From 1d2a96eda36e00ccd4f07ba17fec11e76bc2e8bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 24 Apr 2023 12:43:06 +0200 Subject: [PATCH 1/4] nixos/mediawiki: move virtualHost to httpd.virtualHost This is a preparation to also allow nginx as a http server. --- nixos/modules/services/web-apps/mediawiki.nix | 12 ++++++++---- nixos/tests/mediawiki.nix | 4 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 357c2d4a1283..1510181b6e27 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -73,7 +73,7 @@ let $wgScriptPath = ""; ## The protocol and server name to use in fully-qualified URLs - $wgServer = "${if cfg.virtualHost.addSSL || cfg.virtualHost.forceSSL || cfg.virtualHost.onlySSL then "https" else "http"}://${cfg.virtualHost.hostName}"; + $wgServer = "${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://${cfg.httpd.virtualHost.hostName}"; ## The URL path to static resources (images, scripts, etc.) $wgResourceBasePath = $wgScriptPath; @@ -87,7 +87,7 @@ let $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO - $wgEmergencyContact = "${if cfg.virtualHost.adminAddr != null then cfg.virtualHost.adminAddr else config.services.httpd.adminAddr}"; + $wgEmergencyContact = "${if cfg.httpd.virtualHost.adminAddr != null then cfg.httpd.virtualHost.adminAddr else config.services.httpd.adminAddr}"; $wgPasswordSender = $wgEmergencyContact; $wgEnotifUserTalk = false; # UPO @@ -318,7 +318,7 @@ in }; }; - virtualHost = mkOption { + httpd.virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); example = literalExpression '' { @@ -366,6 +366,10 @@ in }; }; + imports = [ + (lib.mkRenamedOptionModule [ "services" "mediawiki" "virtualHost" ] [ "services" "mediawiki" "httpd" "virtualHost" ]) + ]; + # implementation config = mkIf cfg.enable { @@ -421,7 +425,7 @@ in services.httpd = { enable = true; extraModules = [ "proxy_fcgi" ]; - virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { + virtualHosts.${cfg.httpd.virtualHost.hostName} = mkMerge [ cfg.httpd.virtualHost { documentRoot = mkForce "${pkg}/share/mediawiki"; extraConfig = '' diff --git a/nixos/tests/mediawiki.nix b/nixos/tests/mediawiki.nix index 1ae82d65b3cb..0cbaebac591b 100644 --- a/nixos/tests/mediawiki.nix +++ b/nixos/tests/mediawiki.nix @@ -7,8 +7,8 @@ let shared = { services.mediawiki.enable = true; - services.mediawiki.virtualHost.hostName = "localhost"; - services.mediawiki.virtualHost.adminAddr = "root@example.com"; + services.mediawiki.httpd.virtualHost.hostName = "localhost"; + services.mediawiki.httpd.virtualHost.adminAddr = "root@example.com"; services.mediawiki.passwordFile = pkgs.writeText "password" "correcthorsebatterystaple"; services.mediawiki.extensions = { Matomo = pkgs.fetchzip { From c129c9fac02437818a50e439e7c571ea414e05ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 24 Apr 2023 12:49:29 +0200 Subject: [PATCH 2/4] nixos/mediawiki: drop $wgEmergencyContact setting --- nixos/modules/services/web-apps/mediawiki.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 1510181b6e27..274b6d3f52ad 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -87,8 +87,7 @@ let $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO - $wgEmergencyContact = "${if cfg.httpd.virtualHost.adminAddr != null then cfg.httpd.virtualHost.adminAddr else config.services.httpd.adminAddr}"; - $wgPasswordSender = $wgEmergencyContact; + $wgPasswordSender = "${if cfg.httpd.virtualHost.adminAddr != null then cfg.httpd.virtualHost.adminAddr else config.services.httpd.adminAddr}"; $wgEnotifUserTalk = false; # UPO $wgEnotifWatchlist = false; # UPO From d309952a5ddc3a97b7d126463281f63c3bb74505 