diff --git a/manifests/instance.pp b/manifests/instance.pp index 2319f79..b6341ed 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -1,139 +1,140 @@ define mediawiki::instance ( String $vhost_name = $title, String $vhost_docroot = '/var/lib/mediawiki', String $vhost_fpm_root = 'http://127.0.0.1:5000', String $vhost_basic_auth = '', Array[String] $vhost_aliases = [], String $vhost_ssl_protocol = 'all -SSLv2 -SSLv3', String $vhost_ssl_honorcipherorder = 'On', String $vhost_ssl_cipher = 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA', String $vhost_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem', String $vhost_ssl_ca = '/etc/ssl/certs/ssl-cert-snakeoil.pem', String $vhost_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key', String $vhost_ssl_hsts_header = 'add Strict-Transport-Security "max-age=15768000"', String $db_user = 'mediawiki', String $db_basename = 'mediawiki', String $db_host = 'localhost', String $db_password = 'verysecret', String $secret_key = 'secretkey', String $upgrade_key = 'upgradekey', + String $swh_logo = '/images/b/b2/swh-intranet-logo.png', ){ include ::mediawiki $vhost_basic_auth_file = "/etc/apache2/mediawiki_${vhost_name}_http_auth" $config_relative = "LocalSettings_${vhost_name}.php" $config = "/etc/mediawiki/${config_relative}" include ::mysql::client ::mysql::db {$db_basename: user => $db_user, password => $db_password, host => $db_host, grant => ['ALL'], } include ::apache include ::apache::mod::proxy include ::profile::apache::mod_proxy_fcgi ::apache::vhost {"${vhost_name}_non-ssl": servername => $vhost_name, serveraliases => $vhost_aliases, port => '80', docroot => $vhost_docroot, redirect_status => 'permanent', redirect_dest => "https://${vhost_name}/", } if $vhost_basic_auth != '' { file {$vhost_basic_auth_file: ensure => present, owner => 'root', group => 'www-data', mode => '0640', content => $vhost_basic_auth, } $root_directory = { path => '/', provider => 'location', auth_type => 'Basic', auth_name => 'Software Heritage development', auth_user_file => $vhost_basic_auth_file, auth_require => 'valid-user', } } else { file {$vhost_basic_auth_file: ensure => absent, } $root_directory = {} } ::apache::vhost {"${vhost_name}_ssl": servername => $vhost_name, serveraliases => $vhost_aliases, port => '443', ssl => true, ssl_protocol => $vhost_ssl_protocol, ssl_honorcipherorder => $vhost_ssl_honorcipherorder, ssl_cipher => $vhost_ssl_cipher, ssl_cert => $vhost_ssl_cert, ssl_ca => $vhost_ssl_ca, ssl_key => $vhost_ssl_key, headers => [$vhost_ssl_hsts_header], docroot => $vhost_docroot, proxy_pass_match => [ { path => '^/(.*\.php(/.*)?)$', url => "fcgi://${vhost_fpm_root}${vhost_docroot}/\$1", }, ], directories => [ $root_directory, { path => "${vhost_docroot}/config", provider => 'directory', override => ['None'], }, { path => "${vhost_docroot}/images", provider => 'directory', override => ['None'], }, { path => "${vhost_docroot}/upload", provider => 'directory', override => ['None'], }, ], require => [ File[$vhost_ssl_cert], File[$vhost_ssl_ca], File[$vhost_ssl_key], File[$config], ], } # Uses variables: # $vhost_name # $db_basename # $db_user # $db_host # $db_password # $secret_key # $upgrade_key file {$config: ensure => present, owner => 'root', group => 'www-data', mode => '0640', content => template('mediawiki/LocalSettings_vhost.php.erb'), notify => Service['php5-fpm'], } # Uses variables: # $vhost_name # $vhost_aliases concat::fragment {"mediawiki_config_meta_${vhost_name}": target => $::mediawiki::config_meta, order => '10', content => template('mediawiki/LocalSettings.php.erb') } } diff --git a/templates/LocalSettings_vhost.php.erb b/templates/LocalSettings_vhost.php.erb index e518962..3956afb 100644 --- a/templates/LocalSettings_vhost.php.erb +++ b/templates/LocalSettings_vhost.php.erb @@ -1,162 +1,162 @@ "; ## The relative URL path to the skins directory $wgStylePath = "$wgScriptPath/skins"; ## The relative URL path to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! -$wgLogo = "/images/b/b2/Swh-logo.png"; -$wgFavicon = "/images/b/b2/Swh-logo.png"; +$wgLogo = "<%= @swh_logo %>"; +$wgFavicon = "<%= @swh_logo %>"; ## UPO means: this is also a user preference option $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO $wgEmergencyContact = "info@softwareheritage.org"; $wgPasswordSender = "info@softwareheritage.org"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; $wgEmailConfirmToEdit = true; # require email confirmation before editing ## Database settings $wgDBtype = "mysql"; $wgDBserver = "<%= @db_host %>"; $wgDBname = "<%= @db_basename %>"; $wgDBuser = "<%= @db_user %>"; $wgDBpassword = "<%= @db_password %>"; # MySQL specific settings $wgDBprefix = ""; # MySQL table options to use during installation or update $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; # Experimental charset support for MySQL 5.0. $wgDBmysql5 = false; ## Shared memory settings $wgMainCacheType = CACHE_NONE; $wgMemCachedServers = array(); ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: $wgEnableUploads = true; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert"; # InstantCommons allows wiki to use images from http://commons.wikimedia.org $wgUseInstantCommons = false; ## If you use ImageMagick (or any other shell command) on a ## Linux server, this will need to be set to the name of an ## available UTF-8 locale $wgShellLocale = "en_US.utf8"; ## If you want to use image uploads under safe mode, ## create the directories images/archive, images/thumb and ## images/temp, and make them all writable. Then uncomment ## this, if it's not already uncommented: #$wgHashedUploadDirectory = false; ## Set $wgCacheDirectory to a writable directory on the web server ## to make your wiki go slightly faster. The directory should not ## be publically accessible from the web. #$wgCacheDirectory = "$IP/cache"; # Site language code, should be one of the list in ./languages/Names.php $wgLanguageCode = "en"; $wgSecretKey = "<%= @secret_key %>"; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place $wgUpgradeKey = "<%= @upgrade_key %>"; ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': $wgDefaultSkin = "vector"; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation ## License and Creative Commons licenses are supported so far. $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = ""; $wgRightsText = ""; $wgRightsIcon = ""; # Path to the GNU diff3 utility. Used for conflict resolution. $wgDiff3 = "/usr/bin/diff3"; # debian-specific include: if (is_file("/etc/mediawiki-extensions/extensions.php")) { include("/etc/mediawiki-extensions/extensions.php"); } # Query string length limit for ResourceLoader. You should only set this if # your web server has a query string length limit (then set it to that limit), # or if you have suhosin.get.max_value_length set in php.ini (then set it to # that value) $wgResourceLoaderMaxQueryLength = -1; # End of automatically generated settings. # Add more configuration options below. $wgGroupPermissions['*']['edit'] = false; $wgFileExtensions[] = 'pdf'; $wgNamespacesToBeSearchedDefault = array( NS_MAIN => true, NS_TALK => true, NS_USER => true, NS_USER_TALK => true, NS_PROJECT => true, NS_PROJECT_TALK => true, NS_FILE => true, NS_FILE_TALK => true, NS_MEDIAWIKI => true, NS_MEDIAWIKI_TALK => true, NS_TEMPLATE => true, NS_TEMPLATE_TALK => true, NS_HELP => true, NS_HELP_TALK => true, NS_CATEGORY => true, NS_CATEGORY_TALK => true );