diff --git a/data_bags/credentials/mediawiki.json b/data_bags/credentials/mediawiki.json new file mode 100644 index 0000000..87ef8a9 --- /dev/null +++ b/data_bags/credentials/mediawiki.json @@ -0,0 +1,15 @@ +{ + "id": "mediawiki", + "antispam_key": { + "encrypted_data": "0geoVeZ/umKaBCbhDfxkacWt4sWQBHrRxYGTSsaC5gw=\n", + "iv": "YxwNvI3HXeMZRHFpv+QLcQ==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "db_pass": { + "encrypted_data": "aQ1soJeRPq9TQuDglkXrl10rIx5RpBNd5HltKVsYgLHedS5zXy8ylBhNdgBW\nb6slPhsbAB9d45aZAac7LUSbMIDIg8P+Zdx/0+IaEuwcpuQ=\n", + "iv": "RDS39dqjBPO0CyyANsa+2g==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} \ No newline at end of file diff --git a/data_bags/credentials/mysql.json b/data_bags/credentials/mysql.json new file mode 100644 index 0000000..d7de692 --- /dev/null +++ b/data_bags/credentials/mysql.json @@ -0,0 +1,9 @@ +{ + "id": "mysql", + "root_password": { + "encrypted_data": "4W8ZGojCtqO/WPqhgA/x7HkJO+RSJMlBSKCWh+sCbYwyLctdDJiFbTQQYLpH\nxRVQ\n", + "iv": "9HB8SG7jpROy6hNiNaJA9Q==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} \ No newline at end of file diff --git a/nodes/dev.kosmos.org.json b/nodes/dev.kosmos.org.json index a26250d..64748f8 100644 --- a/nodes/dev.kosmos.org.json +++ b/nodes/dev.kosmos.org.json @@ -4,7 +4,8 @@ "sockethub", "sockethub::proxy", "kosmos-hubot", - "kosmos-wordpress" + "kosmos-wordpress", + "kosmos-mediawiki" ], "automatic": { "ipaddress": "dev.kosmos.org" diff --git a/site-cookbooks/kosmos-mediawiki/CHANGELOG.md b/site-cookbooks/kosmos-mediawiki/CHANGELOG.md new file mode 100644 index 0000000..7c7650b --- /dev/null +++ b/site-cookbooks/kosmos-mediawiki/CHANGELOG.md @@ -0,0 +1,13 @@ +kosmos-mediawiki CHANGELOG +========================== + +This file is used to list changes made in each version of the kosmos-mediawiki cookbook. + +0.1.0 +----- +- [your_name] - Initial release of kosmos-mediawiki + +- - - +Check the [Markdown Syntax Guide](http://daringfireball.net/projects/markdown/syntax) for help with Markdown. + +The [Github Flavored Markdown page](http://github.github.com/github-flavored-markdown/) describes the differences between markdown on github and standard markdown. diff --git a/site-cookbooks/kosmos-mediawiki/README.md b/site-cookbooks/kosmos-mediawiki/README.md new file mode 100644 index 0000000..2013831 --- /dev/null +++ b/site-cookbooks/kosmos-mediawiki/README.md @@ -0,0 +1,68 @@ +kosmos-mediawiki Cookbook +========================= +TODO: Enter the cookbook description here. + +e.g. +This cookbook makes your favorite breakfast sandwich. + +Requirements +------------ +TODO: List your cookbook requirements. Be sure to include any requirements this cookbook has on platforms, libraries, other cookbooks, packages, operating systems, etc. + +e.g. +#### packages +- `toaster` - kosmos-mediawiki needs toaster to brown your bagel. + +Attributes +---------- +TODO: List your cookbook attributes here. + +e.g. +#### kosmos-mediawiki::default + + + + + + + + + + + + + +
KeyTypeDescriptionDefault
['kosmos-mediawiki']['bacon']Booleanwhether to include bacontrue
+ +Usage +----- +#### kosmos-mediawiki::default +TODO: Write usage instructions for each cookbook. + +e.g. +Just include `kosmos-mediawiki` in your node's `run_list`: + +```json +{ + "name":"my_node", + "run_list": [ + "recipe[kosmos-mediawiki]" + ] +} +``` + +Contributing +------------ +TODO: (optional) If this is a public cookbook, detail the process for contributing. If this is a private cookbook, remove this section. + +e.g. +1. Fork the repository on Github +2. Create a named feature branch (like `add_component_x`) +3. Write your change +4. Write tests for your change (if applicable) +5. Run the tests, ensuring they all pass +6. Submit a Pull Request using Github + +License and Authors +------------------- +Authors: TODO: List authors diff --git a/site-cookbooks/kosmos-mediawiki/files/default/kosmos.png b/site-cookbooks/kosmos-mediawiki/files/default/kosmos.png