#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
# <source lang="bash">
# for convenience, Mediawiki config file
mwc="$mw/LocalSettings.php"

if isdeb; then
    apache_user=www-data
else
    apache_user=apache
fi

# get and reset an extension/skin repository, and enable it
mw-ext () { mw-extra extension $@; }
mw-skin() { mw-extra skin $@; }

mw-extra() {
    local type=${1}s # extension or skin
    shift
    local clone=true
    if [[ $1 == -g ]]; then
        clone=false
        shift
    fi
    local ext
    for ext in "$@"; do
        if $clone; then
            local original_pwd="$PWD"
            # it's ok that this fails if we already have it
            url=https://git.wikimedia.org/git/mediawiki
            target=$mw/$type/$ext
            git clone $url/$type/$ext.git $target
            if ! cd $target; then
                echo "mw-ext error: failed cd $mw/extensions/$ext";
                exit 1
            fi
            git fetch
            git checkout -qf origin/$mw_branch || git checkout -qf origin/master
            git clean -xffd
            cd "$original_pwd"
        fi
        case $type in
            extensions)
                if [[ -e $target/extension.json ]]; then
                    # new style extension. remove old style declaration
                    sed -i '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
                    teeu $mwc <<EOF
wfLoadExtension( '$ext' );
EOF
                else
                    teeu $mwc <<EOF
require_once( "\$IP/extensions/$ext/$ext.php" );
EOF
                fi
                ;;
            skins)
                sed -i '/^wfLoadSkin/d' $mwc
                sed -i '/^\$wgDefaultSkin/d' $mwc
                teeu $mwc <<EOF
$wgDefaultSkin = "${ext,,*}";
wfLoadSkin( 'Vector' );
EOF
                ;;
        esac
    done
    # --quick is quicker than default flags,
    # but still add a sleep to make sure everything works right
    sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
}
# </source>
# <source lang="bash">
if isdeb; then
    apt-get update
    # noninteractive to avoid mysql password prompt
    DEBIAN_FRONTEND=noninteractive apt-get -y install mediawiki ImageMagick php5-mysqlnd php-apc
    service apache2 restart
else
    # fedora deps are missing a database, so some is translated from debian packages
    yum -y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server

    systemctl restart mariadb.service
    systemctl enable mariadb.service
    systemctl enable httpd.service
    systemctl restart httpd.service
fi


# slightly different depending on if we already set the root pass
if echo exit|mysql -u root -p"$dbpass"; then
    # answer interactive prompts:
    # mysql root pass, change pass? no, remove anon users? (default, yes)
    # disallow remote root (default, yes), reload? (default, yes)
    echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
else
    # I had 1 less newline at the start when doing ubuntu 14.04,
    # compared to debian 8, so can't say this is especially portable.
    # It won't hurt if it fails.
    echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
# </source>
# <source lang="bash">
mkdir -p $mw
cd $mw
# this will just fail if it already exists which is fine
git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git .
# to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
# and
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
git clone https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git
cd vendor
git checkout -f origin/$mw_branch
cd ..

# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
mysql -u root -p$dbpass <<'EOF'
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
    --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
$wgGroupPermissions['*']['edit'] = false;
# don't allow any account creation
$wgGroupPermissions['*']['createaccount'] = false;
EOF
# </source>
# <source lang="bash">
tmpdir="$(mktemp -d)"
cd $tmpdir
wget http://builds.piwik.org/piwik.zip
if isdeb; then apt-get -y install unzip; else yum -y install unzip; fi
unzip -q piwik.zip
# gui installer suggested command
if isdeb; then
    chown -R www-data:www-data piwik
else
    chown -R apache:apache piwik
fi
# remove any existing directory
rm -rf $mw/../analytics
mv piwik $mw/../analytics
rm -rf $tmpdir

