diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index f69db4f3e..7619d0a9c 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -107,9 +107,9 @@ key "ABF5BD827BD9BF62" end -apt_repository "elasticsearch5.x" do - action repository_actions["elasticsearch5.x"] - uri "https://artifacts.elastic.co/packages/5.x/apt" +apt_repository "elasticsearch6.x" do + action repository_actions["elasticsearch6.x"] + uri "https://artifacts.elastic.co/packages/6.x/apt" distribution "stable" components ["main"] key "D27D666CD88E42B4" diff --git a/cookbooks/foundation/recipes/board.rb b/cookbooks/foundation/recipes/board.rb index ac39f67f5..82b2eb8ff 100644 --- a/cookbooks/foundation/recipes/board.rb +++ b/cookbooks/foundation/recipes/board.rb @@ -35,8 +35,6 @@ email_sender "webmaster@openstreetmap.org" email_sender_name "OSMF Board Wiki" private_site true - recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N" - recaptcha_private_key passwords["board"]["recaptcha"] version "1.37" end diff --git a/cookbooks/foundation/recipes/dwg.rb b/cookbooks/foundation/recipes/dwg.rb index ae0f1d37a..f939fb420 100644 --- a/cookbooks/foundation/recipes/dwg.rb +++ b/cookbooks/foundation/recipes/dwg.rb @@ -35,8 +35,6 @@ email_sender "webmaster@openstreetmap.org" email_sender_name "OSMF Board Wiki" private_site true - recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N" - recaptcha_private_key passwords["dwg"]["recaptcha"] version "1.37" end diff --git a/cookbooks/foundation/recipes/mwg.rb b/cookbooks/foundation/recipes/mwg.rb index 4775934a9..dd0bdab52 100644 --- a/cookbooks/foundation/recipes/mwg.rb +++ b/cookbooks/foundation/recipes/mwg.rb @@ -35,8 +35,6 @@ email_sender "webmaster@openstreetmap.org" email_sender_name "OSMF Board Wiki" private_site true - recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N" - recaptcha_private_key passwords["mwg"]["recaptcha"] version "1.37" end diff --git a/cookbooks/foundation/recipes/wiki.rb b/cookbooks/foundation/recipes/wiki.rb index b6470e158..199389d0e 100644 --- a/cookbooks/foundation/recipes/wiki.rb +++ b/cookbooks/foundation/recipes/wiki.rb @@ -41,8 +41,6 @@ email_sender "webmaster@openstreetmap.org" email_sender_name "OSMF Wiki" private_accounts true - recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N" - recaptcha_private_key passwords["wiki"]["recaptcha"] extra_file_extensions ["mp3"] version "1.37" end diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb index 82ae15c28..0508bcbad 100644 --- a/cookbooks/mediawiki/resources/site.rb +++ b/cookbooks/mediawiki/resources/site.rb @@ -42,8 +42,8 @@ property :admin_password, :kind_of => String, :required => [:create] property :private_accounts, :kind_of => [TrueClass, FalseClass], :default => false property :private_site, :kind_of => [TrueClass, FalseClass], :default => false -property :recaptcha_public_key, :kind_of => String -property :recaptcha_private_key, :kind_of => String +property :hcaptcha_public_key, :kind_of => String, :default => "" +property :hcaptcha_private_key, :kind_of => String, :default => "" property :extra_file_extensions, :kind_of => [String, Array], :default => [] property :fpm_max_children, :kind_of => Integer, :default => 5 property :fpm_start_servers, :kind_of => Integer, :default => 2 @@ -297,8 +297,8 @@ mediawiki_extension "ConfirmEdit" do site new_resource.site template "mw-ext-ConfirmEdit.inc.php.erb" - variables :public_key => new_resource.recaptcha_public_key, - :private_key => new_resource.recaptcha_private_key + variables :public_key => new_resource.hcaptcha_public_key, + :private_key => new_resource.hcaptcha_private_key update_site false end end @@ -386,6 +386,11 @@ update_site false end + mediawiki_extension "CategoryTree" do + site new_resource.site + update_site false + end + mediawiki_extension "cldr" do site new_resource.site template "mw-ext-cldr.inc.php.erb" diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index b27f7c11b..d5bbf71a7 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -186,16 +186,6 @@ $wgResourceLoaderMaxQueryLength = -1; # Only Allow Signed-in users to edit $wgGroupPermissions['*']['edit'] = false; -# Only allow autoconfirmed for a few actions -$wgGroupPermissions['user']['move'] = false; -$wgGroupPermissions['user']['movefile'] = false; -$wgGroupPermissions['user']['move-categorypages'] = false; -$wgGroupPermissions['user']['upload'] = false; -$wgGroupPermissions['autoconfirmed']['move'] = true; -$wgGroupPermissions['autoconfirmed']['movefile'] = true; -$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true; -$wgGroupPermissions['autoconfirmed']['upload'] = true; - # Allow bureaucrat group access to oversight options $wgGroupPermissions['bureaucrat']['hideuser'] = true; $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; @@ -224,8 +214,8 @@ $wgGroupPermissions['sysop']['gadgets-definition-edit'] = true; $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['user']['createaccount'] = true; <% end -%> -<% if @mediawiki[:private_site] -%> +<% if @mediawiki[:private_site] -%> # Disable reading by anonymous users $wgGroupPermissions['*']['read'] = false; @@ -239,13 +229,6 @@ $wgGroupPermissions['*']['createaccount'] = false; $wgUploadPath = "$wgScriptPath/img_auth.php"; <% end -%> -<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%> -# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops -$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed']; -$wgAddGroups['sysop'][] = 'confirmed'; -$wgRemoveGroups['sysop'][] = 'confirmed'; -<% end -%> - # Allow Subpages on Main Namespace $wgNamespacesWithSubpages[NS_MAIN] = true; @@ -259,10 +242,6 @@ $wgEmailConfirmToEdit = true; # Extend autoblock period $wgAutoblockExpiry = 7776000; // 90 days -# Autopromote users to autoconfirmed -$wgAutoConfirmAge = 345600; // 4 days -$wgAutoConfirmCount = 10; - # Disable Hit Counter for Performance $wgDisableCounters = TRUE; # Disable IP in Header to avoid cache issue @@ -279,15 +258,24 @@ $wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'https://t $wgNoFollowDomainExceptions = array( 'www.openstreetmap.org', 'josm.openstreetmap.de', 'taginfo.openstreetmap.org', 'blog.openstreetmap.org', 'wiki.osmfoundation.org' ); -# FIXME - move to specific -# defines which links of the sidebar are translatable -$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'mapfeatures-url', 'contributors-url', 'helppage', 'blogs-url', 'shop-url', 'sitesupport-url' ); - # FIXME - move to specific $wgAllowUserJs = TRUE; $wgAllowUserCss = TRUE; -# FIXME - move to specific +# Raise expensive lua (and other function) call limits to match WP +# Docs: https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit +# Wikipedia's Config: https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php +$wgExpensiveParserFunctionLimit = 500; + + +<% if @mediawiki[:site_notice] -%> +$wgSiteNotice = "<%= @mediawiki[:site_notice] %>"; +<% end -%> +<% if @mediawiki[:site_readonly] -%> +$wgReadOnly = "<%= @mediawiki[:site_readonly] %>"; +<% end -%> + +<% if @name == "wiki.openstreetmap.org" -%> # DE define('NS_LANG_DE', 200); $wgExtraNamespaces[NS_LANG_DE] = 'DE'; @@ -351,6 +339,17 @@ define('NS_LANG_JA_TALK', 213); $wgExtraNamespaces[NS_LANG_JA_TALK] = 'JA_talk'; $wgNamespacesWithSubpages[NS_LANG_JA_TALK] = TRUE; +# Proposal +# namespace features a specific search weight defined at +# cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb +define('NS_PROPOSAL', 3000); +$wgExtraNamespaces[NS_PROPOSAL] = 'Proposal'; +$wgNamespacesWithSubpages[NS_PROPOSAL] = TRUE; +$wgContentNamespaces[] = NS_PROPOSAL; +define('NS_PROPOSAL_TALK', 3001); +$wgExtraNamespaces[NS_PROPOSAL_TALK] = 'Proposal talk'; +$wgNamespacesWithSubpages[NS_PROPOSAL_TALK] = TRUE; + $wgNamespacesToBeSearchedDefault[NS_LANG_DE] = TRUE; $wgNamespacesToBeSearchedDefault[NS_LANG_FR] = TRUE; $wgNamespacesToBeSearchedDefault[NS_LANG_ES] = TRUE; @@ -358,21 +357,54 @@ $wgNamespacesToBeSearchedDefault[NS_LANG_IT] = TRUE; $wgNamespacesToBeSearchedDefault[NS_LANG_NL] = TRUE; $wgNamespacesToBeSearchedDefault[NS_LANG_RU] = TRUE; $wgNamespacesToBeSearchedDefault[NS_LANG_JA] = TRUE; +$wgNamespacesToBeSearchedDefault[NS_PROPOSAL] = TRUE; +# defines which links of the sidebar are translatable +$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'mapfeatures-url', 'contributors-url', 'helppage', 'blogs-url', 'shop-url', 'sitesupport-url' ); +<% end -%> -# Raise expensive lua (and other function) call limits to match WP -# Docs: https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit -# Wikipedia's Config: https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php -$wgExpensiveParserFunctionLimit = 500; - +# load extensions +<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%> +<%= "require_once('#{file}');" %> +<% end -%> -<% if @mediawiki[:site_notice] -%> -$wgSiteNotice = "<%= @mediawiki[:site_notice] %>"; +<% if @name == "wiki.openstreetmap.org" -%> +# setting the search weight of the main wiki's proposal namespace lower then general talk pages (0.2), but +# higher then wiki project namespace (0.1) +# Documentation at https://phabricator.wikimedia.org/source/extension-cirrussearch/browse/master/docs/settings.txt$693 +$wgCirrusSearchNamespaceWeights = array_merge ( $wgCirrusSearchNamespaceWeights, array ( NS_PROPOSAL => 0.15 )); <% end -%> -<% if @mediawiki[:site_readonly] -%> -$wgReadOnly = "<%= @mediawiki[:site_readonly] %>"; + +<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%> +# require user confirmation for certain actions +$wgGroupPermissions['user']['move'] = false; +$wgGroupPermissions['user']['movefile'] = false; +$wgGroupPermissions['user']['move-categorypages'] = false; +$wgGroupPermissions['user']['upload'] = false; +$wgGroupPermissions['autoconfirmed']['move'] = true; +$wgGroupPermissions['autoconfirmed']['movefile'] = true; +$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true; +$wgGroupPermissions['autoconfirmed']['upload'] = true; +# Autopromote users to autoconfirmed +$wgAutoConfirmAge = 345600; // 4 days +$wgAutoConfirmCount = 10; + +# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops +$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed']; +$wgAddGroups['sysop'][] = 'confirmed'; +$wgRemoveGroups['sysop'][] = 'confirmed'; <% end -%> -<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%> -<%= "require_once('#{file}');" %> +<% if @mediawiki[:private_accounts] or @mediawiki[:private_site] -%> +# disable automatic confirmation of users, grant all "autoconfirmed" rights to all users +$wgAutoConfirmAge = 0; +$wgAutoConfirmCount = 0; +$wgGroupPermissions['user'] = array_merge( $wgGroupPermissions['user'], $wgGroupPermissions['autoconfirmed'] ); + +unset( $wgGroupPermissions['autoconfirmed'] ); +unset( $wgRevokePermissions['autoconfirmed'] ); +unset( $wgAddGroups['autoconfirmed'] ); +unset( $wgRemoveGroups['autoconfirmed'] ); +unset( $wgGroupsAddToSelf['autoconfirmed'] ); +unset( $wgGroupsRemoveFromSelf['autoconfirmed'] ); <% end -%> diff --git a/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb b/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb index 50e1d4801..2e0af37ba 100644 --- a/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb +++ b/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb @@ -1,12 +1,12 @@ '; -$wgReCaptchaSecretKey = '<%= @private_key %>'; - -$wgCaptchaTriggers['addurl'] = true; -$wgCaptchaTriggers['create'] = true; +wfLoadExtensions( array( 'ConfirmEdit', 'ConfirmEdit/hCaptcha' ) ); +$wgHCaptchaSendRemoteIP = true; +$wgHCaptchaSiteKey = '<%= @public_key %>'; +$wgHCaptchaSecretKey = '<%= @private_key %>'; $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true; +$wgGroupPermissions['bot' ]['skipcaptcha'] = true; +$wgGroupPermissions['sysop' ]['skipcaptcha'] = true; + +$wgRateLimits['badcaptcha']['newbie'] = [ 100, 86400 ]; diff --git a/cookbooks/wiki/recipes/default.rb b/cookbooks/wiki/recipes/default.rb index 72af19cb8..ef0d16b8b 100644 --- a/cookbooks/wiki/recipes/default.rb +++ b/cookbooks/wiki/recipes/default.rb @@ -53,8 +53,8 @@ metanamespace "Wiki" - recaptcha_public_key "6LdFIQATAAAAAMwtHeI8KDgPqvRbXeNYSq1gujKz" - recaptcha_private_key passwords["recaptcha"] + hcaptcha_public_key "b67a410b-955e-4049-b432-f9c00e0202c0" + hcaptcha_private_key passwords["hcaptcha"] # site_notice "MAINTENANCE: WIKI READ-ONLY UNTIL Monday 16 May 2016 - 11:00am UTC/GMT." # site_readonly "MAINTENANCE: WIKI READ-ONLY UNTIL Monday 16 May 2016 - 11:00am UTC/GMT." diff --git a/roles/dev.rb b/roles/dev.rb index 482c3cb00..f9b9b29be 100644 --- a/roles/dev.rb +++ b/roles/dev.rb @@ -5,7 +5,7 @@ :accounts => { :users => { :edgemaster => { :status => false }, - :emacsen => { :status => :administrator }, + :emacsen => { :status => :user }, :twain => { :status => :user }, :bretth => { :status => false }, :richard => { :status => false }, diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb index 8260dfb28..635e197fa 100644 --- a/roles/ironbelly.rb +++ b/roles/ironbelly.rb @@ -73,21 +73,6 @@ }, :rsyncd => { :modules => { - :hosts => { - :comment => "Host data", - :path => "/home/hosts", - :read_only => true, - :write_only => false, - :list => false, - :uid => "tomh", - :gid => "tomh", - :transfer_logging => false, - :hosts_allow => [ - "212.110.172.32", # shenron - "2001:41c9:1:400::32", # shenron - "212.159.112.221" # grant - ] - }, :logs => { :comment => "Log files", :path => "/store/logs", diff --git a/test/data_bags/wiki/passwords.json b/test/data_bags/wiki/passwords.json index 109e87137..961e60f96 100644 --- a/test/data_bags/wiki/passwords.json +++ b/test/data_bags/wiki/passwords.json @@ -1,6 +1,6 @@ { "database": "database_password", "admin": "admin_password", - "recaptcha": "precaptcha_token", + "hcaptcha": "precaptcha_token", "thunderforest": "thunderforest_token" }