Compare commits

..

14 Commits

6 changed files with 114 additions and 73 deletions

View File

@ -1,37 +1,36 @@
FROM mediawiki:1.35
FROM mediawiki:1.39
RUN apt-get update \
&& apt-get install -y libldap2-dev libpng-dev git zip \
&& apt-get install -y libpng-dev git zip \
&& rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-install -j$(nproc) ldap gd
COPY composer.local.json /var/www/html/
COPY --from=composer:1 /usr/bin/composer /usr/bin/composer
RUN cd /var/www/html/ && composer update --no-dev
&& docker-php-ext-install -j$(nproc) gd calendar
# Needed for making branch name from MEDIAWIKI_MAJOR_VERSION
SHELL ["/bin/bash", "-c"]
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
# needs to be downloaded before composer is run
# https://www.mediawiki.org/wiki/Extension:OpenIDConnect
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \
/var/www/html/extensions/PluggableAuth
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
/var/www/html/extensions/OpenIDConnect
COPY composer.local.json /var/www/html/
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
RUN cd /var/www/html/ && composer update --no-dev
# from composer.local.json:
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
# https://www.mediawiki.org/wiki/Extension:LDAPProvider
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \
/var/www/html/extensions/LDAPProvider
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
# https://www.mediawiki.org/wiki/Extension:Semantic_Approved_Revs
# https://www.mediawiki.org/wiki/Extension:QRLite
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \
https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo \
/var/www/html/extensions/LDAPUserInfo
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \
/var/www/html/extensions/LDAPAuthentication2
# https://www.mediawiki.org/wiki/Extension:MobileFrontend
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/MobileFrontend \
@ -62,12 +61,8 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
# https://www.mediawiki.org/wiki/Extension:External_Data
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \
/var/www/html/extensions/ExternalData
# https://www.mediawiki.org/wiki/Extension:QRLite
RUN git clone --depth 1 \
https://github.com/gesinn-it/QRLite \
/var/www/html/extensions/QRLite
/var/www/html/extensions/ExternalData \
&& cd /var/www/html/extensions/ExternalData && composer install --no-dev
# https://www.mediawiki.org/wiki/Extension:CSS
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
@ -79,6 +74,9 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/Variables \
/var/www/html/extensions/Variables
RUN a2enmod proxy_http proxy_html
COPY apache-mediawiki.conf /etc/apache2/sites-available/000-default.conf
# reset back to default shell
SHELL ["/bin/sh", "-c"]

View File

@ -15,6 +15,8 @@ if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
error_reporting( 0 );
# store passwords/sensitive data here
$secrets = require('secrets.php');
@ -95,7 +97,7 @@ $wgPingback = false;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "en_US.utf8";
$wgShellLocale = "C.UTF-8";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
@ -144,6 +146,8 @@ wfLoadSkin( 'Timeless' );
# Add more configuration options below.
# Semantic MediaWiki Extension
wfLoadExtension( 'SemanticMediaWiki' );
wfLoadExtension( 'SemanticResultFormats' );
enableSemantics( 'claremontmakerspace.org' );
$smwgPDefaultType = '_txt';
$smwgEnabledQueryDependencyLinksStore = true;
@ -169,50 +173,19 @@ wfLoadExtension( 'Scribunto' );
$wgScribuntoDefaultEngine = 'luastandalone';
$wgScribuntoUseCodeEditor = "true";
# LDAP
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'LDAPAuthentication2' );
$LDAPProviderDomainConfigProvider = function() use ($secrets) {
$config = [
'CMS' => [
"connection" => [
"server" => "self-service.claremontmakerspace.org",
"port" => 7389,
"enctype" => "clear",
"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"pass" => $secrets['LDAPPass'],
"options" => [
"LDAP_OPT_DEREF" => 1,
],
"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"searchattribute" => "uid",
"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"authentication" => [
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"userinfo" => [
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'OpenIDConnect' );
$wgOpenIDConnect_MigrateUsersByUserName = true;
$wgPluggableAuth_Config["Log in with CMS Network Resources Account"] = [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => 'https://ucs-sso-ng.claremontmakerspace.org/realms/ucs',
'clientID' => 'mediawiki',
'clientsecret' => $secrets['OpenIDSecret'],
]
];
wfloadextension( 'VisualEditor' );
wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'Variables' );
@ -220,8 +193,12 @@ wfLoadExtension( 'Variables' );
wfLoadExtension( 'CSS' );
wfLoadExtension( 'Widgets' );
wfLoadExtension( 'ApprovedRevs' );
wfLoadExtension( 'SemanticApprovedRevs' );
wfLoadExtension( 'QRLite' );
require_once "$IP/extensions/QRLite/QRLite.php";
wfloadextension( 'Diagrams' );
$wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams';
wfLoadExtension( 'ExternalData' );
$edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org';

