| .. | ||
| default.nix | ||
| README.md | ||
Wiki Host - MediaWiki
MediaWiki instance at 141.56.51.13 running in an LXC container.
Overview
- Hostname: wiki
- FQDN: wiki.htw.stura-dresden.de
- IP Address: 141.56.51.13
- Type: Proxmox LXC Container
- Services: MediaWiki, MariaDB, Apache httpd, PHP-FPM
Services
MediaWiki
The StuRa HTW Dresden wiki runs MediaWiki with extensive customization:
- Name: Wiki StuRa HTW Dresden
- Language: German (de)
- Default skin: Vector (classic)
- Session timeout: 3 hours (10800 seconds)
- ImageMagick: Enabled for image processing
- Instant Commons: Enabled (access to Wikimedia Commons images)
Custom Namespaces
The wiki defines several custom namespaces for organizational purposes:
| Namespace | ID | Purpose |
|---|---|---|
| StuRa | 100 | Standard StuRa content |
| Intern | 102 | Internal (non-public) StuRa content |
| Admin | 104 | Administrative wiki content |
| Person | 106 | Individual person pages (non-public) |
| Faranto | 108 | Faranto e.V. content |
| ET | 212 | ET Fachschaft content |
| ET_intern | 412 | ET internal content |
| LaUCh | 216 | LaUCh Fachschaft content |
| LaUCh_intern | 416 | LaUCh internal content |
Each namespace has a corresponding discussion namespace (odd numbered ID).
User Groups and Permissions
Custom user groups:
- intern: Access to Intern and Person namespaces
- ET: Access to ET_intern namespace
- LUC: Access to LaUCh_intern namespace
These groups have the same base permissions as standard users (move pages, edit, upload, etc.) plus access to their respective restricted namespaces.
Spam Prevention
QuestyCaptcha is configured to prevent automated spam:
- Challenges users with questions about HTW and StuRa
- Triggered on: edit, create, createtalk, addurl, createaccount, badlogin
- Questions are specific to local knowledge (e.g., "Welche Anzahl an Referaten hat unser StuRa geschaffen?")
Extensions
The following extensions are installed:
- Lockdown: Restricts namespace access by user group
- ContributionScores: Statistics of contributions by user
- UserMerge: Merge and delete user accounts (for spam cleanup)
- Interwiki: Use interwiki links (e.g., Wikipedia references)
- Cite: Reference system (footnotes)
- ConfirmEdit/QuestyCaptcha: CAPTCHA challenges
Deployment
See the main README for deployment methods.
Initial Installation
Using nixos-anywhere:
nix run github:nix-community/nixos-anywhere -- --flake .#wiki --target-host root@141.56.51.13
Using container tarball:
nix build .#containers-wiki
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@proxmox-host:/var/lib/vz/template/cache/
pct create 113 /var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz \
--hostname wiki \
--net0 name=eth0,bridge=vmbr0,ip=141.56.51.13/24,gw=141.56.51.254 \
--memory 2048 \
--cores 2 \
--rootfs local-lvm:10 \
--unprivileged 1 \
--features nesting=1
pct start 113
Updates
# From local machine
nixos-rebuild switch --flake .#wiki --target-host root@141.56.51.13
# Or use auto-generated script
nix run .#wiki-update
Post-Deployment Steps
After deploying for the first time:
-
Set admin password:
echo "your-secure-password" > /var/lib/mediawiki/mediawiki-password chmod 600 /var/lib/mediawiki/mediawiki-password -
Set database password:
echo "your-db-password" > /var/lib/mediawiki/mediawiki-dbpassword chmod 600 /var/lib/mediawiki/mediawiki-dbpassword -
Access the web interface:
https://wiki.htw.stura-dresden.de -
Complete initial setup:
- Log in with admin credentials
- Configure additional settings via Special:Version
- Set up main page
-
Configure namespace permissions:
- Add users to
intern,ET, orLUCgroups via Special:UserRights - Verify namespace restrictions work correctly
- Test that non-members cannot access restricted namespaces
- Add users to
-
Add users to appropriate groups:
- Navigate to Special:UserRights
- Select user
- Add to: intern, ET, LUC, sysop, bureaucrat (as needed)
-
Upload logo and favicon (optional):
- Place files in
/var/lib/mediawiki/images/ - Files:
logo.png,logo.svg,favicon.png
- Place files in
Integration with Proxy
The central proxy at 141.56.51.1 handles:
- SNI routing: Routes HTTPS traffic for wiki.htw.stura-dresden.de
- HTTP routing: Routes HTTP traffic and redirects to HTTPS
- ACME challenges: Forwards certificate verification requests
This host manages its own ACME certificates. Apache httpd handles TLS termination.
