxcFXQd2E/Gqf3x+3Pa8VE=";
      };
    };

    extensions = {
      # Enables embedded extensions
      Math = null;
      MultimediaViewer = null;
      SyntaxHighlight_GeSHi = null;
      VisualEditor = null;
      WikiEditor = null;

      # Popups
      TextExtracts = null;
      PageImages = null;
      Popups = pkgs.fetchFromGitHub {
        name = "Popups";
        owner = "wikimedia";
        repo = "mediawiki-extensions-Popups";
        rev = "REL" + major + "_" + minor;
        # Le SHA doit être changé à chaque nouveau commit de traduction.
        # Pas de meilleure solution à ma connaissance pour suivre les releases.
        sha256 = "sha256-Vn/XGVYvM5doPtTEONESdVhgZlH/Fku74MeQbGrwU/E=";
      };

      # Auth
      PluggableAuth = pkgs.fetchFromGitHub {
        name = "PluggableAuth";
        owner = "wikimedia";
        repo = "mediawiki-extensions-PluggableAuth";
        rev = "REL" + major + "_" + minor;
        # Le SHA doit être changé à chaque nouveau commit de traduction.
        # Pas de meilleure solution à ma connaissance pour suivre les releases.
        sha256 = "sha256-3+nzeWemVAHGmLz3ZMvDSvP2UCmsnEiGJcE/oEakr2s=";
      };
      LDAPProvider = pkgs.fetchFromGitHub {
        name = "LDAPProvider";
        owner = "wikimedia";
        repo = "mediawiki-extensions-LDAPProvider";
        rev = "REL" + major + "_" + minor;
        # Le SHA doit être changé à chaque nouveau commit de traduction.
        # Pas de meilleure solution à ma connaissance pour suivre les releases.
        sha256 = "sha256-bpj+MS4XKLoDdtEK+Mv7Ifa6qz215jKhSL1DOOw4ZPs=";
      };
      LDAPAuthentication2 = pkgs.fetchFromGitHub {
        name = "LDAPAuthentication2";
        owner = "wikimedia";
        repo = "mediawiki-extensions-LDAPAuthentication2";
        rev = "REL" + major + "_" + minor;
        # Le SHA doit être changé à chaque nouveau commit de traduction.
        # Pas de meilleure solution à ma connaissance pour suivre les releases.
        sha256 = "sha256-oi5rliHb4KnLbvQxO7MGuLp/FEucoGR/Z0NP1gmbgMc=";
      };
      OpenIDConnect = pkgs.fetchFromGitHub {
        name = "OpenIDConnect";
        owner = "wikimedia";
        repo = "mediawiki-extensions-OpenIDConnect";
        rev = "REL" + major + "_" + minor;
        # Le SHA doit être changé à chaque nouveau commit de traduction.
        # Pas de meilleure solution à ma connaissance pour suivre les releases.
        sha256 = "sha256-KoBULn53xnY+ydodeTGN7YEoqgLr9qhhuR5mNibbh5s=";
      };
    };
  };
}