mediawiki: Add group for ipblock-exempt permission

[chef.git] / cookbooks / mediawiki / templates / default / LocalSettings.php.erb

<?php
# DO NOT EDIT - This file is being maintained by Chef

# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
        exit;
}

## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;

$wgSitename      = '<%= @mediawiki[:sitename] %>';
$wgMetaNamespace = '<%= @mediawiki[:metanamespace] %>';

## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath       = "/w";
$wgArticlePath      = '/wiki/$1';
$wgUsePathInfo      = true;
$wgScriptExtension  = ".php";

## The protocol and server name to use in fully-qualified URLs
$wgServer           = "//<%= @name %>";
$wgInternalServer   = 'https://<%= @name %>';
$wgCanonicalServer  = 'https://<%= @name %>';

$wgSecureLogin = true;
$wgDefaultUserOptions['prefershttps'] = 1;
$wgCookieSecure = true;

## The relative URL path to the skins directory
$wgStylePath        = "$wgScriptPath/skins";

## The relative URL path to the logo.  Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogo             = "<%= @mediawiki[:logo] %>";

## UPO means: this is also a user preference option

$wgEnableEmail      = true;
$wgEnableUserEmail  = true; # UPO

$wgEmergencyContact = "<%= @mediawiki[:email_contact] %>";
$wgPasswordSender   = "<%= @mediawiki[:email_sender] %>";
$wgPasswordSenderName = "<%= @mediawiki[:email_sender_name] %>"; //Replaced by MediaWiki:Emailsender in v1.23.0
$wgNoReplyAddress = "<%= @mediawiki[:email_sender] %>";

$wgEnotifUserTalk      = true; # UPO
$wgEnotifWatchlist     = true; # UPO
$wgEmailAuthentication = true;

$wgEnotifUseJobQ       = true;

$wgSMTP = [
  "host" => "localhost",
  "socket_options" => [
    "ssl" => [
      "verify_peer_name" => false
    ]
  ]
];

## Database settings
$wgDBtype           = "mysql";
$wgDBserver         = "<%= @database_params[:host] %>";
$wgDBname           = "<%= @database_params[:name] %>";
$wgDBuser           = "<%= @database_params[:username] %>";
$wgDBpassword       = "<%= @database_params[:password] %>";

# MySQL specific settings
$wgDBprefix         = "";

# MySQL table options to use during installation or update
$wgDBTableOptions   = "ENGINE=InnoDB, DEFAULT CHARSET=binary";

# Experimental charset support for MySQL 5.0.
$wgDBmysql5 = false;

## Shared memory settings
$wgMainCacheType    = CACHE_MEMCACHED;
$wgParserCacheType  = CACHE_MEMCACHED;
$wgMessageCacheType = CACHE_MEMCACHED;
$wgSessionCacheType = CACHE_MEMCACHED;
$wgMemCachedServers = array('127.0.0.1:11211');
$wgSessionsInObjectCache = TRUE;

## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads  = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";

$wgGenerateThumbnailOnParse = false;
$wgMaxImageArea = 125000000;
$wgMaxShellMemory = 5524000;
$wgMaxShellFileSize = 819200;
$wgMaxShellTime = 360;
$wgMaxShellWallClockTime = 360;

# Allow some more upload extensions
$wgFileExtensions[] = 'pdf';
$wgFileExtensions[] = 'odt';
$wgFileExtensions[] = 'odp';
$wgFileExtensions[] = 'ods';
$wgFileExtensions[] = 'svg';
$wgFileExtensions[] = 'osm';
$wgFileExtensions[] = 'odg';
<% @mediawiki[:extra_file_extensions].each do |mw_extra_file_extension| -%>
        $wgFileExtensions[] = '<%= mw_extra_file_extension %>';
<% end -%>

# Add OSM XML file format per http://www.iana.org/assignments/media-types/media-types.xhtml
# Shout out to Paul Norman for reserving this.
# Helps MimeMagic determine XML-based formats and chooses the correct MimeType
# for .osm files.
$wgXMLMimeTypes[] = array('osm' => 'application/vnd.openstreetmap.data+xml');

$wgTrustedMediaFormats[] = 'application/vnd.openstreetmap.data+xml';

$wgSVGConverters = array( 'rsvg' => '/usr/bin/rsvg-convert -w $width -h $height -o $output $input');
$wgSVGConverter = 'rsvg';
$wgSVGMaxSize = 2000;

## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "en_US.utf8";