Troubleshooting
Locale warnings
When accessing the container with pct enter, you may see:
sh: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
sh: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory
This is a known issue and can be safely ignored. It only affects the interactive shell environment, not the running services. Regular SSH access provides a proper shell with correct locale settings.
Database connection issues
If MediaWiki cannot connect to the database:
# Check MariaDB status
systemctl status mysql
# Check database exists
mysql -u root -e "SHOW DATABASES;"
# Check user permissions
mysql -u root -e "SHOW GRANTS FOR 'mediawiki'@'localhost';"
# View MediaWiki logs
journalctl -u mediawiki -f
Solution: Ensure the database password in /var/lib/mediawiki/mediawiki-dbpassword matches the database user password.
Extension loading problems
If extensions are not working:
# Check extension files exist
ls -l /nix/store/*-mediawiki-extensions/
# View PHP errors
tail -f /var/log/httpd/error_log
# Test MediaWiki configuration
php /var/lib/mediawiki/maintenance/checkSetup.php
Solution: Verify extensions are properly defined in the configuration and compatible with the MediaWiki version.
ImageMagick configuration
If image uploads or thumbnails fail:
# Check ImageMagick installation
which convert
/run/current-system/sw/bin/convert --version
# Test image conversion
/run/current-system/sw/bin/convert input.png -resize 100x100 output.png
# Check MediaWiki image directory permissions
ls -ld /var/lib/mediawiki/images/
Solution: Ensure ImageMagick path is set correctly ($wgImageMagickConvertCommand) and the images directory is writable.
Namespace permission issues
If users can access restricted namespaces:
# Check Lockdown extension is loaded
grep -i lockdown /var/lib/mediawiki/LocalSettings.php
# Verify user group membership
# Log in as admin and check Special:UserRights
# Check namespace permission configuration
grep -A 5 "wgNamespacePermissionLockdown" /var/lib/mediawiki/LocalSettings.php
Solution: Verify the Lockdown extension is installed and $wgNamespacePermissionLockdown is configured correctly for each restricted namespace.
ACME certificate issues
If HTTPS is not working:
# Check ACME certificate status
systemctl status acme-wiki.htw.stura-dresden.de
# View ACME logs
journalctl -u acme-wiki.htw.stura-dresden.de -f
# Check Apache HTTPS configuration
httpd -t -D DUMP_VHOSTS
Solution: Ensure DNS points to proxy (141.56.51.1) and the proxy forwards ACME challenges to this host.
Files and Directories
- MediaWiki data:
/var/lib/mediawiki/ - Password file:
/var/lib/mediawiki/mediawiki-password - DB password file:
/var/lib/mediawiki/mediawiki-dbpassword - Images:
/var/lib/mediawiki/images/ - LocalSettings:
/var/lib/mediawiki/LocalSettings.php(generated) - Extensions:
/nix/store/.../mediawiki-extensions/ - Database: MariaDB stores data in
/var/lib/mysql/
Network
- Interface: eth0 (LXC container)
- IP: 141.56.51.13/24
- Gateway: 141.56.51.254
- Firewall: Ports 80, 443 allowed
Configuration Details
- Time zone: Europe/Berlin
- Table prefix: sturawiki
- Emergency contact: wiki@stura.htw-dresden.de
- Password sender: wiki@stura.htw-dresden.de
- External images: Allowed
- File uploads: Enabled
- Email notifications: Enabled (user talk, watchlist)
Automatic Maintenance
- Auto-upgrade: Enabled (system automatically updates)
- Auto-reboot: Allowed (system may reboot for updates)
- Store optimization: Automatic
- Garbage collection: Automatic
See Also
- Main README - Deployment methods and architecture
- Proxy README - How the central proxy routes traffic
- MediaWiki Documentation
- NixOS MediaWiki Options
- Extension:Lockdown
- Extension:QuestyCaptcha