#
# Cookbook Name:: kosmos-mediawiki
# Recipe:: default
#
# Copyright 2016, YOUR_COMPANY_NAME
#
# All rights reserved - Do Not Redistribute
#

include_recipe 'apt'
include_recipe 'ark'

node.override['mediawiki']['version']         = "1.26.2"
node.override['mediawiki']['webdir']          = "#{node["mediawiki"]["docroot_dir"]}/mediawiki-#{node['mediawiki']['version']}"
node.override['mediawiki']['tarball']['name'] = "mediawiki-#{node['mediawiki']['version']}.tar.gz"
node.override['mediawiki']['tarball']['url']  = "https://releases.wikimedia.org/mediawiki/1.26/#{node['mediawiki']['tarball']['name']}"
node.override['mediawiki']['language_code']   = 'en'
node.override['mediawiki']['server_name']     = 'wiki.kosmos.org'
node.override['mediawiki']['site_name']       = 'Kosmos Wiki'
node.override['mediawiki']['server']          = "https://#{node['mediawiki']['server_name']}"

mysql_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mysql')
mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')

node.override['mediawiki']['db']['root_password'] = mysql_credentials["root_password"]
node.override['mediawiki']['db']['pass'] = mediawiki_credentials["db_pass"]

# Fix bug in php cookbook
if platform?('ubuntu') && node[:platform_version].to_f == 14.04
  node.override['php']['ext_conf_dir']          = '/etc/php5/mods-available'
end

directory "#{node['mediawiki']['webdir']}/skins/common/images" do
  owner node['nginx']['user']
  group node['nginx']['group']
  recursive true
  mode 0750
end

cookbook_file "#{node['mediawiki']['webdir']}/skins/common/images/kosmos.png" do
  source 'kosmos.png'
  owner node['nginx']['user']
  group node['nginx']['group']
  mode 0640
end

include_recipe "mediawiki"
include_recipe "kosmos-nginx"
include_recipe "mediawiki::nginx"

data_bag_item = Chef::EncryptedDataBagItem.load('certificates', 'wildcard_kosmos_org')

ssl_cert_path = "/etc/ssl/private/wildcard.kosmos.org.crt"
file ssl_cert_path do
  content   data_bag_item['ssl_cert']
  mode      0600
  owner     'www-data'
  sensitive true
end

ssl_key_path = "/etc/ssl/private/wildcard.kosmos.org.key"
file ssl_key_path do
  content   data_bag_item['ssl_key']
  mode      0600
  owner     'www-data'
  sensitive true
end

template "#{node['nginx']['dir']}/sites-available/mediawiki" do
  source "nginx.conf.erb"
  variables(
    docroot:        node['mediawiki']['webdir'],
    server_name:    node['mediawiki']['server_name'],
    ssl_cert:       ssl_cert_path,
    ssl_key:        ssl_key_path
  )
  action :create
  notifies :reload, "service[nginx]", :delayed
end

nginx_site 'mediawiki' do
  enable true
end

# Extensions

mediawiki_credentials = Chef::EncryptedDataBagItem.load('credentials', 'mediawiki')

ark "antispam" do
  url "https://github.com/CleanTalk/mediawiki-antispam/archive/1.6.zip"
  path "#{node['mediawiki']['webdir']}/extensions/Antispam"
  owner node["nginx"]["user"]
  group node["nginx"]["group"]
  mode 0750
  action :dump
end

ruby_block "configuration" do
  block do
    file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
    file.search_file_replace_line(/\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";/,
                                  "$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";")
    file.insert_line_if_no_match(/# Our config/,
                                 <<-EOF
# Our config
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['team'] = $wgGroupPermissions['user'];
$wgGroupPermissions['user'   ]['edit']       = false;
$wgGroupPermissions['user']['editsemiprotected'] = false;
$wgGroupPermissions['autoconfirmed']['editsemiprotected'] = false;
$wgGroupPermissions['team']['edit']          = true;
$wgGroupPermissions['team']['protect']  = true;
$wgGroupPermissions['team']['editsemiprotected']  = true;
$wgGroupPermissions['team']['editprotected']  = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgEnableUploads = true;

$wgExtraNamespaces[100] = "Feature";
$wgNamespacesWithSubpages[100] = true;
$wgExtraNamespaces[101] = "Feature_Talk";
# Only allow sysops to edit "Feature" namespace
$wgGroupPermissions['team']['editfeature'] = true;
$wgGroupPermissions['sysop']['editfeature'] = true;
$wgNamespaceProtection[100] = array( 'editfeature' );
$wgSMTP = array (
   'IDHost' => 'kosmos.org', //this is used to build the Message-ID mail header
   'host'   => 'localhost', //this is the outgoing mail server name (SMTP server)
   'port'   => 25, //this is the port used by the SMTP server
   'auth'   => false,  //in my case, authentication is not required by the mail server for outgoing mail
);
$wgPasswordReminderResendTime = 0;
$wgArticlePath = "/$1";
                                 EOF
                                )
    file.insert_line_if_no_match(/Antispam\.php/,
                                 "require_once \"$IP/extensions/Antispam/Antispam.php\";")
    file.insert_line_if_no_match(/wgCTAccessKey/,
                                 "$wgCTAccessKey = \"#{mediawiki_credentials['antispam_key']}\";")
    file.write_file
  end
end