Compare commits
167 Commits
healthchec
...
main
Author | SHA1 | Date |
---|---|---|
iexos | f3346a7cd6 | |
3wc | e8ce9d2a22 | |
3wc | 5e2b9eb978 | |
3wc | c842de1a57 | |
3wc | 9e29ebf8d0 | |
3wc | 6d53472222 | |
3wc | 06829c727e | |
3wc | 7413db8f59 | |
3wc | 0db71c1730 | |
3wc | 3e3482b89e | |
3wc | 3018af9382 | |
iexos | 40831b5d91 | |
3wordchant | d63e412256 | |
iexos | 3c4332f794 | |
iexos | 08d7201772 | |
iexos | 0fb7f2bd7f | |
iexos | 639cadaa17 | |
iexos | 5096046a86 | |
iexos | de60261fce | |
iexos | 7d1810cf93 | |
iexos | 5159ed1b36 | |
3wc | e6f77b37e6 | |
3wc | 260dd4d7f3 | |
decentral1se | 57cf8db271 | |
Flancian | 0c50c3398f | |
Flancian | e2ca6b6df4 | |
Flancian | b78c20fe41 | |
Flancian | 112bd3300f | |
flancian | cc3682ef89 | |
Flancian | b1d3e2a0f9 | |
Flancian | 7ca11b8bc9 | |
3wc | e8fc7e6532 | |
3wordchant | 381a3ee2d6 | |
Sam Wight | f2afce4145 | |
Flancian | a931c54b31 | |
Flancian | 3101cff3e8 | |
Flancian | 2dd1c7aeee | |
Flancian | f509f7b830 | |
Flancian | ff2d004bcf | |
Flancian | 917eb68ae7 | |
3wc | 2ad502e4fa | |
3wc | 9ee106a2ed | |
3wordchant | bce93ab727 | |
Flancian | 8c503d5d28 | |
3wc | d7d228ab7e | |
3wc | ae116a9954 | |
3wc | a71d9195e8 | |
3wc | f18c9882df | |
3wc | ffcf336329 | |
3wc | 7e8c307936 | |
3wc | 463d606257 | |
3wc | bf2fcbd7b4 | |
Cassowary | bde470d4f9 | |
Cassowary | c377ae6620 | |
3wc | de6e1d415e | |
3wc | f33004bb86 | |
decentral1se | 1ae1e2f399 | |
decentral1se | 9c7206341a | |
decentral1se | f4f519eda3 | |
decentral1se | ae017b27cf | |
decentral1se | 5f9ca3bbf5 | |
Comrade Renovate Bot | b7817b1e13 | |
Comrade Renovate Bot | ac39c45ddd | |
decentral1se | b5b97d0456 | |
decentral1se | 544c5bc46e | |
3wc | 868bf7d089 | |
3wc | 86c4834a1a | |
3wc | af0be5e0f7 | |
decentral1se | 7e52d0c4ac | |
decentral1se | bf06d0f74a | |
decentral1se | ecdc065abc | |
decentral1se | 87cda2a339 | |
Comrade Renovate Bot | 18519c85d8 | |
decentral1se | f6a31fc61a | |
decentral1se | 2ce032c3f3 | |
Comrade Renovate Bot | 863dc85219 | |
decentral1se | deeb01b37b | |
decentral1se | 460280b3ec | |
Comrade Renovate Bot | 9666dc7fd9 | |
3wc | ca59d303e0 | |
3wc | 07125f9886 | |
decentral1se | 88479710e7 | |
decentral1se | 00ec06fa1c | |
decentral1se | ec4dbb56b4 | |
3wc | 5a8523e5eb | |
3wc | 49b14595d4 | |
3wc | 4812fc9829 | |
Luke Murphy | 5433215642 | |
Luke Murphy | 4784ab5ccc | |
Luke Murphy | 3839409ad0 | |
Luke Murphy | d33526426c | |
Luke Murphy | aafd4720b8 | |
Luke Murphy | 985cf60aff | |
Luke Murphy | 78b22bea7a | |
Luke Murphy | 5b81580384 | |
Luke Murphy | 50ce5f5292 | |
Luke Murphy | 8e7234eae7 | |
Luke Murphy | 29a72bdc56 | |
Luke Murphy | 7fd0d10a1d | |
Luke Murphy | d3268093cc | |
Luke Murphy | 2dbd27028f | |
Luke Murphy | 17e898e3a9 | |
Luke Murphy | ee831dabc0 | |
Luke Murphy | e7f31c881e | |
3wc | 91fdace2fb | |
3wc | f9d24121c7 | |
3wc | e35ed6c673 | |
3wc | 543264e26c | |
3wc | 96a96c22e6 | |
3wc | b2034900bf | |
decentral1se | 0467f8b7c0 | |
Comrade Renovate Bot | 0d4b62528e | |
3wc | 13b9306858 | |
3wc | c581eeeae5 | |
Luke Murphy | ceca47f3b4 | |
Luke Murphy | 8add2bd87f | |
Luke Murphy | 593f76df19 | |
Luke Murphy | c897d91b3e | |
Luke Murphy | 3faff06899 | |
3wc | 439fb807af | |
3wc | 9ef3d8aa74 | |
decentral1se | 5a128a95c3 | |
Comrade Renovate Bot | 98e99f81e7 | |
3wc | c7e7a5cdab | |
3wc | 8490d0151a | |
3wc | a8b31310ba | |
Luke Murphy | 0e196b33d2 | |
3wc | f4ca10b3d9 | |
3wc | f05d45ee52 | |
3wc | db6595c52c | |
Luke Murphy | 8bcccca575 | |
Luke Murphy | ddc59b7cc0 | |
Luke Murphy | 7da9a97788 | |
Luke Murphy | b2d86119b1 | |
Luke Murphy | 6fa1a5fd12 | |
Luke Murphy | 9e950e7318 | |
Luke Murphy | 0c914c0bbf | |
Luke Murphy | 48bc08e063 | |
Luke Murphy | 64cbefc18e | |
Luke Murphy | 3c60a73dc9 | |
Luke Murphy | 3ffc239373 | |
Luke Murphy | d75e15310c | |
Luke Murphy | 2a94408ddf | |
Luke Murphy | d5eb7a47d1 | |
Luke Murphy | 353d6eb4b5 | |
Luke Murphy | b0c5673cc0 | |
Luke Murphy | 9820952cbc | |
Luke Murphy | 33e70d62a4 | |
3wc | 08b5c1f53e | |
3wc | 475490f3ed | |
3wc | b2aeefdcc0 | |
3wc | d11b7ec77c | |
3wc | 6e10ec2d24 | |
3wc | ecf91f0154 | |
3wc | c6c836d4fd | |
3wc | 15fbe13953 | |
3wc | bae33cacd9 | |
3wc | 2aac2eb0c5 | |
3wc | ec4c8afcea | |
3wc | b326e20c4c | |
3wc | 7e83649250 | |
3wc | 6cfd4ed902 | |
decentral1se | 7c3abb0e20 | |
Comrade Renovate Bot | 14ba873824 | |
3wc | 40007e53b3 | |
3wc | 36feb5062d | |
3wc | 3cc586873a |
|
@ -0,0 +1,49 @@
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: deploy to swarm-test.autonomic.zone
|
||||||
|
steps:
|
||||||
|
- name: deployment
|
||||||
|
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||||
|
settings:
|
||||||
|
host: swarm-test.autonomic.zone
|
||||||
|
stack: mediawiki
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
purge: true
|
||||||
|
generate_secrets: true
|
||||||
|
deploy_key:
|
||||||
|
from_secret: drone_ssh_swarm_test
|
||||||
|
environment:
|
||||||
|
