2 # Copyright (C) 2016 Ian Kelling
3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
5 # for convenience, Mediawiki config file
6 mwc
="$mw/LocalSettings.php"
14 # get and reset an extension/skin repository, and enable it
15 mw-ext
() { mw-extra extension $@
; }
16 mw-skin
() { mw-extra skin $@
; }
19 local type=${1}s
# extension or skin
22 if [[ $1 == -g ]]; then
29 local original_pwd
="$PWD"
30 # it's ok that this fails if we already have it
31 url
=https
://git.wikimedia.org
/git
/mediawiki
33 git clone
$url/$type/$ext.git
$target
35 echo "mw-ext error: failed cd $mw/extensions/$ext";
39 git checkout
-qf origin
/$mw_branch || git checkout
-qf origin
/master
45 if [[ -e $target/extension.json
]]; then
46 # new style extension. remove old style declaration
47 sed -i '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
49 wfLoadExtension( '$ext' );
53 require_once( "\$IP/extensions/$ext/$ext.php" );
58 sed -i '/^wfLoadSkin/d' $mwc
59 sed -i '/^\$wgDefaultSkin/d' $mwc
61 $wgDefaultSkin = "${ext,,*}";
62 wfLoadSkin( 'Vector' );
67 # --quick is quicker than default flags,
68 # but still add a sleep to make sure everything works right
69 sudo
-u $apache_user php
$mw/maintenance
/update.php
-q --quick; sleep 1
72 # <source lang="bash">
75 # noninteractive to avoid mysql password prompt
76 DEBIAN_FRONTEND
=noninteractive apt-get
-y install mediawiki ImageMagick php5-mysqlnd php-apc
77 service apache2 restart
79 # fedora deps are missing a database, so some is translated from debian packages
80 yum
-y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server
82 systemctl restart mariadb.service
83 systemctl
enable mariadb.service
84 systemctl
enable httpd.service
85 systemctl restart httpd.service
89 # slightly different depending on if we already set the root pass
90 if echo exit|mysql
-u root
-p"$dbpass"; then
91 # answer interactive prompts:
92 # mysql root pass, change pass? no, remove anon users? (default, yes)
93 # disallow remote root (default, yes), reload? (default, yes)
94 echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
96 # I had 1 less newline at the start when doing ubuntu 14.04,
97 # compared to debian 8, so can't say this is especially portable.
98 # It won't hurt if it fails.
99 echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
102 # <source lang="bash">
105 # this will just fail if it already exists which is fine
106 git clone https
://gerrit.wikimedia.org
/r
/p
/mediawiki
/core.git .
107 # to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
110 git checkout
-f origin
/$mw_branch
112 # Get the php libraries wmf uses. Based on:
113 # https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
114 git clone https
://gerrit.wikimedia.org
/r
/p
/mediawiki
/vendor.git
116 git checkout
-f origin
/$mw_branch
119 # Drop any previous database which may have been installed while testing.
120 # If upgrading, we should have a db backup which will get restored.
121 # https://www.mediawiki.org/wiki/Manual:Upgrading
122 mysql
-u root
-p$dbpass <<'EOF'
123 drop database my_wiki;
126 php
$mw/maintenance
/install.php
--pass $wikipass --scriptpath /w \
127 --dbuser root
--dbpass $dbpass "$mwdescription" "$wikiuser"
129 # lock down the wiki to only the initial owner until anti-spam measures are put in place
130 # limit edits to registered users
131 $wgGroupPermissions['*']['edit'] = false;
132 # don't allow any account creation
133 $wgGroupPermissions['*']['createaccount'] = false;
136 # <source lang="bash">
137 tmpdir
="$(mktemp -d)"
139 wget http
://builds.piwik.org
/piwik.
zip
140 if isdeb
; then apt-get
-y install unzip; else yum
-y install unzip; fi
142 # gui installer suggested command
144 chown
-R www-data
:www-data piwik
146 chown
-R apache
:apache piwik
148 # remove any existing directory
149 rm -rf $mw/..
/analytics
150 mv piwik
$mw/..
