infra/mediawiki
4
0
Fork 0
Code Issues Pull requests Activity

Compare commits

base: infra:add-svg-handler
Branches Tags
infra:main
infra:add-svg-handler
..
compare: infra:main
Branches Tags
infra:main
infra:add-svg-handler

8 commits
add-svg-ha ... main

Author SHA1 Message Date
filmroellchen
45a907235d proper proxy configuration 2025-02-07 23:55:46 +01:00
filmroellchen
ee27bc59a6 subpages everywhere 2025-02-05 16:17:35 +01:00
filmroellchen
f3ca94de27 more extensions! 2025-02-04 21:17:46 +01:00
filmroellchen
5d19eacf95 robots.txt 2025-02-04 20:21:07 +01:00
filmroellchen
c5a5a2dff5 forward haproxy forwarded ip to php correctly 2025-02-04 13:32:20 +01:00
kleines Filmröllchen
a3d2b27286
expanded readme 2025-02-02 14:51:17 +01:00
filmroellchen
236009f748 add installation script 2025-02-02 13:33:29 +01:00
filmroellchen
7146d40ea2 minor settings updates and job runners 2025-02-02 12:52:38 +01:00
13 changed files with 215 additions and 13 deletions
Show stats Expand all files Collapse all files

10
README.md
View file

@ -1,9 +1,15 @@
# mediawiki # mediawiki
Config for wiki.ctbk.de and the upcoming Orgawiki deployment. Config for [wiki.ctbk.de](https://wiki.ctbk.de) and the upcoming Orgawiki deployment.
For deployment documentation refer to [the Wiki](https://wiki.ctbk.de/Dienste/Wiki). For deployment documentation refer to [the Wiki](https://wiki.ctbk.de/Dienste/Wiki).
Files for the wiki.ctbk.de public deployment are found in `public_mediawiki`. Files for the internal deployment (not yet in production) are found in `orga_mediawiki`. Some common files are found in the root directory. Files for the [wiki.ctbk.de](https://wiki.ctbk.de) public deployment are found in `public_mediawiki`. Files for the internal deployment (not yet in production) are found in `orga_mediawiki`. Some common files are found in the root directory.
Note that while some files may look identical between the deployments, they are not shared to allow easier modifications to both deployments independently. Note that while some files may look identical between the deployments, they are not shared to allow easier modifications to both deployments independently.
The [`install.sh`](install.sh) script replaces all relevant system files with symlinks to the files in this repository.
## License
The files in this repository are licensed under the BSD 2-clause license. The contents of the Wiki have different license(s), [see here](https://wiki.ctbk.de/Wiki:Urheberrechte).

29
install.sh Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
scriptdir=$(dirname $(realpath $0))
set +e
ln -fs "$scriptdir/smw-jobs.sh" /usr/local/bin/smw-jobs
ln -fs "$scriptdir/nginx.conf" /etc/nginx/nginx.conf
ln -fs "$scriptdir/fastcgi.conf" /etc/nginx/fastcgi.conf
ln -fs "$scriptdir/robots.txt" /etc/nginx/robots.txt
ln -fs "$scriptdir/public_mediawiki/public_mediawiki.conf" /etc/nginx/sites-enabled/public_mediawiki.conf
ln -fs "$scriptdir/orga_mediawiki/orga_mediawiki.conf" /etc/nginx/sites-enabled/orga_mediawiki.conf
ln -fs "$scriptdir/pgtune.conf" "/etc/postgresql/15/main/conf.d/pgtune.conf"
for file in "$scriptdir/system"/*; do
filename=$(basename "$file")
ln -fs "$file" "/etc/systemd/system/$filename"
done
for file in "$scriptdir/public_mediawiki"/*; do
filename=$(basename "$file")
ln -fs "$file" "/etc/public_mediawiki/$filename"
done
for file in "$scriptdir/orga_mediawiki"/*; do
filename=$(basename "$file")
ln -fs "$file" "/etc/orga_mediawiki/$filename"
done

8
nginx.conf
View file

@ -1,7 +1,6 @@
user www-data; user www-data;
worker_processes auto; worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
@ -37,7 +36,12 @@ http {
# Logging Settings # Logging Settings
## ##
access_log /var/log/nginx/access.log; log_format main '$http_x_forwarded_for [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
## ##
# Gzip Settings # Gzip Settings

1
orga_mediawiki/LocalSettings.php
View file

@ -188,5 +188,6 @@ $wgPluggableAuth_Config["Chaostreff Backnang IdP"] = [
# for better error reporting - disable while in production # for better error reporting - disable while in production
#error_reporting( -1 ); #error_reporting( -1 );
#ini_set( 'display_errors', 1 ); #ini_set( 'display_errors', 1 );
#$wgShowExceptionDetails = true; #$wgShowExceptionDetails = true;
#$wgShowDBErrorBacktrace = true; #$wgShowDBErrorBacktrace = true;

11
orga_mediawiki/orga_mediawiki.conf
View file

@ -9,9 +9,14 @@ server {
client_body_timeout 60; client_body_timeout 60;
index index.php index.html index.htm; index index.php index.html index.htm;
location ~ \.ht { location ~ \.ht {
deny all; deny all;
} }
location /robots.txt {
root /etc/nginx;
try_files /robots.txt =404;
}
location / { location / {
try_files $uri $uri/ @rewrite; try_files $uri $uri/ @rewrite;

44
public_mediawiki/LocalSettings.php
View file

@ -159,14 +159,21 @@ wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'TitleBlacklist' ); wfLoadExtension( 'TitleBlacklist' );
wfLoadExtension( 'VisualEditor' ); wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'WikiEditor' ); wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'CodeMirror' );
wfLoadExtension( 'TemplateStyles' );
wfLoadExtension( 'TemplateStylesExtender' );
wfLoadExtension( 'Widgets' );
wfLoadExtension( 'PluggableAuth' ); wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' ); wfLoadExtension( 'OpenIDConnect' );
$wgPFEnableStringFunctions = true;
# SMW config
wfLoadExtension( 'SemanticMediaWiki' ); wfLoadExtension( 'SemanticMediaWiki' );
enableSemantics( 'wiki.ctbk.de' ); enableSemantics( 'wiki.ctbk.de' );
$smwgQueryResultCacheType = CACHE_ANYTHING;
# Add more configuration options below. $wgGroupPermissions['sysop']['smw-admin'] = true;
# Disable account creation - we only use SSO accounts # Disable account creation - we only use SSO accounts
$wgGroupPermissions['*']['autocreateaccount'] = true; $wgGroupPermissions['*']['autocreateaccount'] = true;
@ -177,6 +184,10 @@ $wgGroupPermissions['sysop']['createaccount'] = true;
# allow copy uploads by anyone # allow copy uploads by anyone
$wgGroupPermissions['user']['upload_by_url'] = true; $wgGroupPermissions['user']['upload_by_url'] = true;
# disallow widget editing by anyone except sysops
$wgGroupPermissions['*']['editwidgets'] = false;
$wgGroupPermissions['sysop']['editwidgets'] = true;
# SSO config # SSO config
# necessary to allow admin user(s) to login # necessary to allow admin user(s) to login
$wgPluggableAuth_EnableLocalLogin = true; $wgPluggableAuth_EnableLocalLogin = true;
@ -185,10 +196,24 @@ $wgPluggableAuth_Config["Chaostreff Backnang IdP"] = [
'data' => [ 'data' => [
'providerURL' => 'https://idp.ctbk.de/realms/ctbk/', 'providerURL' => 'https://idp.ctbk.de/realms/ctbk/',
'clientID' => 'public_mediawiki', 'clientID' => 'public_mediawiki',
'scope' => [ 'openid', 'profile', 'email', 'groups' ],
'clientsecret' => $ctbkClientSecret 'clientsecret' => $ctbkClientSecret
],
# use Keycloak group definitions to manage groups centrally
'groupsyncs' => [
[
'type' => 'mapped',
'map' => [
'sysop' => [ 'groups' => '/mediawiki/admins' ],
'buerocrat' => [ 'groups' => '/mediawiki/admins' ],
'interface-admin' => [ 'groups' => '/mediawiki/admins' ]
]
]
] ]
]; ];
$wgDefaultUserOptions['usecodemirror'] = 1;
# interwiki config # interwiki config
$wgGroupPermissions['sysop']['interwiki'] = true; $wgGroupPermissions['sysop']['interwiki'] = true;
$wgInterwikiMagic = true; $wgInterwikiMagic = true;
@ -207,3 +232,18 @@ $wgHideInterlanguageLinks = false;
$wgFileExtensions[] = 'svg'; $wgFileExtensions[] = 'svg';
# This extension will no longer be needed in MediaWiki >= 1.41, then $wgSVGNativeRendering can be used # This extension will no longer be needed in MediaWiki >= 1.41, then $wgSVGNativeRendering can be used
wfLoadExtension( 'NativeSvgHandler' ); wfLoadExtension( 'NativeSvgHandler' );
# do not sanitize my CSS
#$wgTemplateStylesAutoParseContent = false;
$wgTemplateStylesExtenderEnablePrefersColorScheme = true;
$wgTemplateStylesExtenderEnableCssVars = true;
# enable namespaces everywhere we need them
$wgNamespacesWithSubpages[NS_MAIN] = true;
$wgNamespacesWithSubpages[NS_TEMPLATE] = true;
# use proxy ip addresses -- were behind (at least) one reverse proxy that sets X-Forwarded-For
$wgUsePrivateIPs = true;
# ingress haproxy
$wgCdnServersNoPurge = [ '10.140.0.1' ];