DOMAIN: mediawiki.swarm-test.autonomic.zone
|
||||||
|
STACK_NAME: mediawiki
|
||||||
|
LETS_ENCRYPT_ENV: production
|
||||||
|
MEDIAWIKI_SITENAME: "Example Wiki"
|
||||||
|
MEDIAWIKI_SITENAMESPACE: "Example_Wiki"
|
||||||
|
MEDIAWIKI_EMAIL_CONTACT: "info@wiki.example.com"
|
||||||
|
MEDIAWIKI_EMAIL_FROM: "wiki@wiki.example.com"
|
||||||
|
MEDIAWIKI_LOGO_FILE: '$wgResourceBasePath/resources/assets/wiki.png'
|
||||||
|
SECRET_DB_ROOT_PASSWORD_VERSION: v1
|
||||||
|
SECRET_DB_PASSWORD_VERSION: v1
|
||||||
|
SECRET_MEDIAWIKI_SECRET_KEY_VERSION: v1
|
||||||
|
LOCAL_SETTINGS_CONF_VERSION: v1
|
||||||
|
ENTRYPOINT_CONF_VERSION: v1
|
||||||
|
PHP_INI_VERSION: v1
|
||||||
|
trigger:
|
||||||
|
branch:
|
||||||
|
- main
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: generate recipe catalogue
|
||||||
|
steps:
|
||||||
|
- name: release a new version
|
||||||
|
image: plugins/downstream
|
||||||
|
settings:
|
||||||
|
server: https://build.coopcloud.tech
|
||||||
|
token:
|
||||||
|
from_secret: drone_abra-bot_token
|
||||||
|
fork: true
|
||||||
|
repositories:
|
||||||
|
- coop-cloud/auto-recipes-catalogue-json
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event: tag
|
|
@ -0,0 +1,87 @@
|
||||||
|
TYPE=mediawiki
|
||||||
|
|
||||||
|
DOMAIN=mediawiki.example.com
|
||||||
|
COMPOSE_FILE="compose.yml"
|
||||||
|
|
||||||
|
#EXTRA_DOMAINS=', `www.wiki.example.com`'
|
||||||
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
MEDIAWIKI_SITENAME="Example Wiki"
|
||||||
|
MEDIAWIKI_SITENAMESPACE="Example_Wiki"
|
||||||
|
MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
|
||||||
|
MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
|
||||||
|
MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png'
|
||||||
|
|
||||||
|
# list of language options (without ".json"):
|
||||||
|
# https://gerrit.wikimedia.org/g/mediawiki/core/%2B/HEAD/languages/i18n
|
||||||
|
MEDIAWIKI_LANGUAGE="en"
|
||||||
|
|
||||||
|
MEDIAWIKI_IS_PRIVATE=1
|
||||||
|
MEDIAWIKI_ALLOW_REGISTRATION=0
|
||||||
|
|
||||||
|
MEDIAWIKI_DEBUG=0
|
||||||
|
|
||||||
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
||||||
|
|
||||||
|
# SMTP
|
||||||
|
|
||||||
|
## via local postfix/mailu
|
||||||
|
#SMTP_HOST=postfix_relay_app
|
||||||
|
#SMTP_HOST=mailu_front
|
||||||
|
|
||||||
|
## via remote email provider
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||||
|
#SMTP_HOST="mail.example.com"
|
||||||
|
#SMTP_PORT=587
|
||||||
|
#SMTP_USER="${MEDIAWIKI_EMAIL_FROM}"
|
||||||
|
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# SAML
|
||||||
|
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.simplesaml.yml"
|
||||||
|
|
||||||
|
#SAML_ENABLED=1
|
||||||
|
#SAML_CONTACT_NAME="Sam Ell"
|
||||||
|
#SAML_CONTACT_EMAIL="saml@example.com"
|
||||||
|
|
||||||
|
#SAML_EMAIL_ATTRIBUTE=mail
|
||||||
|
#SAML_REAL_NAME_ATTRIBUTE=realname
|
||||||
|
#SAML_AUTH_SOURCE_ID=default-sp
|
||||||
|
#SAML_USERNAME_ATTRIBUTE=user
|
||||||
|
|
||||||
|
#SECRET_SAML_ADMIN_PASSWORD_VERSION=v1
|
||||||
|
#SECRET_SAML_SECRET_SALT_VERSION=v1 # length=64
|
||||||
|
|
||||||
|
## OpenID Connect
|
||||||
|
# OPENID_ENABLED=1
|
||||||
|
# COMPOSE_FILE="$COMPOSE_FILE:compose.openid.yml"
|
||||||
|
# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
|
||||||
|
# OPENID_CLIENT_ID="mediawiki"
|
||||||
|
# SECRET_OPENID_CLIENT_SECRET_VERSION=v1
|
||||||
|
|
||||||
|
## WikiMarkdown
|
||||||
|
#MARKDOWN_ENABLED=1
|
||||||
|
|
||||||
|
## MobileFrontend
|
||||||
|
#MOBILEFRONTEND_ENABLED=1
|
||||||
|
|
||||||
|
## MsUpload
|
||||||
|
#MSU_ENABLED=1
|
||||||
|
|
||||||
|
## PageForms
|
||||||
|
#PAGEFORMS_ENABLED=1
|
||||||
|
|
||||||
|
## PageSchemas
|
||||||
|
#PAGESCHEMAS_ENABLED=1
|
||||||
|
|
||||||
|
## SemanticMediaWiki
|
||||||
|
#SEMANTICMW_ENABLED=1
|
||||||
|
|
||||||
|
## WikiMarkdown
|
||||||
|
#MARKDOWN_ENABLED=1
|
||||||
|
|
||||||
|
## Tweeki skin
|
||||||
|
#TWEEKI_ENABLED=0
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
export DOMAIN=wiki.example.com
|
|
||||||
export STACK_NAME=example_wiki
|
|
||||||
|
|
||||||
export LETS_ENCRYPT_ENV=production
|
|
||||||
|
|
||||||
export MEDIAWIKI_SITENAME="Example Wiki"
|
|
||||||
export MEDIAWIKI_SITENAMESPACE="Example_Wiki"
|
|
||||||
export MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
|
|
||||||
export MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
|
|
||||||
|
|
||||||
export DB_ROOT_PASSWORD_VERSION=v1
|
|
||||||
export DB_PASSWORD_VERSION=v1
|
|
||||||
export LOCAL_SETTINGS_CONF_VERSION=v1
|
|
||||||
export HTACCESS_CONF_VERSION=v1
|
|
||||||
export ENTRYPOINT_CONF_VERSION=v1
|
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) 2019 Revian Labs
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
|
||||||
furnished to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
|
||||||
copies or substantial portions of the Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
||||||
SOFTWARE.
