8 files changed, 416 insertions, 0 deletions
diff --git a/modules/mediawiki/files/init_wiki.php b/modules/mediawiki/files/init_wiki.php
new file mode 100644
index 00000000..da1d46f5
--- /dev/null
+++ b/modules/mediawiki/files/init_wiki.php
@@ -0,0 +1,31 @@
+<?
+$wiki_root = $argv[1];
+$mw_root = '/usr/share/mediawiki';
+
+if (!is_dir("$wiki_root/config")) {
+    exit(1);
+}
+
+// DefaultSettings.php complain if not defined
+define('MEDIAWIKI',1);
+
+require_once("$mw_root/includes/Defines.php");
+require_once("$mw_root/includes/AutoLoader.php");
+require_once("$mw_root/includes/GlobalFunctions.php");
+include("$wiki_root/LocalSettings.php");
+
+$dbclass = 'Database'.ucfirst($wgDBtype);
+$wgDatabase = new $dbclass($wgDBserver, 
+			$wgDBuser, 
+			$wgDBpassword, $wgDBname, 1);
+	
+$wgDatabase->initial_setup($wgDBpassword, $wgDBname);
+$wgDatabase->setup_database();
+
+$dir = "$wiki_root/config";
+foreach (scandir($dir) as $item) {
+        if (!is_dir($item) || is_link($item))
+                unlink($item); 
+}
+rmdir("$dir");
+?>
diff --git a/modules/mediawiki/files/robots.txt b/modules/mediawiki/files/robots.txt
new file mode 100644
index 00000000..a58c6199
--- /dev/null
+++ b/modules/mediawiki/files/robots.txt
@@ -0,0 +1,4 @@
+User-agent: *
+Disallow: /mw-*/index.php?
+Disallow: /*/Special:
+Crawl-delay: 30
diff --git a/modules/mediawiki/manifests/base.pp b/modules/mediawiki/manifests/base.pp
new file mode 100644
index 00000000..76c8625b
--- /dev/null
+++ b/modules/mediawiki/manifests/base.pp
@@ -0,0 +1,46 @@
+class mediawiki::base {
+    include apache::mod::php
+    $vhost = $mediawiki::config::vhost
+    $root = $mediawiki::config::root
+
+    package { ['mediawiki','mediawiki-ldapauthentication']: }
+
+    file { $mediawiki::config::root:
+        ensure => directory,
+    }
+
+    $wiki_root = $mediawiki::config::root
+    $robotsfile = "$wiki_root/robots.txt"
+    file { $robotsfile:
+        ensure => present,
+        mode   => '0644',
+        owner  => root,
+        group  => root,
+        source => 'puppet:///modules/mediawiki/robots.txt',
+    }
+
+#    file { '/usr/local/bin/init_wiki.php':
+#        mode   => '0755',
+#        source => 'puppet:///modules/mediawiki/init_wiki.php',
+#    }
+
+    $user = 'mediawiki'
+
+    postgresql::remote_user { $user:
+        password => $mediawiki::config::pgsql_password,
+    }
+
+    # TODO create the ldap user
+
+    if $vhost {
+        apache::vhost::redirect_ssl { $vhost: }
+
+        apache::vhost::base { "ssl_${vhost}":
+            location => $root,
+            use_ssl  => true,
+            vhost    => $vhost,
+            content  => template('mediawiki/wiki_vhost.conf'),
+        }
+    }
+    # add index.php
+}
diff --git a/modules/mediawiki/manifests/config.pp b/modules/mediawiki/manifests/config.pp
new file mode 100644
index 00000000..0c54cdf6
--- /dev/null
+++ b/modules/mediawiki/manifests/config.pp
@@ -0,0 +1,9 @@
+# the class is just here to handle global configuration
+# a smart variation of the methods exposed on
+# https://puppetlabs.com/blog/the-problem-with-separating-data-from-puppet-code/
+class mediawiki::config(
+    $pgsql_password,
+    $secretkey,
+    $ldap_password,
+    $vhost = "wiki.${::domain}",
+    $root = '/srv/wiki/') {}
diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp
new file mode 100644
index 00000000..28e79fab
--- /dev/null
+++ b/modules/mediawiki/manifests/init.pp
@@ -0,0 +1 @@
+class mediawiki { }
diff --git a/modules/mediawiki/manifests/instance.pp b/modules/mediawiki/manifests/instance.pp
new file mode 100644
index 00000000..c6906449
--- /dev/null
+++ b/modules/mediawiki/manifests/instance.pp
@@ -0,0 +1,100 @@
+define mediawiki::instance( $title,
+                            $wiki_settings = '',
+                            $skinsdir = '/usr/share/mediawiki/skins') {
+
+    include mediawiki::base
+
+    $path = $name
+    $lang = $name
+    $wiki_root = "${mediawiki::base::root}/${path}"