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 24 Apr 2023 14:21:06 +0200 Subject: [PATCH 3/4] nixos/mediawiki: make apache optional --- nixos/modules/services/web-apps/mediawiki.nix | 104 +++++++++++++----- nixos/tests/mediawiki.nix | 11 ++ 2 files changed, 87 insertions(+), 28 deletions(-) diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 274b6d3f52ad..ed997d7a406b 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -8,7 +8,8 @@ let cfg = config.services.mediawiki; fpm = config.services.phpfpm.pools.mediawiki; user = "mediawiki"; - group = config.services.httpd.group; + group = if cfg.webserver == "apache" then "apache" else "mediawiki"; + cacheDir = "/var/cache/mediawiki"; stateDir = "/var/lib/mediawiki"; @@ -73,7 +74,7 @@ let $wgScriptPath = ""; ## The protocol and server name to use in fully-qualified URLs - $wgServer = "${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://${cfg.httpd.virtualHost.hostName}"; + $wgServer = "${cfg.url}"; ## The URL path to static resources (images, scripts, etc.) $wgResourceBasePath = $wgScriptPath; @@ -87,7 +88,7 @@ let $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO - $wgPasswordSender = "${if cfg.httpd.virtualHost.adminAddr != null then cfg.httpd.virtualHost.adminAddr else config.services.httpd.adminAddr}"; + $wgPasswordSender = "${cfg.passwordSender}"; $wgEnotifUserTalk = false; # UPO $wgEnotifWatchlist = false; # UPO @@ -196,6 +197,22 @@ in description = lib.mdDoc "Name of the wiki."; }; + url = mkOption { + type = types.str; + default = if cfg.webserver == "apache" then + "${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://${cfg.httpd.virtualHost.hostName}" + else + "http://localhost"; + defaultText = literalExpression '' + if cfg.webserver == "apache" then + "''${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://''${cfg.httpd.virtualHost.hostName}" + else + "http://localhost"; + ''; + example = "https://wiki.example.org"; + description = lib.mdDoc "URL of the wiki."; + }; + uploadsDir = mkOption { type = types.nullOr types.path; default = "${stateDir}/uploads"; @@ -211,6 +228,24 @@ in example = "/run/keys/mediawiki-password"; }; + passwordSender = mkOption { + type = types.str; + default = + if cfg.webserver == "apache" then + if cfg.httpd.virtualHost.adminAddr != null then + cfg.httpd.virtualHost.adminAddr + else + config.services.httpd.adminAddr else "root@localhost"; + defaultText = literalExpression '' + if cfg.webserver == "apache" then + if cfg.httpd.virtualHost.adminAddr != null then + cfg.httpd.virtualHost.adminAddr + else + config.services.httpd.adminAddr else "root@localhost" + ''; + description = lib.mdDoc "Contact address for password reset."; + }; + skins = mkOption { default = {}; type = types.attrsOf types.path; @@ -240,6 +275,12 @@ in ''; }; + webserver = mkOption { + type = types.enum [ "apache" "none" ]; + default = "apache"; + description = lib.mdDoc "Webserver to use."; + }; + database = { type = mkOption { type = types.enum [ "mysql" "postgres" "sqlite" "mssql" "oracle" ]; @@ -415,36 +456,42 @@ in services.phpfpm.pools.mediawiki = { inherit user group; phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; - settings = { + settings = (if (cfg.webserver == "apache") then { "listen.owner" = config.services.httpd.user; "listen.group" = config.services.httpd.group; - } // cfg.poolConfig; + } else { + "listen.owner" = user; + "listen.group" = group; + }) // cfg.poolConfig; }; - services.httpd = { + services.httpd = lib.mkIf (cfg.webserver == "apache") { enable = true; extraModules = [ "proxy_fcgi" ]; - virtualHosts.