forked from coop-cloud/mediawiki
		
	Compare commits
	
		
			17 Commits
		
	
	
		
			2.0.0+1.36
			...
			main
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| f2afce4145 | |||
| 2ad502e4fa | |||
| 9ee106a2ed | |||
| bce93ab727 | |||
| 8c503d5d28 | |||
| d7d228ab7e | |||
| ae116a9954 | |||
| a71d9195e8 | |||
| f18c9882df | |||
| ffcf336329 | |||
| 7e8c307936 | |||
| 463d606257 | |||
| bf2fcbd7b4 | |||
| bde470d4f9 | |||
| c377ae6620 | |||
| de6e1d415e | |||
| f33004bb86 | 
							
								
								
									
										20
									
								
								.drone.yml
									
									
									
									
									
								
							
							
						
						
									
										20
									
								
								.drone.yml
									
									
									
									
									
								
							| @ -3,10 +3,12 @@ kind: pipeline | ||||
| name: deploy to swarm-test.autonomic.zone | ||||
| steps: | ||||
|   - name: deployment | ||||
|     image: decentral1se/stack-ssh-deploy:latest | ||||
|     image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest | ||||
|     settings: | ||||
|       host: swarm-test.autonomic.zone | ||||
|       stack: mediawiki | ||||
|       networks: | ||||
|        - proxy | ||||
|       purge: true | ||||
|       generate_secrets: true | ||||
|       deploy_key: | ||||
| @ -31,11 +33,17 @@ trigger: | ||||
|     - main | ||||
| --- | ||||
| kind: pipeline | ||||
| name: recipe release | ||||
| name: generate recipe catalogue | ||||
| steps: | ||||
|   - name: release a new version | ||||
|     image: thecoopcloud/drone-abra:latest | ||||
|     image: plugins/downstream | ||||
|     settings: | ||||
|       command: recipe mediawiki release | ||||
|       deploy_key: | ||||
|         from_secret: abra_bot_deploy_key | ||||
|       server: https://build.coopcloud.tech | ||||
|       token: | ||||
|         from_secret: drone_abra-bot_token | ||||
|       fork: true | ||||
|       repositories: | ||||
|         - coop-cloud/auto-recipes-catalogue-json | ||||
|  | ||||
| trigger: | ||||
|   event: tag | ||||
|  | ||||
| @ -13,6 +13,8 @@ MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png' | ||||
|  | ||||
| MEDIAWIKI_IS_PRIVATE=1 | ||||
|  | ||||
| MEDIAWIKI_DEBUG=0 | ||||
|  | ||||
| ## SMTP | ||||
| #SMTP_HOST=postfix_relay_app | ||||
| #SMTP_HOST=mailu_front | ||||
|  | ||||
| @ -166,24 +166,38 @@ wfLoadExtension( 'PluggableAuth' ); | ||||
| wfLoadExtension( 'SimpleSAMLphp' ); | ||||
|  | ||||
| $wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/"; | ||||
| $wgSimpleSAMLphp_AuthSourceId = "{{ env "SAML_AUTH_SOURCE_ID" }}"; | ||||
| $wgSimpleSAMLphp_RealNameAttribute = "{{ env "SAML_REAL_NAME_ATTRIBUTE" }}"; | ||||
| $wgSimpleSAMLphp_EmailAttribute = "{{ env "SAML_EMAIL_ATTRIBUTE" }}"; | ||||
| $wgSimpleSAMLphp_UsernameAttribute = "{{ env "SAML_USERNAME_ATTRIBUTE" }}"; | ||||
|  | ||||
| $wgPluggableAuth_Config['Log in using my SAML'] = [ | ||||
|   'plugin' => 'SimpleSAMLphp', | ||||
|   'data' => [ | ||||
| 	'authSourceId' => '{{ env "SAML_AUTH_SOURCE_ID" }}', | ||||
| 	'usernameAttribute' => '{{ env "SAML_USERNAME_ATTRIBUTE" }}', | ||||
| 	'realNameAttribute' => '{{ env "SAML_REAL_NAME_ATTRIBUTE" }}', | ||||
| 	'emailAttribute' => '{{ env "SAML_EMAIL_ATTRIBUTE" }}' | ||||
|   ] | ||||
| ]; | ||||
|  | ||||
| $wgGroupPermissions['*']['autocreateaccount'] = true; | ||||
| $wgGroupPermissions['*']['createaccount'] = false; | ||||
| {{ end }} | ||||
|  | ||||
| {{ if eq (env "MEDIAWIKI_DEBUG") "1" }} | ||||
| $wgDebugLogFile = "/var/log/debug-{$wgDBname}.log"; | ||||
| $wgShowExceptionDetails = true; | ||||
| $wgDebugToolbar = true; | ||||
| {{ end }} | ||||
|  | ||||
| {{ if eq (env "OPENID_ENABLED") "1" }} | ||||
| wfLoadExtension( 'PluggableAuth' ); | ||||
| wfLoadExtension( 'OpenIDConnect' ); | ||||
|  | ||||
| $wgOpenIDConnect_Config['{{ env "OPENID_KEYCLOAK_URL" }}'] = [ | ||||
|   'clientID' => '{{ env "OPENID_CLIENT_ID"}}', | ||||
|   'clientsecret' => '{{ secret "openid_client_secret" }}' | ||||
| $wgPluggableAuth_Config[] = [ | ||||
|     'plugin' => 'OpenIDConnect', | ||||
|     'data' => [ | ||||
|         'providerURL' => '{{ env "OPENID_KEYCLOAK_URL" }}', | ||||
|         'clientID' => '{{ env "OPENID_CLIENT_ID"}}', | ||||
|         'clientsecret' => '{{ secret "openid_client_secret" }}' | ||||
|     ] | ||||
| ]; | ||||
|  | ||||
| $wgGroupPermissions['*']['autocreateaccount'] = true; | ||||
|  | ||||
							
