diff --git a/manifests/mediawiki.pp b/manifests/mediawiki.pp
index 0b0607d..002987b 100644
--- a/manifests/mediawiki.pp
+++ b/manifests/mediawiki.pp
@@ -1,142 +1,54 @@
# Deployment of mediawiki for the Software Heritage intranet
class profile::mediawiki {
+ $mediawiki_fpm_root = hiera('mediawiki::php::fpm_listen')
+
$mediawiki_db_user = hiera('mediawiki::mysql::username')
$mediawiki_db_basename = hiera('mediawiki::mysql::dbname')
$mediawiki_db_password = hiera('mediawiki::mysql::password')
- $mediawiki_fpm_listen = hiera('mediawiki::php::fpm_listen')
-
$mediawiki_vhost_name = hiera('mediawiki::vhost::name')
$mediawiki_vhost_docroot = hiera('mediawiki::vhost::docroot')
- $mediawiki_vhost_basic_auth_file = "/etc/apache2/mediawiki_http_auth"
$mediawiki_vhost_basic_auth_content = hiera('mediawiki::vhost::basic_auth_content')
$mediawiki_vhost_ssl_protocol = hiera('mediawiki::vhost::ssl_protocol')
$mediawiki_vhost_ssl_honorcipherorder = hiera('mediawiki::vhost::ssl_honorcipherorder')
$mediawiki_vhost_ssl_cipher = hiera('mediawiki::vhost::ssl_cipher')
$mediawiki_vhost_hsts_header = hiera('mediawiki::vhost::hsts_header')
- $mediawiki_config = "/etc/mediawiki/LocalSettings_${mediawiki_vhost_name}.php"
- $mediawiki_config_meta = "/etc/mediawiki/LocalSettings.php"
$mediawiki_config_secret_key = hiera('mediawiki::conf::secret_key')
$mediawiki_config_upgrade_key = hiera('mediawiki::conf::upgrade_key')
- $packages = [
- 'mediawiki',
- 'mediawiki-extensions',
- ]
-
- package {$packages:
- ensure => latest,
- }
-
- include ::mysql::client
-
- ::mysql::db {$mediawiki_db_basename:
- user => $mediawiki_db_username,
- password => $mediawiki_db_password,
- host => 'localhost',
- grant => ['ALL'],
- }
-
include ::php::fpm::daemon
::php::fpm::conf {'mediawiki':
- listen => $mediawiki_fpm_listen,
+ listen => $mediawiki_fpm_root,
user => 'www-data',
}
include ::profile::ssl
- include ::apache
- include ::apache::mod::proxy
- include ::profile::apache::mod_proxy_fcgi
-
- ::apache::vhost {"${mediawiki_vhost_name}_non-ssl":
- servername => $mediawiki_vhost_name,
- port => '80',
- docroot => $mediawiki_vhost_docroot,
- redirect_status => 'permanent',
- redirect_dest => "https://${mediawiki_vhost_name}/",
- }
$ssl_cert_name = 'star_softwareheritage_org'
$ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name]
$ssl_ca = $::profile::ssl::ca_paths[$ssl_cert_name]
$ssl_key = $::profile::ssl::private_key_paths[$ssl_cert_name]
- ::apache::vhost {"${mediawiki_vhost_name}_ssl":
- servername => $mediawiki_vhost_name,
- port => '443',
- ssl => true,
- ssl_protocol => $mediawiki_vhost_ssl_protocol,
- ssl_honorcipherorder => $mediawiki_vhost_ssl_honorcipherorder,
- ssl_cipher => $mediawiki_vhost_ssl_cipher,
- ssl_cert => $ssl_cert,
- ssl_ca => $ssl_ca,
- ssl_key => $ssl_key,
- headers => [$mediawiki_vhost_hsts_header],
- docroot => $mediawiki_vhost_docroot,
- proxy_pass_match => [
- { path => '^/(.*\.php(/.*)?)$',
- url => "fcgi://${mediawiki_fpm_listen}${mediawiki_vhost_docroot}/\$1",
- },
- ],
- directories => [
- { path => '/',
- provider => 'location',
- auth_type => 'Basic',
- auth_name => 'Software Heritage development',
- auth_user_file => $mediawiki_vhost_basic_auth_file,
- auth_require => 'valid-user',
- },
- { path => "${mediawiki_vhost_docroot}/config",
- provider => 'directory',
- override => ['None'],
- },
- { path => "${mediawiki_vhost_docroot}/images",
- provider => 'directory',
- override => ['None'],
- },
- { path => "${mediawiki_vhost_docroot}/upload",
- provider => 'directory',
- override => ['None'],
- },
- ],
- require => [
- File[$mediawiki_vhost_basic_auth_file],
- File[$mediawiki_config],
- File[$mediawiki_config_meta],
- File[$ssl_cert],
- File[$ssl_ca],
- File[$ssl_key],
- ],
- }
-
- file {$mediawiki_vhost_basic_auth_file:
