Compare commits
22 Commits
| Author | SHA1 | Date |
|---|---|---|
 iexos
|
f3346a7cd6 | |
 3wc
|
e8ce9d2a22 | |
|
3wc
|
5e2b9eb978 | |
|
3wc
|
c842de1a57 | |
|
3wc
|
9e29ebf8d0 | |
|
3wc
|
6d53472222 | |
|
3wc
|
06829c727e | |
|
3wc
|
7413db8f59 | |
|
3wc
|
0db71c1730 | |
|
3wc
|
3e3482b89e | |
|
3wc
|
3018af9382 | |
|
iexos
|
40831b5d91 | |
|
3wordchant
|
d63e412256 | |
|
iexos
|
3c4332f794 | |
|
iexos
|
08d7201772 | |
|
iexos
|
0fb7f2bd7f | |
|
iexos
|
639cadaa17 | |
|
iexos
|
5096046a86 | |
|
iexos
|
de60261fce | |
|
iexos
|
7d1810cf93 | |
|
iexos
|
5159ed1b36 | |
|
3wc
|
e6f77b37e6 |
27
.env.sample
27
.env.sample
|
|
@ -1,6 +1,7 @@
|
|||
TYPE=mediawiki
|
||||
|
||||
DOMAIN=mediawiki.example.com
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#EXTRA_DOMAINS=', `www.wiki.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
|
@ -11,21 +12,35 @@ MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
|
|||
MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
|
||||
MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png'
|
||||
|
||||
# list of language options (without ".json"):
|
||||
# https://gerrit.wikimedia.org/g/mediawiki/core/%2B/HEAD/languages/i18n
|
||||
MEDIAWIKI_LANGUAGE="en"
|
||||
|
||||
MEDIAWIKI_IS_PRIVATE=1
|
||||
MEDIAWIKI_ALLOW_REGISTRATION=0
|
||||
|
||||
MEDIAWIKI_DEBUG=0
|
||||
|
||||
## SMTP
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
||||
|
||||
# SMTP
|
||||
|
||||
## via local postfix/mailu
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
|
||||
## via remote email provider
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_HOST="mail.example.com"
|
||||
#SMTP_PORT=587
|
||||
#SMTP_USER="${MEDIAWIKI_EMAIL_FROM}"
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
||||
# SAML
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.simplesaml.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.simplesaml.yml"
|
||||
|
||||
#SAML_ENABLED=1
|
||||
#SAML_CONTACT_NAME="Sam Ell"
|
||||
|
|
@ -41,7 +56,7 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
|||
|
||||
## OpenID Connect
|
||||
# OPENID_ENABLED=1
|
||||
# COMPOSE_FILE="compose.yml:compose.openid.yml"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.openid.yml"
|
||||
# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
|
||||
# OPENID_CLIENT_ID="mediawiki"
|
||||
# SECRET_OPENID_CLIENT_SECRET_VERSION=v1
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ $wgShellLocale = "C.UTF-8";
|
|||
#$wgCacheDirectory = "$IP/cache";
|
||||
|
||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "en";
|
||||
$wgLanguageCode = "{{ env "MEDIAWIKI_LANGUAGE" }}";
|
||||
|
||||
$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
|
||||
|
||||
|
|
@ -106,8 +106,13 @@ $wgRightsIcon = "";
|
|||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||
$wgDiff3 = "/usr/bin/diff3";
|
||||
|
||||
# The following permissions were set based on your choice in the installer
|
||||
{{ if eq (env "MEDIAWIKI_ALLOW_REGISTRATION") "1" }}
|
||||
$wgGroupPermissions['*']['createaccount'] = true;
|
||||
$wgEmailConfirmToEdit = true;
|
||||
{{ else }}
|
||||
$wgGroupPermissions['*']['createaccount'] = false;
|
||||
{{ end }}
|
||||
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
{{ if eq (env "MEDIAWIKI_IS_PRIVATE") "1" }}
|
||||
$wgGroupPermissions['*']['read'] = false;
|
||||
|
|
@ -115,6 +120,13 @@ $wgGroupPermissions['*']['read'] = false;
|
|||
$wgGroupPermissions['*']['read'] = true;
|
||||
{{ end }}
|
||||
|
||||
{{ if ne (env "MEDIAWIKI_PROXY_SERVERS") "" }}
|
||||
// In LocalSettings.php
|
||||
$wgUseCdn = true;
|
||||
$wgCdnServersNoPurge = [];
|
||||
$wgCdnServersNoPurge[] = "{{ env "MEDIAWIKI_PROXY_SERVERS" }}";