## If you want to use image uploads under safe mode,
## create the directories images/archive, images/thumb and
## images/temp, and make them all writable. Then uncomment
## this, if it's not already uncommented:
#$wgHashedUploadDirectory = false;

## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publically accessible from the web.
$wgCacheDirectory = "$IP/cache";

# Site language code, should be one of the list in ./languages/Names.php
$wgLanguageCode = "en";

## Enable setting the page content language by users
$wgPageLanguageUseDB = true;
$wgGroupPermissions['user']['pagelang'] = true;

$wgSecretKey = '<%= @secret_key %>';

# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
#$wgUpgradeKey = "6ad907e74fc65836";

## Default skin: you can change the default skin. Use the internal symbolic
## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
$wgDefaultSkin = "<%= @mediawiki[:skin] %>";

## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = "Wiki_content_license"; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl  = "https://creativecommons.org/licenses/by-sa/2.0/";
$wgRightsText = "Creative Commons Attribution-ShareAlike 2.0 license";
$wgRightsIcon = "/cc-wiki.png";

# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";

$wgExternalDiffEngine = 'wikidiff2';

# Query string length limit for ResourceLoader. You should only set this if
# your web server has a query string length limit (then set it to that limit),
# or if you have suhosin.get.max_value_length set in php.ini (then set it to
# that value)
$wgResourceLoaderMaxQueryLength = -1;

# End of automatically generated settings.
# Add more configuration options below.

# Only Allow Signed-in users to edit
$wgGroupPermissions['*']['edit'] = false;

# Allow bureaucrat group access to oversight options
$wgGroupPermissions['bureaucrat']['hideuser'] = true;
$wgGroupPermissions['bureaucrat']['deletelogentry'] = true;
$wgGroupPermissions['bureaucrat']['deleterevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressionlog'] = true;

# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites,
# but for OSM it makes more sense to keep group structure simple.  Give all interface-admin rights to sysops.
# Also remove the interface-admin group to avoid confusion.
$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] );
unset( $wgGroupPermissions['interface-admin'] );
unset( $wgRevokePermissions['interface-admin'] );
unset( $wgAddGroups['interface-admin'] );
unset( $wgRemoveGroups['interface-admin'] );
unset( $wgGroupsAddToSelf['interface-admin'] );
unset( $wgGroupsRemoveFromSelf['interface-admin'] );

# The v1.32+ gadget system also requires two additional rights
# See https://www.mediawiki.org/wiki/Extension:Gadgets
$wgGroupPermissions['sysop']['gadgets-edit'] = true;
$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true;

# Create ipblock-exempt group to grant IP block exemption permission
$wgGrantPermissions['ipblock-exempt']['ipblock-exempt'] = true;

<% if @mediawiki[:private_accounts] -%>
# Prevent new user registrations except by existing users
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['user']['createaccount'] = true;
<% end -%>

<% if @mediawiki[:private_site] -%>
# Disable reading by anonymous users
$wgGroupPermissions['*']['read'] = false;

# Allow anonymous users to access the login page
$wgWhitelistRead = array ("Special:Userlogin");

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

# Restrict access to the upload directory
$wgUploadPath = "$wgScriptPath/img_auth.php";
<% end -%>

# Allow Subpages on Main Namespace
$wgNamespacesWithSubpages[NS_MAIN] = true;

# DNS Blacklists to use
$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = [
  'http.dnsbl.sorbs.net.',
  'dnsbl-1.uceprotect.net.'
];

# Require validated email to edit
$wgEmailConfirmToEdit = true;

# Extend autoblock period
$wgAutoblockExpiry = 7776000; // 90 days

# Disable Hit Counter for Performance
$wgDisableCounters = TRUE;
# Disable IP in Header to avoid cache issue
$wgShowIPinHeader = FALSE;

# Job Runs by cron
$wgJobRunRate = 0;

# dissolves double redirects automatically
$wgFixDoubleRedirects = TRUE;

# Allow external images from a few sites
$wgAllowExternalImagesFrom = [
  'http://tile.openstreetmap.org/',
  'https://tile.openstreetmap.org',
  'http://josm.openstreetmap.de/'
];

$wgNoFollowDomainExceptions = [
  'www.openstreetmap.org',
  'josm.openstreetmap.de',
  'taginfo.openstreetmap.org',
  'blog.openstreetmap.org',
  'forum.openstreetmap.org',
  'community.openstreetmap.org',
  'lists.openstreetmap.org',
  'help.openstreetmap.org',
  'switch2osm.org',
  'wiki.osmfoundation.org',
  'www.openstreetmap.us',
  'learnosm.org',
  'nominatim.org',
  'openstreetmap.community',
  'www.openstreetbrowser.org',
  'openinframap.org',
  'leafletjs.com'
];