- ensure => present,
- owner => 'root',
- group => 'www-data',
- mode => '0640',
- content => $mediawiki_vhost_basic_auth_content,
- }
-
- file {$mediawiki_config_meta:
- ensure => present,
- owner => 'root',
- group => 'www-data',
- mode => '0640',
- # TODO actually use this to generate a proper vhost dispatcher config file
- # XXX currently LocalSettings.php should be hand maintained when modifying vhosts
- # content => template('profile/mediawiki/LocalSettings.php.erb'),
- require => Package['mediawiki'],
- }
-
- file {$mediawiki_config:
- ensure => present,
- owner => 'root',
- group => 'www-data',
- mode => '0640',
- content => template('profile/mediawiki/LocalSettings_vhost.php.erb'),
- require => Package['mediawiki'],
- notify => Service['php5-fpm'],
+ include ::mediawiki
+
+ ::mediawiki::instance { $mediawiki_vhost_name:
+ vhost_docroot => $mediawiki_vhost_docroot,
+ vhost_fpm_root => $mediawiki_fpm_root,
+ vhost_basic_auth => $mediawiki_vhost_basic_auth_content,
+ vhost_ssl_protocol => $mediawiki_vhost_ssl_protocol,
+ vhost_ssl_honorcipherorder => $mediawiki_vhost_ssl_honorcipherorder,
+ vhost_ssl_cipher => $mediawiki_vhost_ssl_cipher,
+ vhost_ssl_cert => $ssl_cert,
+ vhost_ssl_ca => $ssl_ca,
+ vhost_ssl_key => $ssl_key,
+ vhost_ssl_hsts_header => $mediawiki_vhost_hsts_header,
+ db_user => $mediawiki_db_user,
+ db_basename => $mediawiki_db_basename,
+ db_host => 'localhost',
+ db_password => $mediawiki_db_password,
+ secret_key => $mediawiki_config_secret_key,
+ upgrade_key => $mediawiki_config_upgrade_key,
}
}
diff --git a/templates/mediawiki/LocalSettings.php.erb b/templates/mediawiki/LocalSettings.php.erb
deleted file mode 100644
index 4196791..0000000
--- a/templates/mediawiki/LocalSettings.php.erb
+++ /dev/null
@@ -1,12 +0,0 @@
-<?php
-# This file is managed by puppet. Local modifications will be overwritten.
-
- switch ( $_SERVER["SERVER_NAME"] ) {
- case "intranet.softwareheritage.org":
- require_once "LocalSettings_intranet.softwareheritage.org.php";
- break;
-
- default:
- echo "This wiki is not available. Check server configuration.";
- exit( 0 );
- }
diff --git a/templates/mediawiki/LocalSettings_vhost.php.erb b/templates/mediawiki/LocalSettings_vhost.php.erb
deleted file mode 100644
index 71172cb..0000000
--- a/templates/mediawiki/LocalSettings_vhost.php.erb
+++ /dev/null
@@ -1,161 +0,0 @@
-<?php
-# This file is managed by puppet. Local modifications will be overwritten.
-#
-# This file was automatically generated by the MediaWiki 1.19.20+dfsg-0+deb7u3
-# installer. If you make manual changes, please keep track in case you
-# need to recreate them later.
-#
-# See includes/DefaultSettings.php for all configurable settings
-# and their default values, but don't forget to make changes in _this_
-# file, not there.
-#
-# Further documentation for configuration settings may be found at:
-# http://www.mediawiki.org/wiki/Manual:Configuration_settings
-
-# Protect against web entry
-if ( !defined( 'MEDIAWIKI' ) ) {
- exit;
-}
-
-## Uncomment this to disable output compression
-# $wgDisableOutputCompression = true;
-
-$wgSitename = "SoftwareHeritage";
-
-## The URL base path to the directory containing the wiki;
-## defaults for all runtime URL paths are based off of this.
-## For more information on customizing the URLs please see:
-## http://www.mediawiki.org/wiki/Manual:Short_URL
-$wgScriptPath = "";
-$wgScriptExtension = ".php";
-
-## The protocol and server name to use in fully-qualified URLs
-$wgServer = "https://<%= @mediawiki_vhost_name %>";
-
-## The relative URL path to the skins directory
-$wgStylePath = "$wgScriptPath/skins";
-
-## The relative URL path to the logo. Make sure you change this from the default,
-## or else you'll overwrite your logo when you upgrade!