|
|
|
@ -1,21 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
# This file was automatically generated by the MediaWiki 1.32.1
|
|
||||||
# installer. If you make manual changes, please keep track in case you
|
|
||||||
# need to recreate them later.
|
|
||||||
#
|
|
||||||
# See includes/DefaultSettings.php for all configurable settings
|
|
||||||
# and their default values, but don't forget to make changes in _this_
|
|
||||||
# file, not there.
|
|
||||||
#
|
|
||||||
# Further documentation for configuration settings may be found at:
|
|
||||||
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
|
|
||||||
|
|
||||||
# Protect against web entry
|
# Protect against web entry
|
||||||
if ( !defined( 'MEDIAWIKI' ) ) {
|
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
## Uncomment this to disable output compression
|
## Uncomment this to disable output compression
|
||||||
# $wgDisableOutputCompression = true;
|
# $wgDisableOutputCompression = true;
|
||||||
|
|
||||||
|
@ -39,7 +28,7 @@ $wgResourceBasePath = $wgScriptPath;
|
||||||
|
|
||||||
## The URL path to the logo. Make sure you change this from the default,
|
## The URL path to the logo. Make sure you change this from the default,
|
||||||
## or else you'll overwrite your logo when you upgrade!
|
## or else you'll overwrite your logo when you upgrade!
|
||||||
$wgLogo = "$wgResourceBasePath/resources/assets/wiki.png";
|
$wgLogo = "{{ env "MEDIAWIKI_LOGO_FILE" }}";
|
||||||
|
|
||||||
## UPO means: this is also a user preference option
|
## UPO means: this is also a user preference option
|
||||||
|
|
||||||
|
@ -55,9 +44,9 @@ $wgEmailAuthentication = true;
|
||||||
|
|
||||||
## Database settings
|
## Database settings
|
||||||
$wgDBtype = "mysql";
|
$wgDBtype = "mysql";
|
||||||
$wgDBserver = "mariadb";
|
$wgDBserver = "{{ env "DB_HOST" }}";
|
||||||
$wgDBname = "mediawiki";
|
$wgDBname = "{{ env "DB_NAME" }}";
|
||||||
$wgDBuser = "mediawiki";
|
$wgDBuser = "{{ env "DB_USER" }}";
|
||||||
$wgDBpassword = rtrim(file_get_contents('/run/secrets/db_password'));
|
$wgDBpassword = rtrim(file_get_contents('/run/secrets/db_password'));
|
||||||
|
|
||||||
# MySQL specific settings
|
# MySQL specific settings
|
||||||
|
@ -95,9 +84,9 @@ $wgShellLocale = "C.UTF-8";
|
||||||
#$wgCacheDirectory = "$IP/cache";
|
#$wgCacheDirectory = "$IP/cache";
|
||||||
|
|
||||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||||
$wgLanguageCode = "en";
|
$wgLanguageCode = "{{ env "MEDIAWIKI_LANGUAGE" }}";
|
||||||
|
|
||||||
$wgSecretKey = "8a83180cd66683c2a379882211187d6f79a1d40749b962598148f67893ff10cf";
|
$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
|
||||||
|
|
||||||
# Changing this will log out all existing sessions.
|
# Changing this will log out all existing sessions.
|
||||||
$wgAuthenticationTokenVersion = "1";
|
$wgAuthenticationTokenVersion = "1";
|
||||||
|
@ -117,21 +106,48 @@ $wgRightsIcon = "";
|
||||||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||||
$wgDiff3 = "/usr/bin/diff3";
|
$wgDiff3 = "/usr/bin/diff3";
|
||||||
|
|
||||||
# The following permissions were set based on your choice in the installer
|
{{ if eq (env "MEDIAWIKI_ALLOW_REGISTRATION") "1" }}
|
||||||
|
$wgGroupPermissions['*']['createaccount'] = true;
|
||||||
|
$wgEmailConfirmToEdit = true;
|
||||||
|
{{ else }}
|
||||||
$wgGroupPermissions['*']['createaccount'] = false;
|
$wgGroupPermissions['*']['createaccount'] = false;
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
{{ end }}
|
||||||
$wgGroupPermissions['*']['read'] = false;
|
|
||||||
|
|
||||||
## Default skin: you can change the default skin. Use the internal symbolic
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
## names, ie 'vector', 'monobook':
|
{{ if eq (env "MEDIAWIKI_IS_PRIVATE") "1" }}
|
||||||
$wgDefaultSkin = "vector";
|
$wgGroupPermissions['*']['read'] = false;
|
||||||
|
{{ else }}
|
||||||
|
$wgGroupPermissions['*']['read'] = true;
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if ne (env "MEDIAWIKI_PROXY_SERVERS") "" }}
|
||||||
|
// In LocalSettings.php
|
||||||
|
$wgUseCdn = true;
|
||||||
|
$wgCdnServersNoPurge = [];
|
||||||
|
$wgCdnServersNoPurge[] = "{{ env "MEDIAWIKI_PROXY_SERVERS" }}";
