Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
3wc | 92a206ad4f |
39
.env.sample
39
.env.sample
|
@ -1,7 +1,6 @@
|
|||
TYPE=mediawiki
|
||||
|
||||
DOMAIN=mediawiki.example.com
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#EXTRA_DOMAINS=', `www.wiki.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
@ -12,35 +11,21 @@ MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
|
|||
MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
|
||||
MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png'
|
||||
|
||||
# list of language options (without ".json"):
|
||||
# https://gerrit.wikimedia.org/g/mediawiki/core/%2B/HEAD/languages/i18n
|
||||
MEDIAWIKI_LANGUAGE="en"
|
||||
|
||||
MEDIAWIKI_IS_PRIVATE=1
|
||||
MEDIAWIKI_ALLOW_REGISTRATION=0
|
||||
|
||||
MEDIAWIKI_DEBUG=0
|
||||
|
||||
## SMTP
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
||||
|
||||
# SMTP
|
||||
|
||||
## via local postfix/mailu
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
|
||||
## via remote email provider
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_HOST="mail.example.com"
|
||||
#SMTP_PORT=587
|
||||
#SMTP_USER="${MEDIAWIKI_EMAIL_FROM}"
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
||||
# SAML
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.simplesaml.yml"
|
||||
#COMPOSE_FILE="compose.yml:compose.simplesaml.yml"
|
||||
|
||||
#SAML_ENABLED=1
|
||||
#SAML_CONTACT_NAME="Sam Ell"
|
||||
|
@ -56,7 +41,7 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
|||
|
||||
## OpenID Connect
|
||||
# OPENID_ENABLED=1
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.openid.yml"
|
||||
# COMPOSE_FILE="compose.yml:compose.openid.yml"
|
||||
# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
|
||||
# OPENID_CLIENT_ID="mediawiki"
|
||||
# SECRET_OPENID_CLIENT_SECRET_VERSION=v1
|
||||
|
@ -82,6 +67,18 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
|||
## WikiMarkdown
|
||||
#MARKDOWN_ENABLED=1
|
||||
|
||||
## Scribunto Lua scripting
|
||||
#SCRIBUNTO_ENABLED=1
|
||||
|
||||
## TemplateStyles
|
||||
#TEMPLATESTYLES_ENABLED=1
|
||||
|
||||
## Mermaid
|
||||
#MERMAID_ENABLED=1
|
||||
|
||||
## Genealogy
|
||||
#GENEALOGY_ENABLED=1
|
||||
|
||||
## Tweeki skin
|
||||
#TWEEKI_ENABLED=0
|
||||
|
||||
|
|
|
@ -84,7 +84,7 @@ $wgShellLocale = "C.UTF-8";
|
|||
#$wgCacheDirectory = "$IP/cache";
|
||||
|
||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "{{ env "MEDIAWIKI_LANGUAGE" }}";
|
||||
$wgLanguageCode = "en";
|
||||
|
||||
$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
|
||||
|
||||
|
@ -106,13 +106,8 @@ $wgRightsIcon = "";
|
|||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||
$wgDiff3 = "/usr/bin/diff3";
|
||||
|
||||
{{ if eq (env "MEDIAWIKI_ALLOW_REGISTRATION") "1" }}
|
||||
$wgGroupPermissions['*']['createaccount'] = true;
|
||||
$wgEmailConfirmToEdit = true;
|
||||
{{ else }}
|
||||
# The following permissions were set based on your choice in the installer
|
||||
$wgGroupPermissions['*']['createaccount'] = false;
|
||||
{{ end }}
|
||||
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
{{ if eq (env "MEDIAWIKI_IS_PRIVATE") "1" }}
|
||||
$wgGroupPermissions['*']['read'] = false;
|
||||
|
@ -120,13 +115,6 @@ $wgGroupPermissions['*']['read'] = false;
|
|||
$wgGroupPermissions['*']['read'] = true;
|
||||
{{ end }}
|
||||
|
||||
{{ if ne (env "MEDIAWIKI_PROXY_SERVERS") "" }}
|
||||
// In LocalSettings.php
|
||||
$wgUseCdn = true;
|
||||
$wgCdnServersNoPurge = [];
|
||||
$wgCdnServersNoPurge[] = "{{ env "MEDIAWIKI_PROXY_SERVERS" }}";