+    $db_name = "mediawiki_${name}"
+    $db_user = $mediawiki::base::user
+    $db_password = $mediawiki::config::pgsql_password
+    $secret_key = $mediawiki::config::secretkey
+    $ldap_password = $mediawiki::config::ldap_password
+    $includedir = "/usr/share/mediawiki/includes"
+    $maintenancedir = "/usr/share/mediawiki/maintenance"
+    $vendordir = "/usr/share/mediawiki/vendor"
+    $resourcesdir = "/usr/share/mediawiki/resources"
+    $extensionsdir = "/usr/share/mediawiki/extensions"
+
+    file { $wiki_root:
+        ensure => directory
+    }
+
+    file { "${wiki_root}/skins":
+        ensure  => link,
+        target  => $skinsdir,
+        require => File[$wiki_root],
+    }
+    file { "${wiki_root}/includes":
+        ensure  => link,
+        target  => $includedir,
+        require => File[$wiki_root],
+    }
+
+    file { "${wiki_root}/maintenance":
+        ensure  => link,
+        target  => $maintenancedir,
+        require => File[$wiki_root],
+    }
+
+    file { "${wiki_root}/vendor":
+        ensure  => link,
+        target  => $vendordir,
+        require => File[$wiki_root],
+    }
+
+    file { "${wiki_root}/resources":
+        ensure  => link,
+        target  => $resourcesdir,
+        require => File[$wiki_root],
+    }
+
+    file { "${wiki_root}/extensions":
+        ensure  => link,
+        target  => $extensionsdir,
+        require => File[$wiki_root],
+    }
+
+    file { "${wiki_root}/cache":
+        ensure => directory,
+        owner  => apache,
+        mode   => '0755',
+    }
+
+    file { "${wiki_root}/tmp":
+        ensure => directory,
+        owner  => apache,
+        mode   => '0755',
+    }
+
+    exec { "wikicreate ${name}":
+        command => "mediawiki-create ${wiki_root}",
+        cwd     => $mediawiki::base::root,
+        require => [File[$wiki_root],Package['mediawiki']],
+        creates => "${wiki_root}/index.php",
+    }
+
+#    postgresql::remote_database { $db_name:
+#        user            => $db_user,
+#        callback_notify => Exec["deploy_db ${name}"],
+#    }
+#
+#    exec { "deploy_db ${name}":
+#        command     => "php /usr/local/bin/init_wiki.php ${wiki_root}",
+#        refreshonly => true,
+#        onlyif      => "/usr/bin/test -d ${wiki_root}/config",
+#    }
+
+    file { "${wiki_root}/LocalSettings.php":
+        owner   => 'apache',
+        mode    => '0600',
+        content => template('mediawiki/LocalSettings.php'),
+        # if LocalSettings is created first, the wikicreate script
+        # do not create a confg directory, and so it doesn't
+        # trigger deploy_db exec
+        require => Exec["wikicreate ${name}"],
+    }
+}
+
diff --git a/modules/mediawiki/templates/LocalSettings.php b/modules/mediawiki/templates/LocalSettings.php
new file mode 100644
index 00000000..c340dfd9
--- /dev/null
+++ b/modules/mediawiki/templates/LocalSettings.php
@@ -0,0 +1,208 @@
+<?php
+
+# This file was created by puppet, so any change will be overwritten
+
+# See includes/DefaultSettings.php for all configurable settings
+# and their default values, but don't forget to make changes in _this_
+# file, not there.
+#
+# Further documentation for configuration settings may be found at:
+# https://www.mediawiki.org/wiki/Manual:Configuration_settings
+
+# Protect against web entry
+if ( !defined( 'MEDIAWIKI' ) ) {
+        exit;
+}
+
+## Installation path (should default to this value, but define for clarity)
+$IP = '/usr/share/mediawiki';
+
+## Include path necessary to load LDAP module
+$path = array( $IP, "$IP/includes", "$IP/languages" );
+set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
+
+## Uncomment this to disable output compression
+# $wgDisableOutputCompression = true;
+
+$wgSitename = "<%= @title %>";
+# $wgMetaNamespace = ""; # Defaults to $wgSitename
+
+## The URL base path to the directory containing the wiki;
+## defaults for all runtime URL paths are based off of this.