# </source>
# <source lang="bash">
l=$mw/../../logs
mkdir $l

acme-tiny-wrapper $mwdomain
dd of=/etc/apache2/ports.conf <<'EOF'
Listen 8082
EOF
{ cat <<EOF
  ServerAdmin $mw_email
  RewriteEngine On
  # make the site's root url go to our main page
  RewriteRule ^/?wiki(/.*)?\$ %{DOCUMENT_ROOT}/w/index.php [L]
  # use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
  RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
EOF
  find -L $(readlink -f $mw/..) -name .htaccess \
      | while read line; do
      echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
  done
} | apache-site -i -p 127.0.0.1:8082 -- - $mwdomain
nginx-site -p 8082 $mwdomain
# </source>
# <source lang="bash">
if isdeb; then
    a2ensite $mwdomain.conf
    # for short urls
    a2enmod rewrite
    # We restart rather than reload because of the module
    service apache2 restart
else
    systemctl reload httpd.service
fi
# </source>
# <source lang="bash">
dd of=$mw/../robots.txt <<'EOF'
        User-agent: *
Disallow: /w/
        User-agent: ia_archiver
Allow: /*&action=raw
EOF
# </source>
# <source lang="bash">
teeu $mwc<<EOF
\$wgServer = "https://$mwdomain";
\$wgDBserver = "localhost";
\$wgRightsUrl = "$mw_RightsUrl";
\$wgRightsText = "$mw_RightsText";
\$wgRightsIcon = "$mw_RightsIcon";
wfLoadSkin( 'Vector' );
EOF
# </source>
# <source lang="bash">
teeu $mwc<<EOF
\$wgPasswordSender = "$mw_email";
\$wgEmergencyContact = "$mw_email";
\$wgEnotifUserTalk = true; # UPO
\$wgEnotifWatchlist = true; # UPO
\$wgMainCacheType = CACHE_ACCEL;
\$wgEnableUploads = true;
\$wgUseInstantCommons = true;
EOF
# </source>
# <source lang="bash">
teeu $mwc <<'EOF'
# from https://www.mediawiki.org/wiki/Manual:Short_URL
$wgArticlePath = "/wiki/$1";

# https://www.mediawiki.org/wiki/Manual:Combating_spam
# check that url if our precautions don't work
# not using nofollow is good practice, as long as we avoid spam.
$wgNoFollowLinks = false;
# Allow user customization.
$wgAllowUserJs = true;
$wgAllowUserCss = true;

# use imagemagick over GD
$wgUseImageMagick = true;
EOF


# https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
# Increase from default of 2M to 100M.
# This will at least allow high res pics etc.
php_ini=$(isdeb && echo /etc/php5/apache2/php.ini || echo /etc/php.ini)
sed -i 's/^\(upload_max_filesize\)\b.*/\1 = 100M/'
sed -i 's/^\(post_max_size\)\b.*/\1 = 100M/'
if isdeb; then
    service apache2 restart
else
    systemctl restart httpd.service
fi

# if you were to install as a normal user, you would need this for images
# sudo usermod -aG $apache_user $USER

# this doesn't propogate right away
chgrp -R $apache_user $mw/images
chmod -R g+w $mw/images
# </source>
# <source lang="bash">
teeu $mwc <<'EOF'
$wgLogo = null;
$wgShowIPinHeader = false;
$wgFooterIcons = null;
EOF
# Make the toolbox go into the drop down.
cd $mw
git remote add ian git@gitorious.org:mediawiki-toolbox-patch/mediawiki-toolbox-patch.git
git fetch ian
git rebase ian/REL1_23-toolbox-in-dropdown
# </source>
# <source lang="bash">
mw-ext Cite CiteThisPage CSS DynamicPageList Echo Gadgets ImageMap Interwiki News \
       Nuke ParserFunctions Poem SyntaxHighlight_GeSHi Variables
# </source>
# <source lang="bash">
mw-ext AntiSpoof
# recommended setup script to account for existing users
sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
# </source>
# <source lang="bash">
mw-ext CheckUser
sudo -u $apache_user php $mw/extensions/CheckUser/install.php; sleep 1
# </source>
# <source lang="bash">
if isdeb; then
    apt-get -y install php-wikidiff2
    teeu $mwc <<'EOF'
$wgExternalDiffEngine = 'wikidiff2';
EOF
    ln -sf ../../mods-available/wikidiff2.ini /etc/php5/apache2/conf.d
    service apache2 restart
fi
# </source>
# <source lang="bash">
mw-ext Math
# php5-curl according to Math readme
if isdeb; then
    apt-get -y install latex-cjk-all texlive-latex-extra texlive-latex-base ghostscript imagemagick ocaml php5-curl
else
    # todo, php5-curl equivalent on fedora
    yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
fi
ln -sf ../../mods-available/curl.ini /etc/php5/apache2/conf.d
service apache2 restart

cd $mw/extensions/Math/math; make # makes texvc
cd $mw/extensions/Math/texvccheck; make

teeu $mwc <<'EOF'
# Enable MathJax as rendering option
$wgUseMathJax = true;
# Enable LaTeXML as rendering option
$wgMathValidModes[] = 'latexml';
# Set LaTeXML as default rendering option, because it is nicest
$wgDefaultUserOptions['math'] = 'latexml';
EOF
# </source>
# <source lang="bash">
mw-ext SpamBlacklist
if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
    tee -a $mwc <<'EOF'
$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );

ini_set( 'pcre.backtrack_limit', '10M' );
$wgSpamBlacklistFiles = array(
   "[[m:Spam blacklist]]",
   "http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
);
EOF
fi
# </source>
# <source lang="bash">
mw-ext TitleBlacklist
if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
    tee -a $mwc <<'EOF'
$wgTitleBlacklistSources = array(
    array(
         'type' => 'local',
         'src'  => 'MediaWiki:Titleblacklist',
    ),
    array(
         'type' => 'url',
         'src'  => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
    ),
);
EOF
fi
# </source>
# <source lang="bash">
mw-ext WikiEditor
teeu $mwc <<'EOF'
# Enable Wikieditor by default
$wgDefaultUserOptions['usebetatoolbar'] = 1;
$wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;

# Display the Preview and Changes tabs
$wgDefaultUserOptions['wikieditor-preview'] = 1;
EOF
# </source>
# <source lang="bash">
mw-ext CategoryTree
teeu $mwc <<'EOF'
# Mediawiki setting dependency for CategoryTree
$wgUseAjax = true;
EOF
# </source>
# <source lang="bash">
mw-ext AbuseFilter
teeu $mwc<<'EOF'
$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-private'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
EOF
# </source>
# <source lang="bash">
mw-ext ConfirmEdit
captchaArray
teeu $mwc <<'EOF'
wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
$wgCaptchaClass = 'QuestyCaptcha';
# only captcha on registration
$wgGroupPermissions['user'         ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
EOF
if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
    tee -a $mwc <<'EOF'
foreach ( $localSettingsQuestyQuestions as $key => $value ) {
        $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}
EOF
fi
# </source>
# <source lang="bash">
sed -i "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
# </source>
# <source lang="bash">
# get repo
mkdir ~/opt
git clone --recursive https://gerrit.wikimedia.org/r/pywikibot/core.git ~/opt/pywikibot
cd ~/opt/pywikibot
#updating
git pull --all
git submodule update
# </source>
# <source lang="bash">
cd $HOME/opt/pywikibot
dd of=user-config.py <<EOF
mylang = 'en'
usernames["$mwfamily"]['en'] = u'$wikiuser'
family = "$mwfamily"
console_encoding = 'utf-8'
password_file = "secretsfile"
EOF

dd of=secretsfile <<EOF
("$wikiuser", "$wikipass")
EOF

# it won't overrwrite an existing file. Remove if if one exists
rm -f  pywikibot/families/${mwfamily}_family.py
python generate_family_file.py https://$mwdomain/wiki/Main_Page "$mwfamily"

# Note, this needed only for ssl site
tee -a pywikibot/families/${mwfamily}_family.py<<'EOF'
    def protocol(self, code):
        return 'https'
EOF
# </source>
# <source lang="bash">
pw="$HOME/opt/pywikibot"

dd of=$pw/scripts/${mwfamily}_setup.py<<EOF
import pywikibot
import time
import sys
site = pywikibot.Site()
def x(p, t=""):
   page = pywikibot.Page(site, p)
   page.text = t
   #force is for some anti-bot thing, not necessary in my testing, but might as well include it
   page.save(force=True)

# Small/medium noncommercial wiki should be fine with no privacy policy
# based on https://www.mediawiki.org/wiki/Manual:Footer
x("MediaWiki:Privacy")

# licenses for uploads. Modified from the mediawiki's wiki
x("MediaWiki:Licenses", u"""* Same as this wiki's text (preferred)
** CC BY-SA or GFDL| Creative Commons Attribution ShareAlike or GNU Free Documentation License
* Others:
** Unknown_copyright|I don't know exactly
** PD|PD: public domain
** CC BY|Creative Commons Attribution
** CC BY-SA|Creative Commons Attribution ShareAlike
** GFDL|GFDL: GNU Free Documentation License
** GPL|GPL: GNU General Public License
** LGPL|LGPL: GNU Lesser General Public License""")
x("MediaWiki:Copyright", '$mw_license')
x("MediaWiki:Mainpage-description", "$mwdescription")



# The rest of the settings are for the site style

# Remove various clutter
x("MediaWiki:Lastmodifiedat")
x("MediaWiki:Disclaimers")
x("MediaWiki:Viewcount")
x("MediaWiki:Aboutsite")
# remove these lines from sidebar
# ** recentchanges-url|recentchanges
# ** randompage-url|randompage
# ** helppage|help
x("MediaWiki:Sidebar", """* navigation
** mainpage|mainpage-description
* SEARCH
* TOOLBOX
* LANGUAGES""")