/analytics
154 # <source lang="bash">
158 acme-tiny-wrapper
$mwdomain
159 dd of
=/etc
/apache
2/ports.conf
<<'EOF'
163 ServerAdmin $mw_email
165 # make the site's root url go to our main page
166 RewriteRule ^/?wiki(/.*)?\$ %{DOCUMENT_ROOT}/w/index.php [L]
167 # use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
168 RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
170 find -L $
(readlink
-f $mw/..
) -name .htaccess \
171 |
while read line
; do
172 echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
174 } | apache-site
-i -p 127.0.0.1:8082 -- - $mwdomain
175 nginx-site
-p 8082 $mwdomain
177 # <source lang="bash">
179 a2ensite
$mwdomain.conf
182 # We restart rather than reload because of the module
183 service apache2 restart
185 systemctl reload httpd.service
188 # <source lang="bash">
189 dd of
=$mw/..
/robots.txt
<<'EOF'
192 User-agent: ia_archiver
196 # <source lang="bash">
198 \$wgServer = "https://$mwdomain";
199 \$wgDBserver = "localhost";
200 \$wgRightsUrl = "$mw_RightsUrl";
201 \$wgRightsText = "$mw_RightsText";
202 \$wgRightsIcon = "$mw_RightsIcon";
203 wfLoadSkin( 'Vector' );
206 # <source lang="bash">
208 \$wgPasswordSender = "$mw_email";
209 \$wgEmergencyContact = "$mw_email";
210 \$wgEnotifUserTalk = true; # UPO
211 \$wgEnotifWatchlist = true; # UPO
212 \$wgMainCacheType = CACHE_ACCEL;
213 \$wgEnableUploads = true;
214 \$wgUseInstantCommons = true;
217 # <source lang="bash">
219 # from https://www.mediawiki.org/wiki/Manual:Short_URL
220 $wgArticlePath = "/wiki/$1";
222 # https://www.mediawiki.org/wiki/Manual:Combating_spam
223 # check that url if our precautions don't work
224 # not using nofollow is good practice, as long as we avoid spam.
225 $wgNoFollowLinks = false;
226 # Allow user customization.
227 $wgAllowUserJs = true;
228 $wgAllowUserCss = true;
230 # use imagemagick over GD
231 $wgUseImageMagick = true;
235 # https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
236 # Increase from default of 2M to 100M.
237 # This will at least allow high res pics etc.
238 php_ini
=$
(isdeb
&& echo /etc
/php
5/apache
2/php.ini ||
echo /etc
/php.ini
)
239 sed -i 's/^\(upload_max_filesize\)\b.*/\1 = 100M/'
240 sed -i 's/^\(post_max_size\)\b.*/\1 = 100M/'
242 service apache2 restart
244 systemctl restart httpd.service
247 # if you were to install as a normal user, you would need this for images
248 # sudo usermod -aG $apache_user $USER
250 # this doesn't propogate right away
251 chgrp
-R $apache_user $mw/images
252 chmod -R g
+w
$mw/images
254 # <source lang="bash">
257 $wgShowIPinHeader = false;
258 $wgFooterIcons = null;
260 # Make the toolbox go into the drop down.
262 git remote add ian git@gitorious.org
:mediawiki-toolbox-patch
/mediawiki-toolbox-patch.git
264 git rebase ian
/REL1_23-toolbox-in-dropdown
266 # <source lang="bash">
267 mw-ext Cite CiteThisPage CSS DynamicPageList Echo Gadgets ImageMap Interwiki News \
268 Nuke ParserFunctions Poem SyntaxHighlight_GeSHi Variables
270 # <source lang="bash">
272 # recommended setup script to account for existing users
273 sudo
-u $apache_user php
$mw/extensions
/AntiSpoof
/maintenance
/batchAntiSpoof.php
275 # <source lang="bash">
277 sudo
-u $apache_user php
$mw/extensions
/CheckUser
/install.php
; sleep 1
279 # <source lang="bash">
281 apt-get
-y install php-wikidiff2
283 $wgExternalDiffEngine = 'wikidiff2';
285 ln -sf ..
/..
/mods-available
/wikidiff2.ini
/etc
/php
5/apache
2/conf.d
286 service apache2 restart
289 # <source lang="bash">
291 # php5-curl according to Math readme
293 apt-get
-y install latex-cjk-all texlive-latex-extra texlive-latex-base ghostscript imagemagick ocaml php5-curl
295 # todo, php5-curl equivalent on fedora
296 yum
-y install texlive-cjk ghostscript ImageMagick texlive ocaml
298 ln -sf ..
