#
# Cookbook Name:: kosmos-mediawiki
# Recipe:: default
#
# Copyright 2016, Kosmos
#
# All rights reserved - Do Not Redistribute
#

include_recipe 'apt'
include_recipe 'ark'
include_recipe 'composer'

# FIXME: For now run the update script manually after updating:
#
# sudo su - /var/www/mediawiki-1.xx.y/maintenance/update.php
node.override['mediawiki']['version']         = "1.28.0"
node.override['mediawiki']['webdir']          = "#{node['mediawiki']['docroot_dir']}/mediawiki-#{node['mediawiki']['version']}"
node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
node.override['mediawiki']['tarball']['url']  = "https://releases.wikimedia.org/mediawiki/1.28/#{node['mediawiki']['tarball']['name']}"
node.override['mediawiki']['language_code']   = 'en'
node.override['mediawiki']['server_name']     = 'wiki.kosmos.org'
node.override['mediawiki']['site_name']       = 'Kosmos Wiki'
protocol = node.chef_environment == "development" ? "http" : "https"
node.override['mediawiki']['server']          = "#{protocol}://#{node['mediawiki']['server_name']}"
mysql_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mysql')
mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')

node.override['mediawiki']['db']['root_password'] = mysql_credentials["root_password"]
node.override['mediawiki']['db']['pass'] = mediawiki_credentials["db_pass"]

# Fix bug in php cookbook
if platform?('ubuntu') && node[:platform_version].to_f == 14.04
  node.override['php']['ext_conf_dir']          = '/etc/php5/mods-available'
end

directory "#{node['mediawiki']['webdir']}/skins/common/images" do
  owner node['nginx']['user']
  group node['nginx']['group']
  recursive true
  mode 0750
end

cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
  source 'kosmos.png'
  owner node['nginx']['user']
  group node['nginx']['group']
  mode 0640
end

directory "#{node['mediawiki']['webdir']}/.well-known/acme-challenge" do
  owner     node["nginx"]["user"]
  group     node["nginx"]["group"]
  recursive true
  action    :create
end

include_recipe "mediawiki"
include_recipe "kosmos-nginx"
include_recipe "mediawiki::nginx"

unless node.chef_environment == "development"
  include_recipe "kosmos-base::letsencrypt"

  execute "letsencrypt cert for wiki.kosmos.org" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['mediawiki']['docroot_dir']} -d wiki.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/wiki.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end

  execute "letsencrypt cert for wiki.kosmos.org" do
    command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node["mediawiki"]["docroot_dir"]} -d wiki.kosmos.org -n"
    cwd "/usr/local/certbot"
    not_if { File.exist? "/etc/letsencrypt/live/wiki.kosmos.org/fullchain.pem" }
    notifies :reload, "service[nginx]", :delayed
  end
end
ssl_cert = "/etc/letsencrypt/live/wiki.kosmos.org/fullchain.pem"
ssl_key = "/etc/letsencrypt/live/wiki.kosmos.org/privkey.pem"
template "#{node['nginx']['dir']}/sites-available/mediawiki" do
  source "nginx.conf.erb"
  variables(
    docroot:        node['mediawiki']['webdir'],
    server_name:    node['mediawiki']['server_name'],
    ssl_cert:       ssl_cert,
    ssl_key:        ssl_key
  )
  action :create
  notifies :reload, "service[nginx]", :delayed
end

nginx_site 'mediawiki' do
  enable true
end

#
# Extensions
#

mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')

#
# Cleantalk Antispam
#

ark "antispam" do
  url "https://github.com/CleanTalk/mediawiki-antispam/archive/1.8.zip"
  path "#{node['mediawiki']['webdir']}/extensions/Antispam"
  owner node["nginx"]["user"]
  group node["nginx"]["group"]
  mode 0750
  action :dump
end

#
# MediawikiHubot extension
#

# requires curl extension
if platform?('ubuntu') && node[:platform_version].to_f < 16.04
  package "php5-curl"
else
  package "php-curl"
end

ark "MediawikiHubot" do
  url "https://github.com/67P/mediawiki-hubot/archive/master.zip"
  path "#{node['mediawiki']['webdir']}/extensions/MediawikiHubot"
  creates "MediawikiHubot/MediawikiHubot.php"
  action :cherry_pick
end

hal8000_freenode_data_bag_item = Chef::EncryptedDataBagItem.load('credentials', 'hal8000_freenode')
webhook_token = hal8000_freenode_data_bag_item['webhook_token']

template "#{node['mediawiki']['webdir']}/extensions/MediawikiHubot/DefaultConfig.php" do
  source "MediawikiHubot/DefaultConfig.php.erb"
  variables webhook_url: "http://localhost:8080/incoming/#{webhook_token}",
            room_name: "#kosmos",
            wiki_url: "https://wiki.kosmos.org/"
end

ruby_block "configuration" do
  block do
    file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
    file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
                                  "$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";")
    file.insert_line_if_no_match(/# Our config/,
                                 <<-EOF
# Our config
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['team'] = $wgGroupPermissions['user'];
$wgGroupPermissions['user'   ]['edit']       = false;
$wgGroupPermissions['user']['editsemiprotected'] = false;
$wgGroupPermissions['autoconfirmed']['editsemiprotected'] = false;
$wgGroupPermissions['team']['edit']          = true;
$wgGroupPermissions['team']['protect']  = true;
$wgGroupPermissions['team']['editsemiprotected']  = true;
$wgGroupPermissions['team']['editprotected']  = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgEnableUploads = true;

$wgExtraNamespaces[100] = "Feature";
$wgNamespacesWithSubpages[100] = true;
$wgExtraNamespaces[101] = "Feature_Talk";
# Only allow sysops to edit "Feature" namespace
$wgGroupPermissions['team']['editfeature'] = true;
$wgGroupPermissions['sysop']['editfeature'] = true;
$wgNamespaceProtection[100] = array( 'editfeature' );
$wgSMTP = array (
   'IDHost' => 'kosmos.org', //this is used to build the Message-ID mail header
   'host'   => 'localhost', //this is the outgoing mail server name (SMTP server)
   'port'   => 25, //this is the port used by the SMTP server
   'auth'   => false,  //in my case, authentication is not required by the mail server for outgoing mail
);
$wgPasswordReminderResendTime = 0;
$wgArticlePath = "/$1";
                                 EOF
                                )
    file.insert_line_if_no_match(/Antispam\.php/,
                                 "require_once \"$IP/extensions/Antispam/Antispam.php\";")
    file.insert_line_if_no_match(/wgCTAccessKey/,
                                 "$wgCTAccessKey = \"#{mediawiki_credentials['antispam_key']}\";")
    file.insert_line_if_no_match(/MediawikiHubot\.php/,
                                 "require_once \"$IP/extensions/MediawikiHubot/MediawikiHubot.php\";")

    file.insert_line_if_no_match(/Mermaid/,
                                 "wfLoadExtension( 'Mermaid' );")

    file.write_file
  end
end

#
# Composer dependencies
#

file "#{node['mediawiki']['webdir']}/composer.local.json" do
  requires = { "require": {
    "mediawiki/mermaid": "~1.0"
  }}.to_json
  content requires
  owner node['nginx']['user']
  group node['nginx']['group']
end

composer_project node['mediawiki']['webdir'] do
  dev false
  quiet true
  prefer_dist false
  user node['nginx']['user']
  group node['nginx']['group']
  action :install
end

#
# Backup
#

unless node.chef_environment == "development"
  node.override["backup"]["mysql"]["host"] = "localhost"
  node.override["backup"]["mysql"]["username"] = "root"
  node.override["backup"]["mysql"]["password"] = node["mediawiki"]["db"]["root_password"]
  unless node["backup"]["mysql"]["databases"].include? 'mediawikidb'
    node.override["backup"]["mysql"]["databases"] =
      node["backup"]["mysql"]["databases"].to_a << "mediawikidb"
  end

  include_recipe "backup"
end