# remove side panel
# helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top  */
/* panel width increased to fit full wiki name. */
div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
div#footer, #mw-head-base, div#content { margin-left: 1em; }
#left-navigation { margin-left: 1em; }


/* logo, and toolbar hidden */
#p-logo, #p-tb.portal {
   display:none;
}

/* make the font size smaller for the misc stuff */
#p-personal {
   font-size: 0.8em;
}

#footer-info {
   font-size: 0.8em;
}
div#mw-content-text {
    max-width: 720px;
}
""")
EOF

cd $pw
python pwb.py ${mwfamily}_setup
# </source>
# <source lang="bash">
#!/bin/bash
source ~/mw_vars

# if we get an error, keep going but return it at the end
last_error=0
trap 'last_error=$?' ERR

ssh root@$mwdomain <<ENDSSH
tee -a $mwc<<'EOF'
$wgReadOnly = 'Dumping Database, Access will be restored shortly';
EOF
mysqldump -p$dbpass --default-character-set=binary my_wiki  > ~/wiki_backup/wikidump
sed -i '$ d' $mwc # delete last line
ENDSSH
rdiff-backup root@$mwdomain::/root/wiki_db_backup ~/backup/wiki_db_backup
rdiff-backup root@$mwdomain::$mw ~/backup/wiki_file_backup

exit $last_error
# </source>
# <source lang="bash">
chmod +x $HOME/bin/remote_wiki_backup
x="$(mktemp)"
crontab -l > "$x"
teeu "$x" <<'EOF'
0 4 * * * x=$($HOME/bin/remote_wiki_backup 2>&1); [[ $? != 0 ]] && echo "$x"
EOF
crontab "$x"
# </source>
# <source lang="bash">
source ~/mw_vars
HOSTNAME=REPLACE_ME source ~/mw_vars
rdiff-backup -r now ~/backup/wiki_file_backup /tmp/wiki_file_restore
scp -r /tmp/wiki_file_restore/images root@$mwdomain:$mw/images
rdiff-backup -r now ~/backup/wiki_db_backup /tmp/wiki_db_restore
scp -r /tmp/wiki_db_restore root@$mwdomain:/tmp
ssh root@$mwdomain "mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_dump"
# </source>
# <source lang="bash">
s=$HOME/bin/mediawiki_update
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
cd $mw
git fetch --all
git checkout origin/$mw_branch
git rebase ian/REL1_23-toolbox-in-dropdown
cd extensions
for x in *; do
    if [[ -d $x ]]; then
        cd $x
        git fetch --all
        git checkout origin/$mw_branch || git checkout -qf origin/master
        cd ..
    fi
done
php $mw/maintenance/update.php -q
EOF
chmod +x $s

x="$(mktemp)"
crontab -l > "$x"
teeu "$x" <<EOF
0 5 * * * $s
EOF
crontab "$x"
# </source>
# <source lang="bash">
# docs suggests using separate database user, google lead me here for how
# https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql
mysql -u root -p$dbpass <<EOF
CREATE USER 'piwik'@'localhost' IDENTIFIED BY '$piwik_pass';
GRANT ALL PRIVILEGES ON piwik . * TO 'piwik'@'localhost';
FLUSH PRIVILEGES;
exit
EOF
# </source>
# <source lang="bash">
git clone https://github.com/DaSchTour/piwik-mediawiki-extension.git $mw/extensions/Piwik
mw-ext -g Piwik
teeu $mwc <<EOF
\$wgPiwikURL = '$mwdomain/analytics/';
\$wgPiwikIDSite = '1';
EOF
# </source>
# <source lang="bash">
s=~/bin/piwik-update
mkdir -p ${s%/*}
dd of=$s <<EOF
#!/bin/bash
piwik_path=$mw/../analytics
cd "\$(mktemp -d)"
wget -q http://builds.piwik.org/piwik.zip
unzip -q piwik.zip
rm -f piwik.zip
cp \$piwik_path/config/config.ini.php piwik/config
cp -rf piwik/* \$piwik_path
# prevent making an email out of the standard success response
x="\$( \$piwik_path/console core:update )"
if [[ \$x != "Everything is already up to date." ]]; then
echo "\$x"
fi
EOF
chmod +x $s

x="$(mktemp)"
crontab -l > "$x"
teeu "$x" <<< "0 3 * * tue $s"
crontab "$x"
# </source>