diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/mediawiki/vars | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'roles/mediawiki/vars')
-rw-r--r-- | roles/mediawiki/vars/main.yml | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/roles/mediawiki/vars/main.yml b/roles/mediawiki/vars/main.yml new file mode 100644 index 0000000..d82f2f4 --- /dev/null +++ b/roles/mediawiki/vars/main.yml @@ -0,0 +1,125 @@ +mediawiki_tarball: https://releases.wikimedia.org/mediawiki/{{ mediawiki_version | splitext | first }}/mediawiki-{{ mediawiki_version }}.tar.gz +mediawiki_home: /var/www/mediawiki +mediawiki_keytab: /var/lib/gssproxy/clients/{{ mediawiki_user }}.keytab + +mediawiki_packages: + - php + - php-json + - php-ldap + - php-mbstring + - php-opcache + - php-pdo + - php-pgsql + - php-xml + - php-intl + - php-gd + - php-pecl-apcu + - php-pecl-igbinary + - python3-psycopg2 + - python3 + - ImageMagick + - poppler-utils + - ghostscript + - varnish + +mediawiki_php_environment: + GSS_USE_PROXY: 'yes' + +mediawiki_php_admin_values: + post_max_size: '{{ mediawiki_max_upload_size }}' + upload_max_filesize: '{{ mediawiki_max_upload_size }}' + max_file_uploads: '{{ mediawiki_max_upload_count }}' + +mediawiki_writable_dirs: + - images + - cache + +mediawiki_executable_dirs: + - extensions/SyntaxHighlight_GeSHi/pygments + +mediawiki_builtin_extensions: + - WikiEditor + - VisualEditor + - MobileFrontend + - MultimediaViewer + - Math + - PageImages + - SyntaxHighlight_GeSHi + - PdfHandler + +mediawiki_extensions: + - PluggableAuth + - LDAPAuthorization + - LDAPAuthentication2 + - LDAPProvider + - MobileFrontend + - LDAPGroups + - LDAPUserInfo + - Auth_remoteuser + - CodeMirror + - RelatedArticles + - UploadWizard + - Lockdown + +mediawiki_builtin_groups: + - user + - autoconfirmed + - bot + - sysop + - interface-admin + - bureaucrat + - suppress + +mediawiki_apache_config: | + AllowEncodedSlashes NoDecode + + RewriteEngine On + + RewriteCond %{REQUEST_URI} ^/({{ mediawiki_rewrite_blacklist | map("regex_escape") | join("|") }})$ + RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L] + + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/ + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d + RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L] + + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/ + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f + RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d + RewriteRule ^(.*)/([a-z]*)$ %{DOCUMENT_ROOT}/index.php [L,QSA] + + <Location /> + AuthName "FreeIPA Single Sign-On" + AuthType GSSAPI + <If "({% for cidr in kerberized_cidrs %}-R '{{ cidr }}'{% if not loop.last %} || {% endif %}{% endfor %}) && ! -R '{{ ansible_default_ipv4.address }}'"> + {{ apache_gssapi_session_config }} + Require valid-user + </If> + </Location> + + <Directory "{{ mediawiki_home }}/cache"> + AllowOverride None + Require all denied + </Directory> + +# Since we're using pretty URLs, page titles can clash with real files in the +# mediawiki directory. If this ever happens, add the file path to this list. +mediawiki_rewrite_blacklist: + - CODE_OF_CONDUCT.md + - COPYING + - CREDITS + - FAQ + - HISTORY + - INSTALL + - README.md + - SECURITY + - UPGRADE + - composer.json + - jsduck.json + +mediawiki_archive_shell: >- + TIMESTAMP=$(date +%Y%m%d%H%M%S); + tar czf "mediawiki-${TIMESTAMP}.tar.gz" + --transform "s|^\.|mediawiki-${TIMESTAMP}|" + -C "{{ mediawiki_home }}" + images |