diff --git a/infra/vm02187/wiki.nix b/infra/vm02187/wiki.nix index 858790d..afb4464 100644 --- a/infra/vm02187/wiki.nix +++ b/infra/vm02187/wiki.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, ... }: { services.phpfpm.pools.mediawiki.phpOptions = '' @@ -11,7 +11,7 @@ name = "Fediversity Wiki"; webserver = "nginx"; nginx.hostName = "wiki.fediversity.eu"; - passwordFile = pkgs.writeText "password" "eiM9etha8ohmo9Ohphahpesiux0ahda6"; + passwordFile = config.age.secrets.wiki-password.path; extraConfig = '' # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; @@ -24,7 +24,7 @@ ## Permissions $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['*']['createaccount'] = false; + $wgGroupPermissions['*']['createaccount'] = true; $wgGroupPermissions['*']['autocreateaccount'] = true; $wgGroupPermissions['user']['edit'] = true; $wgGroupPermissions['user']['createaccount'] = true; @@ -35,6 +35,19 @@ $wgUploadSizeWarning = 1024*1024*512; $wgMaxUploadSize = 1024*1024*1024; + $wgEnableEmail = true; + $wgPasswordSender = "wiki@fediversity.eu"; + $wgEmergencyContact = "wiki@fediversity.eu"; + $wgSMTP = [ + 'host' => 'mail.protagio.nl', + 'IDHost' => 'fediversity.eu', + 'localhost' => 'fediversity.eu', + 'port' => 587, + 'auth' => true, + 'username' => 'wiki@fediversity.eu', + ]; + require_once("${config.age.secrets.wiki-smtp-password.path}"); + $wgHeadScriptCode = <<<'END' <link rel=me href="https://mastodon.fediversity.eu/@fediversity"> END; @@ -45,17 +58,19 @@ }; }; + age.secrets.wiki-smtp-password.owner = "mediawiki"; + services.nginx = { enable = true; virtualHosts."wiki.fediversity.eu" = { - basicAuth = { - fediv = "SecretSauce123!"; - }; + basicAuthFile = config.age.secrets.wiki-basicauth-htpasswd.path; forceSSL = true; enableACME = true; }; }; + age.secrets.wiki-basicauth-htpasswd.owner = "nginx"; + security.acme = { acceptTerms = true; defaults.email = "systeemmail@procolix.com"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5a2bde8..3bc5281 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,5 +30,8 @@ concatMapAttrs vm02179 vm02186 ]; + wiki-basicauth-htpasswd = [ vm02187 ]; + wiki-password = [ vm02187 ]; + wiki-smtp-password = [ vm02187 ]; } ) diff --git a/secrets/wiki-basicauth-htpasswd.age b/secrets/wiki-basicauth-htpasswd.age new file mode 100644 index 0000000..2748996 Binary files /dev/null and b/secrets/wiki-basicauth-htpasswd.age differ diff --git a/secrets/wiki-password.age b/secrets/wiki-password.age new file mode 100644 index 0000000..d180694 --- /dev/null +++ b/secrets/wiki-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 1MUEqQ yJ53uyB0OqgbyZS+0Qu/glWZGqx8ALEr2Z0hKUrQgUg +Ewvye5oREhNCASqyql56m2mNbAGnK69fVkjZ0N2ILMk +-> ssh-ed25519 dgBsjw glI8t7C/N4BqpnuZlCnv6TFb+YUQn+0oAjbJI7GrzWw +qFxxFVt2R6FkupbP7qErZ+VFHYwEHVmY4iC6hyEf+Vg +--- fQbt68Fdj7wk8mWFx0W0Z1iRbkWxxK7+zIKw/v+BCE0 +�O�+Q��F�^0縿9��?\Te˖B(�gs����'��7�����(�O=>�<)h`q�&�^ \ No newline at end of file diff --git a/secrets/wiki-smtp-password.age b/secrets/wiki-smtp-password.age new file mode 100644 index 0000000..997a6e6 --- /dev/null +++ b/secrets/wiki-smtp-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 1MUEqQ 4BpvvqFr+tmHeapy7bk3uS6fCS/CbeYkAJuxb5r1g00 +YVGpim5rYSzHMTA85lcTy22Fr5464Axdy/nKR3/z8RA +-> ssh-ed25519 dgBsjw mF++5ewvC+oordjFMR82SvGukQTYhqnH80nIgzUkunA +siCm1cQfuzs0I1xl1ACv6gomHmfONqGcxmj2fa4oABY +--- 2dszG1nnnEflzPy+dRj/0CW39mq49QPdgw+to8T1fRg +���&��;�D÷3��s[���-�0=x�y��#�+&M�D���ie���/|q��3r�|iI��~���Ģ�RfC�`J���� \ No newline at end of file