|
||||
{{ end }}
|
||||
|
||||
# Enabled skins.
|
||||
# The following skins were automatically enabled:
|
||||
wfLoadSkin( 'MonoBook' );
|
||||
|
@ -212,15 +200,11 @@ $wgGroupPermissions['*']['createaccount'] = false;
|
|||
|
||||
{{ if env "SMTP_HOST" }}
|
||||
$wgSMTP = [
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => {{ env "SMTP_PORT" }}, // Port to use when connecting to the SMTP server
|
||||
{{ if env "SMTP_USER" }}
|
||||
'auth' => true, // Should we use SMTP authentication (true or false)
|
||||
'username' => '{{ env "SMTP_USER" }}', // Username to use for SMTP authentication (if being used)
|
||||
'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
|
||||
{{ else }}
|
||||
'auth' => false
|
||||
{{ end }}
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => 25, // Port to use when connecting to the SMTP server
|
||||
'auth' => false, // Should we use SMTP authentication (true or false)
|
||||
#'username' => 'my_user_name', // Username to use for SMTP authentication (if being used)
|
||||
#'password' => 'my_password' // Password to use for SMTP authentication (if being used)
|
||||
];
|
||||
{{ end }}
|
||||
|
||||
|
@ -248,6 +232,23 @@ $wgAllowMarkdownExtra = true; // allows usage of Parsedown Extra
|
|||
$wgAllowMarkdownExtended = true; // allows usage of Parsedown Extended
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "SCRIBUNTO_ENABLED") "1" }}
|
||||
wfLoadExtension( 'Scribunto' );
|
||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "TEMPLATESTYLES_ENABLED") "1" }}
|
||||
wfLoadExtension( 'TemplateStyles' );
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MERMAID_ENABLED") "1" }}
|
||||
wfLoadExtension( 'Mermaid' );
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GENEALOGY_ENABLED") "1" }}
|
||||
wfLoadExtension( 'Genealogy' );
|
||||
{{ end }}
|
||||
|
||||
$wgFileExtensions = array(
|
||||
'png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf', 'ppt', 'tiff',
|
||||
'bmp', 'docx', 'xlsx', 'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
|
||||
|
|
10
README.md
10
README.md
|
@ -27,8 +27,6 @@
|
|||
|
||||
## Email
|
||||
|
||||
### Coop Cloud mailu or postfix
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
|
||||
`postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
|
||||
`coop-cloud/mailu` (assuming default stack names)
|
||||
|
@ -36,14 +34,6 @@
|
|||
`postfix_relay`. This doesn't seem to be required for Mailu.
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
### Remote provider
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
|
||||
2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
Note: Only STARTTLS is supported, TLS won't work.
|
||||
|
||||
## Single Sign On
|
||||
|
||||
### SimpleSAMLphp
|
||||
|
|
42
abra.sh
42
abra.sh
|
@ -1,7 +1,45 @@
|
|||
export LOCAL_SETTINGS_CONF_VERSION=v23
|
||||
export LOCAL_SETTINGS_CONF_VERSION=v21
|
||||
export HTACCESS_CONF_VERSION=v1
|
||||
export ENTRYPOINT_CONF_VERSION=v21
|
||||
export ENTRYPOINT_CONF_VERSION=v20
|
||||
export COMPOSER_LOCAL_CONF_VERSION=v5
|
||||
export PHP_INI_VERSION=v4
|
||||
|
||||
export SAML_ENTRYPOINT_CONF_VERSION=v3
|
||||
|
||||
abra_backup_app() {
|
||||
_abra_backup_dir "app:/var/www/html/images"
|
||||
}
|
||||
|
||||
abra_backup_db() {
|
||||
_abra_backup_mysql "db" "mediawiki"
|
||||
}
|
||||
|
||||
abra_backup() {
|
||||
abra_backup_app && abra_backup_db
|
||||
}
|
||||
|
||||
abra_restore_app() {
|
||||
# shellcheck disable=SC2034
|
||||
{
|
||||
abra__src_="-"
|
||||
abra__dst_="app:/var/www/html/"
|
||||
}
|
||||
|
||||
zcat "$@" | sub_app_cp
|
||||
|
||||
success "Restored 'app'"
