commit 77b60239ac2fcdbcf4ba174ea1cc5be70bd9d01e · pyrox.dev/nixpkgs

+90 -4

nixos/modules/services/web-apps/mediawiki.nix

··· 8 8 cfg = config.services.mediawiki; 9 9 fpm = config.services.phpfpm.pools.mediawiki; 10 10 user = "mediawiki"; 11 - group = if cfg.webserver == "apache" then config.services.httpd.group else "mediawiki"; 11 + group = 12 + if cfg.webserver == "apache" then 13 + config.services.httpd.group 14 + else if cfg.webserver == "nginx" then 15 + config.services.nginx.group 16 + else "mediawiki"; 12 17 13 18 cacheDir = "/var/cache/mediawiki"; 14 19 stateDir = "/var/lib/mediawiki"; ··· 71 76 ## For more information on customizing the URLs 72 77 ## (like /w/index.php/Page_title to /wiki/Page_title) please see: 73 78 ## https://www.mediawiki.org/wiki/Manual:Short_URL 74 - $wgScriptPath = ""; 79 + $wgScriptPath = "${lib.optionalString (cfg.webserver == "nginx") "/w"}"; 75 80 76 81 ## The protocol and server name to use in fully-qualified URLs 77 82 $wgServer = "${cfg.url}"; ··· 79 84 ## The URL path to static resources (images, scripts, etc.) 80 85 $wgResourceBasePath = $wgScriptPath; 81 86 87 + ${lib.optionalString (cfg.webserver == "nginx") '' 88 + $wgArticlePath = "/wiki/$1"; 89 + $wgUsePathInfo = true; 90 + ''} 91 + 82 92 ## The URL path to the logo. Make sure you change this from the default, 83 93 ## or else you'll overwrite your logo when you upgrade! 84 94 $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; ··· 175 185 ${cfg.extraConfig} 176 186 ''; 177 187 188 + withTrailingSlash = str: if lib.hasSuffix "/" str then str else "${str}/"; 178 189 in 179 190 { 180 191 # interface ··· 209 220 210 221 url = mkOption { 211 222 type = types.str; 212 - default = if cfg.webserver == "apache" then 223 + default = 224 + if cfg.webserver == "apache" then 213 225 "${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://${cfg.httpd.virtualHost.hostName}" 226 + else if cfg.webserver == "nginx" then 227 + let 228 + hasSSL = host: host.forceSSL || host.addSSL; 229 + in 230 + "${if hasSSL config.services.nginx.virtualHosts.${cfg.nginx.hostName} then "https" else "http"}://${cfg.nginx.hostName}" 214 231 else 215 232 "http://localhost"; 216 233 defaultText = literalExpression '' ··· 286 303 }; 287 304 288 305 webserver = mkOption { 289 - type = types.enum [ "apache" "none" ]; 306 + type = types.enum [ "apache" "none" "nginx" ]; 290 307 default = "apache"; 291 308 description = lib.mdDoc "Webserver to use."; 292 309 }; ··· 366 383 This currently only applies if database type "mysql" is selected. 367 384 ''; 368 385 }; 386 + }; 387 + 388 + nginx.hostName = mkOption { 389 + type = types.str; 390 + example = literalExpression ''wiki.example.com''; 391 + default = "localhost"; 392 + description = lib.mdDoc '' 393 + The hostname to use for the nginx virtual host. 394 + This is used to generate the nginx configuration. 395 + ''; 369 396 }; 370 397 371 398 httpd.virtualHost = mkOption { ··· 469 496 settings = (if (cfg.webserver == "apache") then { 470 497 "listen.owner" = config.services.httpd.user; 471 498 "listen.group" = config.services.httpd.group; 499 + } else if (cfg.webserver == "nginx") then { 500 + "listen.owner" = config.services.nginx.user; 501 + "listen.group" = config.services.nginx.group; 472 502 } else { 473 503 "listen.owner" = user; 474 504 "listen.group" = group; ··· 502 532 ''; 503 533 } 504 534 ]; 535 + }; 536 + # inspired by https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx 537 + services.nginx = lib.mkIf (cfg.webserver == "nginx") { 538 + enable = true; 539 + virtualHosts.${config.services.mediawiki.nginx.hostName} = { 540 + root = "${pkg}/share/mediawiki"; 541 + locations = { 542 + "~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\\.php$".extraConfig = '' 543 + rewrite ^/w/(.*) /$1 break; 544 + include ${config.services.nginx.package}/conf/fastcgi_params; 545 + fastcgi_index index.php; 546 + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 547 + fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket}; 548 + ''; 549 + "/w/images/".alias = withTrailingSlash cfg.uploadsDir; 550 + # Deny access to deleted images folder 551 + "/w/images/deleted".extraConfig = '' 552 + deny all; 553 + ''; 554 + # MediaWiki assets (usually images) 555 + "~ ^/w/resources/(assets|lib|src)" = { 556 + tryFiles = "$uri =404"; 557 + extraConfig = '' 558 + add_header Cache-Control "public"; 559 + expires 7d; 560 + ''; 561 + }; 562 + # Assets, scripts and styles from skins and extensions 563 + "~ ^/w/(skins|extensions)/.+\\.(css|js|gif|jpg|jpeg|png|svg|wasm|ttf|woff|woff2)$" = { 564 + tryFiles = "$uri =404"; 565 + extraConfig = '' 566 + add_header Cache-Control "public"; 567 + expires 7d; 568 + ''; 569 + }; 570 + 571 + # Handling for Mediawiki REST API, see [[mw:API:REST_API]] 572 + "/w/rest.php".tryFiles = "$uri $uri/ /rest.php?$query_string"; 573 + 574 + # Handling for the article path (pretty URLs) 575 + "/wiki/".extraConfig = '' 576 + rewrite ^/wiki/(?<pagename>.*)$ /w/index.php; 577 + ''; 578 + 579 + # Explicit access to the root website, redirect to main page (adapt as needed) 580 + "= /".extraConfig = '' 581 + return 301 /wiki/Main_Page; 582 + ''; 583 + 584 + # Every other entry point will be disallowed. 585 + # Add specific rules for other entry points/images as needed above this 586 + "/".extraConfig = '' 587 + return 404; 588 + ''; 589 + }; 590 + }; 505 591 }; 506 592 507 593 systemd.tmpfiles.rules = [

+16

nixos/tests/mediawiki.nix

··· 74 74 assert "MediaWiki has been installed" in page, f"no 'MediaWiki has been installed' in:\n{page}" 75 75 ''; 76 76 }; 77 + 78 + nginx = testLib.makeTest { 79 + name = "mediawiki-nginx"; 80 + nodes.machine = { 81 + services.mediawiki.webserver = "nginx"; 82 + }; 83 + testScript = '' 84 + start_all() 85 + 86 + machine.wait_for_unit("phpfpm-mediawiki.service") 87 + machine.wait_for_unit("nginx.service") 88 + 89 + page = machine.succeed("curl -fL http://localhost/") 90 + assert "MediaWiki has been installed" in page 91 + ''; 92 + }; 77 93 }

+3 -3

pkgs/applications/networking/cluster/timoni/default.nix

··· 6 6 7 7 buildGo121Module rec { 8 8 pname = "timoni"; 9 - version = "0.13.1"; 9 + version = "0.14.0"; 10 10 11 11 src = fetchFromGitHub { 12 12 owner = "stefanprodan"; 13 13 repo = "timoni"; 14 14 rev = "v${version}"; 15 - hash = "sha256-fuDc9EMSjBE0DiZ+OiuRXTRlxnO4/2yxkDsdKpVdg5w="; 15 + hash = "sha256-UYHb469x4VnFffjO9CfSyn0ZzLLaAee2WpWGFAQjBpA="; 16 16 }; 17 17 18 - vendorHash = "sha256-RdfFesMgQU+Iezg9tE3RJ0Tk6jjIWY+ByJoKqUVWHwA="; 18 + vendorHash = "sha256-JDaQL+ferkYI74OUqgfopny8uFEg0J84JX1VtO5URpE="; 19 19 20 20 subPackages = [ "cmd/timoni" ]; 21 21 nativeBuildInputs = [ installShellFiles ];

+3 -3

pkgs/applications/version-management/gh/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "gh"; 5 - version = "2.35.0"; 5 + version = "2.36.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "cli"; 9 9 repo = "cli"; 10 10 rev = "v${version}"; 11 - hash = "sha256-ddVszWyfu9BsP4yvOtVTHhZ51D8j4Vf1pdyahF0gjVk="; 11 + hash = "sha256-ya+Iuhe+vXNqt6mfpZ3h8jq++82AGMj+Zd4ozGFjuqY="; 12 12 }; 13 13 14 - vendorHash = "sha256-iql/CEWwg6t5k8qOFEQotMUUJd4VQ/H4JcuL2Eunqg0="; 14 + vendorHash = "sha256-tJDn3pyX5iTIa61OQXbErdBprqxu1N2LXqyJtpDQnBE="; 15 15 16 16 nativeBuildInputs = [ installShellFiles ]; 17 17