|
||||
{{ end }}
|
||||
|
||||
# Enabled skins.
|
||||
# The following skins were automatically enabled:
|
||||
wfLoadSkin( 'MonoBook' );
|
||||
|
|
@ -200,11 +212,15 @@ $wgGroupPermissions['*']['createaccount'] = false;
|
|||
|
||||
{{ if env "SMTP_HOST" }}
|
||||
$wgSMTP = [
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => 25, // Port to use when connecting to the SMTP server
|
||||
'auth' => false, // Should we use SMTP authentication (true or false)
|
||||
#'username' => 'my_user_name', // Username to use for SMTP authentication (if being used)
|
||||
#'password' => 'my_password' // Password to use for SMTP authentication (if being used)
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => {{ env "SMTP_PORT" }}, // Port to use when connecting to the SMTP server
|
||||
{{ if env "SMTP_USER" }}
|
||||
'auth' => true, // Should we use SMTP authentication (true or false)
|
||||
'username' => '{{ env "SMTP_USER" }}', // Username to use for SMTP authentication (if being used)
|
||||
'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
|
||||
{{ else }}
|
||||
'auth' => false
|
||||
{{ end }}
|
||||
];
|
||||
{{ end }}
|
||||
|
||||
|
|
|
|||
10
README.md
10
README.md
|
|
@ -27,6 +27,8 @@
|
|||
|
||||
## Email
|
||||
|
||||
### Coop Cloud mailu or postfix
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
|
||||
`postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
|
||||
`coop-cloud/mailu` (assuming default stack names)
|
||||
|
|
@ -34,6 +36,14 @@
|
|||
`postfix_relay`. This doesn't seem to be required for Mailu.
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
### Remote provider
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
|
||||
2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
Note: Only STARTTLS is supported, TLS won't work.
|
||||
|
||||
## Single Sign On
|
||||
|
||||
### SimpleSAMLphp
|
||||
|
|
|
|||
42
abra.sh
42
abra.sh
|
|
@ -1,45 +1,7 @@
|
|||
export LOCAL_SETTINGS_CONF_VERSION=v20
|
||||
export LOCAL_SETTINGS_CONF_VERSION=v23
|
||||
export HTACCESS_CONF_VERSION=v1
|
||||
export ENTRYPOINT_CONF_VERSION=v19
|
||||
export ENTRYPOINT_CONF_VERSION=v21
|
||||
export COMPOSER_LOCAL_CONF_VERSION=v5
|
||||
export PHP_INI_VERSION=v4
|
||||
|
||||
export SAML_ENTRYPOINT_CONF_VERSION=v3
|
||||
|
||||
abra_backup_app() {
|
||||
_abra_backup_dir "app:/var/www/html/images"
|
||||
}
|
||||
|
||||
abra_backup_db() {
|
||||
_abra_backup_mysql "db" "mediawiki"
|
||||
}
|
||||
|
||||
abra_backup() {
|
||||
abra_backup_app && abra_backup_db
|
||||
}
|
||||
|
||||
abra_restore_app() {
|
||||
# shellcheck disable=SC2034
|
||||
{
|
||||
abra__src_="-"
|
||||
abra__dst_="app:/var/www/html/"
|
||||
}
|
||||
|
||||
zcat "$@" | sub_app_cp
|
||||
|
||||
success "Restored 'app'"
