X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/46d97368eb6034f2eb95d5a8400bd4bf6faf4ed2..2bfb0ef07fb64314f5c4ded641a8c280df9c1d0b:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index d03b78cf9..dff320d56 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -12,26 +12,24 @@ if ( !defined( 'MEDIAWIKI' ) ) { $wgSitename = '<%= @mediawiki[:sitename] %>'; $wgMetaNamespace = '<%= @mediawiki[:metanamespace] %>'; - ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs ## (like /w/index.php/Page_title to /wiki/Page_title) please see: -## http://www.mediawiki.org/wiki/Manual:Short_URL +## https://www.mediawiki.org/wiki/Manual:Short_URL $wgScriptPath = "/w"; $wgArticlePath = '/wiki/$1'; $wgUsePathInfo = true; $wgScriptExtension = ".php"; ## The protocol and server name to use in fully-qualified URLs -$wgServer = "//<%= @mediawiki[:site] %>"; -$wgInternalServer = 'http://<%= @mediawiki[:site] %>'; +$wgServer = "//<%= @name %>"; +$wgInternalServer = 'https://<%= @name %>'; +$wgCanonicalServer = 'https://<%= @name %>'; -<% if @mediawiki[:enable_ssl] -%> $wgSecureLogin = true; -$wgDefaultUserOptions['prefershttps'] = 0; -<% end -%> -$wgCookieSecure = false; +$wgDefaultUserOptions['prefershttps'] = 1; +$wgCookieSecure = true; ## The relative URL path to the skins directory $wgStylePath = "$wgScriptPath/skins"; @@ -48,6 +46,7 @@ $wgEnableUserEmail = true; # UPO $wgEmergencyContact = "<%= @mediawiki[:email_contact] %>"; $wgPasswordSender = "<%= @mediawiki[:email_sender] %>"; $wgPasswordSenderName = "<%= @mediawiki[:email_sender_name] %>"; //Replaced by MediaWiki:Emailsender in v1.23.0 +$wgNoReplyAddress = "<%= @mediawiki[:email_sender] %>"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO @@ -90,21 +89,43 @@ $wgMaxShellTime = 360; $wgMaxShellWallClockTime = 360; # Allow some more upload extensions -$wgFileExtensions[] = 'doc'; $wgFileExtensions[] = 'pdf'; $wgFileExtensions[] = 'odt'; $wgFileExtensions[] = 'odp'; +$wgFileExtensions[] = 'ods'; $wgFileExtensions[] = 'svg'; +$wgFileExtensions[] = 'osm'; +$wgFileExtensions[] = 'odg'; +<% @mediawiki[:extra_file_extensions].each do |mw_extra_file_extension| -%> + $wgFileExtensions[] = '<%= mw_extra_file_extension %>'; +<% end -%> + +# Add OSM XML file format per http://www.iana.org/assignments/media-types/media-types.xhtml +# Shout out to Paul Norman for reserving this. +# Helps MimeMagic determine XML-based formats and chooses the correct MimeType +# for .osm files. +$wgXMLMimeTypes[] = array('osm' => 'application/vnd.openstreetmap.data+xml'); + +$wgTrustedMediaFormats[] = 'application/vnd.openstreetmap.data+xml'; $wgSVGConverters = array( 'rsvg' => '/usr/bin/rsvg-convert -w $width -h $height -o $output $input'); $wgSVGConverter = 'rsvg'; $wgSVGMaxSize = 2000; -# InstantCommons allows wiki to use images from http://commons.wikimedia.org <% if @mediawiki[:commons] -%> -$wgUseInstantCommons = true; -<% else -%> -$wgUseInstantCommons = false; +# Enable use of images from https://commons.wikimedia.org +$wgForeignFileRepos[] = [ + 'class' => ForeignAPIRepo::class, + 'name' => 'wikimediacommons', + 'apibase' => 'https://commons.wikimedia.org/w/api.php', + 'url' => 'https://upload.wikimedia.org/wikipedia/commons', + 'thumbUrl' => 'https://upload.wikimedia.org/wikipedia/commons/thumb', + 'hashLevels' => 2, + 'transformVia404' => true, + 'fetchDescription' => true, + 'descriptionCacheExpiry' => 604800, + 'apiThumbCacheExpiry' => 604800, +]; <% end -%> ## If you use ImageMagick (or any other shell command) on a @@ -126,7 +147,11 @@ $wgShellLocale = "en_US.utf8"; # Site language code, should be one of the list in ./languages/Names.php $wgLanguageCode = "en"; -$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>'; +## Enable setting the page content language by users +$wgPageLanguageUseDB = true; +$wgGroupPermissions['user']['pagelang'] = true; + +$wgSecretKey = '<%= @secret_key %>'; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place @@ -139,8 +164,8 @@ $wgDefaultSkin = "<%= @mediawiki[:skin] %>"; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation ## License and Creative Commons licenses are supported so far. -$wgRightsPage = "OpenStreetMap_License"; # Set to the title of a wiki page that describes your license/copyright -$wgRightsUrl = "http://creativecommons.org/licenses/by-sa/2.0/"; +$wgRightsPage = "Wiki_content_license"; # Set to the title of a wiki page that describes your license/copyright +$wgRightsUrl = "https://creativecommons.org/licenses/by-sa/2.0/"; $wgRightsText = "Creative Commons Attribution-ShareAlike 2.0 license"; $wgRightsIcon = "/cc-wiki.png"; @@ -158,134 +183,133 @@ $wgResourceLoaderMaxQueryLength = -1; # End of automatically generated settings. # Add more configuration options below. -#Only Allow Signed-in users to edit +# Only Allow Signed-in users to edit $wgGroupPermissions['*']['edit'] = false; -#Allow bureaucrat group access to oversight options +# Allow bureaucrat group access to oversight options $wgGroupPermissions['bureaucrat']['hideuser'] = true; $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; -<% if @mediawiki[:private] -%> -#Disable reading by anonymous users +# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites, +# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops. +# Also remove the interface-admin group to avoid confusion. +$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] ); +unset( $wgGroupPermissions['interface-admin'] ); +unset( $wgRevokePermissions['interface-admin'] ); +unset( $wgAddGroups['interface-admin'] ); +unset( $wgRemoveGroups['interface-admin'] ); +unset( $wgGroupsAddToSelf['interface-admin'] ); +unset( $wgGroupsRemoveFromSelf['interface-admin'] ); + +# The v1.32+ gadget system also requires two additional rights +# See https://www.mediawiki.org/wiki/Extension:Gadgets +$wgGroupPermissions['sysop']['gadgets-edit'] = true; +$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true; + +<% if @mediawiki[:private_accounts] -%> +# Prevent new user registrations except by existing users +$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['createaccount'] = true; +<% end -%> + +<% if @mediawiki[:private_site] -%> +# Disable reading by anonymous users $wgGroupPermissions['*']['read'] = false; -#Allow anonymous users to access the login page +# Allow anonymous users to access the login page $wgWhitelistRead = array ("Special:Userlogin"); -#Prevent new user registrations except by sysops +# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false; -#Restrict access to the upload directory +# Restrict access to the upload directory $wgUploadPath = "$wgScriptPath/img_auth.php"; <% end -%> -#Allow Subpages on Main Namespace +# Allow Subpages on Main Namespace $wgNamespacesWithSubpages[NS_MAIN] = true; -#DNS Blacklists to use +# DNS Blacklists to use $wgEnableDnsBlacklist = true; -$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.' ); +$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' ); -#Disable Hit Counter for Performance +# Require validated email to edit +$wgEmailConfirmToEdit = true; + +# Extend autoblock period +$wgAutoblockExpiry = 7776000; // 90 days + +# Disable Hit Counter for Performance $wgDisableCounters = TRUE; -#Disable IP in Header to avoid cache issue +# Disable IP in Header to avoid cache issue $wgShowIPinHeader = FALSE; -#Job Runs by cron -$wgJobRunRate = 0; +# Job Runs mostly by cron +$wgJobRunRate = 0.01; + +# dissolves double redirects automatically +$wgFixDoubleRedirects = TRUE; # Allow external images from a few sites -$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'http://svenanders.openstreetmap.de/', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' ); +$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'https://tile.openstreetmap.org', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' ); $wgNoFollowDomainExceptions = array( 'www.openstreetmap.org', 'josm.openstreetmap.de', 'taginfo.openstreetmap.org', 'blog.openstreetmap.org', 'wiki.osmfoundation.org' ); -#FIXME - move to specific -$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'portal-url', 'mapfeatures-url', 'helppage' ); - -#FIXME - move to specific +# FIXME - move to specific $wgAllowUserJs = TRUE; $wgAllowUserCss = TRUE; -#FIXME - move to specific -#DE -define('NS_LANG_DE', 200); -$wgExtraNamespaces[NS_LANG_DE] = 'DE'; -$wgNamespacesWithSubpages[NS_LANG_DE] = TRUE; -$wgContentNamespaces[] = NS_LANG_DE; -define('NS_LANG_DE_TALK', 201); -$wgExtraNamespaces[NS_LANG_DE_TALK] = 'DE_talk'; -$wgNamespacesWithSubpages[NS_LANG_DE_TALK] = TRUE; - -#FR -define('NS_LANG_FR', 