21
apache-mediawiki.conf Normal file
View File

@ -0,0 +1,21 @@
<VirtualHost *:80>
ServerAdmin webmaster@claremontmakerspace.org
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
AllowEncodedSlashes NoDecode
ProxyPass /diagrams/ http://diagrams:5003/diagrams/
# ProxyPassReverse /diagrams/ http://diagrams:5003/
ProxyPreserveHost On
# <Location /diagrams/>
# ProxyPassReverse /
# SetOutputFilter proxy-html
# ProxyHTMLURLMap http://diagrams:5003/ /diagrams/
# ProxyHTMLURLMap / /diagrams/
# </Location>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -1,8 +1,20 @@
{
"require": {
"mediawiki/semantic-media-wiki": "^3.0",
"mediawiki/semantic-scribunto": "^2.0",
"mediawiki/semantic-result-formats": "^3.0",
"mediawiki/data-transfer": "^1.0"
"mediawiki/pluggable-auth": "^6.2",
"mediawiki/semantic-media-wiki": "^4.1",
"mediawiki/semantic-scribunto": "^2.2",
"mediawiki/semantic-result-formats": "^4.0",
"mediawiki/approved-revs": "^1.8",
"mediawiki/semantic-approved-revs": "^0.9",
"mediawiki/data-transfer": "^1.4",
"gesinn-it/qrlite": "^1.0.0-alpha",
"samwilson/diagrams": "^0.11"
},
"extra": {
"merge-plugin": {
"include": [
"extensions/OpenIDConnect/composer.json"
]
}
}
}

19
diagrams/Dockerfile Normal file
View File

@ -0,0 +1,19 @@
FROM alpine as source
RUN apk add git curl
RUN git clone https://github.com/ad1217/diagrams -b fix-stuff
RUN curl -L http://sourceforge.net/projects/plantuml/files/plantuml.jar/download -o diagrams/plantuml.jar
FROM python:3-alpine
COPY --from=source diagrams diagrams
WORKDIR diagrams
# TODO: missing mscgen
RUN apk add graphviz openjdk8-jre
RUN pip3 install -r dgs/requirements.txt gunicorn
VOLUME /root/.diagrams
env SCRIPT_NAME=/diagrams
CMD ["gunicorn", "dgs.webserver:app", "--bind", "0.0.0.0:5003", "--forwarded-allow-ips=*"]

View File

@ -12,11 +12,25 @@ services:
- ./LocalSettings.php:/var/www/html/LocalSettings.php:ro
- ./secrets.php:/var/www/html/secrets.php:ro
- ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro
diagrams:
build: ./diagrams
restart: always
volumes:
- diagrams-vol:/root/.diagrams
database:
image: mariadb
volumes:
- mysql-vol:/var/lib/mysql
restart: always
env_file: .env
environment:
MYSQL_DATABASE: mediawiki
#MYSQL_USER and MYSQL_PASSWORD in .env
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
MARIADB_AUTO_UPGRADE: 'yes'
volumes:
mysql-vol:
diagrams-vol: