blob: d82f2f4192d6d1fa453b2a717a4406f7167686f9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
mediawiki_tarball: https://releases.wikimedia.org/mediawiki/{{ mediawiki_version | splitext | first }}/mediawiki-{{ mediawiki_version }}.tar.gz
mediawiki_home: /var/www/mediawiki
mediawiki_keytab: /var/lib/gssproxy/clients/{{ mediawiki_user }}.keytab
mediawiki_packages:
- php
- php-json
- php-ldap
- php-mbstring
- php-opcache
- php-pdo
- php-pgsql
- php-xml
- php-intl
- php-gd
- php-pecl-apcu
- php-pecl-igbinary
- python3-psycopg2
- python3
- ImageMagick
- poppler-utils
- ghostscript
- varnish
mediawiki_php_environment:
GSS_USE_PROXY: 'yes'
mediawiki_php_admin_values:
post_max_size: '{{ mediawiki_max_upload_size }}'
upload_max_filesize: '{{ mediawiki_max_upload_size }}'
max_file_uploads: '{{ mediawiki_max_upload_count }}'
mediawiki_writable_dirs:
- images
- cache
mediawiki_executable_dirs:
- extensions/SyntaxHighlight_GeSHi/pygments
mediawiki_builtin_extensions:
- WikiEditor
- VisualEditor
- MobileFrontend
- MultimediaViewer
- Math
- PageImages
- SyntaxHighlight_GeSHi
- PdfHandler
mediawiki_extensions:
- PluggableAuth
- LDAPAuthorization
- LDAPAuthentication2
- LDAPProvider
- MobileFrontend
- LDAPGroups
- LDAPUserInfo
- Auth_remoteuser
- CodeMirror
- RelatedArticles
- UploadWizard
- Lockdown
mediawiki_builtin_groups:
- user
- autoconfirmed
- bot
- sysop
- interface-admin
- bureaucrat
- suppress
mediawiki_apache_config: |
AllowEncodedSlashes NoDecode
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/({{ mediawiki_rewrite_blacklist | map("regex_escape") | join("|") }})$
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.php/
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
RewriteRule ^(.*)/([a-z]*)$ %{DOCUMENT_ROOT}/index.php [L,QSA]
<Location />
AuthName "FreeIPA Single Sign-On"
AuthType GSSAPI
<If "({% for cidr in kerberized_cidrs %}-R '{{ cidr }}'{% if not loop.last %} || {% endif %}{% endfor %}) && ! -R '{{ ansible_default_ipv4.address }}'">
{{ apache_gssapi_session_config }}
Require valid-user
</If>
</Location>
<Directory "{{ mediawiki_home }}/cache">
AllowOverride None
Require all denied
</Directory>
# Since we're using pretty URLs, page titles can clash with real files in the
# mediawiki directory. If this ever happens, add the file path to this list.
mediawiki_rewrite_blacklist:
- CODE_OF_CONDUCT.md
- COPYING
- CREDITS
- FAQ
- HISTORY
- INSTALL
- README.md
- SECURITY
- UPGRADE
- composer.json
- jsduck.json
mediawiki_archive_shell: >-
TIMESTAMP=$(date +%Y%m%d%H%M%S);
tar czf "mediawiki-${TIMESTAMP}.tar.gz"
--transform "s|^\.|mediawiki-${TIMESTAMP}|"
-C "{{ mediawiki_home }}"
images
|