diff options
Diffstat (limited to 'modules/mediawiki')
| -rw-r--r-- | modules/mediawiki/files/init_wiki.php | 14 | ||||
| -rw-r--r-- | modules/mediawiki/files/robots.txt | 4 | ||||
| -rw-r--r-- | modules/mediawiki/manifests/base.pp | 46 | ||||
| -rw-r--r-- | modules/mediawiki/manifests/config.pp | 9 | ||||
| -rw-r--r-- | modules/mediawiki/manifests/init.pp | 102 | ||||
| -rw-r--r-- | modules/mediawiki/manifests/instance.pp | 100 | ||||
| -rw-r--r-- | modules/mediawiki/templates/LocalSettings.php | 192 | ||||
| -rw-r--r-- | modules/mediawiki/templates/wiki_vhost.conf | 4 |
8 files changed, 285 insertions, 186 deletions
diff --git a/modules/mediawiki/files/init_wiki.php b/modules/mediawiki/files/init_wiki.php index 926c52fc..da1d46f5 100644 --- a/modules/mediawiki/files/init_wiki.php +++ b/modules/mediawiki/files/init_wiki.php @@ -2,6 +2,10 @@ $wiki_root = $argv[1]; $mw_root = '/usr/share/mediawiki'; +if (!is_dir("$wiki_root/config")) { + exit(1); +} + // DefaultSettings.php complain if not defined define('MEDIAWIKI',1); @@ -11,12 +15,10 @@ require_once("$mw_root/includes/GlobalFunctions.php"); include("$wiki_root/LocalSettings.php"); $dbclass = 'Database'.ucfirst($wgDBtype); -$dbc = new $dbclass; - -$wgDatabase = $dbc->newFromParams($wgDBserver, - $wgDBuser, - $wgDBpassword, $wgDBname, 1); - +$wgDatabase = new $dbclass($wgDBserver, + $wgDBuser, + $wgDBpassword, $wgDBname, 1); + $wgDatabase->initial_setup($wgDBpassword, $wgDBname); $wgDatabase->setup_database(); diff --git a/modules/mediawiki/files/robots.txt b/modules/mediawiki/files/robots.txt new file mode 100644 index 00000000..a58c6199 --- /dev/null +++ b/modules/mediawiki/files/robots.txt @@ -0,0 +1,4 @@ +User-agent: * +Disallow: /mw-*/index.php? +Disallow: /*/Special: +Crawl-delay: 30 diff --git a/modules/mediawiki/manifests/base.pp b/modules/mediawiki/manifests/base.pp new file mode 100644 index 00000000..76c8625b --- /dev/null +++ b/modules/mediawiki/manifests/base.pp @@ -0,0 +1,46 @@ +class mediawiki::base { + include apache::mod::php + $vhost = $mediawiki::config::vhost + $root = $mediawiki::config::root + + package { ['mediawiki','mediawiki-ldapauthentication']: } + + file { $mediawiki::config::root: + ensure => directory, + } + + $wiki_root = $mediawiki::config::root + $robotsfile = "$wiki_root/robots.txt" + file { $robotsfile: + ensure => present, + mode => '0644', + owner => root, + group => root, + source => 'puppet:///modules/mediawiki/robots.txt', + } + +# file { '/usr/local/bin/init_wiki.php': +# mode => '0755', +# source => 'puppet:///modules/mediawiki/init_wiki.php', +# } + + $user = 'mediawiki' + + postgresql::remote_user { $user: + password => $mediawiki::config::pgsql_password, + } + + # TODO create the ldap user + + if $vhost { + apache::vhost::redirect_ssl { $vhost: } + + apache::vhost::base { "ssl_${vhost}": + location => $root, + use_ssl => true, + vhost => $vhost, + content => template('mediawiki/wiki_vhost.conf'), + } + } + # add index.php +} diff --git a/modules/mediawiki/manifests/config.pp b/modules/mediawiki/manifests/config.pp new file mode 100644 index 00000000..0c54cdf6 --- /dev/null +++ b/modules/mediawiki/manifests/config.pp @@ -0,0 +1,9 @@ +# the class is just here to handle global configuration +# a smart variation of the methods exposed on +# https://puppetlabs.com/blog/the-problem-with-separating-data-from-puppet-code/ +class mediawiki::config( + $pgsql_password, + $secretkey, + $ldap_password, + $vhost = "wiki.${::domain}", + $root = '/srv/wiki/') {} diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp index a46bf419..28e79fab 100644 --- a/modules/mediawiki/manifests/init.pp +++ b/modules/mediawiki/manifests/init.pp @@ -1,101 +1 @@ -class mediawiki { - class config( - $pgsql_password, - $secretkey, - $ldap_password, - $vhost = "wiki.