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
# Enabled skins.
|
# Enabled skins.
|
||||||
# The following skins were automatically enabled:
|
# The following skins were automatically enabled:
|
||||||
wfLoadSkin( 'MonoBook' );
|
wfLoadSkin( 'MonoBook' );
|
||||||
wfLoadSkin( 'Timeless' );
|
wfLoadSkin( 'Timeless' );
|
||||||
wfLoadSkin( 'Vector' );
|
wfLoadSkin( 'Vector' );
|
||||||
|
wfLoadSkin( 'MinervaNeue' );
|
||||||
|
|
||||||
|
## Default skin: you can change the default skin. Use the internal symbolic
|
||||||
|
## names, ie 'vector', 'monobook':
|
||||||
|
|
||||||
|
{{ if eq (env "TWEEKI_ENABLED") "1" }}
|
||||||
|
wfLoadSkin( 'Tweeki' );
|
||||||
|
$wgDefaultSkin = "tweeki";
|
||||||
|
{{ else }}
|
||||||
|
$wgDefaultSkin = "vector";
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "MOBILEFRONTEND_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'MobileFrontend' );
|
||||||
|
$wgDefaultMobileSkin = 'minerva';
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
# Enabled extensions. Most of the extensions are enabled by adding
|
# Enabled extensions. Most of the extensions are enabled by adding
|
||||||
# wfLoadExtensions('ExtensionName');
|
# wfLoadExtensions('ExtensionName');
|
||||||
|
@ -139,6 +155,10 @@ wfLoadSkin( 'Vector' );
|
||||||
# The following extensions were automatically enabled:
|
# The following extensions were automatically enabled:
|
||||||
wfLoadExtension( 'VisualEditor' );
|
wfLoadExtension( 'VisualEditor' );
|
||||||
|
|
||||||
|
wfLoadExtension( 'Interwiki' );
|
||||||
|
wfLoadExtension( 'Cite' );
|
||||||
|
wfLoadExtension( 'ParserFunctions' );
|
||||||
|
|
||||||
# End of automatically generated settings.
|
# End of automatically generated settings.
|
||||||
# Add more configuration options below.
|
# Add more configuration options below.
|
||||||
|
|
||||||
|
@ -146,19 +166,92 @@ $wgDefaultUserOptions['visualeditor-enable'] = 1;
|
||||||
|
|
||||||
$wgVisualEditorAllowLossySwitching = false;
|
$wgVisualEditorAllowLossySwitching = false;
|
||||||
|
|
||||||
$wgVirtualRestConfig['modules']['parsoid'] = [
|
{{ if eq (env "SAML_ENABLED") "1" }}
|
||||||
// URL to the Parsoid instance - use port 8142 if you use the Debian package - the parameter 'URL' was first used but is now deprecated (string)
|
wfLoadExtension( 'PluggableAuth' );
|
||||||
'url' => 'http://localhost:8000/',
|
|
||||||
// Parsoid "domain" (string, optional) - MediaWiki >= 1.26
|
wfLoadExtension( 'SimpleSAMLphp' );
|
||||||
'domain' => 'localhost',
|
|
||||||
// Parsoid "prefix" (string, optional) - deprecated since MediaWiki 1.26, use 'domain'
|
$wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";
|
||||||
'prefix' => 'localhost',
|
|
||||||
// Forward cookies in the case of private wikis (string or false, optional)
|
$wgPluggableAuth_Config['Log in using my SAML'] = [
|
||||||
'forwardCookies' => true,
|
'plugin' => 'SimpleSAMLphp',
|
||||||
// request timeout in seconds (integer or null, optional)
|
'data' => [
|
||||||
'timeout' => null,
|
'authSourceId' => '{{ env "SAML_AUTH_SOURCE_ID" }}',
|
||||||
// Parsoid HTTP proxy (string or null, optional)
|
'usernameAttribute' => '{{ env "SAML_USERNAME_ATTRIBUTE" }}',
|
||||||
'HTTPProxy' => null,
|
'realNameAttribute' => '{{ env "SAML_REAL_NAME_ATTRIBUTE" }}',
|
||||||
// whether to parse URL as if they were meant for RESTBase (boolean or null, optional)
|
'emailAttribute' => '{{ env "SAML_EMAIL_ATTRIBUTE" }}'
|
||||||
'restbaseCompat' => null,
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
$wgGroupPermissions['*']['createaccount'] = false;
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "MEDIAWIKI_DEBUG") "1" }}
|
||||||
|
$wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";
|
||||||
|
$wgShowExceptionDetails = true;
|
||||||
|
$wgDebugToolbar = true;
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "OPENID_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'PluggableAuth' );
|
||||||
|
wfLoadExtension( 'OpenIDConnect' );
|
||||||
|
|
||||||
|
$wgPluggableAuth_Config[] = [
|
||||||
|
'plugin' => 'OpenIDConnect',
|
||||||
|
'data' => [
|
||||||
|
'providerURL' => '{{ env "OPENID_KEYCLOAK_URL" }}',
|
||||||
|
'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
|
||||||
|
'clientsecret' => '{{ secret "openid_client_secret" }}'
|
||||||
|
]
|
||||||
|
];
|
||||||
|
|
||||||
|
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||||
|
$wgGroupPermissions['*']['createaccount'] = false;
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if env "SMTP_HOST" }}
|
||||||
|
$wgSMTP = [
|
||||||
|
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||||
|
'port' => {{ env "SMTP_PORT" }}, // Port to use when connecting to the SMTP server
|
||||||
|
{{ if env "SMTP_USER" }}
|
||||||
|
'auth' => true, // Should we use SMTP authentication (true or false)
|
||||||
|
'username' => '{{ env "SMTP_USER" }}', // Username to use for SMTP authentication (if being used)
|
||||||
|
'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
|
||||||
|
{{ else }}
|
||||||
|
'auth' => false
|
||||||
|
{{ end }}
|
||||||
|
];
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "MSU_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'MsUpload' );
|
||||||
|
$wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.)
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "PAGEFORMS_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'PageForms' );
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "PAGESCHEMAS_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'PageSchemas' );
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'SemanticMediaWiki' );
|
||||||
|
enableSemantics( '{{ env "DOMAIN" }}' );
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ if eq (env "MARKDOWN_ENABLED") "1" }}
|
||||||
|
wfLoadExtension( 'WikiMarkdown' );
|
||||||
|
$wgAllowMarkdownExtra = true; // allows usage of Parsedown Extra
|
||||||
|
$wgAllowMarkdownExtended = true; // allows usage of Parsedown Extended
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
$wgFileExtensions = array(
|
||||||
|
'png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf', 'ppt', 'tiff',
|
||||||
|
'bmp', 'docx', 'xlsx', 'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
|
||||||
|
);
|
||||||
|
|
||||||
|
$wgUploadSizeWarning = 1000000000;
|
||||||
|
$wgMaxUploadSize = 1000000000;
|
||||||
|
|
102
README.md
102
README.md
|
@ -1,27 +1,101 @@
|
||||||
# Mediawiki
|
# Mediawiki
|
||||||
|
|
||||||
Mediawiki [version 1.32.1][mediawiki-1.32]
|
[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/mediawiki/status.svg)](https://build.coopcloud.tech/coop-cloud/mediawiki)
|
||||||
|
|
||||||
Requires Docker version 1.11.2 or above to run.
|
<!-- metadata -->
|
||||||
|
* **Category**: Apps
|
||||||
|
* **Status**: 1, alpha
|
||||||
|
* **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), 4, upstream
|
||||||
|
* **Healthcheck**: No
|
||||||
|
* **Backups**: Yes
|
||||||
|
* **Email**: 3
|
||||||
|
* **Tests**: 2
|
||||||
|
* **SSO**: 2 (OAuth, SAML)
|
||||||
|
<!-- endmetadata -->
|
||||||
|
|
||||||
Based on [`mediawiki-ve-bundle`][mediawiki-ve].
|
## Basic usage
|
||||||
|
|
||||||
1. Set up Docker Swarm and [`abra`][abra]
|
1. Set up Docker Swarm and [`abra`][abra]
|
||||||
2. Deploy [`compose-stacks/traefik`][compose-traefik]
|
2. Deploy [`coop-cloud/traefik`][traefik]
|
||||||
2. `cp .envrc.sample .envrc`
|
3. `abra app new mediawiki --secrets` (optionally with `--pass` if you'd like
|
||||||
3. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
|
to save secrets in `pass`)
|
||||||
|
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||||
your Docker swarm box
|
your Docker swarm box
|
||||||
4. `direnv allow` (or `. .envrc`)
|
5. `abra app deploy YOURAPPDOMAIN`
|
||||||
5. `abra secret_generate db_password v1 && abra secret_generate db_root_password v2`
|
6. Create an initial admin user:
|
||||||
6. `abra deploy`
|
`abra app run YOURAPPDOMAIN app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`
|
||||||
7. `abra service_run mediawiki /bin/bash` to open a shell
|
|
||||||
8. `php /var/www/html/maintenance/createAndPromote.php YourUsername YourPassword`
|
## Email
|
||||||
|
|
||||||
|
### Coop Cloud mailu or postfix
|
||||||
|
|
||||||
|
1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
|
||||||
|
`postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
|
||||||
|
`coop-cloud/mailu` (assuming default stack names)
|
||||||
|
2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in
|
||||||
|
`postfix_relay`. This doesn't seem to be required for Mailu.
|
||||||
|
3. `abra app deploy YOURAPPDOMAIN`
|
||||||
|
|
||||||
|
### Remote provider
|
||||||
|
|
||||||
|
1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
|
||||||
|
2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
|
||||||
|
3. `abra app deploy YOURAPPDOMAIN`
|
||||||
|
|
||||||
|
Note: Only STARTTLS is supported, TLS won't work.
|
||||||
|
|
||||||
|
## Single Sign On
|
||||||
|
|
||||||
|
### SimpleSAMLphp
|
||||||
|
|
||||||
|
This app includes optional SAML Single Sign On using
|
||||||
|
[SimpleSAMLphp][simplesamlphp] and Mediawiki's
|
||||||
|
[Extension:SimpleSAMLphp][mw-simplesamlphp], based on the
|
||||||
|
[`venatorfox/simplesamlphp`][venatorfox-simplesamlphp] image.
|
||||||
|
|
||||||
|
NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account
|
||||||
|
system. Patches to make this configurable are welcome!
|
||||||
|
|
||||||
|
1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
|
||||||
|
2. Generate secrets: (add `--pass` if you want to store secrets in `pass`)
|
||||||
|
```
|
||||||
|
abra app YOURAPPDOMAIN secret generate saml_admin_password v1
|
||||||
|
abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1"
|
||||||
|
```
|
||||||
|
3. `abra app deploy YOURAPPDOMAIN`
|
||||||
|
4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
|
||||||
|
you have local `metadata` and `cert` folders:
|
||||||
|
```
|
||||||
|
abra app YOURAPPDOMAIN cp metadata simplesaml:/var/simplesamlphp/
|
||||||
|
abra app YOURAPPDOMAIN cp cert simplesaml:/var/simplesamlphp/
|
||||||
|
```
|
||||||
|
5. You can log into SimpleSAMLphp using the password you generated at
|
||||||
|
https://$DOMAIN/simplesaml/ and test authentication
|
||||||
|
6. Edit SimpleSAMLphp's `config.php` and change `store.sql.dsn`:
|
||||||
|
```
|
||||||
|
abra app YOURAPPDOMAIN run simplesaml vi /var/simplesamlphp/config/config.php
|
||||||
|
# find 'store.sql.dsn' and edit to:
|
||||||
|
# 'sqlite:/var/simplesamlphp/data/simplesamlphp.sq3'
|
||||||
|
```
|
||||||
|
|
||||||
|
### OpenID Connect
|
||||||
|
|
||||||
|
1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
|
||||||
|
2. Store your Keycloak-generated client secret in Docker:
|
||||||
|
|
||||||
|
```
|
||||||
|
abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here
|
||||||
|
```
|
||||||
|
|
||||||
|
3. `abra app deploy YOURAPPDOMAIN`
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
[mediawiki-1.32]: https://www.mediawiki.org/wiki/Release_notes/1.32.1
|
[mediawiki-1.35]: https://www.mediawiki.org/wiki/Release_notes/1.35
|
||||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik
|
[traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||||