202); -$wgExtraNamespaces[NS_LANG_FR] = 'FR'; -$wgNamespacesWithSubpages[NS_LANG_FR] = TRUE; -$wgContentNamespaces[] = NS_LANG_FR; -define('NS_LANG_FR_TALK', 203); -$wgExtraNamespaces[NS_LANG_FR_TALK] = 'FR_talk'; -$wgNamespacesWithSubpages[NS_LANG_FR_TALK] = TRUE; - -#ES -define('NS_LANG_ES', 204); -$wgExtraNamespaces[NS_LANG_ES] = 'ES'; -$wgNamespacesWithSubpages[NS_LANG_ES] = TRUE; -$wgContentNamespaces[] = NS_LANG_ES; -define('NS_LANG_ES_TALK', 205); -$wgExtraNamespaces[NS_LANG_ES_TALK] = 'ES_talk'; -$wgNamespacesWithSubpages[NS_LANG_ES_TALK] = TRUE; - -#IT -define('NS_LANG_IT', 206); -$wgExtraNamespaces[NS_LANG_IT] = 'IT'; -$wgNamespacesWithSubpages[NS_LANG_IT] = TRUE; -$wgContentNamespaces[] = NS_LANG_IT; -define('NS_LANG_IT_TALK', 207); -$wgExtraNamespaces[NS_LANG_IT_TALK] = 'IT_talk'; -$wgNamespacesWithSubpages[NS_LANG_IT_TALK] = TRUE; - -#NL -define('NS_LANG_NL', 208); -$wgExtraNamespaces[NS_LANG_NL] = 'NL'; -$wgNamespacesWithSubpages[NS_LANG_NL] = TRUE; -$wgContentNamespaces[] = NS_LANG_NL; -define('NS_LANG_NL_TALK', 209); -$wgExtraNamespaces[NS_LANG_NL_TALK] = 'NL_talk'; -$wgNamespacesWithSubpages[NS_LANG_NL_TALK] = TRUE; - -#RU -define('NS_LANG_RU', 210); -$wgExtraNamespaces[NS_LANG_RU] = 'RU'; -$wgNamespacesWithSubpages[NS_LANG_RU] = TRUE; -$wgContentNamespaces[] = NS_LANG_RU; -define('NS_LANG_RU_TALK', 211); -$wgExtraNamespaces[NS_LANG_RU_TALK] = 'RU_talk'; -$wgNamespacesWithSubpages[NS_LANG_RU_TALK] = TRUE; - -#JA -define('NS_LANG_JA', 212); -$wgExtraNamespaces[NS_LANG_JA] = 'JA'; -$wgNamespacesWithSubpages[NS_LANG_JA] = TRUE; -$wgContentNamespaces[] = NS_LANG_JA; -define('NS_LANG_JA_TALK', 213); -$wgExtraNamespaces[NS_LANG_JA_TALK] = 'JA_talk'; -$wgNamespacesWithSubpages[NS_LANG_JA_TALK] = TRUE; - -$wgNamespacesToBeSearchedDefault[NS_LANG_DE] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_FR] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_ES] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_IT] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_NL] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_RU] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_JA] = TRUE; +# Raise expensive lua (and other function) call limits to match WP +# Docs: https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit +# Wikipedia's Config: https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php +$wgExpensiveParserFunctionLimit = 500; + +<% if @mediawiki[:site_notice] -%> +$wgSiteNotice = "<%= @mediawiki[:site_notice] %>"; +<% end -%> <% if @mediawiki[:site_readonly] -%> $wgReadOnly = "<%= @mediawiki[:site_readonly] %>"; <% end -%> -<% Dir.glob("#{@mediawiki[:directory]}/LocalSettings.d/*.php") do |file| -%> +# load extensions +<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%> <%= "require_once('#{file}');" %> <% end -%> +<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%> +# require user confirmation for certain actions +$wgGroupPermissions['user']['move'] = false; +$wgGroupPermissions['user']['movefile'] = false; +$wgGroupPermissions['user']['move-categorypages'] = false; +$wgGroupPermissions['user']['upload'] = false; +$wgGroupPermissions['autoconfirmed']['move'] = true; +$wgGroupPermissions['autoconfirmed']['movefile'] = true; +$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true; +$wgGroupPermissions['autoconfirmed']['upload'] = true; +# Autopromote users to autoconfirmed +$wgAutoConfirmAge = 345600; // 4 days +$wgAutoConfirmCount = 10; + +# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops +$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed']; +$wgAddGroups['sysop'][] = 'confirmed'; +$wgRemoveGroups['sysop'][] = 'confirmed'; +<% end -%> + +<% if @mediawiki[:private_accounts] or @mediawiki[:private_site] -%> +# disable automatic confirmation of users, grant all "autoconfirmed" rights to all users +$wgAutoConfirmAge = 0; +$wgAutoConfirmCount = 0; +$wgGroupPermissions['user'] = array_merge( $wgGroupPermissions['user'], $wgGroupPermissions['autoconfirmed'] ); + +unset( $wgGroupPermissions['autoconfirmed'] ); +unset( $wgRevokePermissions['autoconfirmed'] ); +unset( $wgAddGroups['autoconfirmed'] ); +unset( $wgRemoveGroups['autoconfirmed'] ); +unset( $wgGroupsAddToSelf['autoconfirmed'] ); +unset( $wgGroupsRemoveFromSelf['autoconfirmed'] ); +<% end -%>