wiki.social.coop/README.md

# Mediawiki

[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/mediawiki/status.svg)](https://build.coopcloud.tech/coop-cloud/mediawiki)

<!-- metadata -->
* **Category**: Apps
* **Status**: 1, alpha
* **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), 4, upstream
* **Healthcheck**: No
* **Backups**: Yes
* **Email**: 3
* **Tests**: 2
* **SSO**: 2 (OAuth, SAML)
<!-- endmetadata -->

## Basic usage

1. Set up Docker Swarm and [`abra`][abra]
2. Deploy [`coop-cloud/traefik`][traefik]
3. `abra app new mediawiki --secrets`  (optionally with `--pass` if you'd like
   to save secrets in `pass`)
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
   your Docker swarm box
5. `abra app deploy YOURAPPDOMAIN`
6. Create an initial admin user:
   `abra app run YOURAPPDOMAIN app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`

## Email

### Coop Cloud mailu or postfix

1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
   `postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
   `coop-cloud/mailu` (assuming default stack names)
2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in
   `postfix_relay`. This doesn't seem to be required for Mailu.
3. `abra app deploy YOURAPPDOMAIN`

### Remote provider

1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
3. `abra app deploy YOURAPPDOMAIN`

Note: Only STARTTLS is supported, TLS won't work.

## Single Sign On

### SimpleSAMLphp

This app includes optional SAML Single Sign On using
[SimpleSAMLphp][simplesamlphp] and Mediawiki's
[Extension:SimpleSAMLphp][mw-simplesamlphp], based on the
[`venatorfox/simplesamlphp`][venatorfox-simplesamlphp] image.

NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account
system. Patches to make this configurable are welcome!

1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
2. Generate secrets: (add `--pass` if you want to store secrets in `pass`)
   ```
   abra app YOURAPPDOMAIN secret generate saml_admin_password v1
   abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1"
   ```
3. `abra app deploy YOURAPPDOMAIN`
4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
   you have local `metadata` and `cert` folders:
   ```
   abra app YOURAPPDOMAIN cp metadata simplesaml:/var/simplesamlphp/
   abra app YOURAPPDOMAIN cp cert simplesaml:/var/simplesamlphp/
   ```
5. You can log into SimpleSAMLphp using the password you generated at
   https://$DOMAIN/simplesaml/ and test authentication
6. Edit SimpleSAMLphp's `config.php` and change `store.sql.dsn`:
   ```
   abra app YOURAPPDOMAIN run simplesaml vi /var/simplesamlphp/config/config.php
   # find 'store.sql.dsn' and edit to:
   # 'sqlite:/var/simplesamlphp/data/simplesamlphp.sq3'
   ```

### OpenID Connect

1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
2. Store your Keycloak-generated client secret in Docker:

```
abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here
```

3. `abra app deploy YOURAPPDOMAIN`

## License

MIT License

[mediawiki-1.35]: https://www.mediawiki.org/wiki/Release_notes/1.35
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
[traefik]: https://git.autonomic.zone/coop-cloud/traefik
[simplesamlphp]: https://simplesamlphp.org/
[mw-simplesamlphp]: https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp
[venatorfox-simplesamlphp]: https://hub.docker.com/r/venatorfox/simplesamlphp