Enable mailing for Mediawiki

infra/vm02187/wiki.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, ... }:
 
 {
   services.phpfpm.pools.mediawiki.phpOptions = ''
@@ -11,7 +11,7 @@
     name = "Fediversity Wiki";
     webserver = "nginx";
     nginx.hostName = "wiki.fediversity.eu";
-    passwordFile = pkgs.writeText "password" "eiM9etha8ohmo9Ohphahpesiux0ahda6";
+    passwordFile = config.age.secrets.wiki-password.path;
     extraConfig = ''
       # Disable anonymous editing
       $wgGroupPermissions['*']['edit'] = false;
@@ -24,7 +24,7 @@
 
       ## Permissions
       $wgGroupPermissions['*']['edit'] = false;
-      $wgGroupPermissions['*']['createaccount'] = false;
+      $wgGroupPermissions['*']['createaccount'] = true;
       $wgGroupPermissions['*']['autocreateaccount'] = true;
       $wgGroupPermissions['user']['edit'] = true;
       $wgGroupPermissions['user']['createaccount'] = true;
@@ -35,6 +35,19 @@
       $wgUploadSizeWarning = 1024*1024*512;
       $wgMaxUploadSize = 1024*1024*1024;
 
+      $wgEnableEmail = true;
+      $wgPasswordSender = "wiki@fediversity.eu";
+      $wgEmergencyContact = "wiki@fediversity.eu";
+      $wgSMTP = [
+        'host'      => 'mail.protagio.nl',
+        'IDHost'    => 'fediversity.eu',
+        'localhost' => 'fediversity.eu',
+        'port'      => 587,
+        'auth'      => true,
+        'username'  => 'wiki@fediversity.eu',
+      ];
+      require_once("${config.age.secrets.wiki-smtp-password.path}");
+
       $wgHeadScriptCode = <<<'END'
       <link rel=me href="https://mastodon.fediversity.eu/@fediversity">
       END;
@@ -45,17 +58,19 @@
     };
   };
 
+  age.secrets.wiki-smtp-password.owner = "mediawiki";
+
   services.nginx = {
     enable = true;
     virtualHosts."wiki.fediversity.eu" = {
-      basicAuth = {
-        fediv = "SecretSauce123!";
-      };
+      basicAuthFile = config.age.secrets.wiki-basicauth-htpasswd.path;
       forceSSL = true;
       enableACME = true;
     };
   };
 
+  age.secrets.wiki-basicauth-htpasswd.owner = "nginx";
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "systeemmail@procolix.com";

secrets/secrets.nix

@@ -30,5 +30,8 @@ concatMapAttrs
         vm02179
         vm02186
       ];
+      wiki-basicauth-htpasswd = [ vm02187 ];
+      wiki-password = [ vm02187 ];
+      wiki-smtp-password = [ vm02187 ];
     }
   )

secrets/wiki-password.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 1MUEqQ yJ53uyB0OqgbyZS+0Qu/glWZGqx8ALEr2Z0hKUrQgUg
+Ewvye5oREhNCASqyql56m2mNbAGnK69fVkjZ0N2ILMk
+-> ssh-ed25519 dgBsjw glI8t7C/N4BqpnuZlCnv6TFb+YUQn+0oAjbJI7GrzWw
+qFxxFVt2R6FkupbP7qErZ+VFHYwEHVmY4iC6hyEf+Vg
+--- fQbt68Fdj7wk8mWFx0W0Z1iRbkWxxK7+zIKw/v+BCE0
+¢OÕ+Q±×‹‰F¾^0縿9ãÕ?\TeË–B(ügs½³°¹'—™7…ì§ÁˆŒ(ÁO=>³<)h`qè&<26>^

secrets/wiki-smtp-password.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 1MUEqQ 4BpvvqFr+tmHeapy7bk3uS6fCS/CbeYkAJuxb5r1g00
+YVGpim5rYSzHMTA85lcTy22Fr5464Axdy/nKR3/z8RA
+-> ssh-ed25519 dgBsjw mF++5ewvC+oordjFMR82SvGukQTYhqnH80nIgzUkunA
+siCm1cQfuzs0I1xl1ACv6gomHmfONqGcxmj2fa4oABY
+--- 2dszG1nnnEflzPy+dRj/0CW39mq49QPdgw+to8T1fRg
+ûãÆ&£ñ;›D÷3í¸s[ÿ±†-«0=x«yËÓ#°+&M‹DõËÅie¾ðà/|qßÁ3r´|iIŒÕ~ ˜ÃÄ¢­RfCÕ`Jšòþå