diff options
| -rw-r--r-- | configuration.nix | 6 | ||||
| -rw-r--r-- | wikiwiki.nix | 64 |
2 files changed, 70 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix index 617a042..94109f7 100644 --- a/configuration.nix +++ b/configuration.nix @@ -42,6 +42,7 @@ ./static.nix ./status.nix ./vpsadminos.nix + ./wikiwiki.nix ]; networking = { @@ -138,6 +139,11 @@ openssh.authorizedKeys.keyFiles = [ "/etc/ssh/mingnho.pub" ]; }; + ooze = { + isNormalUser = true; + openssh.authorizedKeys.keyFiles = [ "/etc/ssh/ooze.pub" ]; + }; + owocean = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ "/etc/ssh/owocean.pub" ]; diff --git a/wikiwiki.nix b/wikiwiki.nix new file mode 100644 index 0000000..aa24e01 --- /dev/null +++ b/wikiwiki.nix @@ -0,0 +1,64 @@ +# MediaWiki server for Wikipedia research +# Copyright (C) 2023 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, lib, ... }: +let hostname = "nhanh.${config.networking.domain}"; +in { + services = { + mediawiki = { + database.type = "postgres"; + enable = true; + extensions = { + # null means enabled here. + Cite = null; + Interwiki = null; + }; + extraConfig = '' + $wgEnableEmail = false; + $wgGroupPermissions['*']['read'] = false; + $wgGroupPermissions['*']['edit'] = false; + $wgGroupPermissions['*']['createaccount'] = false; + ''; + name = "Research on Wikipedia governance"; + nginx.hostName = hostname; + passwordFile = "/dev/null"; # this is so dumb + webserver = "nginx"; + }; + + nginx.virtualHosts.${hostname} = { + enableACME = true; + forceSSL = true; + # Work around resources not found: + # https://github.com/NixOS/nixpkgs/pull/255776#issuecomment-1759131411 + locations = let + inherit (lib) mkForce; + rewrite = { + extraConfig = mkForce '' + rewrite ^/w/(.*) /$1 break; + add_header Cache-Control "public"; + expires 7d; + ''; + tryFiles = mkForce null; + }; + in { + "~ ^/w/resources/(assets|lib|src)" = rewrite; + "~ ^/w/(skins|extensions)/.+\\.(css|js|gif|jpg|jpeg|png|svg|wasm|ttf|woff|woff2)$" = rewrite; + }; + }; + }; +} |