8 changed files with 86 additions and 4 deletions
--- a/machines/core-services-01/subZone.nix
+++ b/machines/core-services-01/subZone.nix
@ -70,6 +70,7 @@ dualstack // {
        };
        docs = public-cof-ips;
        jurisprudens = public-cof-ips;
+        wiki = public-cof-ips;
    };
  };

--- a/machines/public-cof/configuration.nix
+++ b/machines/public-cof/configuration.nix
@ -17,6 +17,7 @@
      # ./cryptpad.nix
      ./hedgedoc.nix
      ./secrets
+      ./wiki.nix
      # TODO monitoring
    ];

--- a/machines/public-cof/nix/sources.json
+++ b/machines/public-cof/nix/sources.json
@ -12,9 +12,9 @@
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "klubrz-nur": {
-        "branch": "main",
+        "branch": "custom_dokuwiki",
        "repo": "https://git.rz.ens.wtf/Klub-RZ/nur",
-        "rev": "98911e21fd58f00440dc8a5bd6568f2a349338bd",
+        "rev": "30e5da0c5eeede091c35f64d6a3720fd8e149d87",
        "type": "git"
    },
    "niv": {
--- a/machines/public-cof/nur.nix
+++ b/machines/public-cof/nur.nix
@ -6,7 +6,7 @@ let
 in
 {
  nixpkgs.config.packageOverrides = {
-    # rz = import rz-src { inherit pkgs; };
+    rz = import rz-src { inherit pkgs; };
  };

  imports = [
--- a/machines/public-cof/secrets/default.nix
+++ b/machines/public-cof/secrets/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
  age.secrets.nextcloudAdminPassword = {
    owner = "nextcloud";
@ -10,4 +10,9 @@
    group = "nextcloud";
    file = ./nextcloudDatabasePasswordFile.age;
  };
+  age.secrets.wikiKeycloakSecret = {
+    owner = "dokuwiki";
+    group = config.services.nginx.group;
+    file = ./wikiKeycloakSecret.age;
+  };
 }
--- a/machines/public-cof/secrets/secrets.nix
+++ b/machines/public-cof/secrets/secrets.nix
@ -9,5 +9,6 @@ in
  {
    "nextcloudAdminPasswordFile.age".publicKeys = superadmins ++ systems;
    "nextcloudDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
+    "wikiKeycloakSecret.age".publicKeys = superadmins ++ systems;
  }

--- a/machines/public-cof/secrets/wikiKeycloakSecret.age
+++ b/machines/public-cof/secrets/wikiKeycloakSecret.age
--- a/machines/public-cof/wiki.nix
+++ b/machines/public-cof/wiki.nix
@ -0,0 +1,74 @@
+{ pkgs, config, ... }:
+let
+  hostname = "wiki.beta.rz.ens.wtf";
+  keycloakKey = "wiki";
+  keycloakUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/.well-known/openid-configuration/";
+  keycloakSecretFile = config.age.secrets.wikiKeycloakSecret.path;
+  title = "Wiki du KlubRezo";
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx.virtualHosts."${hostname}" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+  services.dokuwiki.sites."${hostname}" = {
+    enable = true;
+
+    extraConfig = ''
+      $conf['template'] = 'bootstrap3';
+      $conf['license'] = 'cc-by-sa';
+      $conf['title'] = '${title}';
+      $conf['start'] = 'accueil';
+      $conf['lang'] = 'fr';
+      $conf['breadcrumbs'] = 0; // On s'en fiche de l'historique des pages visitées
+      $conf['youarehere'] = true; // Par contre on veut notre position dans la hiérarchie du site
+      // On veut que les liens externes s'ouvrent dans de nouveaux onglets
+      $conf['target'] = array(
+        'extern' => '_tab'
+      );
+      $conf['htmlok'] = 1; // On peut mettre du html dans les pages
+      $conf['sitemap'] = 7;
+      $conf['rss_type'] = 'rss2';
+      $conf['userewrite'] = 1; // Important, sinon on casse tout avec les règles nginx définies par le module nixos
+      $conf['useslash'] = 1;
+      $conf['tpl']['bootstrap3']['showAddNewPage'] = 'logged';
+      $conf['tpl']['bootstrap3']['fluidContainer'] = 0;
+      $conf['htmlmail'] = 0; // On envoie les mails en plain text
+      $conf['authtype'] = 'oauth';
+      $conf['plugin']['oauthkeycloak']['key'] = '${keycloakKey}';
+      $conf['plugin']['oauthkeycloak']['secret'] = file('${keycloakSecretFile}', FILE_IGNORE_NEW_LINES)[0];
+      $conf['plugin']['oauthkeycloak']['openidurl'] = '${keycloakUrl}';
+      $conf['plugin']['oauth']['register-on-auth'] = 1;
+    '';
+
+    pluginsConfig = ''
+      $plugins['authmysql'] = 0;
+      $plugins['popularity'] = 0;
+      $plugins['authpgsql'] = 0;
+      $plugins['authpdo'] = 0;
+      $plugins['authldap'] = 0;
+      $plugins['oauthkeycloak'] = 1;
+    '';
+
+    disableActions = "register";
+    superUser = "@admin";
+
+    aclUse = true;
+
+    # Il faut packager les templates
+    templates = [ pkgs.rz.dokuwikiExtensions.templates.bootstrap3 ];
+    plugins = [
+      pkgs.rz.dokuwikiExtensions.plugins.commonmark
+      pkgs.rz.dokuwikiExtensions.plugins.catlist
+      pkgs.rz.dokuwikiExtensions.plugins.keycloak
+      pkgs.rz.dokuwikiExtensions.plugins.oauth
+    ];
+  };
+  services.phpfpm.pools."dokuwiki-${hostname}".phpPackage = pkgs.lib.mkForce ( pkgs.php74.withExtensions (
+    { all, enabled, ... }:
+      enabled ++ [
+        all.xml #Requis par le template bootstrap3
+      ]
+  ));
+}