								
								
									
										32
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										32
									
								
								README.md
									
									
									
									
									
								
							| @ -1,18 +1,16 @@ | ||||
| # Mediawiki | ||||
|  | ||||
| [](https://drone.autonomic.zone/coop-cloud/mediawiki) | ||||
|  | ||||
| Mediawiki [version 1.35][mediawiki-1.35] | ||||
| [](https://build.coopcloud.tech/coop-cloud/mediawiki) | ||||
|  | ||||
| <!-- metadata --> | ||||
| * **Category**: Apps | ||||
| * **Status**: ❸🍎 | ||||
| * **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), ❶💚, upstream | ||||
| * **Status**: 1, alpha | ||||
| * **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), 4, upstream | ||||
| * **Healthcheck**: No | ||||
| * **Backups**: Yes | ||||
| * **Email**: ❶💚 | ||||
| * **Tests**: ❷💛 | ||||
| * **SSO**: ❷💛 (OAuth, SAML) | ||||
| * **Email**: 3 | ||||
| * **Tests**: 2 | ||||
| * **SSO**: 2 (OAuth, SAML) | ||||
| <!-- endmetadata --> | ||||
|  | ||||
| ## Basic usage | ||||
| @ -21,20 +19,20 @@ Mediawiki [version 1.35][mediawiki-1.35] | ||||
| 2. Deploy [`coop-cloud/traefik`][traefik] | ||||
| 3. `abra app new mediawiki --secrets`  (optionally with `--pass` if you'd like | ||||
|    to save secrets in `pass`) | ||||
| 4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to | ||||
| 4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to | ||||
|    your Docker swarm box | ||||
| 5. `abra app YOURAPPDOMAIN deploy` | ||||
| 5. `abra app deploy YOURAPPDOMAIN` | ||||
| 6. Create an initial admin user: | ||||
|    `abra app YOURAPPDOMAIN run app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword` | ||||
|    `abra app run YOURAPPDOMAIN app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword` | ||||
|  | ||||
| ## Email | ||||
|  | ||||
| 1. `abra app YOURAPPDOMAIN config` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to | ||||
| 1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to | ||||
|    `postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for | ||||
|    `coop-cloud/mailu` (assuming default stack names) | ||||
| 2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in | ||||
|    `postfix_relay`. This doesn't seem to be required for Mailu. | ||||
| 3. `abra app YOURAPPDOMAIN deploy` | ||||
| 3. `abra app deploy YOURAPPDOMAIN` | ||||
|  | ||||
| ## Single Sign On | ||||
|  | ||||
| @ -48,13 +46,13 @@ This app includes optional SAML Single Sign On using | ||||
| NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account | ||||
| system. Patches to make this configurable are welcome! | ||||
|  | ||||
| 1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`) | ||||
| 1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`) | ||||
| 2. Generate secrets: (add `--pass` if you want to store secrets in `pass`) | ||||
|    ``` | ||||
|    abra app YOURAPPDOMAIN secret generate saml_admin_password v1 | ||||
|    abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1" | ||||
|    ``` | ||||
| 3. `abra app YOURAPPDOMAIN deploy` | ||||
| 3. `abra app deploy YOURAPPDOMAIN` | ||||
| 4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming | ||||
|    you have local `metadata` and `cert` folders: | ||||
|    ``` | ||||
| @ -72,14 +70,14 @@ system. Patches to make this configurable are welcome! | ||||
|  | ||||
| ### OpenID Connect | ||||
|  | ||||
| 1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`) | ||||
| 1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`) | ||||
| 2. Store your Keycloak-generated client secret in Docker: | ||||
|  | ||||
| ``` | ||||
| abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here | ||||
| ``` | ||||
|  | ||||
| 3. `abra app YOURAPPDOMAIN deploy` | ||||
| 3. `abra app deploy YOURAPPDOMAIN` | ||||
|  | ||||
| ## License | ||||
|  | ||||
|  | ||||
							