new file mode 100644 index 0000000..b4186f8 Binary files /dev/null and b/site-cookbooks/kosmos-mediawiki/files/default/kosmos.png differ diff --git a/site-cookbooks/kosmos-mediawiki/metadata.rb b/site-cookbooks/kosmos-mediawiki/metadata.rb new file mode 100644 index 0000000..6c2d421 --- /dev/null +++ b/site-cookbooks/kosmos-mediawiki/metadata.rb @@ -0,0 +1,11 @@ +name 'kosmos-mediawiki' +maintainer 'YOUR_COMPANY_NAME' +maintainer_email 'YOUR_EMAIL' +license 'All rights reserved' +description 'Installs/Configures kosmos-mediawiki' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '0.1.0' + +depends "mediawiki" +depends "firewall" +depends "ark" diff --git a/site-cookbooks/kosmos-mediawiki/recipes/default.rb b/site-cookbooks/kosmos-mediawiki/recipes/default.rb new file mode 100644 index 0000000..cd31f17 --- /dev/null +++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb @@ -0,0 +1,141 @@ +# +# Cookbook Name:: kosmos-mediawiki +# Recipe:: default +# +# Copyright 2016, YOUR_COMPANY_NAME +# +# All rights reserved - Do Not Redistribute +# + +include_recipe 'apt' +include_recipe 'ark' + +node.override['mediawiki']['version'] = "1.26.2" +node.override['mediawiki']['webdir'] = "#{node["mediawiki"]["docroot_dir"]}/mediawiki-#{node['mediawiki']['version']}" +node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz" +node.override['mediawiki']['tarball']['url'] = "https://releases.wikimedia.org/mediawiki/1.26/#{node['mediawiki']['tarball']['name']}" +node.override['mediawiki']['language_code'] = 'en' +node.override['mediawiki']['server_name'] = 'wiki.kosmos.org' +node.override['mediawiki']['site_name'] = 'Kosmos Wiki' +node.override['mediawiki']['server'] = "https://#{node['mediawiki']['server_name']}" + +mysql_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mysql') +mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki') + +node.override['mediawiki']['db']['root_password'] = mysql_credentials["root_password"] +node.override['mediawiki']['db']['pass'] = mediawiki_credentials["db_pass"] + +# Fix bug in php cookbook +if platform?('ubuntu') && node[:platform_version].to_f == 14.04 + node.override['php']['ext_conf_dir'] = '/etc/php5/mods-available' +end + +directory "#{node['mediawiki']['webdir']}/skins/common/images" do + owner node['nginx']['user'] + group node['nginx']['group'] + recursive true + mode 0750 +end + +cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do + source 'kosmos.png' + owner node['nginx']['user'] + group node['nginx']['group'] + mode 0640 +end + +include_recipe "mediawiki" +include_recipe "kosmos-nginx" +include_recipe "mediawiki::nginx" + +data_bag_item = Chef::EncryptedDataBagItem.load('certificates', 'wildcard_kosmos_org') + +ssl_cert_path = "/etc/ssl/private/wildcard.kosmos.org.crt" +file ssl_cert_path do + content data_bag_item['ssl_cert'] + mode 0600 + owner 'www-data' + sensitive true +end + +ssl_key_path = "/etc/ssl/private/wildcard.kosmos.org.key" +file ssl_key_path do + content data_bag_item['ssl_key'] + mode 0600 + owner 'www-data' + sensitive true +end + +template "#{node['nginx']['dir']}/sites-available/mediawiki" do + source "nginx.conf.erb" + variables( + docroot: node['mediawiki']['webdir'], + server_name: node['mediawiki']['server_name'], + ssl_cert: ssl_cert_path, + ssl_key: ssl_key_path + ) + action :create + notifies :reload, "service[nginx]", :delayed +end + +nginx_site 'mediawiki' do + enable true +end + +# Extensions + +mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki') + +ark "antispam" do + url "https://github.com/CleanTalk/mediawiki-antispam/archive/1.6.zip" + path "#{node['mediawiki']['webdir']}/extensions/Antispam" + owner node["nginx"]["user"] + group node["nginx"]["group"] + mode 0750 + action :dump +end + +ruby_block "configuration" do + block do + file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php") + file.search_file_replace_line(/\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";/, + "$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";") + file.insert_line_if_no_match(/# Our