diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index 21c587694c6e..c5fb03766899 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -8,7 +8,12 @@ let cfg = config.services.mediawiki; fpm = config.services.phpfpm.pools.mediawiki; user = "mediawiki"; - group = if cfg.webserver == "apache" then config.services.httpd.group else "mediawiki"; + group = + if cfg.webserver == "apache" then + config.services.httpd.group + else if cfg.webserver == "nginx" then + config.services.nginx.group + else "mediawiki"; cacheDir = "/var/cache/mediawiki"; stateDir = "/var/lib/mediawiki"; @@ -71,7 +76,7 @@ let ## For more information on customizing the URLs ## (like /w/index.php/Page_title to /wiki/Page_title) please see: ## https://www.mediawiki.org/wiki/Manual:Short_URL - $wgScriptPath = ""; + $wgScriptPath = "${lib.optionalString (cfg.webserver == "nginx") "/w"}"; ## The protocol and server name to use in fully-qualified URLs $wgServer = "${cfg.url}"; @@ -79,6 +84,11 @@ let ## The URL path to static resources (images, scripts, etc.) $wgResourceBasePath = $wgScriptPath; + ${lib.optionalString (cfg.webserver == "nginx") '' + $wgArticlePath = "/wiki/$1"; + $wgUsePathInfo = true; + ''} + ## The URL path to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! $wgLogo = "$wgResourceBasePath/resources/assets/wiki.png"; @@ -175,6 +185,7 @@ let ${cfg.extraConfig} ''; + withTrailingSlash = str: if lib.hasSuffix "/" str then str else "${str}/"; in { # interface @@ -209,8 +220,14 @@ in url = mkOption { type = types.str; - default = if cfg.webserver == "apache" then + default = + if cfg.webserver == "apache" then "${if cfg.httpd.virtualHost.addSSL || cfg.httpd.virtualHost.forceSSL || cfg.httpd.virtualHost.onlySSL then "https" else "http"}://${cfg.httpd.virtualHost.hostName}" + else if cfg.webserver == "nginx" then + let + hasSSL = host: host.forceSSL || host.addSSL; + in + "${if hasSSL config.services.nginx.virtualHosts.${cfg.nginx.hostName} then "https" else "http"}://${cfg.nginx.hostName}" else "http://localhost"; defaultText = literalExpression '' @@ -286,7 +303,7 @@ in }; webserver = mkOption { - type = types.enum [ "apache" "none" ]; + type = types.enum [ "apache" "none" "nginx" ]; default = "apache"; description = lib.mdDoc "Webserver to use."; }; @@ -368,6 +385,16 @@ in }; }; + nginx.hostName = mkOption { + type = types.str; + example = literalExpression ''wiki.example.com''; + default = "localhost"; + description = lib.mdDoc '' + The hostname to use for the nginx virtual host. + This is used to generate the nginx configuration. + ''; + }; + httpd.virtualHost = mkOption { type = types.submodule (import ../web-servers/apache-httpd/vhost-options.nix); example = literalExpression '' @@ -469,6 +496,9 @@ in settings = (if (cfg.webserver == "apache") then { "listen.owner" = config.services.httpd.user; "listen.group" = config.services.httpd.group; + } else if (cfg.webserver == "nginx") then { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; } else { "listen.owner" = user; "listen.group" = group; @@ -503,6 +533,62 @@ in } ]; }; + # inspired by https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx + services.nginx = lib.mkIf (cfg.webserver == "nginx") { + enable = true; + virtualHosts.${config.services.mediawiki.nginx.hostName} = { + root = "${pkg}/share/mediawiki"; + locations = { + "~ ^/w/(index|load|api|thumb|opensearch_desc|rest|img_auth)\\.php$".extraConfig = '' + rewrite ^/w/(.