[mediawiki-ve]: https://hub.docker.com/r/revianlabs/mediawiki-ve-bundle
|
[simplesamlphp]: https://simplesamlphp.org/
|
||||||
|
[mw-simplesamlphp]: https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp
|
||||||
|
[venatorfox-simplesamlphp]: https://hub.docker.com/r/venatorfox/simplesamlphp
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
export LOCAL_SETTINGS_CONF_VERSION=v23
|
||||||
|
export HTACCESS_CONF_VERSION=v1
|
||||||
|
export ENTRYPOINT_CONF_VERSION=v21
|
||||||
|
export COMPOSER_LOCAL_CONF_VERSION=v5
|
||||||
|
export PHP_INI_VERSION=v4
|
||||||
|
|
||||||
|
export SAML_ENTRYPOINT_CONF_VERSION=v3
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- OPENID_KEYCLOAK_URL
|
||||||
|
- OPENID_CLIENT_ID
|
||||||
|
secrets:
|
||||||
|
- openid_client_secret
|
||||||
|
configs:
|
||||||
|
- source: composer_local_conf
|
||||||
|
target: /var/www/html/composer.local.json
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
openid_client_secret:
|
||||||
|
name: ${STACK_NAME}_openid_client_secret_${SECRET_OPENID_CLIENT_SECRET_VERSION}
|
||||||
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
composer_local_conf:
|
||||||
|
name: ${STACK_NAME}_composer_local_${COMPOSER_LOCAL_CONF_VERSION}
|
||||||
|
file: composer.local.json.tmpl
|
||||||
|
template_driver: golang
|
|
@ -0,0 +1,95 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
volumes:
|
||||||
|
- "simplesaml:/var/simplesamlphp/"
|
||||||
|
- "simplesaml_cert:/var/simplesamlphp/cert"
|
||||||
|
- "simplesaml_config:/var/simplesamlphp/config"
|
||||||
|
- "simplesaml_data:/var/simplesamlphp/data"
|
||||||
|
- "simplesaml_log:/var/simplesamlphp/log"
|
||||||
|
- "simplesaml_metadata:/var/simplesamlphp/metadata"
|
||||||
|
- "simplesaml_modules:/var/simplesamlphp/modules"
|
||||||
|
environment:
|
||||||
|
- SAML_AUTH_SOURCE_ID
|
||||||
|
- SAML_EMAIL_ATTRIBUTE
|
||||||
|
- SAML_REAL_NAME_ATTRIBUTE
|
||||||
|
- SAML_SERVICE_PROVIDER
|
||||||
|
- SAML_USERNAME_ATTRIBUTE
|
||||||
|
|
||||||
|
simplesaml:
|
||||||
|
# image: unicon/simplesamlphp:1.19.6
|
||||||
|
image: git.coopcloud.tech/coop-cloud-chaos-patchs/simplesamlphp:1.19.7
|
||||||
|
secrets:
|
||||||
|
- saml_admin_password
|
||||||
|
- saml_secret_salt
|
||||||
|
environment:
|
||||||
|
- DOMAIN
|
||||||
|
- CONFIG_BASEURLPATH=https://${DOMAIN}/simplesaml/
|
||||||
|
- CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password
|
||||||
|
- CONFIG_SECRETSALT_FILE=/run/secrets/saml_secret_salt
|
||||||
|
- CONFIG_TECHNICALCONTACT_NAME
|
||||||
|
- CONFIG_TECHNICALCONTACT_EMAIL
|
||||||
|
- CONFIG_SHOWERRORS=true
|
||||||
|
- CONFIG_ERRORREPORTING=true
|
||||||
|
- CONFIG_ADMINPROTECTINDEXPAGE=true
|
||||||
|
- CONFIG_LOGGINGLEVEL=INFO
|
||||||
|
- CONFIG_ENABLESAML20IDP=true
|
||||||
|
- CONFIG_STORETYPE=sql
|
||||||
|
#- CONFIG_MEMCACHESTOREPREFIX=simplesamlphp
|
||||||
|
#- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'memcached']\n ],
|
||||||
|
- OPENLDAP_TLS_REQCERT=allow
|
||||||
|
- MTA_NULLCLIENT=true
|
||||||
|
- POSTFIX_MYHOSTNAME=${DOMAIN}
|
||||||
|
- POSTFIX_MYORIGIN=$$mydomain
|
||||||
|
- POSTFIX_INETINTERFACES=loopback-only
|
||||||
|
- DOCKER_REDIRECTLOGS=false
|
||||||
|
# Required if DOCKER_REDIRECTLOGS=true
|
||||||
|
# tty: true
|
||||||
|
configs:
|
||||||
|
- source: entrypoint_saml_conf
|
||||||
|
target: /docker-entrypoint.simplesaml.sh
|
||||||
|
mode: 0555
|
||||||
|
volumes:
|
||||||
|
- simplesaml:/var/simplesamlphp/
|
||||||
|
- "simplesaml_cert:/var/simplesamlphp/cert"
|
||||||
|
- "simplesaml_config:/var/simplesamlphp/config"
|
||||||
|
- "simplesaml_data:/var/simplesamlphp/data"
|
||||||
|
- "simplesaml_log:/var/simplesamlphp/log"
|
||||||
|
- "simplesaml_metadata:/var/simplesamlphp/metadata"
|
||||||
|
- "simplesaml_modules:/var/simplesamlphp/modules"
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
entrypoint: /docker-entrypoint.simplesaml.sh
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=proxy"
|
||||||
|
- "traefik.http.services.${STACK_NAME}_simplesaml.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.rule=(Host(`${DOMAIN}`) && PathPrefix(`/simplesaml`))"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
simplesaml:
|
||||||
|
simplesaml_cert:
|
||||||
|
simplesaml_config:
|
||||||
|
simplesaml_data:
|
||||||
|
simplesaml_log:
|
||||||
|
simplesaml_metadata:
|
||||||
|
simplesaml_modules:
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
saml_admin_password:
|
||||||
|
name: ${STACK_NAME}_saml_admin_password_${SECRET_SAML_ADMIN_PASSWORD_VERSION}
|
||||||
|
external: true
|
||||||
|
saml_secret_salt:
|
||||||
|
name: ${STACK_NAME}_saml_secret_salt_${SECRET_SAML_SECRET_SALT_VERSION}
|
||||||
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
entrypoint_saml_conf:
|
||||||
|
name: ${STACK_NAME}_entrypoint_saml_${SAML_ENTRYPOINT_CONF_VERSION}
|
||||||
|
file: entrypoint.simplesaml.sh.tmpl
|
||||||
|
template_driver: golang
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- SMTP_USER
|
||||||
|
secrets:
|
||||||
|
- smtp_password
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
smtp_password:
|
||||||
|
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||||
|
external: true
|
128
compose.yml
128
compose.yml
|
@ -1,76 +1,83 @@
|
||||||
---
|
---
|
||||||
version: '3.8'
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
mariadb:
|
app:
|
||||||
image: 'mariadb:10.5'
|
image: mediawiki:1.40.1
|
||||||
|
environment:
|
||||||
|
- DOMAIN
|
||||||
|
- STACK_NAME
|
||||||
|
- MEDIAWIKI_EMAIL_CONTACT
|
||||||
|
- MEDIAWIKI_EMAIL_FROM
|
||||||
|
- MEDIAWIKI_SITENAME
|
||||||
|
- MEDIAWIKI_SITENAMESPACE
|
||||||
|
- MEDIAWIKI_LOGO_FILE
|
||||||
|
- MEDIAWIKI_IS_PRIVATE
|
||||||
|
- MEDIAWIKI_DEBUG
|
||||||
|
- MEDIAWIKI_LANGUAGE=${MEDIAWIKI_LANGUAGE:-en}
|
||||||
|
- SAML_ENABLED
|
||||||
|
- OPENID_ENABLED
|
||||||
|
- DB_HOST=db
|
||||||
|
- DB_USER=mediawiki
|
||||||
|
- DB_NAME=mediawiki
|
||||||
|
- SMTP_HOST
|