config/, + <<-EOF +# Our config +$wgGroupPermissions['*']['edit'] = false; +$wgGroupPermissions['team'] = $wgGroupPermissions['user']; +$wgGroupPermissions['user' ]['edit'] = false; +$wgGroupPermissions['user']['editsemiprotected'] = false; +$wgGroupPermissions['autoconfirmed']['editsemiprotected'] = false; +$wgGroupPermissions['team']['edit'] = true; +$wgGroupPermissions['team']['protect'] = true; +$wgGroupPermissions['team']['editsemiprotected'] = true; +$wgGroupPermissions['team']['editprotected'] = true; +$wgGroupPermissions['sysop']['edit'] = true; +$wgEnableUploads = true; + +$wgExtraNamespaces[100] = "Feature"; +$wgNamespacesWithSubpages[100] = true; +$wgExtraNamespaces[101] = "Feature_Talk"; +# Only allow sysops to edit "Feature" namespace +$wgGroupPermissions['team']['editfeature'] = true; +$wgGroupPermissions['sysop']['editfeature'] = true; +$wgNamespaceProtection[100] = array( 'editfeature' ); +$wgSMTP = array ( + 'IDHost' => 'kosmos.org', //this is used to build the Message-ID mail header + 'host' => 'localhost', //this is the outgoing mail server name (SMTP server) + 'port' => 25, //this is the port used by the SMTP server + 'auth' => false, //in my case, authentication is not required by the mail server for outgoing mail +); +$wgPasswordReminderResendTime = 0; +$wgArticlePath = "/$1"; + EOF + ) + file.insert_line_if_no_match(/Antispam\.php/, + "require_once \"$IP/extensions/Antispam/Antispam.php\";") + file.insert_line_if_no_match(/wgCTAccessKey/, + "$wgCTAccessKey = \"#{mediawiki_credentials['antispam_key']}\";") + file.write_file + end +end diff --git a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb new file mode 100644 index 0000000..8e8c009 --- /dev/null +++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb @@ -0,0 +1,32 @@ +server { + listen 80; + listen 443 ssl; + server_name <%= @server_name %>; + + access_log /var/log/nginx/<%= @server_name %>.access.log; + error_log /var/log/nginx/<%= @server_name %>.error.log; + + root <%= @docroot %>; + index index.php; + + location / { + try_files $uri $uri/ /index.php?$args; + set $redirect_to_ssl "no"; + if ($ssl_protocol = "") { + set $redirect_to_ssl "yes"; + } + if ($redirect_to_ssl = yes) { + rewrite ^(.*) https://$host$1 permanent; + } + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9002; + fastcgi_param SCRIPT_FILENAME <%= @docroot %>$fastcgi_script_name; + } + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; +} diff --git a/site-cookbooks/kosmos-nginx/metadata.rb b/site-cookbooks/kosmos-nginx/metadata.rb index 23f8528..5ccc89c 100644 --- a/site-cookbooks/kosmos-nginx/metadata.rb +++ b/site-cookbooks/kosmos-nginx/metadata.rb @@ -7,3 +7,4 @@ long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' depends 'nginx' +depends 'firewall' diff --git a/site-cookbooks/kosmos-nginx/recipes/default.rb b/site-cookbooks/kosmos-nginx/recipes/default.rb index 1e74a57..e6e2042 100644 --- a/site-cookbooks/kosmos-nginx/recipes/default.rb +++ b/site-cookbooks/kosmos-nginx/recipes/default.rb @@ -24,6 +24,7 @@ EOF include_recipe 'nginx' +include_recipe 'kosmos-base::firewall' firewall_rule 'http/https' do port [80, 443] diff --git a/site-cookbooks/kosmos-wordpress/recipes/default.rb b/site-cookbooks/kosmos-wordpress/recipes/default.rb index 1aa792c..262df54 100644 --- a/site-cookbooks/kosmos-wordpress/recipes/default.rb +++ b/site-cookbooks/kosmos-wordpress/recipes/default.rb @@ -7,7 +7,9 @@ # All rights reserved - Do Not Redistribute # -node.override['wordpress']['db']['root_password'] = "eiSi9aegebietheoBaogh8ay" +mysql_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mysql') + +node.override['wordpress']['db']['root_password'] = mysql_credentials["root_password"] node.override['wordpress']['server_name'] = "blog.kosmos.org" node.override['wordpress']['server_aliases'] = ["blog.kosmos.org"] node.override['wordpress']['db']['mysql_version'] = "5.6"