From cee2c91e3900b7500b987e4d82cdc650db1f3cb0 Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Sat, 5 Sep 2020 01:59:00 +0200
Subject: [PATCH] Initial import

---
 .envrc      |  6 +++++
 LICENSE     | 21 ++++++++++++++++++
 README.MD   | 27 +++++++++++++++++++++++
 compose.yml | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 helpers.sh  |  6 +++++
 5 files changed, 123 insertions(+)
 create mode 100644 .envrc
 create mode 100644 LICENSE
 create mode 100644 README.MD
 create mode 100644 compose.yml
 create mode 100755 helpers.sh

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..5d0a9f3
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,6 @@
+export DB_ROOT_PASSWD_VERSION=v1
+export DB_PASSWD_VERSION=v1
+export DOMAIN=mediawiki.swarm.autonomic.zone
+export LETS_ENCRYPT_ENV=production
+export STACK_NAME=mediawiki
+export NGINX_CONF_VERSION=v1
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..044e673
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Revian Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.MD b/README.MD
new file mode 100644
index 0000000..10e8dfd
--- /dev/null
+++ b/README.MD
@@ -0,0 +1,27 @@
+# Mediawiki
+
+Mediawiki [1.32.1](https://www.mediawiki.org/wiki/Release_notes/1.32.1).
+
+Requires Docker version 1.11.2 and up
+
+Based on [`mediawiki-ve-bundle`](https://hub.docker.com/r/revianlabs/mediawiki-ve-bundle).
+
+1. Set up Docker Swarm
+2. `cp .envrc.sample .envrc`
+3. Edit `.envrc`
+4. `direnv allow` (or `. .envrc`)
+5. `. .helpers.sh` (don't forget the dot!)
+6. `create-secrets` (note down the passwords!) FIXME: Current function doesn't
+   output passwords 😕
+7. `docker stack deploy -c compose.yml mediawiki`
+8. Go to the `$DOMAIN` you configured in #3
+9. Click "Install", then follow the prompts. Enter the `root` and user passwords
+   you generated in #6
+10. Download the `LocalSettings.php`, and copy it to the `mediawiki_mediawiki`
+    container, in `/var/www/html`, using e.g. 
+
+        docker container cp ./local/path/to/LocalSettings.php <containerid>:/var/www/html/
+
+## License
+
+MIT License
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..ca005a8
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,63 @@
+---
+version: '3.8'
+
+services:
+  mariadb:
+    image: 'mariadb:10.5'
+    environment:
+      - MYSQL_USER=mediawiki
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_DATABASE=mediawiki
+    volumes:
+      - 'mariadb:/var/lib/mysql'
+    secrets:
+      - db_root_password
+      - db_password
+    networks:
+      - internal
+    deploy:
+      restart_policy:
+        condition: on-failure
+        delay: "60s"
+        max_attempts: 3
+        window: 120s
+  mediawiki:
+    image: 'revianlabs/mediawiki-ve-bundle'
+    environment:
+      - DOMAIN=${DOMAIN}
+    volumes:
+      - 'mediawiki:/var/www/html'
+      - 'parsoid:/usr/lib/parsoid'
+    depends_on:
+      - mariadb
+    networks:
+      - proxy
+      - internal
+    deploy:
+      update_config:
+        failure_action: rollback
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.mediawiki.loadbalancer.server.port=80"
+        - "traefik.http.routers.mediawiki.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.mediawiki.entrypoints=web-secure"
+        - "traefik.http.routers.mediawiki.tls.certresolver=${LETS_ENCRYPT_ENV}"
+
+volumes:
+  mariadb:
+  mediawiki:
+  parsoid:
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+secrets:
+  db_root_password:
+    name: ${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}
+    external: true
+  db_password:
+    name: ${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}
+    external: true
diff --git a/helpers.sh b/helpers.sh
new file mode 100755
index 0000000..399b7eb
--- /dev/null
+++ b/helpers.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+create-secrets () {
+  pwgen -n 32 1  | docker secret create "${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}" -
+  pwgen -n 32 1  | docker secret create "${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}" -
+}