From a9f9d4f1a017d30344cd64ba12afe5cb336e85c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Fri, 22 Nov 2024 17:40:26 +0100 Subject: [PATCH] Enable mailing for Mediawiki --- infra/vm02187/wiki.nix | 27 +++++++++++++++++++++------ secrets/secrets.nix | 3 +++ secrets/wiki-basicauth-htpasswd.age | Bin 0 -> 389 bytes secrets/wiki-password.age | 7 +++++++ secrets/wiki-smtp-password.age | 7 +++++++ 5 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 secrets/wiki-basicauth-htpasswd.age create mode 100644 secrets/wiki-password.age create mode 100644 secrets/wiki-smtp-password.age diff --git a/infra/vm02187/wiki.nix b/infra/vm02187/wiki.nix index 858790d..afb4464 100644 --- a/infra/vm02187/wiki.nix +++ b/infra/vm02187/wiki.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, ... }: { services.phpfpm.pools.mediawiki.phpOptions = '' @@ -11,7 +11,7 @@ name = "Fediversity Wiki"; webserver = "nginx"; nginx.hostName = "wiki.fediversity.eu"; - passwordFile = pkgs.writeText "password" "eiM9etha8ohmo9Ohphahpesiux0ahda6"; + passwordFile = config.age.secrets.wiki-password.path; extraConfig = '' # Disable anonymous editing $wgGroupPermissions['*']['edit'] = false; @@ -24,7 +24,7 @@ ## Permissions $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['*']['createaccount'] = false; + $wgGroupPermissions['*']['createaccount'] = true; $wgGroupPermissions['*']['autocreateaccount'] = true; $wgGroupPermissions['user']['edit'] = true; $wgGroupPermissions['user']['createaccount'] = true; @@ -35,6 +35,19 @@ $wgUploadSizeWarning = 1024*1024*512; $wgMaxUploadSize = 1024*1024*1024; + $wgEnableEmail = true; + $wgPasswordSender = "wiki@fediversity.eu"; + $wgEmergencyContact = "wiki@fediversity.eu"; + $wgSMTP = [ + 'host' => 'mail.protagio.nl', + 'IDHost' => 'fediversity.eu', + 'localhost' => 'fediversity.eu', + 'port' => 587, + 'auth' => true, + 'username' => 'wiki@fediversity.eu', + ]; + require_once("${config.age.secrets.wiki-smtp-password.path}"); + $wgHeadScriptCode = <<<'END' END; @@ -45,17 +58,19 @@ }; }; + age.secrets.wiki-smtp-password.owner = "mediawiki"; + services.nginx = { enable = true; virtualHosts."wiki.fediversity.eu" = { - basicAuth = { - fediv = "SecretSauce123!"; - }; + basicAuthFile = config.age.secrets.wiki-basicauth-htpasswd.path; forceSSL = true; enableACME = true; }; }; + age.secrets.wiki-basicauth-htpasswd.owner = "nginx"; + security.acme = { acceptTerms = true; defaults.email = "systeemmail@procolix.com"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5a2bde8..3bc5281 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -30,5 +30,8 @@ concatMapAttrs vm02179 vm02186 ]; + wiki-basicauth-htpasswd = [ vm02187 ]; + wiki-password = [ vm02187 ]; + wiki-smtp-password = [ vm02187 ]; } ) diff --git a/secrets/wiki-basicauth-htpasswd.age b/secrets/wiki-basicauth-htpasswd.age new file mode 100644 index 0000000000000000000000000000000000000000..274899618f364d36b5be6de9cbc0d2f5e7013a47 GIT binary patch literal 389 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP^bK__3{-IRbTc%` zvj{7%N-_!0@(l`eDk-ltaSb%haC1xda?P$V@=MQfanDbRh~zR3iF7G6%`Eit_BC>J zv^1#<%FWJBP0Mxn4R^IDc6M~hFLBBU@l3Lea7DK*CEckwt6U+{(4*KX$0yR#qaw)D zI61r0H{0DjBP%=D!q_y>EU+rVEI1%7B{?~;DxE7UH7dk4Juxjj)UP5aG0@z|DJmz( z&o|1@z*XPG**U$~Jh9T;#XZZ|+=NS4S64whG&!=!(bPQ0y`Ur@LOUoixV*wFtum>y zBEToeCBV?!J2|;L(lX1~$%0Fy@YIVRjl4HsR{#7dTYl%{%-ye)I&HWaNXi< z1{FC%HOD;-DuPz7+U%loyMMjzS+57O?d@a&M=DRY5s#q@*PcQQ`~aF}bxZxu2& Ydv5!S#gBpeTy3<$w%vPpj>ZWB01%;z_W%F@ literal 0 HcmV?d00001 diff --git a/secrets/wiki-password.age b/secrets/wiki-password.age new file mode 100644 index 0000000..d180694 --- /dev/null +++ b/secrets/wiki-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 1MUEqQ yJ53uyB0OqgbyZS+0Qu/glWZGqx8ALEr2Z0hKUrQgUg +Ewvye5oREhNCASqyql56m2mNbAGnK69fVkjZ0N2ILMk +-> ssh-ed25519 dgBsjw glI8t7C/N4BqpnuZlCnv6TFb+YUQn+0oAjbJI7GrzWw +qFxxFVt2R6FkupbP7qErZ+VFHYwEHVmY4iC6hyEf+Vg +--- fQbt68Fdj7wk8mWFx0W0Z1iRbkWxxK7+zIKw/v+BCE0 +¢OÕ+Q±×‹‰F¾^0縿9ãÕ?\TeË–B(ügs½³°¹'—™7…ì§ÁˆŒ(ÁO=>³<)h`qè&^ \ No newline at end of file diff --git a/secrets/wiki-smtp-password.age b/secrets/wiki-smtp-password.age new file mode 100644 index 0000000..997a6e6 --- /dev/null +++ b/secrets/wiki-smtp-password.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 1MUEqQ 4BpvvqFr+tmHeapy7bk3uS6fCS/CbeYkAJuxb5r1g00 +YVGpim5rYSzHMTA85lcTy22Fr5464Axdy/nKR3/z8RA +-> ssh-ed25519 dgBsjw mF++5ewvC+oordjFMR82SvGukQTYhqnH80nIgzUkunA +siCm1cQfuzs0I1xl1ACv6gomHmfONqGcxmj2fa4oABY +--- 2dszG1nnnEflzPy+dRj/0CW39mq49QPdgw+to8T1fRg +ûãÆ&£ñ;›D÷3í¸s[ÿ±†-«0=x«yËÓ#°+&M‹D õËÅie¾ðà/|qßÁ3r´|iIŒÕ~ ˜ÃÄ¢­RfCÕ`Jšòþå \ No newline at end of file