# FIXME - move to specific
$wgAllowUserJs = TRUE;
$wgAllowUserCss = TRUE;

# Raise expensive lua (and other function) call limits to match WP
# Docs:  https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit
# Wikipedia's Config:  https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php
$wgExpensiveParserFunctionLimit = 500;


<% if @mediawiki[:site_notice] -%>
$wgSiteNotice = "<%= @mediawiki[:site_notice] %>";
<% end -%>
<% if @mediawiki[:site_readonly] -%>
$wgReadOnly = ( PHP_SAPI === 'cli' ) ? false : "<%= @mediawiki[:site_readonly] %>";
<% end -%>

<% @mediawiki[:namespaces].each do |name, details| -%>
# <%= name %>
define('NS_<%= name.upcase %>', <%= details[:id] %>);
$wgExtraNamespaces[NS_<%= name.upcase %>] = '<%= name %>';
$wgNamespacesWithSubpages[NS_<%= name.upcase %>] = TRUE;
$wgContentNamespaces[] = NS_<%= name.upcase %>;
$wgNamespacesToBeSearchedDefault[NS_<%= name.upcase %>] = TRUE;
define('NS_<%= name.upcase %>_TALK', <%= details[:talk_id] %>);
$wgExtraNamespaces[NS_<%= name.upcase %>_TALK] = '<%= name %>_talk';
$wgNamespacesWithSubpages[NS_<%= name.upcase %>_TALK] = TRUE;

<% end -%>

<% unless @mediawiki[:force_ui_messages].empty? -%>
# defines which links of the sidebar are translatable
$wgForceUIMsgAsContentMsg = array( '<%= @mediawiki[:force_ui_messages].join("', '") %>' );
<% end -%>

# load extensions
<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%>
<%= "require_once('#{file}');" %>
<% end -%>

<% if @mediawiki[:watch_category_membership] -%>
# must be after extensions are loaded
$wgRCWatchCategoryMembership = true;
<% end -%>

<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%>
# require user confirmation for certain actions
$wgGroupPermissions['user']['move'] = false;
$wgGroupPermissions['user']['movefile'] = false;
$wgGroupPermissions['user']['move-categorypages'] = false;
$wgGroupPermissions['user']['upload'] = false;
$wgGroupPermissions['autoconfirmed']['move'] = true;
$wgGroupPermissions['autoconfirmed']['movefile'] = true;
$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true;
$wgGroupPermissions['autoconfirmed']['upload'] = true;
# Autopromote users to autoconfirmed
$wgAutoConfirmAge = 345600; // 4 days
$wgAutoConfirmCount = 10;

# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops
$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed'];
$wgAddGroups['sysop'][] = 'confirmed';
$wgRemoveGroups['sysop'][] = 'confirmed';
<% end -%>

<% if @mediawiki[:private_accounts] or @mediawiki[:private_site] -%>
# disable automatic confirmation of users, grant all "autoconfirmed" rights to all users
$wgAutoConfirmAge = 0;
$wgAutoConfirmCount = 0;
$wgGroupPermissions['user'] = array_merge( $wgGroupPermissions['user'], $wgGroupPermissions['autoconfirmed'] );

unset( $wgGroupPermissions['autoconfirmed'] );
unset( $wgRevokePermissions['autoconfirmed'] );
unset( $wgAddGroups['autoconfirmed'] );
unset( $wgRemoveGroups['autoconfirmed'] );
unset( $wgGroupsAddToSelf['autoconfirmed'] );
unset( $wgGroupsRemoveFromSelf['autoconfirmed'] );
<% end -%>

# Increase curl timeout to allow parsoid requests to heavy pages like Map Features
# Mediawiki 1.38 has fix to allow this to be set by $wgVirtualRestConfig
# https://phabricator.wikimedia.org/T285478
$wgHTTPTimeout = 240;

# Enable night mode for Minerva and Vector skins
# https://github.com/openstreetmap/operations/issues/1230
$wgMinervaNightMode['base'] = true;
$wgVectorNightMode['logged_in'] = true;
$wgVectorNightMode['logged_out'] = true;

# Set extremely low timeout to avoid PHP-FPM timeouts on slow connections to Wikimedia Commons (rate limiting) or similar
$wgHTTPMaxTimeout = 5;
$wgHTTPMaxConnectTimeout = 3;