/..
/mods-available
/curl.ini
/etc
/php
5/apache
2/conf.d
299 service apache2 restart
301 cd $mw/extensions
/Math
/math
; make # makes texvc
302 cd $mw/extensions
/Math
/texvccheck
; make
305 # Enable MathJax as rendering option
306 $wgUseMathJax = true;
307 # Enable LaTeXML as rendering option
308 $wgMathValidModes[] = 'latexml';
309 # Set LaTeXML as default rendering option, because it is nicest
310 $wgDefaultUserOptions['math'] = 'latexml';
313 # <source lang="bash">
315 if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev
/null
; then
317 $wgEnableDnsBlacklist = true;
318 $wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );
320 ini_set( 'pcre.backtrack_limit', '10M' );
321 $wgSpamBlacklistFiles = array(
322 "[[m:Spam blacklist]]",
323 "http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
328 # <source lang="bash">
329 mw-ext TitleBlacklist
330 if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev
/null
; then
332 $wgTitleBlacklistSources = array(
335 'src' => 'MediaWiki:Titleblacklist',
339 'src' => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
345 # <source lang="bash">
348 # Enable Wikieditor by default
349 $wgDefaultUserOptions['usebetatoolbar'] = 1;
350 $wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;
352 # Display the Preview and Changes tabs
353 $wgDefaultUserOptions['wikieditor-preview'] = 1;
356 # <source lang="bash">
359 # Mediawiki setting dependency for CategoryTree
363 # <source lang="bash">
366 $wgGroupPermissions['sysop']['abusefilter-modify'] = true;
367 $wgGroupPermissions['*']['abusefilter-log-detail'] = true;
368 $wgGroupPermissions['*']['abusefilter-view'] = true;
369 $wgGroupPermissions['*']['abusefilter-log'] = true;
370 $wgGroupPermissions['sysop']['abusefilter-private'] = true;
371 $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
372 $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
375 # <source lang="bash">
379 wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
380 $wgCaptchaClass = 'QuestyCaptcha';
381 # only captcha on registration
382 $wgGroupPermissions['user' ]['skipcaptcha'] = true;
383 $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
385 if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
387 foreach ( $localSettingsQuestyQuestions as $key => $value ) {
388 $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
393 # <source lang="bash">
394 sed -i "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
396 # <source lang="bash">
399 git clone
--recursive https
://gerrit.wikimedia.org
/r
/pywikibot
/core.git ~
/opt
/pywikibot
405 # <source lang="bash">
406 cd $HOME/opt
/pywikibot
407 dd of
=user-config.py
<<EOF
409 usernames["$mwfamily"]['en'] = u'$wikiuser'
411 console_encoding = 'utf-8'
412 password_file = "secretsfile"
415 dd of
=secretsfile
<<EOF
416 ("$wikiuser", "$wikipass")
419 # it won't overrwrite an existing file. Remove if if one exists
420 rm -f pywikibot
/families
/${mwfamily}_family.py
421 python generate_family_file.py https
://$mwdomain/wiki
/Main_Page
"$mwfamily"
423 # Note, this needed only for ssl site
424 tee -a pywikibot
/families
/${mwfamily}_family.py
<<'EOF'
425 def protocol(self, code):
429 # <source lang="bash">
430 pw
="$HOME/opt/pywikibot"
432 dd of
=$pw/scripts
/${mwfamily}_setup.py
<<EOF
436 site = pywikibot.Site()
438 page = pywikibot.Page(site, p)
440 #force is for some anti-bot thing, not necessary in my testing, but might as well include it
441 page.save(force=True)
443 # Small/medium noncommercial wiki should be fine with no privacy policy
444 # based on https://www.mediawiki.org/wiki/Manual:Footer
445 x("MediaWiki:Privacy")
447 # licenses for uploads. Modified from the mediawiki's wiki
448 x("MediaWiki:Licenses", u"""* Same as this wiki's text (preferred)
449 ** CC BY-SA or GFDL| Creative Commons Attribution ShareAlike or GNU Free Documentation License
451 ** Unknown_copyright|I don't know exactly
452 ** PD|PD: public domain
453 ** CC BY|Creative Commons Attribution
454 ** CC BY-SA|Creative Commons Attribution ShareAlike
455 ** GFDL|GFDL: GNU Free Documentation License
456 ** GPL|GPL: GNU General Public License
457 ** LGPL|LGPL: GNU Lesser General Public License""")
458 x("MediaWiki:Copyright", '$mw_license')
459 x("MediaWiki:Mainpage-description", "$mwdescription")
463 # The rest of the settings are for the site style
465 # Remove various clutter
466 x("MediaWiki:Lastmodifiedat")
467 x("MediaWiki:Disclaimers")
468 x("MediaWiki:Viewcount")
469 x("MediaWiki:Aboutsite")
470 # remove these lines from sidebar
471 # ** recentchanges-url|recentchanges
472 # ** randompage-url|randompage
474 x("MediaWiki:Sidebar", """* navigation
475 ** mainpage|mainpage-description
481 # helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
482 x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top */
483 /* panel width increased to fit full wiki name. */
484 div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
485 div#footer, #mw-head-base, div#content { margin-left: 1em; }
486 #left-navigation { margin-left: 1em; }
489 /* logo, and toolbar hidden */
490 #p-logo, #p-tb.portal {
494 /* make the font size smaller for the misc stuff */
502 div#mw-content-text {
509 python pwb.py
${mwfamily}_setup
511 # <source lang="bash">
515 # if we get an error, keep going but return it at the end
517 trap 'last_error=$?' ERR
519 ssh root@
$mwdomain <<ENDSSH
521 $wgReadOnly = 'Dumping Database, Access will be restored shortly';
523 mysqldump -p$dbpass --default-character-set=binary my_wiki > ~/wiki_backup/wikidump
524 sed -i '$ d' $mwc # delete last line
526 rdiff-backup root@
$mwdomain::/root
/wiki_db_backup ~
/backup
/wiki_db_backup
527 rdiff-backup root@
$mwdomain::$mw ~
/backup
/wiki_file_backup
531 # <source lang="bash">
532 chmod +x
$HOME/bin
/remote_wiki_backup
536 0 4 * * * x=$($HOME/bin/remote_wiki_backup 2>&1); [[ $? != 0 ]] && echo "$x"
540 # <source lang="bash">
542 HOSTNAME
=REPLACE_ME
source ~
/mw_vars
543 rdiff-backup
-r now ~
/backup
/wiki_file_backup
/tmp
/wiki_file_restore
544 scp
-r /tmp
/wiki_file_restore
/images root@
$mwdomain:$mw/images
545 rdiff-backup
-r now ~
/backup
/wiki_db_backup
/tmp
/wiki_db_restore
546 scp
-r /tmp
/wiki_db_restore root@
$mwdomain:/tmp
547 ssh root@
$mwdomain "mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_dump"
549 # <source lang="bash">
550 s
=$HOME/bin
/mediawiki_update
556 git checkout origin/$mw_branch
557 git rebase ian/REL1_23-toolbox-in-dropdown
563 git checkout origin/$mw_branch || git checkout -qf origin/master
567 php $mw/maintenance/update.php -q
578 # <source lang="bash">
579 # docs suggests using separate database user, google lead me here for how
580 # https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql
581 mysql
-u root
-p$dbpass <<EOF
582 CREATE USER 'piwik'@'localhost' IDENTIFIED BY '$piwik_pass';
583 GRANT ALL PRIVILEGES ON piwik . * TO 'piwik'@'localhost';
588 # <source lang="bash">
589 git clone https
://github.com
/DaSchTour
/piwik-mediawiki-extension.git
$mw/extensions
/Piwik
592 \$wgPiwikURL = '$mwdomain/analytics/';
593 \$wgPiwikIDSite = '1';
596 # <source lang="bash">
601 piwik_path=$mw/../analytics
603 wget -q http://builds.piwik.org/piwik.zip
606 cp \$piwik_path/config/config.ini.php piwik/config
607 cp -rf piwik/* \$piwik_path
608 # prevent making an email out of the standard success response
609 x="\$( \$piwik_path/console core:update )"
610 if [[ \$x != "Everything is already up to date." ]]; then
618 teeu
"$x" <<< "0 3 * * tue $s"