${cfg.httpd.virtualHost.hostName} = mkMerge [ cfg.httpd.virtualHost { - documentRoot = mkForce "${pkg}/share/mediawiki"; - extraConfig = '' - - - - SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" - - + virtualHosts.${cfg.httpd.virtualHost.hostName} = mkMerge [ + cfg.httpd.virtualHost + { + documentRoot = mkForce "${pkg}/share/mediawiki"; + extraConfig = '' + + + + SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" + + - Require all granted - DirectoryIndex index.php - AllowOverride All - - '' + optionalString (cfg.uploadsDir != null) '' - Alias "/images" "${cfg.uploadsDir}" - - Require all granted - - ''; - } ]; + Require all granted + DirectoryIndex index.php + AllowOverride All + + '' + optionalString (cfg.uploadsDir != null) '' + Alias "/images" "${cfg.uploadsDir}" + + Require all granted + + ''; + } + ]; }; systemd.tmpfiles.rules = [ @@ -492,13 +539,14 @@ in }; }; - systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service" - ++ optional (cfg.database.createLocally && cfg.database.type == "postgres") "postgresql.service"; + systemd.services.httpd.after = optional (cfg.webserver == "apache" && cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service" + ++ optional (cfg.webserver == "apache" && cfg.database.createLocally && cfg.database.type == "postgres") "postgresql.service"; users.users.${user} = { group = group; isSystemUser = true; }; + users.groups.${group} = {}; environment.systemPackages = [ mediawikiScripts ]; }; diff --git a/nixos/tests/mediawiki.nix b/nixos/tests/mediawiki.nix index 0cbaebac591b..3d05591c6806 100644 --- a/nixos/tests/mediawiki.nix +++ b/nixos/tests/mediawiki.nix @@ -54,4 +54,15 @@ in assert "MediaWiki has been installed" in page ''; }; + + nohttpd = testLib.makeTest { + name = "mediawiki-nohttpd"; + nodes.machine = { + services.mediawiki.webserver = "none"; + }; + testScript = '' + start_all() + machine.wait_for_unit("phpfpm-mediawiki.service") + ''; + }; } From 077e950f7a6b6b52f49ec8ad6f1e4403d568711c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 28 Apr 2023 23:05:55 +0200 Subject: [PATCH 4/4] nixos/mediawiki: also test fcgi socket --- nixos/modules/services/web-apps/mediawiki.nix | 10 ++++++++++ nixos/tests/mediawiki.nix | 11 ++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index ed997d7a406b..b912d4e87f18 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -190,6 +190,16 @@ in description = lib.mdDoc "Which MediaWiki package to use."; }; + finalPackage = mkOption { + type = types.package; + readOnly = true; + default = pkg; + defaultText = literalExpression "pkg"; + description = lib.mdDoc '' + The final package used by the module. This is the package that will have extensions and skins installed. + ''; + }; + name = mkOption { type = types.str; default = "MediaWiki"; diff --git a/nixos/tests/mediawiki.nix b/nixos/tests/mediawiki.nix index 3d05591c6806..52122755ad94 100644 --- a/nixos/tests/mediawiki.nix +++ b/nixos/tests/mediawiki.nix @@ -60,9 +60,18 @@ in nodes.machine = { services.mediawiki.webserver = "none"; }; - testScript = '' + testScript = { nodes, ... }: '' start_all() machine.wait_for_unit("phpfpm-mediawiki.service") + env = ( + "SCRIPT_NAME=/index.php", + "SCRIPT_FILENAME=${nodes.machine.services.mediawiki.finalPackage}/share/mediawiki/index.php", + "REMOTE_ADDR=127.0.0.1", + 'QUERY_STRING=title=Main_Page', + "REQUEST_METHOD=GET", + ); + page = machine.succeed(f"{' '.join(env)} ${pkgs.fcgi}/bin/cgi-fcgi -bind -connect ${nodes.machine.services.phpfpm.pools.mediawiki.socket}") + assert "MediaWiki has been installed" in page, f"no 'MediaWiki has been installed' in:\n{page}" ''; }; }