## The protocol and server name to use in fully-qualified URLs
$wgServer = "//<%= @name %>";
$wgInternalServer = 'https://<%= @name %>';
+$wgCanonicalServer = 'https://<%= @name %>';
$wgSecureLogin = true;
$wgDefaultUserOptions['prefershttps'] = 1;
$wgEmergencyContact = "<%= @mediawiki[:email_contact] %>";
$wgPasswordSender = "<%= @mediawiki[:email_sender] %>";
$wgPasswordSenderName = "<%= @mediawiki[:email_sender_name] %>"; //Replaced by MediaWiki:Emailsender in v1.23.0
+$wgNoReplyAddress = "<%= @mediawiki[:email_sender] %>";
$wgEnotifUserTalk = true; # UPO
$wgEnotifWatchlist = true; # UPO
# Site language code, should be one of the list in ./languages/Names.php
$wgLanguageCode = "en";
-$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>';
+## Enable setting the page content language by users
+$wgPageLanguageUseDB = true;
+$wgGroupPermissions['user']['pagelang'] = true;
+
+$wgSecretKey = '<%= @secret_key %>';
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
$wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
+# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites,
+# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops.
+# Also remove the interface-admin group to avoid confusion.
+$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] );
+unset( $wgGroupPermissions['interface-admin'] );
+unset( $wgRevokePermissions['interface-admin'] );
+unset( $wgAddGroups['interface-admin'] );
+unset( $wgRemoveGroups['interface-admin'] );
+unset( $wgGroupsAddToSelf['interface-admin'] );
+unset( $wgGroupsRemoveFromSelf['interface-admin'] );
+
+# The v1.32+ gadget system also requires two additional rights
+# See https://www.mediawiki.org/wiki/Extension:Gadgets
+$wgGroupPermissions['sysop']['gadgets-edit'] = true;
+$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true;
+
<% if @mediawiki[:private_accounts] -%>
# Prevent new user registrations except by existing users
$wgGroupPermissions['*']['createaccount'] = false;
$wgUploadPath = "$wgScriptPath/img_auth.php";
<% end -%>
+<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%>
+# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops
+$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed'];
+$wgAddGroups['sysop'][] = 'confirmed';
+$wgRemoveGroups['sysop'][] = 'confirmed';
+<% end -%>
+
# Allow Subpages on Main Namespace
$wgNamespacesWithSubpages[NS_MAIN] = true;
# DNS Blacklists to use
$wgEnableDnsBlacklist = true;
-$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' );
+$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' );
# Require validated email to edit
$wgEmailConfirmToEdit = true;
# Disable IP in Header to avoid cache issue
$wgShowIPinHeader = FALSE;
-# Job Runs by cron
-$wgJobRunRate = 0;
+# Job Runs mostly by cron
+$wgJobRunRate = 0.01;
# dissolves double redirects automatically
$wgFixDoubleRedirects = TRUE;
# Allow external images from a few sites
-$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'http://svenanders.openstreetmap.de/', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' );
+$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'https://tile.openstreetmap.org', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' );
$wgNoFollowDomainExceptions = array( 'www.openstreetmap.org', 'josm.openstreetmap.de', 'taginfo.openstreetmap.org', 'blog.openstreetmap.org', 'wiki.osmfoundation.org' );