								
								
									
										6
									
								
								abra.sh
									
									
									
									
									
								
							
							
						
						
									
										6
									
								
								abra.sh
									
									
									
									
									
								
							| @ -1,10 +1,10 @@ | ||||
| export LOCAL_SETTINGS_CONF_VERSION=v2 | ||||
| export LOCAL_SETTINGS_CONF_VERSION=v6 | ||||
| export HTACCESS_CONF_VERSION=v1 | ||||
| export ENTRYPOINT_CONF_VERSION=v2 | ||||
| export ENTRYPOINT_CONF_VERSION=v3 | ||||
| export COMPOSER_LOCAL_CONF_VERSION=v1 | ||||
| export PHP_INI_VERSION=v1 | ||||
|  | ||||
| export SAML_ENTRYPOINT_CONF_VERSION=v1 | ||||
| export SAML_ENTRYPOINT_CONF_VERSION=v3 | ||||
|  | ||||
| abra_backup_app() { | ||||
|   _abra_backup_dir "app:/var/www/html/images" | ||||
|  | ||||
| @ -5,7 +5,12 @@ services: | ||||
|   app: | ||||
|     volumes: | ||||
|       - "simplesaml:/var/simplesamlphp/" | ||||
|       - "simplesaml_cert:/var/simplesamlphp/cert" | ||||
|       - "simplesaml_config:/var/simplesamlphp/config" | ||||
|       - "simplesaml_data:/var/simplesamlphp/data" | ||||
|       - "simplesaml_log:/var/simplesamlphp/log" | ||||
|       - "simplesaml_metadata:/var/simplesamlphp/metadata" | ||||
|       - "simplesaml_modules:/var/simplesamlphp/modules" | ||||
|     environment: | ||||
|       - SAML_AUTH_SOURCE_ID | ||||
|       - SAML_EMAIL_ATTRIBUTE | ||||
| @ -14,7 +19,8 @@ services: | ||||
|       - SAML_USERNAME_ATTRIBUTE | ||||
|  | ||||
|   simplesaml: | ||||
|     image: venatorfox/simplesamlphp:1.18.3 | ||||
|     # image: unicon/simplesamlphp:1.19.6 | ||||
|     image: git.coopcloud.tech/coop-cloud-chaos-patchs/simplesamlphp:1.19.7 | ||||
|     secrets: | ||||
|       - saml_admin_password | ||||
|       - saml_secret_salt | ||||
| @ -47,7 +53,12 @@ services: | ||||
|         mode: 0555 | ||||
|     volumes: | ||||
|       - simplesaml:/var/simplesamlphp/ | ||||
|       - simplesaml_log:/var/simplesamlphp/log | ||||
|       - "simplesaml_cert:/var/simplesamlphp/cert" | ||||
|       - "simplesaml_config:/var/simplesamlphp/config" | ||||
|       - "simplesaml_data:/var/simplesamlphp/data" | ||||
|       - "simplesaml_log:/var/simplesamlphp/log" | ||||
|       - "simplesaml_metadata:/var/simplesamlphp/metadata" | ||||
|       - "simplesaml_modules:/var/simplesamlphp/modules" | ||||
|     networks: | ||||
|       - proxy | ||||
|     entrypoint: /docker-entrypoint.simplesaml.sh | ||||
| @ -62,7 +73,12 @@ services: | ||||
|  | ||||
| volumes: | ||||
|   simplesaml: | ||||
|   simplesaml_cert: | ||||
|   simplesaml_config: | ||||
|   simplesaml_data: | ||||
|   simplesaml_log: | ||||
|   simplesaml_metadata: | ||||
|   simplesaml_modules: | ||||
|  | ||||
| secrets: | ||||
|   saml_admin_password: | ||||