|
||||
}
|
||||
|
||||
abra_restore_db() {
|
||||
# 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
|
||||
# got this far..
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
abra___no_tty="true"
|
||||
|
||||
DB_ROOT_PASSWORD="$(sub_app_run cat /run/secrets/db_root_password)"
|
||||
|
||||
zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress
|
||||
|
||||
success "Restored 'db'"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SMTP_USER
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
secrets:
|
||||
smtp_password:
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
external: true
|
||||
18
compose.yml
18
compose.yml
|
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: mediawiki:1.39.3
|
||||
image: mediawiki:1.40.1
|
||||
environment:
|
||||
- DOMAIN
|
||||
- STACK_NAME
|
||||
|
|
@ -14,12 +14,14 @@ services:
|
|||
- MEDIAWIKI_LOGO_FILE
|
||||
- MEDIAWIKI_IS_PRIVATE
|
||||
- MEDIAWIKI_DEBUG
|
||||
- MEDIAWIKI_LANGUAGE=${MEDIAWIKI_LANGUAGE:-en}
|
||||
- SAML_ENABLED
|
||||
- OPENID_ENABLED
|
||||
- DB_HOST=db
|
||||
- DB_USER=mediawiki
|
||||
- DB_NAME=mediawiki
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT=${SMTP_PORT:-25}
|
||||
volumes:
|
||||
- "mediawiki_images:/var/www/html/images"
|
||||
configs:
|
||||
|
|
@ -45,11 +47,13 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.3.0+1.39.3"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.7.3+1.40.1"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/images"
|
||||
entrypoint: /docker-entrypoint2.sh
|
||||
|
||||
db:
|
||||
image: mariadb:10.10
|
||||
image: mariadb:11.1
|
||||
environment:
|
||||
- MYSQL_USER=mediawiki
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
|
|
@ -62,6 +66,14 @@ services:
|
|||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki | gzip > /tmp/dump.sql.gz'"
|
||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
|
|
|||
|
|
@ -17,9 +17,6 @@ composer_install() {
|
|||
set -eu
|
||||
|
||||
cd /var/www/html/ && composer update && composer install
|
||||
|
||||
# SMW needs this; some other extensions brought in by composer might as well.
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
}
|
||||
|
||||
init_db() {
|
||||
|
|
@ -43,26 +40,22 @@ init_db() {
|
|||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables.sql
|
||||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/interwiki.sql
|
||||
# FIXME run createAndPromote.php with $ADMIN_USERNAME
|
||||
else
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
}
|
||||
|
||||
init_extensions() {
|
||||
|
||||
if [ ! -d /var/www/html/extensions/PluggableAuth ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \
|
||||
/var/www/html/extensions/PluggableAuth
|
||||
fi
|
||||
|
||||
if [ -n "${SAML_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \
|
||||
/var/www/html/extensions/SimpleSAMLphp
|
||||
fi
|
||||
|
|
@ -70,7 +63,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
|
||||
/var/www/html/extensions/OpenIDConnect
|
||||
fi
|
||||
|
|
@ -78,7 +71,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${MOBILEFRONTEND_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MobileFrontend ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend.git \
|
||||
/var/www/html/extensions/MobileFrontend
|
||||
fi
|
||||
|
|
@ -86,7 +79,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${MSU_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MsUpload ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/MsUpload \
|
||||
/var/www/html/extensions/MsUpload
|
||||
fi
|
||||
|
|
@ -94,7 +87,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${PAGEFORMS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageForms ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageForms \
|
||||
/var/www/html/extensions/PageForms
|
||||
fi
|
||||
|
|
@ -102,7 +95,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${PAGESCHEMAS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageSchemas ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageSchemas \
|
||||
/var/www/html/extensions/PageSchemas
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue