iankelling.org / git / mediawiki-setup / blob
? search:


d13c69644db986c16cda42a6a5ddb5018b464f68
[mediawiki-setup] / mw-setup-script
1 #!/bin/bash
2 # Copyright (C) 2016 Ian Kelling
3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
4 set -x
5 # <source lang="bash">
6 apt-get install --install-suggests jessie-backports certbot
7 # </source>
8 # <source lang="bash">
9 # identify if this is a debian based distro
10 isdeb() { command -v apt &>/dev/null; }
11 # tee unique. append each stdin line if it does not exist in the file
12 teeu () {
13 local MAPFILE
14 mapfile -t
15 for line in "${MAPFILE[@]}"; do
16 grep -xFq "$line" "$1" &>/dev/null || tee -a "$1" <<<"$line"
17 done
18 }
19
20 # get and reset an extension/skin repository, and enable it
21 mw-clone() {
22 local url=$1
23 local original_pwd="$PWD"
24 local name
25 local re='[^/]*/[^/]*$' # last 2 parts of path
26 [[ $url =~ $re ]] ||:
27 target=$mw/${BASH_REMATCH[0]}
28 if [[ ! -e $target/.git ]]; then
29 git clone $url $target
30 fi
31 if ! cd $target; then
32 echo "mw-ext error: failed cd $target";
33 exit 1
34 fi
35 git fetch
36 git checkout -qf origin/$mw_branch || git checkout -qf origin/master
37 git clean -xffd
38 cd "$original_pwd"
39
40 }
41 mw-ext () {
42 local ext
43 for ext; do
44 mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
45 if [[ -e $mw/extensions/$ext/extension.json ]]; then
46 # new style extension
47 teeu $mwc <<EOF
48 wfLoadExtension( '$ext' );
49 EOF
50 else
51 teeu $mwc <<EOF
52 require_once( "\$IP/extensions/$ext/$ext.php" );
53 EOF
54 fi
55 done
56 # --quick is quicker than default flags,
57 # but still add a sleep to make sure everything works right
58 sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
59 }
60 mw-skin() {
61 local skin=$1
62 mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/skins/$skin
63 sed -i --follow-symlinks '/^wfLoadSkin/d' $mwc
64 sed -i --follow-symlinks '/^\$wgDefaultSkin/d' $mwc
65 teeu $mwc <<EOF
66 \$wgDefaultSkin = "${skin,,*}";
67 wfLoadSkin( '$skin' );
68 EOF
69 sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
70 }
71
72 if command -v apt &>/dev/null; then
73 apache_user=www-data
74 else
75 apache_user=apache
76 fi
77
78 # </source>
79 # <source lang="bash">
80 # From here on out, exit if a command fails.
81 # This will prevent us from not noticing an important failure.
82 # We recommend setting this for the entire installation session.
83 # If you are running commands interactively, it might be best to
84 # put it in your ~/.bashrc temporarily.
85 set -eE -o pipefail
86 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
87 source ~/mw_vars
88
89 if isdeb; then
90 # main reference:
91 # https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
92 apt-get update
93 DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
94 if apt-get install -s mediawiki &>/dev/null; then
95 # mediawiki is packaged in jessie backports.
96 DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
97 else
98 # https://www.mediawiki.org/wiki/Manual:Installation_requirements
99 if apt-get install -s php7.0 &>/dev/null; then
100 # note, 7.0 is untested by the editor here, since it's not
101 # available in debian 8. it's listed as supported
102 # in the mediawiki page.
103 # noninteractive to avoid mysql password prompt.
104 DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
105 default-mysql-server \
106 php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-xml \
107 php7.0-apcu php7.0-mbstring
108 else
109 # note: mbstring is recommended, but it's not available for php5 in
110 # debian jessie.
111 DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
112 default-mysql-server \
113 php5 php5-mysql libapache2-mod-php5 php5-apcu
114 fi
115 fi
116 service apache2 restart
117 else
118 # note
119 # fedora deps are missing a database, so some is translated from debian packages
120 yum -y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server
121
122 systemctl restart mariadb.service
123 systemctl enable mariadb.service
124 systemctl enable httpd.service
125 systemctl restart httpd.service
126 fi
127
128
129 # skip if we already set the root pass and are on pre-debian 9.
130 if ! echo exit|mysql -uroot "-p$dbpass"; then
131 # Note: we set a root password here, but in debian 9+, it is ignored;
132 # only the local user root can login, and any password is accepted.
133 # We answer these interactive prompts:
134 # Enter current password for root (enter for none):
135 # Set root password? [Y/n]
136 # New password:
137 # Re-enter new password:
138 # Remove anonymous users? [Y/n]
139 # Disallow root login remotely? [Y/n]
140 # Remove test database and access to it? [Y/n]
141 # Reload privilege tables now? [Y/n]
142 # Note, I had 1 less newline at the start when doing ubuntu 14.04,
143 # compared to debian 8, so can't say this is especially portable.
144 echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
145 fi
146 mysql -uroot "-p$dbpass" <<EOF
147 GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
148 EOF
149 # </source>
150 # <source lang="bash">
151 mkdir -p $mw
152 cd $mw
153 # this will just fail if it already exists which is fine
154 if [[ ! -e .git ]]; then
155 git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git .
156 fi
157 # to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
158 # and
159 # git branch -r
160 git checkout -f origin/$mw_branch
161 git clean -ffxd
162 # apply librejs patch
163 curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
164 # Get the php libraries wmf uses. Based on:
165 # https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
166 if [[ ! -e vendor/.git ]]; then
167 git clone https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git
168 fi
169 cd vendor
170 git checkout -f origin/$mw_branch
171 cd ..
172
173 # Drop any previous database which may have been installed while testing.
174 # If upgrading, we should have a db backup which will get restored.
175 # https://www.mediawiki.org/wiki/Manual:Upgrading
176 mysql -uroot "-p$dbpass" <<'EOF' ||:
177 drop database my_wiki;
178 exit
179 EOF
180 php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
181 --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
182 teeu $mwc <<'EOF'
183 # lock down the wiki to only the initial owner until anti-spam measures are put in place
184 # limit edits to registered users
185 $wgGroupPermissions['*']['edit'] = false;
186 # don't allow any account creation
187 $wgGroupPermissions['*']['createaccount'] = false;
188 EOF
189 # </source>
190 # <source lang="bash">
191 l=$mw/../../logs
192 mkdir -p $l
193 temp=$(mktemp -d)
194 cd $temp
195 git clone https://iankelling.org/git/basic-https-conf
196 { cat <<EOF
197 ServerAdmin $mw_email
198 RewriteEngine On
199 # make the site's root url go to our main page
200 RewriteRule ^/?wiki(/.*)?\$ %{DOCUMENT_ROOT}/w/index.php [L]
201 # use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
202 RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
203 EOF
204 find -L $(readlink -f $mw) -name .htaccess \
205 | while read line; do
206 echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
207 done
208 } | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
209 cd
210 rm -rf $temp
211 # </source>
212 # <source lang="bash">
213 dd of=$mw/../robots.txt <<'EOF'
214 User-agent: *
215 Disallow: /w/
216 User-agent: ia_archiver
217 Allow: /*&action=raw
218 EOF
219 mw-skin Vector
220 # </source>
221 # <source lang="bash">
222 teeu $mwc<<EOF
223 \$wgServer = "https://$mwdomain";
224 \$wgDBserver = "localhost";
225 \$wgRightsUrl = "$mw_RightsUrl";
226 \$wgRightsText = "$mw_RightsText";
227 \$wgRightsIcon = "$mw_RightsIcon";
228 EOF
229 # </source>
230 # <source lang="bash">
231 teeu $mwc<<EOF
232 \$wgPasswordSender = "$mw_email";
233 \$wgEmergencyContact = "$mw_email";
234 \$wgEnotifUserTalk = true; # UPO
235 \$wgEnotifWatchlist = true; # UPO
236 \$wgMainCacheType = CACHE_ACCEL;
237 \$wgEnableUploads = true;
238 \$wgUseInstantCommons = true;
239 \$wgPingback = true;
240 EOF
241 # </source>
242 # <source lang="bash">
243 teeu $mwc <<'EOF'
244 # from https://www.mediawiki.org/wiki/Manual:Short_URL
245 $wgArticlePath = "/wiki/$1";
246
247 # https://www.mediawiki.org/wiki/Manual:Combating_spam
248 # check that url if our precautions don't work
249 # not using nofollow is good practice, as long as we avoid spam.
250 $wgNoFollowLinks = false;
251 # Allow user customization.
252 $wgAllowUserCss = true;
253 # use imagemagick over GD
254 $wgUseImageMagick = true;
255 # manual says this is not production ready, I think that is mostly
256 # because they are using MobileFrontend extension instead, which gives
257 # an even cleaner more minimal view, I plan to try setting it up
258 # sometime but this seems like a very nice improvement for now.
259 $wgVectorResponsive = true;
260 EOF
261
262
263 # https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
264 # Increase from default of 2M to 100M.
265 # This will at least allow high res pics etc.
266 php_ini=$(php -r 'echo(php_ini_loaded_file());')
267 sed -i --follow-symlinks 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
268 if isdeb; then
269 service apache2 restart
270 else
271 systemctl restart httpd.service
272 fi
273
274 # if you were to install as a normal user, you would need this for images
275 # sudo usermod -aG $apache_user $USER
276
277 # this doesn't propogate right away
278 chgrp -R $apache_user $mw/images
279 chmod -R g+w $mw/images
280 # </source>
281 # <source lang="bash">
282 teeu $mwc <<'EOF'
283 $wgLogo = null;
284 #$wgFooterIcons = null;
285 EOF
286 # Make the toolbox go into the drop down.
287 cd $mw/skins/Vector
288 if ! git remote show ian-kelling &>/dev/null; then
289 git remote add ian-kelling https://iankelling.org/git/forks/Vector
290 fi
291 git fetch ian-kelling
292 git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
293 # </source>
294 # <source lang="bash">
295 mw-ext Cite CiteThisPage CheckUser CSS Echo Gadgets ImageMap Interwiki News \
296 Nuke ParserFunctions Poem Renameuser SyntaxHighlight_GeSHi Variables
297 # </source>
298 # <source lang="bash">
299 mw-ext AntiSpoof
300 # recommended setup script to account for existing users
301 sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
302 # </source>
303 # <source lang="bash">
304 if isdeb; then
305 apt-get -y install php-wikidiff2
306 teeu $mwc <<'EOF'
307 $wgExternalDiffEngine = 'wikidiff2';
308 EOF
309 dir=$(dirname $(php -r 'echo(php_ini_loaded_file());'))/../apache2/conf.d
310 ln -sf ../../mods-available/wikidiff2.ini $dir
311 service apache2 restart
312 fi
313 # </source>
314 # <source lang="bash">
315 mw-ext Math
316 # php5-curl according to Math readme
317 if isdeb; then
318 curl_pkg=php7.0-curl
319 if ! apt-get -s install $curl_pkg &>/dev/null; then
320 curl_pkg=php5-curl
321 fi
322 apt-get -y install latex-cjk-all texlive-latex-extra texlive-latex-base \
323 ghostscript imagemagick ocaml $curl_pkg make
324 else
325 # todo, php5-curl equivalent on fedora
326 yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
327 fi
328 service apache2 restart
329
330 cd $mw/extensions/Math/math; make # makes texvc
331 cd $mw/extensions/Math/texvccheck; make
332
333 teeu $mwc <<'EOF'
334 # Enable MathJax as rendering option
335 $wgUseMathJax = true;
336 # Enable LaTeXML as rendering option
337 $wgMathValidModes[] = 'latexml';
338 # Set LaTeXML as default rendering option, because it is nicest
339 $wgDefaultUserOptions['math'] = 'latexml';
340 EOF
341 # </source>
342 # <source lang="bash">
343 mw-ext SpamBlacklist
344 if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
345 tee -a $mwc <<'EOF'
346 $wgEnableDnsBlacklist = true;
347 $wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );
348
349 ini_set( 'pcre.backtrack_limit', '10M' );
350 $wgSpamBlacklistFiles = array(
351 "[[m:Spam blacklist]]",
352 "http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
353 );
354 EOF
355 fi
356 # </source>
357 # <source lang="bash">
358 mw-ext TitleBlacklist
359 if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
360 tee -a $mwc <<'EOF'
361 $wgTitleBlacklistSources = array(
362 array(
363 'type' => 'local',
364 'src' => 'MediaWiki:Titleblacklist',
365 ),
366 array(
367 'type' => 'url',
368 'src' => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
369 ),
370 );
371 EOF
372 fi
373 # </source>
374 # <source lang="bash">
375 mw-ext WikiEditor
376 teeu $mwc <<'EOF'
377 # Enable Wikieditor by default
378 $wgDefaultUserOptions['usebetatoolbar'] = 1;
379 $wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;
380
381 # Display the Preview and Changes tabs
382 $wgDefaultUserOptions['wikieditor-preview'] = 1;
383 EOF
384 # </source>
385 # <source lang="bash">
386 mw-ext CategoryTree
387 teeu $mwc <<'EOF'
388 # Mediawiki setting dependency for CategoryTree
389 $wgUseAjax = true;
390 EOF
391 # </source>
392 # <source lang="bash">
393 mw-ext AbuseFilter
394 teeu $mwc<<'EOF'
395 $wgGroupPermissions['sysop']['abusefilter-modify'] = true;
396 $wgGroupPermissions['*']['abusefilter-log-detail'] = true;
397 $wgGroupPermissions['*']['abusefilter-view'] = true;
398 $wgGroupPermissions['*']['abusefilter-log'] = true;
399 $wgGroupPermissions['sysop']['abusefilter-private'] = true;
400 $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
401 $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
402 EOF
403 # </source>
404 # <source lang="bash">
405 mw-ext ConfirmEdit
406 captchaArray
407 teeu $mwc <<'EOF'
408 wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
409 $wgCaptchaClass = 'QuestyCaptcha';
410 # only captcha on registration
411 $wgGroupPermissions['user' ]['skipcaptcha'] = true;
412 $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
413 EOF
414 if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
415 tee -a $mwc <<'EOF'
416 foreach ( $localSettingsQuestyQuestions as $key => $value ) {
417 $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
418 }
419 EOF
420 fi
421 # </source>
422 # <source lang="bash">
423 sed -i --follow-symlinks "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
424 # </source>
425 # <source lang="bash">
426 # get repo
427 if [[ ! -e ~/pywikibot/.git ]]; then
428 git clone --recursive \
429 https://gerrit.wikimedia.org/r/pywikibot/core.git ~/pywikibot
430 fi
431 cd ~/pywikibot
432 #updating
433 git pull --all
434 git submodule update
435 # </source>
436 # <source lang="bash">
437 cd $HOME/pywikibot
438 dd of=user-config.py <<EOF
439 mylang = 'en'
440 usernames["$mwfamily"]['en'] = u'$wikiuser'
441 family = "$mwfamily"
442 console_encoding = 'utf-8'
443 password_file = "secretsfile"
444 EOF
445
446 dd of=secretsfile <<EOF
447 ("$wikiuser", "$wikipass")
448 EOF
449
450 # it won't overrwrite an existing file. Remove if if one exists
451 rm -f pywikibot/families/${mwfamily}_family.py
452 if isdeb; then
453 apt-get install -y python-requests
454 else
455 yum -y install python-requests
456 fi
457
458 python generate_family_file.py https://$mwdomain/wiki/Main_Page "$mwfamily"
459
460 # Note, this needed only for ssl site
461 tee -a pywikibot/families/${mwfamily}_family.py<<'EOF'
462 def protocol(self, code):
463 return 'https'
464 EOF
465 # </source>
466 # <source lang="bash">
467 cd "$HOME/pywikibot"
468
469 dd of=scripts/${mwfamily}_setup.py<<EOF
470 import pywikibot
471 import time
472 import sys
473 site = pywikibot.Site()
474 def x(p, t=""):
475 page = pywikibot.Page(site, p)
476 page.text = t
477 #force is for some anti-bot thing, not necessary in my testing, but might as well include it
478 page.save(force=True)
479
480 # Small/medium noncommercial wiki should be fine with no privacy policy
481 # based on https://www.mediawiki.org/wiki/Manual:Footer
482 x("MediaWiki:Privacy")
483
484 # licenses for uploads. Modified from the mediawiki's wiki
485 x("MediaWiki:Licenses", u"""* Same as this wiki's text (preferred)
486 ** CC BY-SA or GFDL| Creative Commons Attribution ShareAlike or GNU Free Documentation License
487 * Others:
488 ** Unknown_copyright|I don't know exactly
489 ** PD|PD: public domain
490 ** CC BY|Creative Commons Attribution
491 ** CC BY-SA|Creative Commons Attribution ShareAlike
492 ** GFDL|GFDL: GNU Free Documentation License
493 ** GPL|GPL: GNU General Public License
494 ** LGPL|LGPL: GNU Lesser General Public License""")
495 x("MediaWiki:Copyright", '$mw_license')
496 x("MediaWiki:Mainpage-description", "$mwdescription")
497
498
499
500 # The rest of the settings are for the site style
501
502 # Remove various clutter
503 x("MediaWiki:Lastmodifiedat")
504 x("MediaWiki:Disclaimers")
505 x("MediaWiki:Viewcount")
506 x("MediaWiki:Aboutsite")
507 # remove these lines from sidebar
508 # ** recentchanges-url|recentchanges
509 # ** randompage-url|randompage
510 # ** helppage|help
511 x("MediaWiki:Sidebar", """* navigation
512 ** mainpage|mainpage-description
513 * SEARCH
514 * TOOLBOX
515 * LANGUAGES""")
516
517 # remove side panel
518 # helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
519 x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top */
520 /* adjust sidebar to just be home link and up top */
521 /* panel width increased to fit full wiki name. */
522 /* selectors other than final id are for increasing priority of rule */
523 div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
524 div#footer, #mw-head-base, div#content { margin-left: 1em; }
525 #left-navigation { margin-left: 1em; }
526
527
528 /* logo, and toolbar hidden */
529 #p-logo, div#mw-navigation div#mw-panel #p-tb {
530 display:none;
531 }
532
533 div#mw-content-text {
534 max-width: 720px;
535 }
536 """)
537 EOF
538
539 # this can spam a warning, so uniq it
540 python pwb.py ${mwfamily}_setup |& uniq
541 # </source>
542 # <source lang="bash">
543 s=/etc/cron.daily/mediawiki_update
544 dd of=$s<<'EOF'
545 #!/bin/bash
546 source ~/mw_vars
547 update() {
548 dir=$1
549 cd $mw
550 [[ -d $dir ]] || return 1
551 cd $dir
552 branch=$(git describe --all)
553 branch=${branch#remotes/}
554 git fetch --all -q
555 new_head=$(git rev-parse $branch)
556 log=$(git log HEAD..$new_head)
557 if [[ ! $log ]]; then
558 return 1
559 fi
560 pwd
561 echo "$log"
562 git checkout -qf $new_head
563 cd $mw
564 return 0
565 }
566 for dir in extensions/* skins/* vendor; do
567 update "$dir" ||:
568 done
569 if update .; then
570 curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
571 fi
572 php $mw/maintenance/update.php -q --quick
573 EOF
574
575 # </source>
Mediawiki setup guide / fully automated script