diff --git a/manifests/mediawiki.pp b/manifests/mediawiki.pp index c18f96d..0b0607d 100644 --- a/manifests/mediawiki.pp +++ b/manifests/mediawiki.pp @@ -1,129 +1,142 @@ # Deployment of mediawiki for the Software Heritage intranet class profile::mediawiki { $mediawiki_db_user = hiera('mediawiki::mysql::username') $mediawiki_db_basename = hiera('mediawiki::mysql::dbname') $mediawiki_db_password = hiera('mediawiki::mysql::password') $mediawiki_fpm_listen = hiera('mediawiki::php::fpm_listen') $mediawiki_vhost_name = hiera('mediawiki::vhost::name') $mediawiki_vhost_docroot = hiera('mediawiki::vhost::docroot') $mediawiki_vhost_basic_auth_file = "/etc/apache2/mediawiki_http_auth" $mediawiki_vhost_basic_auth_content = hiera('mediawiki::vhost::basic_auth_content') $mediawiki_vhost_ssl_protocol = hiera('mediawiki::vhost::ssl_protocol') $mediawiki_vhost_ssl_honorcipherorder = hiera('mediawiki::vhost::ssl_honorcipherorder') $mediawiki_vhost_ssl_cipher = hiera('mediawiki::vhost::ssl_cipher') $mediawiki_vhost_hsts_header = hiera('mediawiki::vhost::hsts_header') - $mediawiki_config = '/etc/mediawiki/LocalSettings.php' + $mediawiki_config = "/etc/mediawiki/LocalSettings_${mediawiki_vhost_name}.php" + $mediawiki_config_meta = "/etc/mediawiki/LocalSettings.php" $mediawiki_config_secret_key = hiera('mediawiki::conf::secret_key') $mediawiki_config_upgrade_key = hiera('mediawiki::conf::upgrade_key') $packages = [ 'mediawiki', 'mediawiki-extensions', ] package {$packages: ensure => latest, } include ::mysql::client ::mysql::db {$mediawiki_db_basename: user => $mediawiki_db_username, password => $mediawiki_db_password, host => 'localhost', grant => ['ALL'], } include ::php::fpm::daemon ::php::fpm::conf {'mediawiki': listen => $mediawiki_fpm_listen, user => 'www-data', } include ::profile::ssl include ::apache include ::apache::mod::proxy include ::profile::apache::mod_proxy_fcgi ::apache::vhost {"${mediawiki_vhost_name}_non-ssl": servername => $mediawiki_vhost_name, port => '80', docroot => $mediawiki_vhost_docroot, redirect_status => 'permanent', redirect_dest => "https://${mediawiki_vhost_name}/", } $ssl_cert_name = 'star_softwareheritage_org' $ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name] $ssl_ca = $::profile::ssl::ca_paths[$ssl_cert_name] $ssl_key = $::profile::ssl::private_key_paths[$ssl_cert_name] ::apache::vhost {"${mediawiki_vhost_name}_ssl": servername => $mediawiki_vhost_name, port => '443', ssl => true, ssl_protocol => $mediawiki_vhost_ssl_protocol, ssl_honorcipherorder => $mediawiki_vhost_ssl_honorcipherorder, ssl_cipher => $mediawiki_vhost_ssl_cipher, ssl_cert => $ssl_cert, ssl_ca => $ssl_ca, ssl_key => $ssl_key, headers => [$mediawiki_vhost_hsts_header], docroot => $mediawiki_vhost_docroot, proxy_pass_match => [ { path => '^/(.*\.php(/.*)?)$', url => "fcgi://${mediawiki_fpm_listen}${mediawiki_vhost_docroot}/\$1", }, ], directories => [ { path => '/', provider => 'location', auth_type => 'Basic', auth_name => 'Software Heritage development', auth_user_file => $mediawiki_vhost_basic_auth_file, auth_require => 'valid-user', }, { path => "${mediawiki_vhost_docroot}/config", provider => 'directory', override => ['None'], }, { path => "${mediawiki_vhost_docroot}/images", provider => 'directory', override => ['None'], }, { path => "${mediawiki_vhost_docroot}/upload", provider => 'directory', override => ['None'], }, ], require => [ File[$mediawiki_vhost_basic_auth_file], File[$mediawiki_config], + File[$mediawiki_config_meta], File[$ssl_cert], File[$ssl_ca], File[$ssl_key], ], } file {$mediawiki_vhost_basic_auth_file: ensure => present, owner => 'root', group => 'www-data', mode => '0640', content => $mediawiki_vhost_basic_auth_content, } + file {$mediawiki_config_meta: + ensure => present, + owner => 'root', + group => 'www-data', + mode => '0640', + # TODO actually use this to generate a proper vhost dispatcher config file + # XXX currently LocalSettings.php should be hand maintained when modifying vhosts + # content => template('profile/mediawiki/LocalSettings.php.erb'), + require => Package['mediawiki'], + } + file {$mediawiki_config: ensure => present, owner => 'root', group => 'www-data', mode => '0640', - content => template('profile/mediawiki/LocalSettings.php.erb'), + content => template('profile/mediawiki/LocalSettings_vhost.php.erb'), require => Package['mediawiki'], notify => Service['php5-fpm'], } } diff --git a/templates/mediawiki/LocalSettings.php.erb b/templates/mediawiki/LocalSettings.php.erb index 71172cb..4196791 100644 --- a/templates/mediawiki/LocalSettings.php.erb +++ b/templates/mediawiki/LocalSettings.php.erb @@ -1,161 +1,12 @@ "; - -## The relative URL path to the skins directory -$wgStylePath = "$wgScriptPath/skins"; - -## The relative URL path to the logo. Make sure you change this from the default, -## or else you'll overwrite your logo when you upgrade! -$wgLogo = "/images/b/b2/Swh-logo.png"; -$wgFavicon = "/images/b/b2/Swh-logo.png"; - -## UPO means: this is also a user preference option - -$wgEnableEmail = true; -$wgEnableUserEmail = true; # UPO - -$wgEmergencyContact = "info@softwareheritage.org"; -$wgPasswordSender = "info@softwareheritage.org"; - -$wgEnotifUserTalk = true; # UPO -$wgEnotifWatchlist = true; # UPO -$wgEmailAuthentication = true; - -## Database settings -$wgDBtype = "mysql"; -$wgDBserver = "localhost"; -$wgDBname = "<%= @mediawiki_db_basename %>"; -$wgDBuser = "<%= @mediawiki_db_user %>"; -$wgDBpassword = "<%= @mediawiki_db_password %>"; - -# MySQL specific settings -$wgDBprefix = ""; - -# MySQL table options to use during installation or update -$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; - -# Experimental charset support for MySQL 5.0. -$wgDBmysql5 = false; - -## Shared memory settings -$wgMainCacheType = CACHE_NONE; -$wgMemCachedServers = array(); - -## To enable image uploads, make sure the 'images' directory -## is writable, then set this to true: -$wgEnableUploads = true; -$wgUseImageMagick = true; -$wgImageMagickConvertCommand = "/usr/bin/convert"; - -# InstantCommons allows wiki to use images from http://commons.wikimedia.org -$wgUseInstantCommons = false; - -## If you use ImageMagick (or any other shell command) on a -## Linux server, this will need to be set to the name of an -## available UTF-8 locale -$wgShellLocale = "en_US.utf8"; - -## If you want to use image uploads under safe mode, -## create the directories images/archive, images/thumb and -## images/temp, and make them all writable. Then uncomment -## this, if it's not already uncommented: -#$wgHashedUploadDirectory = false; - -## Set $wgCacheDirectory to a writable directory on the web server -## to make your wiki go slightly faster. The directory should not -## be publically accessible from the web. -#$wgCacheDirectory = "$IP/cache"; - -# Site language code, should be one of the list in ./languages/Names.php -$wgLanguageCode = "en"; - -$wgSecretKey = "<%= @mediawiki_config_secret_key %>"; - -# Site upgrade key. Must be set to a string (default provided) to turn on the -# web installer while LocalSettings.php is in place -$wgUpgradeKey = "<%= @mediawiki_config_upgrade_key %>"; - -## Default skin: you can change the default skin. Use the internal symbolic -## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': -$wgDefaultSkin = "vector"; - -## For attaching licensing metadata to pages, and displaying an -## appropriate copyright notice / icon. GNU Free Documentation -## License and Creative Commons licenses are supported so far. -$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright -$wgRightsUrl = ""; -$wgRightsText = ""; -$wgRightsIcon = ""; - -# Path to the GNU diff3 utility. Used for conflict resolution. -$wgDiff3 = "/usr/bin/diff3"; - -# debian-specific include: -if (is_file("/etc/mediawiki-extensions/extensions.php")) { - include("/etc/mediawiki-extensions/extensions.php"); -} - -# Query string length limit for ResourceLoader. You should only set this if -# your web server has a query string length limit (then set it to that limit), -# or if you have suhosin.get.max_value_length set in php.ini (then set it to -# that value) -$wgResourceLoaderMaxQueryLength = -1; - - - -# End of automatically generated settings. -# Add more configuration options below. - -$wgGroupPermissions['*']['edit'] = false; - -$wgFileExtensions[] = 'pdf'; - -$wgNamespacesToBeSearchedDefault = array( - NS_MAIN => true, - NS_TALK => true, - NS_USER => true, - NS_USER_TALK => true, - NS_PROJECT => true, - NS_PROJECT_TALK => true, - NS_FILE => true, - NS_FILE_TALK => true, - NS_MEDIAWIKI => true, - NS_MEDIAWIKI_TALK => true, - NS_TEMPLATE => true, - NS_TEMPLATE_TALK => true, - NS_HELP => true, - NS_HELP_TALK => true, - NS_CATEGORY => true, - NS_CATEGORY_TALK => true -); + switch ( $_SERVER["SERVER_NAME"] ) { + case "intranet.softwareheritage.org": + require_once "LocalSettings_intranet.softwareheritage.org.php"; + break; + + default: + echo "This wiki is not available. Check server configuration."; + exit( 0 ); + } diff --git a/templates/mediawiki/LocalSettings.php.erb b/templates/mediawiki/LocalSettings_vhost.php.erb similarity index 100% copy from templates/mediawiki/LocalSettings.php.erb copy to templates/mediawiki/LocalSettings_vhost.php.erb