+## For more information on customizing the URLs
+## (like /w/index.php/Page_title to /wiki/Page_title) please see:
+## https://www.mediawiki.org/wiki/Manual:Short_URL
+$wgScriptPath = "/<%= @path %>";
+
+## The protocol and server name to use in fully-qualified URLs
+$wgServer = "https://wiki.mageia.org";
+
+## The URL path to static resources (images, scripts, etc.)
+$wgResourceBasePath = $wgScriptPath;
+
+## The relative URL path to the skins directory
+$wgStylePath = "$wgScriptPath/skins";
+
+## The relative URL path to the logo.  Make sure you change this from the default,
+## or else you'll overwrite your logo when you upgrade!
+$wgLogo = "$wgStylePath/common/images/wiki_mga.png";
+
+## UPO means: this is also a user preference option
+
+$wgEnableEmail = true;
+$wgEnableUserEmail = true; # UPO
+
+$wgEmergencyContact = "root@<%= @domain %>";
+$wgPasswordSender = "wiki_noreply@ml.<%= @domain %>";
+
+$wgEnotifUserTalk = true; # UPO
+$wgEnotifWatchlist = true; # UPO
+$wgEmailAuthentication = true;
+
+## Database settings
+$wgDBtype = "postgres";
+$wgDBserver = "pg.<%= @domain %>";
+$wgDBname = "<%= @db_name %>";
+$wgDBuser = "<%= @db_user %>";
+$wgDBpassword = "<%= @db_password %>";
+
+# Postgres specific settings
+$wgDBport = "5432";
+$wgDBmwschema = "mediawiki";
+$wgDBts2schema = "public";
+
+## Shared memory settings
+$wgMainCacheType = CACHE_NONE;
+$wgMemCachedServers = [];
+
+## To enable image uploads, make sure the 'images' directory
+## is writable, then set this to true:
+$wgEnableUploads = true;
+# use gd, as convert do not work for big image
+# see https://bugs.mageia.org/show_bug.cgi?id=3202
+$wgUseImageMagick = true;
+#$wgImageMagickConvertCommand = "/usr/bin/convert";
+
+# InstantCommons allows wiki to use images from https://commons.wikimedia.org
+$wgUseInstantCommons = false;
+
+## If you use ImageMagick (or any other shell command) on a
+## Linux server, this will need to be set to the name of an
+## available UTF-8 locale
+$wgShellLocale = "en_US.UTF-8";
+
+## Set $wgCacheDirectory to a writable directory on the web server
+## to make your wiki go slightly faster. The directory should not
+## be publicly accessible from the web.
+# This seems actually mandatory to get the Vector skin to work properly
+# https://serverfault.com/a/744059
+# FIXME: Dehardcode that path (maybe via ${wiki_root} if exposed?)
+$wgCacheDirectory = "/srv/wiki/<%= @path %>/cache";
+
+$wgUploadDirectory = "/srv/wiki/<%= @path %>/images";
+
+# This seems mandatory to get the Vector skin to work properly
+# https://phabricator.wikimedia.org/T119934
+# FIXME: Dehardcode that path (maybe via ${wiki_root} if exposed?)
+$wgTmpDirectory = "/srv/wiki/<%= @path %>/tmp";
+
+# Array of interwiki prefixes for current wiki.
+$wgLocalInterwikis = array( strtolower( $wgSitename ) );
+
+# Site language code, should be one of the list in ./languages/data/Names.php
+$wgLanguageCode = "<%= @lang %>";
+
+$wgSecretKey = "<%= @secret_key %>";
+
+# Changing this will log out all existing sessions.
+$wgAuthenticationTokenVersion = "1";
+
+# Site upgrade key. Must be set to a string (default provided) to turn on the
+# web installer while LocalSettings.php is in place
+# FIXME: This should be set to a secure value:
+# https://www.mediawiki.org/wiki/Manual:$wgUpgradeKey
+# $wgUpgradeKey = "";
+
+## For attaching licensing metadata to pages, and displaying an
+## appropriate copyright notice / icon. GNU Free Documentation
+## License and Creative Commons licenses are supported so far.
+$wgEnableCreativeCommonsRdf = true;
+# TODO add a proper page
+$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
+$wgRightsUrl = "https://creativecommons.org/licenses/by-sa/3.0/";
+$wgRightsText = "Creative Commons - Attribution-ShareAlike 3.0 Unported";
+# TODO get the icon to host it on our server
+$wgRightsIcon = "https://licensebuttons.net/l/by-sa/3.0/88x31.png";
+
+# Path to the GNU diff3 utility. Used for conflict resolution.
+$wgDiff3 = "/usr/bin/diff3";
+
+## Default skin: you can change the default skin. Use the internal symbolic
+## names, ie 'vector', 'monobook':
+$wgDefaultSkin = 'vector';
+
+# Enabled skins.
+# The following skins were automatically enabled:
+wfLoadSkin( 'MonoBook' );
+wfLoadSkin( 'Vector' );
+
+
+# End of automatically generated settings.
+# Add more configuration options below.
+
+
+# Setting this to true will invalidate all cached pages whenever
+# LocalSettings.php is changed.
+$wgInvalidateCacheOnLocalSettingsChange = true;
+
+# FIXME: Obsoleted, to be replaced by $wgPasswordPolicy
+# https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy
+$wgMinimalPasswordLength = 1;
+
+# Give more details on errors
+$wgShowExceptionDetails = true;
+
+
+## LDAP setup
+
+require_once 'extensions/LdapAuthentication/LdapAuthentication.php';
+$wgAuth = new LdapAuthenticationPlugin();
+
+## uncomment to debug
+# $wgLDAPDebug = 10;
+# $wgDebugLogGroups["ldap"] = "/tmp/wiki_ldap.log";
+#
+$wgDebugLogFile = "/tmp/wiki.log";
+#
+
+$wgLDAPUseLocal = false;
+
+$wgLDAPDomainNames = array( 'ldap' );
+
+# TODO make it workable with more than one server
+$wgLDAPServerNames = array( 'ldap' => 'ldap.<%= @domain %>' );
+
+$wgLDAPSearchStrings = array( 'ldap' => 'uid=USER-NAME,ou=People,<%= @dc_suffix %>' );
+
+$wgLDAPEncryptionType = array( 'ldap' => 'tls' );
+
+$wgLDAPBaseDNs = array( 'ldap' => '<%= @dc_suffix %>' );
+$wgLDAPUserBaseDNs = array( 'ldap' => 'ou=People,<%= @dc_suffix %>' );
+$wgLDAPGroupBaseDNs = array ( 'ldap' => 'ou=Group,<%= @dc_suffix %>' );
+
+$wgLDAPProxyAgent = array( 'ldap' => 'cn=mediawiki-alamut,ou=System Accounts,<%= @dc_suffix %>' );
+
+$wgLDAPProxyAgentPassword = array( 'ldap' => '<%= @ldap_password %>' );
+
+$wgLDAPUseLDAPGroups = array( 'ldap' => true );
+$wgLDAPGroupNameAttribute = array( 'ldap' => 'cn' );
+$wgLDAPGroupUseFullDN = array( 'ldap' => true );
+$wgLDAPLowerCaseUsername = array( 'ldap' => true );
+$wgLDAPGroupObjectclass = array( 'ldap' => 'posixGroup' );
+$wgLDAPGroupAttribute = array( 'ldap' => 'member' );
+
+$wgLDAPLowerCaseUsername = array( 'ldap' => true );
+
+$wgLDAPPreferences = array( 'ldap' => array( 'email'=>'mail','realname'=>'cn','nickname'=>'uid','language'=>'preferredlanguage') );
+
+<%= @wiki_settings %>
diff --git a/modules/mediawiki/templates/wiki_vhost.conf b/modules/mediawiki/templates/wiki_vhost.conf
new file mode 100644
index 00000000..1ae3492d
--- /dev/null
+++ b/modules/mediawiki/templates/wiki_vhost.conf
@@ -0,0 +1,17 @@
+# heavily used by the wiki farm stuff
+<Directory <%= @root %>>
+Options +FollowSymLinks
+</Directory>
+
+<Directory <%= @root %>/images>
+   SetHandler default-handler
+</Directory>
+
+AliasMatch /.*/skins/(.*)$ /usr/share/mediawiki/skins/$1
+
+RewriteEngine On
+
+RewriteCond %{REQUEST_URI} ^/.*/index.php$
+RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
+RewriteCond %{HTTPS} ^off$
+RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R]