#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
set -x
# <source lang="bash">
# if we have jessie-backports, we need to use it.
if ! apt-get install -t jessie-backports certbot python-certbot-apache; then
    apt-get install certbot python-certbot-apache
fi
# </source>
# <source lang="bash">
# identify if this is a debian based distro
isdeb() { command -v apt &>/dev/null; }
# tee unique. append each stdin line if it does not exist in the file
teeu () {
    local MAPFILE
    mapfile -t
    for line in "${MAPFILE[@]}"; do
        grep -xFq "$line" "$1" &>/dev/null || tee -a "$1" <<<"$line"
    done
}

# get and reset an extension/skin repository, and enable it
mw-clone() {
    local url=$1
    local original_pwd="$PWD"
    local name
    local re='[^/]*/[^/]*$' # last 2 parts of path
    [[ $url =~ $re ]] ||:
    target=$mw/${BASH_REMATCH[0]}
    if [[ ! -e $target/.git ]]; then
        git clone $url $target
    fi
    if ! cd $target; then
        echo "mw-ext error: failed cd $target";
        exit 1
    fi
    git fetch
    git checkout -qf origin/$mw_branch || git checkout -qf origin/master
    git clean -xffd
    cd "$original_pwd"

}
mw-ext () {
    local ext
    for ext; do
        mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
        if [[ -e $mw/extensions/$ext/extension.json ]]; then
            # new style extension
            teeu $mwc <<EOF
wfLoadExtension( '$ext' );
EOF
        else
            teeu $mwc <<EOF
require_once( "\$IP/extensions/$ext/$ext.php" );
EOF
        fi
    done
    # --quick is quicker than default flags,
    # but still add a sleep to make sure everything works right
    sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
}
mw-skin() {
    local skin=$1
    mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/skins/$skin
    sed -i --follow-symlinks '/^wfLoadSkin/d' $mwc
    sed -i --follow-symlinks '/^\$wgDefaultSkin/d' $mwc
    teeu $mwc <<EOF
\$wgDefaultSkin = "${skin,,*}";
wfLoadSkin( '$skin' );
EOF
    sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
}

if command -v apt &>/dev/null; then
    apache_user=www-data
else
    apache_user=apache
fi

# </source>
# <source lang="bash">
# From here on out, exit if a command fails.
# This will prevent us from not noticing an important failure.
# We recommend setting this for the entire installation session.
# If you are running commands interactively, it might be best to
# put it in your ~/.bashrc temporarily.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
source ~/mw_vars

if isdeb; then
    # main reference:
    # https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
    apt-get update
    DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
    if apt-get install -s mediawiki &>/dev/null; then
        apcu=php5-apcu
        if apt-get install -s php7.0-apcu &>/dev/null; then
            apcu=php7.0-apcu
        fi
        # mediawiki is packaged in jessie backports & stretch
        DEBIAN_FRONTEND=noninteractive apt-get -y install $apcu mediawiki
    else
        # https://www.mediawiki.org/wiki/Manual:Installation_requirements
        if apt-get install -s php7.0 &>/dev/null; then
            # note, 7.0 is untested by the editor here, since it's not
            # available in debian 8. it's listed as supported
            # in the mediawiki page.
            # noninteractive to avoid mysql password prompt.
            DEBIAN_FRONTEND=noninteractive apt-get install -y apache2  \
                           default-mysql-server \
                           php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-xml \
                           php7.0-apcu php7.0-mbstring
        else
            # note: mbstring is recommended, but it's not available for php5 in
            # debian jessie.
            DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
                           default-mysql-server \
                           php5 php5-mysql libapache2-mod-php5 php5-apcu
        fi
    fi
    service apache2 restart
else
    # note
    # fedora deps are missing a database, so some is translated from debian packages
    yum -y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server

    systemctl restart mariadb.service
    systemctl enable mariadb.service
    systemctl enable httpd.service
    systemctl restart httpd.service
fi