|  | ||||
| @ -3,7 +3,7 @@ version: "3.8" | ||||
|  | ||||
| services: | ||||
|   app: | ||||
|     image: mediawiki:1.36.2 | ||||
|     image: mediawiki:1.39.3 | ||||
|     environment: | ||||
|       - DOMAIN | ||||
|       - STACK_NAME | ||||
| @ -13,6 +13,7 @@ services: | ||||
|       - MEDIAWIKI_SITENAMESPACE | ||||
|       - MEDIAWIKI_LOGO_FILE | ||||
|       - MEDIAWIKI_IS_PRIVATE | ||||
|       - MEDIAWIKI_DEBUG | ||||
|       - SAML_ENABLED | ||||
|       - OPENID_ENABLED | ||||
|       - DB_HOST=db | ||||
| @ -44,11 +45,11 @@ services: | ||||
|         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" | ||||
|         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" | ||||
|         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" | ||||
|         - "coop-cloud.${STACK_NAME}.version=2.0.0+1.36.2" | ||||
|         - "coop-cloud.${STACK_NAME}.version=2.2.2+1.39.1" | ||||
|     entrypoint: /docker-entrypoint2.sh | ||||
|  | ||||
|   db: | ||||
|     image: mariadb:10.6 | ||||
|     image: mariadb:10.10 | ||||
|     environment: | ||||
|       - MYSQL_USER=mediawiki | ||||
|       - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password | ||||
|  | ||||
| @ -8,7 +8,7 @@ init_composer() { | ||||
| 	if ! type composer > /dev/null 2>&1; then | ||||
| 		apt update -yqq && apt install -yqq curl git unzip zip | ||||
| 		curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php | ||||
| 		php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=1.10.15 | ||||
| 		php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=2.5.4 | ||||
| 		composer -V | ||||
| 	fi | ||||
| } | ||||
| @ -51,14 +51,14 @@ init_db() { | ||||
|  | ||||
| init_extensions() { | ||||
| 	if [ ! -d /var/www/html/extensions/PluggableAuth ]; then | ||||
| 		git clone --depth 1 -b REL1_32 \ | ||||
| 		git clone --depth 1 -b REL1_39 \ | ||||
| 			https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \ | ||||
| 			/var/www/html/extensions/PluggableAuth | ||||
| 	fi | ||||
|  | ||||
| 	if [ -n "${SAML_ENABLED-}" ]; then | ||||
| 		if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then | ||||
| 			git clone --depth 1 -b REL1_32 \ | ||||
| 			git clone --depth 1 -b REL1_39 \ | ||||
| 				https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \ | ||||
| 				/var/www/html/extensions/SimpleSAMLphp | ||||
| 		fi | ||||
| @ -66,7 +66,7 @@ init_extensions() { | ||||
|  | ||||
| 	if [ -n "${OPENID_ENABLED-}" ]; then | ||||
| 		if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then | ||||
| 			git clone --depth 1 -b REL1_35 \ | ||||
| 			git clone --depth 1 -b REL1_39 \ | ||||
| 				https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \ | ||||
| 				/var/www/html/extensions/OpenIDConnect | ||||
| 		fi | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	