||||||
|
- SMTP_PORT=${SMTP_PORT:-25}
|
||||||
|
volumes:
|
||||||
|
- "mediawiki_images:/var/www/html/images"
|
||||||
|
configs:
|
||||||
|
- source: LocalSettings_conf
|
||||||
|
target: /var/www/html/LocalSettings.php
|
||||||
|
- source: php_ini
|
||||||
|
target: /usr/local/etc/php/conf.d/mediawiki.ini
|
||||||
|
- source: entrypoint2_conf
|
||||||
|
target: /docker-entrypoint2.sh
|
||||||
|
mode: 0555
|
||||||
|
secrets:
|
||||||
|
- db_password
|
||||||
|
- mediawiki_secret_key
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- internal
|
||||||
|
deploy:
|
||||||
|
update_config:
|
||||||
|
failure_action: rollback
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
|
- "coop-cloud.${STACK_NAME}.version=2.7.3+1.40.1"
|
||||||
|
- "backupbot.backup=true"
|
||||||
|
- "backupbot.backup.path=/var/www/html/images"
|
||||||
|
entrypoint: /docker-entrypoint2.sh
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: mariadb:11.1
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_USER=mediawiki
|
- MYSQL_USER=mediawiki
|
||||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||||
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
||||||
- MYSQL_DATABASE=mediawiki
|
- MYSQL_DATABASE=mediawiki
|
||||||
volumes:
|
volumes:
|
||||||
- 'mariadb:/var/lib/mysql'
|
- "mariadb:/var/lib/mysql"
|
||||||
secrets:
|
secrets:
|
||||||
- db_root_password
|
- db_root_password
|
||||||
- db_password
|
- db_password
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
delay: "60s"
|
|
||||||
max_attempts: 3
|
|
||||||
window: 120s
|
|
||||||
mediawiki:
|
|
||||||
image: 'revianlabs/mediawiki-ve-bundle'
|
|
||||||
environment:
|
|
||||||
- DOMAIN=${DOMAIN}
|
|
||||||
- STACK_NAME=${STACK_NAME}
|
|
||||||
- MEDIAWIKI_EMAIL_CONTACT=${MEDIAWIKI_EMAIL_CONTACT}
|
|
||||||
- MEDIAWIKI_EMAIL_FROM=${MEDIAWIKI_EMAIL_FROM}
|
|
||||||
- MEDIAWIKI_SITENAME=${MEDIAWIKI_SITENAME}
|
|
||||||
- MEDIAWIKI_SITENAMESPACE=${MEDIAWIKI_SITENAMESPACE}
|
|
||||||
volumes:
|
|
||||||
- 'mediawiki_images:/var/www/html/images'
|
|
||||||
- 'parsoid:/usr/lib/parsoid'
|
|
||||||
configs:
|
|
||||||
- source: LocalSettings_conf
|
|
||||||
target: /var/www/html/LocalSettings.php
|
|
||||||
- source: htaccess_conf
|
|
||||||
target: /var/www/html/.htaccess
|
|
||||||
- source: entrypoint2_conf
|
|
||||||
target: /docker-entrypoint2.sh
|
|
||||||
mode: 0555
|
|
||||||
depends_on:
|
|
||||||
- mariadb
|
|
||||||
secrets:
|
|
||||||
- db_password
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- internal
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
|
||||||
interval: 30s
|
|
||||||
timeout: 10s
|
|
||||||
retries: 10
|
|
||||||
start_period: 1m
|
|
||||||
deploy:
|
|
||||||
update_config:
|
|
||||||
failure_action: rollback
|
|
||||||
order: start-first
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
backupbot.backup: "true"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki | gzip > /tmp/dump.sql.gz'"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
backupbot.restore: "true"
|
||||||
entrypoint: /docker-entrypoint2.sh
|
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
mariadb:
|
mariadb:
|
||||||
mediawiki_images:
|
mediawiki_images:
|
||||||
parsoid:
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -79,10 +86,13 @@ networks:
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
db_root_password:
|
db_root_password:
|
||||||
name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
db_password:
|
db_password:
|
||||||
name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||||
|
external: true
|
||||||
|
mediawiki_secret_key:
|
||||||
|
name: ${STACK_NAME}_mediawiki_secret_key_${SECRET_MEDIAWIKI_SECRET_KEY_VERSION}
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
|
@ -90,11 +100,11 @@ configs:
|
||||||
name: ${STACK_NAME}_local_settings_${LOCAL_SETTINGS_CONF_VERSION}
|
name: ${STACK_NAME}_local_settings_${LOCAL_SETTINGS_CONF_VERSION}
|
||||||
file: LocalSettings.php.tmpl
|
file: LocalSettings.php.tmpl
|
||||||
template_driver: golang
|
template_driver: golang
|
||||||
htaccess_conf:
|
|
||||||
name: ${STACK_NAME}_htaccess_${HTACCESS_CONF_VERSION}
|
|
||||||
file: htaccess.tmpl
|
|
||||||
template_driver: golang
|
|
||||||
entrypoint2_conf:
|
entrypoint2_conf:
|
||||||
name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION}
|
name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION}
|
||||||
file: entrypoint.sh.tmpl
|
file: entrypoint.sh.tmpl
|
||||||
template_driver: golang
|
template_driver: golang
|
||||||
|
php_ini:
|
||||||
|
name: ${STACK_NAME}_php_ini_${PHP_INI_VERSION}
|
||||||
|
file: php.ini.tmpl
|
||||||
|
template_driver: golang
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
|
||||||
|
"require": {
|
||||||
|
"mediawiki/semantic-media-wiki": "^4.1.0"
|
||||||
|
},
|
||||||
|
{{ end }}
|
||||||
|
"extra": {
|
||||||
|
"merge-plugin": {
|
||||||
|
"include": [
|
||||||
|
"extensions/OpenIDConnect/composer.json"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,29 +2,138 @@
|
||||||
|
|
||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
|
|
||||||
init_db() {
|
init_composer() {
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
apt update && apt install -y mariadb-client
|
if ! type composer > /dev/null 2>&1; then
|
||||||
|
apt update -yqq && apt install -yqq curl git unzip zip
|
||||||
PASSWORD=`cat /run/secrets/db_password`
|
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
|
||||||
TABLE_COUNT=$(mysql -u mediawiki --password="$PASSWORD" -h mariadb mediawiki -e "SELECT count(*) AS TOTAL FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'mediawiki';" -N -B)
|
php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=2.5.4
|
||||||
|
composer -V
|
||||||
if [[ "${TABLE_COUNT}" == "0" ]]; then
|
fi
|
||||||
mysql -u mediawiki --password="$PASSWORD" -h mariadb mediawiki < /var/www/html/maintenance/tables.sql
|
|
||||||
else
|
|
||||||
php /var/www/html/maintenance/update.php