$domain", - $root = "/srv/wiki/" - ) { } - - class base inherits config { - - include apache::mod_php - - package { ['mediawiki-minimal','mediawiki-ldapauthentication']: } - - file { $root: - ensure => directory, - } - - file { "/usr/local/bin/init_wiki.php": - mode => 755, - source => 'puppet:///modules/mediawiki/init_wiki.php', - } - - $user = "mediawiki" - - postgresql::remote_user { $user: - password => sprintf('%s', $config::pgsql_password), - } - - # TODO create the ldap user - - if $vhost { - apache::vhost_redirect_ssl { $vhost: } - - apache::vhost_base { "ssl_$vhost": - location => $root, - use_ssl => true, - vhost => $vhost, - content => template("mediawiki/wiki_vhost.conf"), - } - } - - - - # add index.php - } - - # do wiki basic installation - - define instance($title, $wiki_settings = '', $skinsdir = '/usr/share/mediawiki/skins') { - - include mediawiki::base - - $path = $name - $lang = $name - $wiki_root = "$mediawiki::base::root/$path" - $db_name = "mediawiki_$name" - $db_user = "$mediawiki::base::user" - $db_password = "$mediawiki::config::pgsql_password" - $secret_key = "$mediawiki::config::secretkey" - - file { "$wiki_root": - ensure => directory - } - - file { "$wiki_root/skins": - ensure => link, - target => $skinsdir, - require => File["$wiki_root"], - } - - exec { "wikicreate $name": - command => "mediawiki-create $wiki_root", - cwd => "$mediawiki::base::root", - require => [File["$wiki_root"],Package['mediawiki-minimal']], - creates => "$wiki_root/index.php", - } - - postgresql::remote_database { "$db_name": - user => $db_user, - callback_notify => Exec["deploy_db $name"], - } - - exec { "deploy_db $name": - command => "php /usr/local/bin/init_wiki.php $wiki_root", - refreshonly => true, - onlyif => "test -d $wiki_root/config", - } - $ldap_password = $config::ldap_password - - file { "$wiki_root/LocalSettings.php": - owner => apache, - mode => 600, - content => template("mediawiki/LocalSettings.php"), - # if LocalSettings is created first, the wikicreate script - # do not create a confg directory, and so it doesn't trigger deploy_db exec - require => Exec["wikicreate $name"], - } - } -} +class mediawiki { } diff --git a/modules/mediawiki/manifests/instance.pp b/modules/mediawiki/manifests/instance.pp new file mode 100644 index 00000000..c6906449 --- /dev/null +++ b/modules/mediawiki/manifests/instance.pp @@ -0,0 +1,100 @@ +define mediawiki::instance( $title, + $wiki_settings = '', + $skinsdir = '/usr/share/mediawiki/skins') { + + include mediawiki::base + + $path = $name + $lang = $name + $wiki_root = "${mediawiki::base::root}/${path}" + $db_name = "mediawiki_${name}" + $db_user = $mediawiki::base::user + $db_password = $mediawiki::config::pgsql_password + $secret_key = $mediawiki::config::secretkey + $ldap_password = $mediawiki::config::ldap_password + $includedir = "/usr/share/mediawiki/includes" + $maintenancedir = "/usr/share/mediawiki/maintenance" + $vendordir = "/usr/share/mediawiki/vendor" + $resourcesdir = "/usr/share/mediawiki/resources" + $extensionsdir = "/usr/share/mediawiki/extensions" + + file { $wiki_root: + ensure => directory + } + + file { "${wiki_root}/skins": + ensure => link, + target => $skinsdir, + require => File[$wiki_root], + } + file { "${wiki_root}/includes": + ensure => link, + target => $includedir, + require => File[$wiki_root], + } + + file { "${wiki_root}/maintenance": + ensure => link, + target => $maintenancedir, + require => File[$wiki_root], + } + + file { "${wiki_root}/vendor": + ensure => link, + target => $vendordir, + require => File[$wiki_root], + } + + file { "${wiki_root}/resources": + ensure => link, + target => $resourcesdir, + require => File[$wiki_root], + } + + file { "${wiki_root}/extensions": + ensure => link, + target => $extensionsdir, + require => File[$wiki_root], + } + + file { "${wiki_root}/cache": + ensure => directory, + owner => apache, + mode => '0755', + } + + file { "${wiki_root}/tmp": + ensure => directory, + owner => apache, + mode => '0755', + } + + exec { "wikicreate ${name}": + command => "mediawiki-create ${wiki_root}", + cwd => $mediawiki::base::root, + require => [File[$wiki_root],Package['mediawiki']], + creates => "${wiki_root}/index.php", + } + +# postgresql::remote_database { $db_name: +# user => $db_user, +# callback_notify => Exec["deploy_db ${name}"], +# } +# +# exec { "deploy_db ${name}": +# command => "php /usr/local/bin/init_wiki.php ${wiki_root}", +# refreshonly => true, +# onlyif => "/usr/bin/test -d ${wiki_root}/config", +# } + + file { "${wiki_root}/LocalSettings.php": + owner => 'apache', + mode => '0600', + content => template('mediawiki/LocalSettings.php'), + # if LocalSettings is created first, the wikicreate script + # do not create a confg directory, and so it doesn't + # trigger deploy_db exec + require => Exec["wikicreate ${name}"], + } +} + diff --git a/modules/mediawiki/templates/LocalSettings.php b/modules/mediawiki/templates/LocalSettings.php index 3e0b7bd3..c340dfd9 100644 --- a/modules/mediawiki/templates/LocalSettings.php +++ b/modules/mediawiki/templates/LocalSettings.php @@ -7,105 +7,121 @@ # file, not there. # # Further documentation for configuration settings may be found at: -# http://www.mediawiki.org/wiki/Manual:Configuration_settings +# https://www.mediawiki.org/wiki/Manual:Configuration_settings +# Protect against web entry +if ( !defined( 'MEDIAWIKI' ) ) { + exit; +} + +## Installation path (should default to this value, but define for clarity) $IP = '/usr/share/mediawiki'; -if (! isset($DIR)) $DIR = getcwd(); +## Include path necessary to load LDAP module $path = array( $IP, "$IP/includes", "$IP/languages" ); set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() ); -require_once( "$IP/includes/DefaultSettings.php" ); - -if ( $wgCommandLineMode ) { - if ( isset( $_SERVER ) && array_key_exists( 'REQUEST_METHOD', $_SERVER ) ) { - die( "This script must be run from the command line\n" ); - } -} ## Uncomment this to disable output compression # $wgDisableOutputCompression = true; -$wgSitename = "<%= title %>"; +$wgSitename = "<%= @title %>"; +# $wgMetaNamespace = ""; # Defaults to $wgSitename ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. -## For more information on customizing the URLs please see: -## http://www.mediawiki.org/wiki/Manual:Short_URL -$wgScriptPath = "/<%= path %>"; -$wgScriptExtension = ".php"; +## For more information on customizing the URLs +## (like /w/index.php/Page_title to /wiki/Page_title) please see: +## https://www.mediawiki.org/wiki/Manual:Short_URL +$wgScriptPath = "/<%= @path %>"; + +## The protocol and server name to use in fully-qualified URLs +$wgServer = "https://wiki.mageia.org"; + +## The URL path to static resources (images, scripts, etc.) +$wgResourceBasePath = $wgScriptPath; ## The relative URL path to the skins directory -$wgStylePath = "$wgScriptPath/skins"; +$wgStylePath = "$wgScriptPath/skins"; ## The relative URL path to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! -$wgLogo = "$wgStylePath/common/images/wiki.png"; +$wgLogo = "$wgStylePath/common/images/wiki_mga.png"; ## UPO means: this is also a user preference option -$wgEnableEmail = true; -$wgEnableUserEmail = true; # UPO +$wgEnableEmail = true; +$wgEnableUserEmail = true; # UPO -$wgEmergencyContact = "root@<%= domain %>"; -$wgPasswordSender = "root@<%= domain %>"; +$wgEmergencyContact = "root@<%= @domain %>"; +$wgPasswordSender = "wiki_noreply@ml.<%= @domain %>"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; ## Database settings -$wgDBtype = "postgres"; -$wgDBserver = "pgsql.<%= domain %>"; -$wgDBname = "<%= db_name %>"; -$wgDBuser = "<%= db_user %>"; -$wgDBpassword = "<%= db_password %>"; +$wgDBtype = "postgres"; +$wgDBserver = "pg.<%= @domain %>"; +$wgDBname = "<%= @db_name %>"; +$wgDBuser = "<%= @db_user %>"; +$wgDBpassword = "<%= @db_password %>"; # Postgres specific settings -$wgDBport = "5432"; -$wgDBmwschema = "mediawiki"; -$wgDBts2schema = "public"; +$wgDBport = "5432"; +$wgDBmwschema = "mediawiki"; +$wgDBts2schema = "public"; ## Shared memory settings $wgMainCacheType = CACHE_NONE; -$wgMemCachedServers = array(); +$wgMemCachedServers = []; ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: -$wgEnableUploads = false; -# use gd, as convert do not work for big image +$wgEnableUploads = true; +# use gd, as convert do not work for big image # see https://bugs.mageia.org/show_bug.cgi?id=3202 -$wgUseImageMagick = false; +$wgUseImageMagick = true; #$wgImageMagickConvertCommand = "/usr/bin/convert"; +# InstantCommons allows wiki to use images from https://commons.wikimedia.org +$wgUseInstantCommons = false; + ## If you use ImageMagick (or any other shell command) on a ## Linux server, this will need to be set to the name of an ## available UTF-8 locale $wgShellLocale = "en_US.UTF-8"; -## If you want to use image uploads under safe mode, -## create the directories images/archive, images/thumb and -## images/temp, and make them all writable. Then uncomment -## this, if it's not already uncommented: -# $wgHashedUploadDirectory = false; - -## If you have the appropriate support software installed -## you can enable inline LaTeX equations: -$wgUseTeX = false; - ## Set $wgCacheDirectory to a writable directory on the web server ## to make your wiki go slightly faster. The directory should not -## be publically accessible from the web. -#$wgCacheDirectory = "$IP/cache"; +## be publicly accessible from the web. +# This seems actually mandatory to get the Vector skin to work properly +# https://serverfault.com/a/744059 +# FIXME: Dehardcode that path (maybe via ${wiki_root} if exposed?) +$wgCacheDirectory = "/srv/wiki/<%= @path %>/cache"; -$wgLocalInterwiki = strtolower( $wgSitename ); +$wgUploadDirectory = "/srv/wiki/<%= @path %>/images"; -$wgLanguageCode = "<%= lang %>"; +# This seems mandatory to get the Vector skin to work properly +# https://phabricator.wikimedia.org/T119934 +# FIXME: Dehardcode that path (maybe via ${wiki_root} if exposed?) +$wgTmpDirectory = "/srv/wiki/<%= @path %>/tmp"; -$wgSecretKey = "<%= secret_key %>"; +# Array of interwiki prefixes for current wiki. +$wgLocalInterwikis = array( strtolower( $wgSitename ) ); -## Default skin: you can change the default skin. Use the internal symbolic -## names, ie 'vector', 'monobook': -$wgDefaultSkin = 'modern'; +# Site language code, should be one of the list in ./languages/data/Names.php +$wgLanguageCode = "<%= @lang %>"; + +$wgSecretKey = "<%= @secret_key %>"; + +# Changing this will log out all existing sessions. +$wgAuthenticationTokenVersion = "1"; + +# Site upgrade key. Must be set to a string (default provided) to turn on the +# web installer while LocalSettings.php is in place +# FIXME: This should be set to a secure value: +# https://www.mediawiki.org/wiki/Manual:$wgUpgradeKey +# $wgUpgradeKey = ""; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation @@ -113,17 +129,41 @@ $wgDefaultSkin = 'modern'; $wgEnableCreativeCommonsRdf = true; # TODO add a proper page $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright -$wgRightsUrl = "http://creativecommons.org/licenses/by-sa/3.0/"; -$wgRightsText = "Creative Common - Attibution - ShareAlike 3.0"; +$wgRightsUrl = "https://creativecommons.org/licenses/by-sa/3.0/"; +$wgRightsText = "Creative Commons - Attribution-ShareAlike 3.0 Unported"; # TODO get the icon to host it on our server -$wgRightsIcon = "http://i.creativecommons.org/l/by-sa/3.0/88x31.png"; -# $wgRightsCode = "gfdl1_3"; # Not yet used +$wgRightsIcon = "https://licensebuttons.net/l/by-sa/3.0/88x31.png"; +# Path to the GNU diff3 utility. Used for conflict resolution. $wgDiff3 = "/usr/bin/diff3"; -# When you make changes to this configuration file, this will make -# sure that cached pages are cleared. -$wgCacheEpoch = max( $wgCacheEpoch, gmdate( 'YmdHis', @filemtime( __FILE__ ) ) ); +## Default skin: you can change the default skin. Use the internal symbolic +## names, ie 'vector', 'monobook': +$wgDefaultSkin = 'vector'; + +# Enabled skins. +# The following skins were automatically enabled: +wfLoadSkin( 'MonoBook' ); +wfLoadSkin( 'Vector' ); + + +# End of automatically generated settings. +# Add more configuration options below. + + +# Setting this to true will invalidate all cached pages whenever +# LocalSettings.php is changed. +$wgInvalidateCacheOnLocalSettingsChange = true; + +# FIXME: Obsoleted, to be replaced by $wgPasswordPolicy +# https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy +$wgMinimalPasswordLength = 1; + +# Give more details on errors +$wgShowExceptionDetails = true; + + +## LDAP setup require_once 'extensions/LdapAuthentication/LdapAuthentication.php'; $wgAuth = new LdapAuthenticationPlugin(); @@ -132,39 +172,37 @@ $wgAuth = new LdapAuthenticationPlugin(); # $wgLDAPDebug = 10; # $wgDebugLogGroups["ldap"] = "/tmp/wiki_ldap.log"; # -# $wgDebugLogFile = "/tmp/wiki.log"; +$wgDebugLogFile = "/tmp/wiki.log"; # $wgLDAPUseLocal = false; -$wgLDAPDomainNames = array( 'ldap'); +$wgLDAPDomainNames = array( 'ldap' ); + +# TODO make it workable with more than one server +$wgLDAPServerNames = array( 'ldap' => 'ldap.<%= @domain %>' ); + +$wgLDAPSearchStrings = array( 'ldap' => 'uid=USER-NAME,ou=People,<%= @dc_suffix %>' ); -#TODO make it workable with more than one server -$wgLDAPServerNames = array( 'ldap' => 'ldap.<%= domain %>' ); - -$wgLDAPSearchStrings = array( 'ldap' => 'uid=USER-NAME,ou=People,<%= dc_suffix %>'); +$wgLDAPEncryptionType = array( 'ldap' => 'tls' ); -$wgLDAPEncryptionType = array( 'ldap' => 'tls'); +$wgLDAPBaseDNs = array( 'ldap' => '<%= @dc_suffix %>' ); +$wgLDAPUserBaseDNs = array( 'ldap' => 'ou=People,<%= @dc_suffix %>' ); +$wgLDAPGroupBaseDNs = array ( 'ldap' => 'ou=Group,<%= @dc_suffix %>' ); -$wgLDAPBaseDNs = array( 'ldap' => '<%= dc_suffix %>'); -$wgLDAPUserBaseDNs = array( 'ldap' => 'ou=People,<%= dc_suffix %>'); -$wgLDAPGroupBaseDNs = array ( 'ldap' => 'ou=Group,<%= dc_suffix %>' ); +$wgLDAPProxyAgent = array( 'ldap' => 'cn=mediawiki-alamut,ou=System Accounts,<%= @dc_suffix %>' ); -$wgLDAPProxyAgent = array( 'ldap' => 'cn=mediawiki-alamut,ou=System Accounts,<%= dc_suffix %>'); - -$wgLDAPProxyAgentPassword = array( 'ldap' => '<%= ldap_password %>' ); +$wgLDAPProxyAgentPassword = array( 'ldap' => '<%= @ldap_password %>' ); -$wgLDAPUseLDAPGroups = array( "ldap" => true ); -$wgLDAPGroupNameAttribute = array( "ldap" => "cn" ); +$wgLDAPUseLDAPGroups = array( 'ldap' => true ); +$wgLDAPGroupNameAttribute = array( 'ldap' => 'cn' ); $wgLDAPGroupUseFullDN = array( 'ldap' => true ); $wgLDAPLowerCaseUsername = array( 'ldap' => true ); $wgLDAPGroupObjectclass = array( 'ldap' => 'posixGroup' ); $wgLDAPGroupAttribute = array( 'ldap' => 'member' ); -$wgLDAPLowerCaseUsername = array( "ldap" => true ); - -$wgLDAPPreferences = array( "ldap" => array( "email"=>"mail","realname"=>"cn","nickname"=>"uid","language"=>"preferredlanguage") ); +$wgLDAPLowerCaseUsername = array( 'ldap' => true ); -$wgMinimalPasswordLength = 1; +$wgLDAPPreferences = array( 'ldap' => array( 'email'=>'mail','realname'=>'cn','nickname'=>'uid','language'=>'preferredlanguage') ); -<%= wiki_settings %> +<%= @wiki_settings %> diff --git a/modules/mediawiki/templates/wiki_vhost.conf b/modules/mediawiki/templates/wiki_vhost.conf index 3fe038c3..1ae3492d 100644 --- a/modules/mediawiki/templates/wiki_vhost.conf +++ b/modules/mediawiki/templates/wiki_vhost.conf @@ -1,9 +1,9 @@ # heavily used by the wiki farm stuff -<Directory <%= root %>> +<Directory <%= @root %>> Options +FollowSymLinks </Directory> -<Directory <%= root %>/images> +<Directory <%= @root %>/images> SetHandler default-handler </Directory> |