-$wgLogo = "/images/b/b2/Swh-logo.png";
-$wgFavicon = "/images/b/b2/Swh-logo.png";
-
-## UPO means: this is also a user preference option
-
-$wgEnableEmail = true;
-$wgEnableUserEmail = true; # UPO
-
-$wgEmergencyContact = "info@softwareheritage.org";
-$wgPasswordSender = "info@softwareheritage.org";
-
-$wgEnotifUserTalk = true; # UPO
-$wgEnotifWatchlist = true; # UPO
-$wgEmailAuthentication = true;
-
-## Database settings
-$wgDBtype = "mysql";
-$wgDBserver = "localhost";
-$wgDBname = "<%= @mediawiki_db_basename %>";
-$wgDBuser = "<%= @mediawiki_db_user %>";
-$wgDBpassword = "<%= @mediawiki_db_password %>";
-
-# MySQL specific settings
-$wgDBprefix = "";
-
-# MySQL table options to use during installation or update
-$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
-
-# Experimental charset support for MySQL 5.0.
-$wgDBmysql5 = false;
-
-## Shared memory settings
-$wgMainCacheType = CACHE_NONE;
-$wgMemCachedServers = array();
-
-## To enable image uploads, make sure the 'images' directory
-## is writable, then set this to true:
-$wgEnableUploads = true;
-$wgUseImageMagick = true;
-$wgImageMagickConvertCommand = "/usr/bin/convert";
-
-# InstantCommons allows wiki to use images from http://commons.wikimedia.org
-$wgUseInstantCommons = false;
-
-## If you use ImageMagick (or any other shell command) on a
-## Linux server, this will need to be set to the name of an
-## available UTF-8 locale
-$wgShellLocale = "en_US.utf8";
-
-## If you want to use image uploads under safe mode,
-## create the directories images/archive, images/thumb and
-## images/temp, and make them all writable. Then uncomment
-## this, if it's not already uncommented:
-#$wgHashedUploadDirectory = false;
-
-## Set $wgCacheDirectory to a writable directory on the web server
-## to make your wiki go slightly faster. The directory should not
-## be publically accessible from the web.
-#$wgCacheDirectory = "$IP/cache";
-
-# Site language code, should be one of the list in ./languages/Names.php
-$wgLanguageCode = "en";
-
-$wgSecretKey = "<%= @mediawiki_config_secret_key %>";
-
-# Site upgrade key. Must be set to a string (default provided) to turn on the
-# web installer while LocalSettings.php is in place
-$wgUpgradeKey = "<%= @mediawiki_config_upgrade_key %>";
-
-## Default skin: you can change the default skin. Use the internal symbolic
-## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
-$wgDefaultSkin = "vector";
-
-## For attaching licensing metadata to pages, and displaying an
-## appropriate copyright notice / icon. GNU Free Documentation
-## License and Creative Commons licenses are supported so far.
-$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
-$wgRightsUrl = "";
-$wgRightsText = "";
-$wgRightsIcon = "";
-
-# Path to the GNU diff3 utility. Used for conflict resolution.
-$wgDiff3 = "/usr/bin/diff3";
-
-# debian-specific include:
-if (is_file("/etc/mediawiki-extensions/extensions.php")) {
- include("/etc/mediawiki-extensions/extensions.php");
-}
-
-# Query string length limit for ResourceLoader. You should only set this if
-# your web server has a query string length limit (then set it to that limit),
-# or if you have suhosin.get.max_value_length set in php.ini (then set it to
-# that value)
-$wgResourceLoaderMaxQueryLength = -1;
-
-
-
-# End of automatically generated settings.
-# Add more configuration options below.
-
-$wgGroupPermissions['*']['edit'] = false;
-
-$wgFileExtensions[] = 'pdf';
-
-$wgNamespacesToBeSearchedDefault = array(
- NS_MAIN => true,
- NS_TALK => true,
- NS_USER => true,
- NS_USER_TALK => true,
- NS_PROJECT => true,
- NS_PROJECT_TALK => true,
- NS_FILE => true,
- NS_FILE_TALK => true,
- NS_MEDIAWIKI => true,
- NS_MEDIAWIKI_TALK => true,
- NS_TEMPLATE => true,
- NS_TEMPLATE_TALK => true,
- NS_HELP => true,
- NS_HELP_TALK => true,
- NS_CATEGORY => true,
- NS_CATEGORY_TALK => true
-);