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
composer_install() {
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
cd /var/www/html/ && composer update && composer install
|
||||||
|
}
|
||||||
|
|
||||||
|
init_db() {
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
if ! type mysql > /dev/null 2>&1; then
|
||||||
|
apt update -qq && apt install -yqq mariadb-client
|
||||||
|
fi
|
||||||
|
|
||||||
|
PASSWORD=$(cat /run/secrets/db_password)
|
||||||
|
# FIXME 3wc: replace with sql.php, not sure how to parse output:
|
||||||
|
# stdClass Object
|
||||||
|
#(
|
||||||
|
# [TOTAL] => 58
|
||||||
|
#)
|
||||||
|
TABLE_COUNT=$(mysql -u "${DB_USER}" --password="$PASSWORD" -h "${DB_HOST}" "${DB_NAME}" -e "SELECT count(*) AS TOTAL FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'mediawiki';" -N -B)
|
||||||
|
|
||||||
|
if [[ "${TABLE_COUNT}" == "0" ]]; then
|
||||||
|
php /var/www/html/maintenance/generateSchemaSql.php
|
||||||
|
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables-generated.sql
|
||||||
|
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables.sql
|
||||||
|
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/interwiki.sql
|
||||||
|
# FIXME run createAndPromote.php with $ADMIN_USERNAME
|
||||||
|
fi
|
||||||
|
|
||||||
|
php /var/www/html/maintenance/update.php --quick
|
||||||
|
}
|
||||||
|
|
||||||
|
init_extensions() {
|
||||||
|
|
||||||
|
if [ ! -d /var/www/html/extensions/PluggableAuth ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \
|
||||||
|
/var/www/html/extensions/PluggableAuth
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${SAML_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \
|
||||||
|
/var/www/html/extensions/SimpleSAMLphp
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
|
||||||
|
/var/www/html/extensions/OpenIDConnect
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${MOBILEFRONTEND_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/MobileFrontend ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend.git \
|
||||||
|
/var/www/html/extensions/MobileFrontend
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${MSU_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/MsUpload ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/MsUpload \
|
||||||
|
/var/www/html/extensions/MsUpload
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${PAGEFORMS_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/PageForms ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageForms \
|
||||||
|
/var/www/html/extensions/PageForms
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${PAGESCHEMAS_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/PageSchemas ]; then
|
||||||
|
git clone --depth 1 -b REL1_40 \
|
||||||
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageSchemas \
|
||||||
|
/var/www/html/extensions/PageSchemas
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "${MARKDOWN_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/extensions/WikiMarkdown ]; then
|
||||||
|
git clone --depth 1 \
|
||||||
|
https://github.com/kuenzign/WikiMarkdown \
|
||||||
|
/var/www/html/extensions/WikiMarkdown
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
init_skins() {
|
||||||
|
|
||||||
|
if [ -n "${TWEEKI_ENABLED-}" ]; then
|
||||||
|
if [ ! -d /var/www/html/skins/Tweeki ]; then
|
||||||
|
git clone --depth 1 \
|
||||||
|
https://github.com/thaider/Tweeki \
|
||||||
|
/var/www/html/skins/Tweeki
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
a2enmod rewrite
|
init_extensions
|
||||||
|
init_skins
|
||||||
init_db
|
init_composer
|
||||||
|
composer_install
|
||||||
|
init_db
|
||||||
}
|
}
|
||||||
|
|
||||||
main
|
main
|
||||||
|
|
||||||
/docker-entrypoint.sh apache2-foreground "$@"
|
apache2-foreground
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
local val="$def"
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
load_vars() {
|
||||||
|
file_env "CONFIG_AUTHADMINPASSWORD"
|
||||||
|
file_env "CONFIG_SECRETSALT"
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_certs() {
|
||||||
|
CERT_DIR=/var/simplesamlphp/cert
|
||||||
|
|
||||||
|
if [ -f "$CERT_DIR/saml.crt" ] && [ -f "$CERT_DIR/saml.pem" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! type openssl > /dev/null 2>&1; then
|
||||||
|
yum install -q -y openssl
|
||||||
|
fi
|
||||||
|
|
||||||
|
openssl req -newkey rsa:4096 -new -x509 \
|
||||||
|
-days 3652 -nodes \
|
||||||
|
-out "$CERT_DIR/saml.crt" \
|
||||||
|
-keyout "$CERT_DIR/saml.pem" \
|
||||||
|
-subj "/C=XX/ST=/L=/O=/OU=SimpleSAML/CN=${DOMAIN}"
|
||||||
|
}
|
||||||
|
|
||||||
|
enable_plugins() {
|
||||||
|
touch /var/simplesamlphp/modules/cas/enable
|
||||||
|
}
|
||||||
|
|
||||||
|
main() {
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
load_vars
|
||||||
|
|
||||||
|
enable_plugins
|
||||||
|
|
||||||
|
generate_certs
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
||||||
|
|
||||||
|
/init "$@"
|
|
@ -1,12 +0,0 @@
|
||||||
# Generated using https://shorturls.redwerks.org
|
|
||||||
|
|
||||||
RewriteEngine On
|
|
||||||
RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/index.php [L]
|
|
||||||
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
|
|
||||||
RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]
|
|
||||||
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
|
|
||||||
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
|
|
||||||
RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
upload_max_filesize = 10M
|
||||||
|
post_max_size = 10M
|
||||||
|
max_execution_time = 7200
|
||||||
|
max_file_uploads = 1000
|
||||||
|
|
||||||
|
{{ if eq (env "MEDIAWIKI_DEBUG") "0" }}
|
||||||
|
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||||
|
{{ else }}
|
||||||
|
error_reporting = E_ALL
|
||||||
|
{{ end }}
|
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
|
"extends": [
|
||||||
|
"config:base"
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue