X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/846f07eb77ed692c8b295cc34e526891572c9432..2bfb0ef07fb64314f5c4ded641a8c280df9c1d0b:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index b6355c291..dff320d56 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -25,6 +25,7 @@ $wgScriptExtension = ".php"; ## The protocol and server name to use in fully-qualified URLs $wgServer = "//<%= @name %>"; $wgInternalServer = 'https://<%= @name %>'; +$wgCanonicalServer = 'https://<%= @name %>'; $wgSecureLogin = true; $wgDefaultUserOptions['prefershttps'] = 1; @@ -45,6 +46,7 @@ $wgEnableUserEmail = true; # UPO $wgEmergencyContact = "<%= @mediawiki[:email_contact] %>"; $wgPasswordSender = "<%= @mediawiki[:email_sender] %>"; $wgPasswordSenderName = "<%= @mediawiki[:email_sender_name] %>"; //Replaced by MediaWiki:Emailsender in v1.23.0 +$wgNoReplyAddress = "<%= @mediawiki[:email_sender] %>"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO @@ -87,26 +89,43 @@ $wgMaxShellTime = 360; $wgMaxShellWallClockTime = 360; # Allow some more upload extensions -$wgFileExtensions[] = 'doc'; $wgFileExtensions[] = 'pdf'; $wgFileExtensions[] = 'odt'; $wgFileExtensions[] = 'odp'; $wgFileExtensions[] = 'ods'; $wgFileExtensions[] = 'svg'; $wgFileExtensions[] = 'osm'; +$wgFileExtensions[] = 'odg'; <% @mediawiki[:extra_file_extensions].each do |mw_extra_file_extension| -%> $wgFileExtensions[] = '<%= mw_extra_file_extension %>'; <% end -%> +# Add OSM XML file format per http://www.iana.org/assignments/media-types/media-types.xhtml +# Shout out to Paul Norman for reserving this. +# Helps MimeMagic determine XML-based formats and chooses the correct MimeType +# for .osm files. +$wgXMLMimeTypes[] = array('osm' => 'application/vnd.openstreetmap.data+xml'); + +$wgTrustedMediaFormats[] = 'application/vnd.openstreetmap.data+xml'; + $wgSVGConverters = array( 'rsvg' => '/usr/bin/rsvg-convert -w $width -h $height -o $output $input'); $wgSVGConverter = 'rsvg'; $wgSVGMaxSize = 2000; -# InstantCommons allows wiki to use images from https://commons.wikimedia.org <% if @mediawiki[:commons] -%> -$wgUseInstantCommons = true; -<% else -%> -$wgUseInstantCommons = false; +# Enable use of images from https://commons.wikimedia.org +$wgForeignFileRepos[] = [ + 'class' => ForeignAPIRepo::class, + 'name' => 'wikimediacommons', + 'apibase' => 'https://commons.wikimedia.org/w/api.php', + 'url' => 'https://upload.wikimedia.org/wikipedia/commons', + 'thumbUrl' => 'https://upload.wikimedia.org/wikipedia/commons/thumb', + 'hashLevels' => 2, + 'transformVia404' => true, + 'fetchDescription' => true, + 'descriptionCacheExpiry' => 604800, + 'apiThumbCacheExpiry' => 604800, +]; <% end -%> ## If you use ImageMagick (or any other shell command) on a @@ -128,7 +147,11 @@ $wgShellLocale = "en_US.utf8"; # Site language code, should be one of the list in ./languages/Names.php $wgLanguageCode = "en"; -$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>'; +## Enable setting the page content language by users +$wgPageLanguageUseDB = true; +$wgGroupPermissions['user']['pagelang'] = true; + +$wgSecretKey = '<%= @secret_key %>'; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place @@ -160,157 +183,90 @@ $wgResourceLoaderMaxQueryLength = -1; # End of automatically generated settings. # Add more configuration options below. -#Only Allow Signed-in users to edit +# Only Allow Signed-in users to edit $wgGroupPermissions['*']['edit'] = false; -#Only allow autoconfirmed for a few actions -$wgGroupPermissions['user']['move'] = false; -$wgGroupPermissions['user']['movefile'] = false; -$wgGroupPermissions['user']['move-categorypages'] = false; -$wgGroupPermissions['user']['upload'] = false; -$wgGroupPermissions['autoconfirmed']['move'] = true; -$wgGroupPermissions['autoconfirmed']['movefile'] = true; -$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true; -$wgGroupPermissions['autoconfirmed']['upload'] = true; - -#Allow bureaucrat group access to oversight options +# Allow bureaucrat group access to oversight options $wgGroupPermissions['bureaucrat']['hideuser'] = true; $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; +# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites, +# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops. +# Also remove the interface-admin group to avoid confusion. +$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] ); +unset( $wgGroupPermissions['interface-admin'] ); +unset( $wgRevokePermissions['interface-admin'] ); +unset( $wgAddGroups['interface-admin'] ); +unset( $wgRemoveGroups['interface-admin'] ); +unset( $wgGroupsAddToSelf['interface-admin'] ); +unset( $wgGroupsRemoveFromSelf['interface-admin'] ); + +# The v1.32+ gadget system also requires two additional rights +# See https://www.mediawiki.org/wiki/Extension:Gadgets +$wgGroupPermissions['sysop']['gadgets-edit'] = true; +$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true; + <% if @mediawiki[:private_accounts] -%> -#Prevent new user registrations except by existing users +# Prevent new user registrations except by existing users $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['user']['createaccount'] = true; <% end -%> -<% if @mediawiki[:private] -%> -#Disable reading by anonymous users +<% if @mediawiki[:private_site] -%> +# Disable reading by anonymous users $wgGroupPermissions['*']['read'] = false; -#Allow anonymous users to access the login page +# Allow anonymous users to access the login page $wgWhitelistRead = array ("Special:Userlogin"); -#Prevent new user registrations except by sysops +# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false; -#Restrict access to the upload directory +# Restrict access to the upload directory $wgUploadPath = "$wgScriptPath/img_auth.php"; <% end -%> -#Allow Subpages on Main Namespace +# Allow Subpages on Main Namespace $wgNamespacesWithSubpages[NS_MAIN] = true; -#DNS Blacklists to use +# DNS Blacklists to use $wgEnableDnsBlacklist = true; -$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' ); +$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' ); -#Require validated email to edit +# Require validated email to edit $wgEmailConfirmToEdit = true; # Extend autoblock period $wgAutoblockExpiry = 7776000; // 90 days -# Spam filter regex -$wgSpamRegex = '/\b(gmail|dell|asus|eps(o|0)n|br(o|0)ther|can(o|0)n|hp|k(o|0)dak|lexmark|mcafee|bitdefender|n(o|0)rt(o|0)n( 360)?|avira|kaspersky|avg|avast|micr(o|0)s(o|0)ft|(o|0)utl(o|0)(o|0)k|printer|netgear( r(o|0)uter)?|quickb(o|0)(o|0)ks( payr(o|0)ll)?)( antivirus)?( helpline| cust(o|0)mer|( technical| tech)| cust(o|0)mer service)? (supp(o|0)rt number|ph(o|0)ne number|supp(o|0)rt ph(o|0)ne number|care number|helpdesk number)\b/i'; - -#Autopromote users to autoconfirmed -$wgAutoConfirmAge = 345600; // 4 days -$wgAutoConfirmCount = 10; - -#Disable Hit Counter for Performance +# Disable Hit Counter for Performance $wgDisableCounters = TRUE; -#Disable IP in Header to avoid cache issue +# Disable IP in Header to avoid cache issue $wgShowIPinHeader = FALSE; -#Job Runs by cron -$wgJobRunRate = 0; +# Job Runs mostly by cron +$wgJobRunRate = 0.01; + +# dissolves double redirects automatically +$wgFixDoubleRedirects = TRUE; # Allow external images from a few sites -$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'http://svenanders.openstreetmap.de/', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' ); +$wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'https://tile.openstreetmap.org', 'http://josm.openstreetmap.de/', 'http://trac.openstreetmap.org/', 'http://rweait.dev.openstreetmap.org/' ); $wgNoFollowDomainExceptions = array( 'www.openstreetmap.org', 'josm.openstreetmap.de', 'taginfo.openstreetmap.org', 'blog.openstreetmap.org', 'wiki.osmfoundation.org' ); -#FIXME - move to specific -$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'portal-url', 'mapfeatures-url', 'helppage' ); - -#FIXME - move to specific +# FIXME - move to specific $wgAllowUserJs = TRUE; $wgAllowUserCss = TRUE; -#FIXME - move to specific -#DE -define('NS_LANG_DE', 200); -$wgExtraNamespaces[NS_LANG_DE] = 'DE'; -$wgNamespacesWithSubpages[NS_LANG_DE] = TRUE; -$wgContentNamespaces[] = NS_LANG_DE; -define('NS_LANG_DE_TALK', 201); -$wgExtraNamespaces[NS_LANG_DE_TALK] = 'DE_talk'; -$wgNamespacesWithSubpages[NS_LANG_DE_TALK] = TRUE; - -#FR -define('NS_LANG_FR', 202); -$wgExtraNamespaces[NS_LANG_FR] = 'FR'; -$wgNamespacesWithSubpages[NS_LANG_FR] = TRUE; -$wgContentNamespaces[] = NS_LANG_FR; -define('NS_LANG_FR_TALK', 203); -$wgExtraNamespaces[NS_LANG_FR_TALK] = 'FR_talk'; -$wgNamespacesWithSubpages[NS_LANG_FR_TALK] = TRUE; - -#ES -define('NS_LANG_ES', 204); -$wgExtraNamespaces[NS_LANG_ES] = 'ES'; -$wgNamespacesWithSubpages[NS_LANG_ES] = TRUE; -$wgContentNamespaces[] = NS_LANG_ES; -define('NS_LANG_ES_TALK', 205); -$wgExtraNamespaces[NS_LANG_ES_TALK] = 'ES_talk'; -$wgNamespacesWithSubpages[NS_LANG_ES_TALK] = TRUE; - -#IT -define('NS_LANG_IT', 206); -$wgExtraNamespaces[NS_LANG_IT] = 'IT'; -$wgNamespacesWithSubpages[NS_LANG_IT] = TRUE; -$wgContentNamespaces[] = NS_LANG_IT; -define('NS_LANG_IT_TALK', 207); -$wgExtraNamespaces[NS_LANG_IT_TALK] = 'IT_talk'; -$wgNamespacesWithSubpages[NS_LANG_IT_TALK] = TRUE; - -#NL -define('NS_LANG_NL', 208); -$wgExtraNamespaces[NS_LANG_NL] = 'NL'; -$wgNamespacesWithSubpages[NS_LANG_NL] = TRUE; -$wgContentNamespaces[] = NS_LANG_NL; -define('NS_LANG_NL_TALK', 209); -$wgExtraNamespaces[NS_LANG_NL_TALK] = 'NL_talk'; -$wgNamespacesWithSubpages[NS_LANG_NL_TALK] = TRUE; - -#RU -define('NS_LANG_RU', 210); -$wgExtraNamespaces[NS_LANG_RU] = 'RU'; -$wgNamespacesWithSubpages[NS_LANG_RU] = TRUE; -$wgContentNamespaces[] = NS_LANG_RU; -define('NS_LANG_RU_TALK', 211); -$wgExtraNamespaces[NS_LANG_RU_TALK] = 'RU_talk'; -$wgNamespacesWithSubpages[NS_LANG_RU_TALK] = TRUE; - -#JA -define('NS_LANG_JA', 212); -$wgExtraNamespaces[NS_LANG_JA] = 'JA'; -$wgNamespacesWithSubpages[NS_LANG_JA] = TRUE; -$wgContentNamespaces[] = NS_LANG_JA; -define('NS_LANG_JA_TALK', 213); -$wgExtraNamespaces[NS_LANG_JA_TALK] = 'JA_talk'; -$wgNamespacesWithSubpages[NS_LANG_JA_TALK] = TRUE; - -$wgNamespacesToBeSearchedDefault[NS_LANG_DE] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_FR] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_ES] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_IT] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_NL] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_RU] = TRUE; -$wgNamespacesToBeSearchedDefault[NS_LANG_JA] = TRUE; +# Raise expensive lua (and other function) call limits to match WP +# Docs: https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit +# Wikipedia's Config: https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php +$wgExpensiveParserFunctionLimit = 500; + <% if @mediawiki[:site_notice] -%> $wgSiteNotice = "<%= @mediawiki[:site_notice] %>"; @@ -319,6 +275,41 @@ $wgSiteNotice = "<%= @mediawiki[:site_notice] %>"; $wgReadOnly = "<%= @mediawiki[:site_readonly] %>"; <% end -%> +# load extensions <% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%> <%= "require_once('#{file}');" %> <% end -%> + +<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%> +# require user confirmation for certain actions +$wgGroupPermissions['user']['move'] = false; +$wgGroupPermissions['user']['movefile'] = false; +$wgGroupPermissions['user']['move-categorypages'] = false; +$wgGroupPermissions['user']['upload'] = false; +$wgGroupPermissions['autoconfirmed']['move'] = true; +$wgGroupPermissions['autoconfirmed']['movefile'] = true; +$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true; +$wgGroupPermissions['autoconfirmed']['upload'] = true; +# Autopromote users to autoconfirmed +$wgAutoConfirmAge = 345600; // 4 days +$wgAutoConfirmCount = 10; + +# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops +$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed']; +$wgAddGroups['sysop'][] = 'confirmed'; +$wgRemoveGroups['sysop'][] = 'confirmed'; +<% end -%> + +<% if @mediawiki[:private_accounts] or @mediawiki[:private_site] -%> +# disable automatic confirmation of users, grant all "autoconfirmed" rights to all users +$wgAutoConfirmAge = 0; +$wgAutoConfirmCount = 0; +$wgGroupPermissions['user'] = array_merge( $wgGroupPermissions['user'], $wgGroupPermissions['autoconfirmed'] ); + +unset( $wgGroupPermissions['autoconfirmed'] ); +unset( $wgRevokePermissions['autoconfirmed'] ); +unset( $wgAddGroups['autoconfirmed'] ); +unset( $wgRemoveGroups['autoconfirmed'] ); +unset( $wgGroupsAddToSelf['autoconfirmed'] ); +unset( $wgGroupsRemoveFromSelf['autoconfirmed'] ); +<% end -%>