+2 -2

pkgs/development/compilers/minimacy/default.nix

··· 11 11 12 12 stdenv.mkDerivation rec { 13 13 pname = "minimacy"; 14 - version = "1.1.0"; 14 + version = "1.1.2"; 15 15 16 16 src = fetchFromGitHub { 17 17 owner = "ambermind"; 18 18 repo = pname; 19 19 rev = version; 20 - hash = "sha256-VqcMdlptoMJEsPTny/E6ly7/xmHKcljIsSeZDzaA+ig="; 20 + hash = "sha256-WBmpinMnGr7Tmf1jLhdq5DXdR+ohOY0CpOBJ6fewKFU="; 21 21 }; 22 22 23 23 nativeBuildInputs = [ makeBinaryWrapper ];

+2 -2

pkgs/development/libraries/hpp-fcl/default.nix

··· 14 14 15 15 stdenv.mkDerivation (finalAttrs: { 16 16 pname = "hpp-fcl"; 17 - version = "2.3.5"; 17 + version = "2.3.6"; 18 18 19 19 src = fetchFromGitHub { 20 20 owner = "humanoid-path-planner"; 21 21 repo = finalAttrs.pname; 22 22 rev = "v${finalAttrs.version}"; 23 23 fetchSubmodules = true; 24 - hash = "sha256-jVIYP0yA1oSsUMN4vtrkfawj9Q2MwNjSrwDBTvGErg8="; 24 + hash = "sha256-Y6ATYXsV8hH22XiXyvacuUhHTuNCzObPlxNX2vZGghM="; 25 25 }; 26 26 27 27 strictDeps = true;

+2 -2

pkgs/development/libraries/openxr-loader/default.nix

··· 2 2 3 3 stdenv.mkDerivation rec { 4 4 pname = "openxr-loader"; 5 - version = "1.0.28"; 5 + version = "1.0.30"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "KhronosGroup"; 9 9 repo = "OpenXR-SDK-Source"; 10 10 rev = "release-${version}"; 11 - sha256 = "sha256-rQ+Zkmvi4bWVp86KDPs7SLZ040stKUsC7Ycb9kltElk="; 11 + sha256 = "sha256-lF8Pauyi+zSNVnpHqq86J3SGUTM6AhFmnT48eyFoYco="; 12 12 }; 13 13 14 14 nativeBuildInputs = [ cmake python3 pkg-config ];

+2 -2

pkgs/tools/filesystems/duperemove/default.nix

··· 4 4 5 5 stdenv.mkDerivation rec { 6 6 pname = "duperemove"; 7 - version = "0.12"; 7 + version = "0.13"; 8 8 9 9 src = fetchFromGitHub { 10 10 owner = "markfasheh"; 11 11 repo = "duperemove"; 12 12 rev = "v${version}"; 13 - hash = "sha256-VPwcWAENCRnU51F78FhMPjQZaCTewQRUdeFwK1blJbs="; 13 + hash = "sha256-D3+p8XgokKIHEwZnvOkn7cionVH1gsypcURF+PBpugY="; 14 14 }; 15 15 16 16 postPatch = ''

+2 -10

pkgs/tools/misc/crudini/default.nix

··· 8 8 9 9 python3Packages.buildPythonApplication rec { 10 10 pname = "crudini"; 11 - version = "0.9.4"; 11 + version = "0.9.5"; 12 12 format = "pyproject"; 13 13 14 14 src = fetchFromGitHub { 15 15 owner = "pixelb"; 16 16 repo = "crudini"; 17 17 rev = version; 18 - hash = "sha256-jbTOaCF/ZqRpM0scDBBAcV5bSYg/QhBPbM9R5cONZ2o="; 18 + hash = "sha256-BU4u7uBsNyDOwWUjOIlBWcf1AeUXXZ+johAe+bjws1U="; 19 19 }; 20 - 21 - patches = [ 22 - (fetchpatch { 23 - name = "add-missing-install-file.patch"; 24 - url = "https://github.com/pixelb/crudini/commit/d433e4d9c4106ae26985e3f4b2efa593bdd5c274.patch"; 25 - hash = "sha256-aDGzoG4i2tvYeL8m1WoqwNFNHe4xR1dGk+XDt3f3i5E="; 26 - }) 27 - ]; 28 20 29 21 postPatch = '' 30 22 patchShebangs crudini.py crudini-help tests/test.sh