# skip if we already set the root pass and are on pre-debian 9.
if ! echo exit|mysql -uroot "-p$dbpass"; then
    # Note: we set a root password here, but in debian 9+, it is ignored;
    # only the local user root can login, and any password is accepted.
    # We answer these interactive prompts:
    # Enter current password for root (enter for none):
    # Set root password? [Y/n]
    # New password:
    # Re-enter new password:
    # Remove anonymous users? [Y/n]
    # Disallow root login remotely? [Y/n]
    # Remove test database and access to it? [Y/n]
    # Reload privilege tables now? [Y/n]
    # Note, I had 1 less newline at the start when doing ubuntu 14.04,
    # compared to debian 8, so can't say this is especially portable.
    echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
mysql -uroot "-p$dbpass" <<EOF
GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
EOF
# </source>
# <source lang="bash">
mkdir -p $mw
cd $mw
# this will just fail if it already exists which is fine
if [[ ! -e .git ]]; then
    git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git .
fi
# to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
# and
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
# apply librejs patch
curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
if [[ ! -e vendor/.git ]]; then
    git clone  https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git
fi
cd vendor
git checkout -f origin/$mw_branch
cd ..

# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
mysql -uroot "-p$dbpass" <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
    --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
$wgGroupPermissions['*']['edit'] = false;
# don't allow any account creation
$wgGroupPermissions['*']['createaccount'] = false;
EOF
# </source>
# <source lang="bash">
l=$mw/../../logs
mkdir -p $l
temp=$(mktemp -d)
cd $temp
# for me, this repo is on the same server and apache needs a sec after restarting
sleep 1
git clone https://iankelling.org/git/basic-https-conf
{ cat <<EOF
ServerAdmin $mw_email
RewriteEngine On
# make the site's root url go to our main page
RewriteRule ^/?wiki(/.*)?\$ %{DOCUMENT_ROOT}/w/index.php [L]
# use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
EOF
find -L $(readlink -f $mw) -name .htaccess \
    | while read line; do
    echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
done
} | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
cd
rm -rf $temp
# </source>
# <source lang="bash">
dd of=$mw/../robots.txt <<'EOF'
        User-agent: *
Disallow: /w/
        User-agent: ia_archiver
Allow: /*&action=raw
EOF
mw-skin Vector
# </source>
# <source lang="bash">
teeu $mwc<<EOF
\$wgServer = "https://$mwdomain";
\$wgDBserver = "localhost";
\$wgRightsUrl = "$mw_RightsUrl";
\$wgRightsText = "$mw_RightsText";
\$wgRightsIcon = "$mw_RightsIcon";
EOF
# </source>
# <source lang="bash">
teeu $mwc<<EOF
\$wgPasswordSender = "$mw_email";
\$wgEmergencyContact = "$mw_email";
\$wgEnotifUserTalk = true; # UPO
\$wgEnotifWatchlist = true; # UPO
\$wgMainCacheType = CACHE_ACCEL;
\$wgEnableUploads = true;
\$wgUseInstantCommons = true;
\$wgPingback = true;
EOF
# </source>
# <source lang="bash">
teeu $mwc <<'EOF'
# from https://www.mediawiki.org/wiki/Manual:Short_URL
$wgArticlePath = "/wiki/$1";

# https://www.mediawiki.org/wiki/Manual:Combating_spam
# check that url if our precautions don't work
# not using nofollow is good practice, as long as we avoid spam.
$wgNoFollowLinks = false;
# Allow user customization.
$wgAllowUserCss = true;
# use imagemagick over GD
$wgUseImageMagick = true;
# manual says this is not production ready, I think that is mostly
# because they are using MobileFrontend extension instead, which gives
# an even cleaner more minimal view, I plan to try setting it up
# sometime but this seems like a very nice improvement for now.
$wgVectorResponsive = true;
EOF


# https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
# Increase from default of 2M to 100M.
# This will at least allow high res pics etc.
php_ini=$(php -r 'echo(php_ini_loaded_file());')
sed -i --follow-symlinks 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
if isdeb; then
    service apache2 restart
else
    systemctl restart httpd.service
fi