*) /$1 break; + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket}; + ''; + "/w/images/".alias = withTrailingSlash cfg.uploadsDir; + # Deny access to deleted images folder + "/w/images/deleted".extraConfig = '' + deny all; + ''; + # MediaWiki assets (usually images) + "~ ^/w/resources/(assets|lib|src)" = { + tryFiles = "$uri =404"; + extraConfig = '' + add_header Cache-Control "public"; + expires 7d; + ''; + }; + # Assets, scripts and styles from skins and extensions + "~ ^/w/(skins|extensions)/.+\\.(css|js|gif|jpg|jpeg|png|svg|wasm|ttf|woff|woff2)$" = { + tryFiles = "$uri =404"; + extraConfig = '' + add_header Cache-Control "public"; + expires 7d; + ''; + }; + + # Handling for Mediawiki REST API, see [[mw:API:REST_API]] + "/w/rest.php".tryFiles = "$uri $uri/ /rest.php?$query_string"; + + # Handling for the article path (pretty URLs) + "/wiki/".extraConfig = '' + rewrite ^/wiki/(?.*)$ /w/index.php; + ''; + + # Explicit access to the root website, redirect to main page (adapt as needed) + "= /".extraConfig = '' + return 301 /wiki/Main_Page; + ''; + + # Every other entry point will be disallowed. + # Add specific rules for other entry points/images as needed above this + "/".extraConfig = '' + return 404; + ''; + }; + }; + }; systemd.tmpfiles.rules = [ "d '${stateDir}' 0750 ${user} ${group} - -" diff --git a/nixos/tests/mediawiki.nix b/nixos/tests/mediawiki.nix index 52122755ad94..e30cc55ff616 100644 --- a/nixos/tests/mediawiki.nix +++ b/nixos/tests/mediawiki.nix @@ -74,4 +74,20 @@ in assert "MediaWiki has been installed" in page, f"no 'MediaWiki has been installed' in:\n{page}" ''; }; + + nginx = testLib.makeTest { + name = "mediawiki-nginx"; + nodes.machine = { + services.mediawiki.webserver = "nginx"; + }; + testScript = '' + start_all() + + machine.wait_for_unit("phpfpm-mediawiki.service") + machine.wait_for_unit("nginx.service") + + page = machine.succeed("curl -fL http://localhost/") + assert "MediaWiki has been installed" in page + ''; + }; } diff --git a/pkgs/applications/networking/cluster/timoni/default.nix b/pkgs/applications/networking/cluster/timoni/default.nix index 317207f2ed97..ec91b83d0ee1 100644 --- a/pkgs/applications/networking/cluster/timoni/default.nix +++ b/pkgs/applications/networking/cluster/timoni/default.nix @@ -6,16 +6,16 @@ buildGo121Module rec { pname = "timoni"; - version = "0.13.1"; + version = "0.14.0"; src = fetchFromGitHub { owner = "stefanprodan"; repo = "timoni"; rev = "v${version}"; - hash = "sha256-fuDc9EMSjBE0DiZ+OiuRXTRlxnO4/2yxkDsdKpVdg5w="; + hash = "sha256-UYHb469x4VnFffjO9CfSyn0ZzLLaAee2WpWGFAQjBpA="; }; - vendorHash = "sha256-RdfFesMgQU+Iezg9tE3RJ0Tk6jjIWY+ByJoKqUVWHwA="; + vendorHash = "sha256-JDaQL+ferkYI74OUqgfopny8uFEg0J84JX1VtO5URpE="; subPackages = [ "cmd/timoni" ]; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/applications/version-management/gh/default.nix b/pkgs/applications/version-management/gh/default.nix index 981b58381774..22edc08e6555 100644 --- a/pkgs/applications/version-management/gh/default.nix +++ b/pkgs/applications/version-management/gh/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh"; - version = "2.35.0"; + version = "2.36.0"; src = fetchFromGitHub { owner = "cli"; repo = "cli"; rev = "v${version}"; - hash = "sha256-ddVszWyfu9BsP4yvOtVTHhZ51D8j4Vf1pdyahF0gjVk="; + hash = "sha256-ya+Iuhe+vXNqt6mfpZ3h8jq++82AGMj+Zd4ozGFjuqY="; }; - vendorHash = "sha256-iql/CEWwg6t5k8qOFEQotMUUJd4VQ/H4JcuL2Eunqg0="; + vendorHash = "sha256-tJDn3pyX5iTIa61OQXbErdBprqxu1N2LXqyJtpDQnBE="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/development/compilers/minimacy/default.nix b/pkgs/development/compilers/minimacy/default.nix index 7e14f9a91de4..00b3db5ef06d 100644 --- a/pkgs/development/compilers/minimacy/default.nix +++ b/pkgs/development/compilers/minimacy/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "minimacy"; - version = "1.1.0"; + version = "1.1.2"; src = fetchFromGitHub { owner = "ambermind"; repo = pname; rev = version; - hash = "sha256-VqcMdlptoMJEsPTny/E6ly7/xmHKcljIsSeZDzaA+ig="; + hash = "sha256-WBmpinMnGr7Tmf1jLhdq5DXdR+ohOY0CpOBJ6fewKFU="; }; nativeBuildInputs = [ makeBinaryWrapper ]; diff --git a/pkgs/development/libraries/hpp-fcl/default.nix b/pkgs/development/libraries/hpp-fcl/default.nix index 421782fc8d3d..7bf713206867 100644 --- a/pkgs/development/libraries/hpp-fcl/default.nix +++ b/pkgs/development/libraries/hpp-fcl/default.nix @@ -14,14 +14,14 @@ stdenv.mkDerivation (finalAttrs: { pname = "hpp-fcl"; - version = "2.3.5"; + version = "2.3.6"; src = fetchFromGitHub { owner = "humanoid-path-planner"; repo = finalAttrs.pname; rev = "v${finalAttrs.version}"; fetchSubmodules = true; - hash = "sha256-jVIYP0yA1oSsUMN4vtrkfawj9Q2MwNjSrwDBTvGErg8="; + hash = "sha256-Y6ATYXsV8hH22XiXyvacuUhHTuNCzObPlxNX2vZGghM="; }; strictDeps = true; diff --git a/pkgs/development/libraries/openxr-loader/default.nix b/pkgs/development/libraries/openxr-loader/default.nix index 91e978ce04b3..1abc8a2633c6 100644 --- a/pkgs/development/libraries/openxr-loader/default.nix +++ b/pkgs/development/libraries/openxr-loader/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "openxr-loader"; - version = "1.0.28"; + version = "1.0.30"; src = fetchFromGitHub { owner = "KhronosGroup"; repo = "OpenXR-SDK-Source"; rev = "release-${version}"; - sha256 = "sha256-rQ+Zkmvi4bWVp86KDPs7SLZ040stKUsC7Ycb9kltElk="; + sha256 = "sha256-lF8Pauyi+zSNVnpHqq86J3SGUTM6AhFmnT48eyFoYco="; }; nativeBuildInputs = [ cmake python3 pkg-config ]; diff --git a/pkgs/tools/filesystems/duperemove/default.nix b/pkgs/tools/filesystems/duperemove/default.nix index 0bf0f77880fe..e44e961e3aeb 100644 --- a/pkgs/tools/filesystems/duperemove/default.nix +++ b/pkgs/tools/filesystems/duperemove/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "duperemove"; - version = "0.12"; + version = "0.13"; src = fetchFromGitHub { owner = "markfasheh"; repo = "duperemove"; rev = "v${version}"; - hash = "sha256-VPwcWAENCRnU51F78FhMPjQZaCTewQRUdeFwK1blJbs="; + hash = "sha256-D3+p8XgokKIHEwZnvOkn7cionVH1gsypcURF+PBpugY="; }; postPatch = '' diff --git a/pkgs/tools/misc/crudini/default.nix b/pkgs/tools/misc/crudini/default.nix index 1e25413b151f..fa4e7cc34a48 100644 --- a/pkgs/tools/misc/crudini/default.nix +++ b/pkgs/tools/misc/crudini/default.nix @@ -8,24 +8,16 @@ python3Packages.buildPythonApplication rec { pname = "crudini"; - version = "0.9.4"; + version = "0.9.5"; format = "pyproject"; src = fetchFromGitHub { owner = "pixelb"; repo = "crudini"; rev = version; - hash = "sha256-jbTOaCF/ZqRpM0scDBBAcV5bSYg/QhBPbM9R5cONZ2o="; + hash = "sha256-BU4u7uBsNyDOwWUjOIlBWcf1AeUXXZ+johAe+bjws1U="; }; - patches = [ - (fetchpatch { - name = "add-missing-install-file.patch"; - url = "https://github.com/pixelb/crudini/commit/d433e4d9c4106ae26985e3f4b2efa593bdd5c274.patch"; - hash = "sha256-aDGzoG4i2tvYeL8m1WoqwNFNHe4xR1dGk+XDt3f3i5E="; - }) - ]; - postPatch = '' patchShebangs crudini.py crudini-help tests/test.sh '';