42
public_mediawiki/composer.local.json
View file

@ -3,6 +3,42 @@
{ {
"type": "vcs", "type": "vcs",
"url": "https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect" "url": "https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect"
},
{
"type": "package",
"package": {
"name": "mediawiki/codemirror",
"version": "6.0.0",
"source": {
"type": "git",
"url": "https://gerrit.wikimedia.org/r/mediawiki/extensions/CodeMirror.git",
"reference": "REL1_39"
}
}
},
{
"type": "package",
"package": {
"name": "mediawiki/templatestyles",
"version": "1.0.0",
"source": {
"type": "git",
"url": "https://gerrit.wikimedia.org/r/mediawiki/extensions/TemplateStyles",
"reference": "REL1_39"
}
}
},
{
"type": "package",
"package": {
"name": "mediawiki/widgets",
"version": "1.6.0",
"source": {
"type": "git",
"url": "https://gerrit.wikimedia.org/r/mediawiki/extensions/Widgets",
"reference": "1.6.0"
}
}
} }
], ],
"require": { "require": {
@ -12,7 +48,11 @@
"mediawiki/semantic-compound-queries": "^2.2", "mediawiki/semantic-compound-queries": "^2.2",
"mediawiki/semantic-extra-special-properties": "^3", "mediawiki/semantic-extra-special-properties": "^3",
"mediawiki/semantic-media-wiki": "^4.2", "mediawiki/semantic-media-wiki": "^4.2",
"mediawiki/semantic-result-formats": "^4.2" "mediawiki/semantic-result-formats": "^4.2",
"mediawiki/codemirror": "^6",
"mediawiki/templatestyles": "^1",
"octfx/template-styles-extender": "^1.2",
"mediawiki/widgets": "^1.6"
}, },
"config": { "config": {
"preferred-install": "source", "preferred-install": "source",

11
public_mediawiki/public_mediawiki.conf
View file

@ -9,9 +9,14 @@ server {
client_body_timeout 60; client_body_timeout 60;
index index.php index.html index.htm; index index.php index.html index.htm;
location ~ \.ht { location ~ \.ht {
deny all; deny all;
} }
location /robots.txt {
root /etc/nginx;
try_files /robots.txt =404;
}
location / { location / {
try_files $uri $uri/ @rewrite; try_files $uri $uri/ @rewrite;

3
robots.txt Normal file
View file

@ -0,0 +1,3 @@
User-Agent: *
Disallow: /

25
smw-jobs.sh Executable file
View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
# ignore single script failures
set +e
SMW_PATH=$1
set -x
# not needed in our current config according to the documentation
#php "${SMW_PATH}/maintenance/updateSpecialPages.php" --quiet
# recommended daily jobs
php "${SMW_PATH}/maintenance/rebuildData.php" --shallow-update
php "${SMW_PATH}/maintenance/disposeOutdatedEntities.php"
php "${SMW_PATH}/maintenance/rebuildPropertyStatistics.php"
php "${SMW_PATH}/maintenance/rebuildConceptCache.php" --update --create
# recommended weekly jobs — we still run them daily to simplify the timers
php "${SMW_PATH}/maintenance/rebuildData.php" -d 100
php "${SMW_PATH}/maintenance/setupStore.php" --skip-import
# recommended monthly jobs
php "${SMW_PATH}/maintenance/removeDuplicateEntities.php"

18
system/mediawiki-jobrunner@.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=MediaWiki job runner %I
Documentation=https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:RunJobs.php
[Service]
User=www-data
Group=www-data
ExecStart=/usr/bin/php /var/lib/%i/maintenance/runJobs.php --wait --maxjobs=50
Restart=always
RestartSec=15
RuntimeMaxSec=300
PrivateDevices=true
PrivateTmp=true
ProtectHome=read-only
[Install]
WantedBy=multi-user.target

13
system/semantic-mediawiki-jobs@.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Semantic MediaWiki job runner %I
Documentation=https://www.semantic-mediawiki.org/wiki/Help:Cron_jobs
[Service]
User=www-data
Group=www-data
ExecStart=/usr/local/bin/smw-jobs /var/lib/%i/extensions/SemanticMediaWiki
RestartSec=15
PrivateDevices=true
PrivateTmp=true
ProtectHome=read-only

13
system/semantic-mediawiki-jobs@.timer Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Semantic MediaWiki job timer %I
Documentation=https://www.semantic-mediawiki.org/wiki/Help:Cron_jobs
[Timer]
# run the jobs in the morning, after the backups happen
OnCalendar=*-*-* 04:00:00
RandomizedDelaySec=1h
Unit=semantic-mediawiki-jobs@%i.service
[Install]
WantedBy=timers.target