mediawiki_tarball: https://releases.wikimedia.org/mediawiki/{{ mediawiki_version | splitext | first }}/mediawiki-{{ mediawiki_version }}.tar.gz
mediawiki_home: /var/www/mediawiki
mediawiki_keytab: /var/lib/gssproxy/clients/{{ mediawiki_user }}.keytab
mediawiki_packages:
- php
- php-json
- php-ldap
- php-mbstring
- php-opcache
- php-pdo
- php-pgsql
- php-xml
- php-intl
- php-gd
- php-pecl-apcu
- php-pecl-igbinary
- python3-psycopg2
- python3
- ImageMagick
- poppler-utils
- ghostscript
- varnish
mediawiki_php_environment:
GSS_USE_PROXY: 'yes'
mediawiki_php_admin_values:
post_max_size: '{{ mediawiki_max_upload_size }}'
upload_max_filesize: '{{ mediawiki_max_upload_size }}'
max_file_uploads: '{{ mediawiki_max_upload_count }}'
mediawiki_writable_dirs:
- images
- cache
mediawiki_executable_dirs:
- extensions/SyntaxHighlight_GeSHi/pygments
mediawiki_builtin_extensions:
- WikiEditor
- VisualEditor
- MobileFrontend
- MultimediaViewer
- Math
- PageImages
- SyntaxHighlight_GeSHi
- PdfHandler
mediawiki_extensions:
- PluggableAuth
- LDAPAuthorization
- LDAPAuthentication2
- LDAPProvider
- MobileFrontend
- LDAPGroups
- LDAPUserInfo
- Auth_remoteuser
- CodeMirror
- RelatedArticles
- UploadWizard
- Lockdown
mediawiki_builtin_groups:
- user
- autoconfirmed
- bot
- sysop
- interface-admin
- bureaucrat
- suppress
mediawiki_apache_config: |
AllowEncodedSlashes NoDecode
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/({{ mediawiki_rewrite_blacklist | map("regex_escape") | join("|") }})$
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)/([a-z]*)$ %{DOCUMENT_ROOT}/index.php [L,QSA]
AuthName "FreeIPA Single Sign-On"
AuthType GSSAPI
{{ apache_gssapi_session_config }}
Require valid-user
AllowOverride None
Require all denied
# Since we're using pretty URLs, page titles can clash with real files in the
# mediawiki directory. If this ever happens, add the file path to this list.
mediawiki_rewrite_blacklist:
- CODE_OF_CONDUCT.md
- COPYING
- CREDITS
- FAQ
- HISTORY
- INSTALL
- README.md
- SECURITY
- UPGRADE
- composer.json
- jsduck.json
mediawiki_archive_shell: >-
TIMESTAMP=$(date +%Y%m%d%H%M%S);
tar czf "mediawiki-${TIMESTAMP}.tar.gz"
--transform "s|^\.|mediawiki-${TIMESTAMP}|"
-C "{{ mediawiki_home }}"
images