|
||||
}
|
||||
|
||||
abra_restore_db() {
|
||||
# 3wc: unlike abra_backup_db, we can assume abra__service_ will be 'db' if we
|
||||
# got this far..
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
abra___no_tty="true"
|
||||
|
||||
DB_ROOT_PASSWORD="$(sub_app_run cat /run/secrets/db_root_password)"
|
||||
|
||||
zcat "$@" | sub_app_run mysql -u root -p"$DB_ROOT_PASSWORD" wordpress
|
||||
|
||||
success "Restored 'db'"
|
||||
}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SMTP_USER
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
secrets:
|
||||
smtp_password:
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
external: true
|
18
compose.yml
18
compose.yml
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: mediawiki:1.40.1
|
||||
image: mediawiki:1.39.3
|
||||
environment:
|
||||
- DOMAIN
|
||||
- STACK_NAME
|
||||
|
@ -14,14 +14,12 @@ services:
|
|||
- MEDIAWIKI_LOGO_FILE
|
||||
- MEDIAWIKI_IS_PRIVATE
|
||||
- MEDIAWIKI_DEBUG
|
||||
- MEDIAWIKI_LANGUAGE=${MEDIAWIKI_LANGUAGE:-en}
|
||||
- SAML_ENABLED
|
||||
- OPENID_ENABLED
|
||||
- DB_HOST=db
|
||||
- DB_USER=mediawiki
|
||||
- DB_NAME=mediawiki
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT=${SMTP_PORT:-25}
|
||||
volumes:
|
||||
- "mediawiki_images:/var/www/html/images"
|
||||
configs:
|
||||
|
@ -47,13 +45,11 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.7.3+1.40.1"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/images"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.3.0+1.39.3"
|
||||
entrypoint: /docker-entrypoint2.sh
|
||||
|
||||
db:
|
||||
image: mariadb:11.1
|
||||
image: mariadb:10.10
|
||||
environment:
|
||||
- MYSQL_USER=mediawiki
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
|
@ -66,14 +62,6 @@ services:
|
|||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki | gzip > /tmp/dump.sql.gz'"
|
||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
|
|
@ -17,6 +17,14 @@ composer_install() {
|
|||
set -eu
|
||||
|
||||
cd /var/www/html/ && composer update && composer install
|
||||
|
||||
# SMW needs this; some other extensions brought in by composer might as well.
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
|
||||
{{ if eq (env "TEMPLATESTYLES_ENABLED") "1" }}
|
||||
cd /var/www/html/extensions/TemplateStyles && \
|
||||
composer install --no-dev
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
init_db() {
|
||||
|
@ -40,22 +48,26 @@ init_db() {
|
|||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables.sql
|
||||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/interwiki.sql
|
||||
# FIXME run createAndPromote.php with $ADMIN_USERNAME
|
||||
else
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
}
|
||||
|
||||
init_extensions() {
|
||||
|
||||
if [ ! -d /var/www/html/extensions/PluggableAuth ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \
|
||||
/var/www/html/extensions/PluggableAuth
|
||||
fi
|
||||
|
||||
if [ -n "${SAML_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \
|
||||
/var/www/html/extensions/SimpleSAMLphp
|
||||
fi
|
||||
|
@ -63,7 +75,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
|
||||
/var/www/html/extensions/OpenIDConnect
|
||||
fi
|
||||
|
@ -71,7 +83,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${MOBILEFRONTEND_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MobileFrontend ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend.git \
|
||||
/var/www/html/extensions/MobileFrontend
|
||||
fi
|
||||
|
@ -79,7 +91,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${MSU_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MsUpload ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/MsUpload \
|
||||
/var/www/html/extensions/MsUpload
|
||||
fi
|
||||
|
@ -87,7 +99,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${PAGEFORMS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageForms ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageForms \
|
||||
/var/www/html/extensions/PageForms
|
||||
fi
|
||||
|
@ -95,7 +107,7 @@ init_extensions() {
|
|||
|
||||
if [ -n "${PAGESCHEMAS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageSchemas ]; then
|
||||
git clone --depth 1 -b REL1_40 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageSchemas \
|
||||
/var/www/html/extensions/PageSchemas
|
||||
fi
|
||||
|
@ -109,6 +121,37 @@ init_extensions() {
|
|||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${SCRIBUNTO_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/Scribunto ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-Scribunto \
|
||||
/var/www/html/extensions/Scribunto
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${TEMPLATESTYLES_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/TemplateStyles ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-TemplateStyles \
|
||||
/var/www/html/extensions/TemplateStyles
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${MERMAID_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/Mermaid ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/SemanticMediaWiki/Mermaid \
|
||||
/var/www/html/extensions/Mermaid
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${GENEALOGY_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/Genealogy ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-Genealogy \
|
||||
/var/www/html/extensions/Genealogy
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
init_skins() {
|
||||
|
|
Loading…
Reference in New Issue