X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/4f10eb951399adea7cd598b2d763969c735bc888..8d3c08fa5ec0a351555df7629083c7f54ad262fb:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index d4c8e3050..85151cfdf 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -12,7 +12,6 @@ if ( !defined( 'MEDIAWIKI' ) ) { $wgSitename = '<%= @mediawiki[:sitename] %>'; $wgMetaNamespace = '<%= @mediawiki[:metanamespace] %>'; - ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs @@ -24,10 +23,10 @@ $wgUsePathInfo = true; $wgScriptExtension = ".php"; ## The protocol and server name to use in fully-qualified URLs -$wgServer = "//<%= @mediawiki[:site] %>"; -$wgInternalServer = 'http://<%= @mediawiki[:site] %>'; +$wgServer = "//<%= @name %>"; +$wgInternalServer = 'http://<%= @name %>'; -<% if @mediawiki[:enable_ssl] -%> +<% if @mediawiki[:ssl_enabled] -%> $wgSecureLogin = true; $wgDefaultUserOptions['prefershttps'] = 0; <% end -%> @@ -95,6 +94,9 @@ $wgFileExtensions[] = 'pdf'; $wgFileExtensions[] = 'odt'; $wgFileExtensions[] = 'odp'; $wgFileExtensions[] = 'svg'; +<% @mediawiki[:extra_file_extensions].each do |mw_extra_file_extension| -%> + $wgFileExtensions[] = '<%= mw_extra_file_extension %>'; +<% end -%> $wgSVGConverters = array( 'rsvg' => '/usr/bin/rsvg-convert -w $width -h $height -o $output $input'); $wgSVGConverter = 'rsvg'; @@ -126,7 +128,7 @@ $wgShellLocale = "en_US.utf8"; # Site language code, should be one of the list in ./languages/Names.php $wgLanguageCode = "en"; -$wgSecretKey = "<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>"; +$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>'; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place @@ -161,6 +163,16 @@ $wgResourceLoaderMaxQueryLength = -1; #Only Allow Signed-in users to edit $wgGroupPermissions['*']['edit'] = false; +#Only allow autoconfirmed for a few actions +$wgGroupPermissions['user']['move'] = false; +$wgGroupPermissions['user']['movefile'] = false; +$wgGroupPermissions['user']['move-categorypages'] = false; +$wgGroupPermissions['user']['upload'] = false; +$wgGroupPermissions['autoconfirmed']['move'] = false; +$wgGroupPermissions['autoconfirmed']['movefile'] = false; +$wgGroupPermissions['autoconfirmed']['move-categorypages'] = false; +$wgGroupPermissions['autoconfirmed']['upload'] = true; + #Allow bureaucrat group access to oversight options $wgGroupPermissions['bureaucrat']['hideuser'] = true; $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; @@ -168,12 +180,45 @@ $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; +<% if @mediawiki[:private_accounts] -%> +#Prevent new user registrations except by existing users +$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['createaccount'] = true; +<% end -%> +<% if @mediawiki[:private] -%> + +#Disable reading by anonymous users +$wgGroupPermissions['*']['read'] = false; + +#Allow anonymous users to access the login page +$wgWhitelistRead = array ("Special:Userlogin"); + +#Prevent new user registrations except by sysops +$wgGroupPermissions['*']['createaccount'] = false; + +#Restrict access to the upload directory +$wgUploadPath = "$wgScriptPath/img_auth.php"; +<% end -%> + #Allow Subpages on Main Namespace $wgNamespacesWithSubpages[NS_MAIN] = true; #DNS Blacklists to use $wgEnableDnsBlacklist = true; -$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.' ); +$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' ); + +#Require validated email to edit +$wgEmailConfirmToEdit = true; + +# Extend autoblock period +$wgAutoblockExpiry = 7776000; // 90 days + +# Spam filter regex +$wgSpamRegex = '/\b(gmail|dell|asus|eps(o|0)n|br(o|0)ther|can(o|0)n|hp|k(o|0)dak|lexmark|mcafee|bitdefender|n(o|0)rt(o|0)n( 360)?|avira|kaspersky|avg|avast|micr(o|0)s(o|0)ft|(o|0)utl(o|0)(o|0)k|printer|netgear( r(o|0)uter)?|quickb(o|0)(o|0)ks( payr(o|0)ll)?)( antivirus)?( helpline| cust(o|0)mer|( technical| tech)| cust(o|0)mer service)? (supp(o|0)rt number|ph(o|0)ne number|supp(o|0)rt ph(o|0)ne number|care number|helpdesk number)\b/i'; + +#Autopromote users to autoconfirmed +$wgAutoConfirmAge = 345600; // 4 days +$wgAutoConfirmCount = 10; #Disable Hit Counter for Performance $wgDisableCounters = TRUE; @@ -271,7 +316,6 @@ $wgNamespacesToBeSearchedDefault[NS_LANG_JA] = TRUE; $wgReadOnly = "<%= @mediawiki[:site_readonly] %>"; <% end -%> -<% Dir.glob("#{@mediawiki[:directory]}/LocalSettings.d/*.php") do |file| -%> +<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%> <%= "require_once('#{file}');" %> <% end -%> -