# if you were to install as a normal user, you would need this for images
# sudo usermod -aG $apache_user $USER

# this doesn't propogate right away
chgrp -R $apache_user $mw/images
chmod -R g+w $mw/images
# </source>
# <source lang="bash">
teeu $mwc <<'EOF'
$wgLogo = null;
#$wgFooterIcons = null;
EOF
# Make the toolbox go into the drop down.
cd $mw/skins/Vector
if ! git remote show ian-kelling &>/dev/null; then
    git remote add ian-kelling https://iankelling.org/git/mediawiki-sidebar-patch
fi
git fetch ian-kelling
git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
# </source>
# <source lang="bash">
mw-ext Cite CiteThisPage CheckUser CSS Echo Gadgets ImageMap Interwiki News \
       Nuke ParserFunctions Poem Renameuser SyntaxHighlight_GeSHi Variables
# </source>
# <source lang="bash">
mw-ext AntiSpoof
# recommended setup script to account for existing users
sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
# </source>
# <source lang="bash">
if isdeb; then
    apt-get -y install php-wikidiff2
    teeu $mwc <<'EOF'
$wgExternalDiffEngine = 'wikidiff2';
EOF
    dir=$(dirname $(php -r 'echo(php_ini_loaded_file());'))/../apache2/conf.d
    ln -sf ../../mods-available/wikidiff2.ini $dir
    service apache2 restart
fi
# </source>
# <source lang="bash">
mw-ext Math
# php5-curl according to Math readme
if isdeb; then
    curl_pkg=php7.0-curl
    if ! apt-get -s install $curl_pkg &>/dev/null; then
        curl_pkg=php5-curl
    fi
    apt-get -y install latex-cjk-all texlive-latex-extra texlive-latex-base \
            ghostscript imagemagick ocaml $curl_pkg make
else
    # todo, php5-curl equivalent on fedora
    yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
fi
service apache2 restart

cd $mw/extensions/Math/math; make # makes texvc
cd $mw/extensions/Math/texvccheck; make

teeu $mwc <<'EOF'
# Enable MathJax as rendering option
$wgUseMathJax = true;
# Enable LaTeXML as rendering option
$wgMathValidModes[] = 'latexml';
# Set LaTeXML as default rendering option, because it is nicest
$wgDefaultUserOptions['math'] = 'latexml';
EOF
# </source>
# <source lang="bash">
mw-ext SpamBlacklist
if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
    tee -a $mwc <<'EOF'
$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );

ini_set( 'pcre.backtrack_limit', '10M' );
$wgSpamBlacklistFiles = array(
   "[[m:Spam blacklist]]",
   "http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
);
EOF
fi
# </source>
# <source lang="bash">
mw-ext TitleBlacklist
if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
    tee -a $mwc <<'EOF'
$wgTitleBlacklistSources = array(
    array(
         'type' => 'local',
         'src'  => 'MediaWiki:Titleblacklist',
    ),
    array(
         'type' => 'url',
         'src'  => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
    ),
);
EOF
fi
# </source>
# <source lang="bash">
mw-ext WikiEditor
teeu $mwc <<'EOF'
# Enable Wikieditor by default
$wgDefaultUserOptions['usebetatoolbar'] = 1;
$wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;

# Display the Preview and Changes tabs
$wgDefaultUserOptions['wikieditor-preview'] = 1;
EOF
# </source>
# <source lang="bash">
mw-ext CategoryTree
teeu $mwc <<'EOF'
# Mediawiki setting dependency for CategoryTree
$wgUseAjax = true;
EOF
# </source>
# <source lang="bash">
mw-ext AbuseFilter
teeu $mwc<<'EOF'
$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-private'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
EOF
# </source>
# <source lang="bash">
mw-ext ConfirmEdit
captchaArray
teeu $mwc <<'EOF'
wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
$wgCaptchaClass = 'QuestyCaptcha';
# only captcha on registration
$wgGroupPermissions['user'         ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
EOF
if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
    tee -a $mwc <<'EOF'
foreach ( $localSettingsQuestyQuestions as $key => $value ) {
        $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}
EOF
fi
# </source>
# <source lang="bash">
sed -i --follow-symlinks "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
# </source>
# <source lang="bash">
# get repo
if [[ ! -e ~/pywikibot/.git ]]; then
    git clone --recursive \
        https://gerrit.wikimedia.org/r/pywikibot/core.git ~/pywikibot
fi
cd ~/pywikibot
#updating
git pull --all
git submodule update
# </source>
# <source lang="bash">
cd $HOME/pywikibot
dd of=user-config.py <<EOF
mylang = 'en'
usernames["$mwfamily"]['en'] = u'$wikiuser'
family = "$mwfamily"
console_encoding = 'utf-8'
password_file = "secretsfile"
EOF

dd of=secretsfile <<EOF
("$wikiuser", "$wikipass")
EOF

# it won't overrwrite an existing file. Remove if if one exists
rm -f  pywikibot/families/${mwfamily}_family.py
if isdeb; then
    apt-get install -y python-requests
else
    yum -y install python-requests
fi

python generate_family_file.py https://$mwdomain/wiki/Main_Page "$mwfamily"

# Note, this needed only for ssl site
tee -a pywikibot/families/${mwfamily}_family.py<<'EOF'
    def protocol(self, code):
        return 'https'
EOF
# </source>
# <source lang="bash">
cd "$HOME/pywikibot"

dd of=scripts/${mwfamily}_setup.py<<EOF
import pywikibot
import time
import sys
site = pywikibot.Site()
def x(p, t=""):
   page = pywikibot.Page(site, p)
   page.text = t
   #force is for some anti-bot thing, not necessary in my testing, but might as well include it
   page.save(force=True)

# Small/medium noncommercial wiki should be fine with no privacy policy
# based on https://www.mediawiki.org/wiki/Manual:Footer
x("MediaWiki:Privacy")

# licenses for uploads. Modified from the mediawiki's wiki
x("MediaWiki:Licenses", u"""* Same as this wiki's text (preferred)
** CC BY-SA or GFDL| Creative Commons Attribution ShareAlike or GNU Free Documentation License
* Others:
** Unknown_copyright|I don't know exactly
** PD|PD: public domain
** CC BY|Creative Commons Attribution
** CC BY-SA|Creative Commons Attribution ShareAlike
** GFDL|GFDL: GNU Free Documentation License
** GPL|GPL: GNU General Public License
** LGPL|LGPL: GNU Lesser General Public License""")
x("MediaWiki:Copyright", '$mw_license')
x("MediaWiki:Mainpage-description", "$mwdescription")



# The rest of the settings are for the site style

# Remove various clutter
x("MediaWiki:Lastmodifiedat")
x("MediaWiki:Disclaimers")
x("MediaWiki:Viewcount")
x("MediaWiki:Aboutsite")
# remove these lines from sidebar
# ** recentchanges-url|recentchanges
# ** randompage-url|randompage
# ** helppage|help
x("MediaWiki:Sidebar", """* navigation
** mainpage|mainpage-description
* SEARCH
* TOOLBOX
* LANGUAGES""")

# remove side panel
# helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top  */
/* adjust sidebar to just be home link and up top  */
/* panel width increased to fit full wiki name. */
/* selectors other than final id are for increasing priority of rule */
div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
div#footer, #mw-head-base, div#content { margin-left: 1em; }
#left-navigation { margin-left: 1em; }


/* logo, and toolbar hidden */
#p-logo, div#mw-navigation div#mw-panel #p-tb {
   display:none;
}

div#mw-content-text {
    max-width: 720px;
}
""")
EOF

# this can spam a warning, so uniq it
python pwb.py ${mwfamily}_setup |& uniq
# </source>
# <source lang="bash">
s=/etc/cron.daily/mediawiki_update
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
update() {
    dir=$1
    cd $mw
    [[ -d $dir ]] || return 1
    cd $dir
    branch=$(git describe --all)
    branch=${branch#remotes/}
    git fetch --all -q
    new_head=$(git rev-parse $branch)
    log=$(git log HEAD..$new_head)
    if [[ ! $log ]]; then
        return 1
    fi
    pwd
    echo "$log"
    git checkout -qf $new_head
    cd $mw
    return 0
}
for dir in extensions/* skins/* vendor; do
    update "$dir" ||:
done
if update .; then
    curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
fi
php $mw/maintenance/update.php -q --quick
EOF

# </source>