summaryrefslogtreecommitdiff
path: root/config-service-wiki.PKGBUILD
blob: f9b48fba4caad9cdc14d497a124adafb98d0e2cc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
. ${BUILDFILE%/*}/common.sh
pkgver=20161111.3

package() {
preamble

depends+=(
	# PHP
	config-mgmt-certbot
	config-mgmt-nginx
	config-mgmt-uwsgi
	uwsgi-plugin-php
	php-apcu-bc
	php-intl
	# External
	mariadb
	imagemagick
	# Deployment
	git
)

add-file -m755 etc/ssl/misc/certbot-get.d/10-wiki <<EOF
#!/bin/bash
echo wiki.{parabola.nu,parabolagnulinux.org}
EOF

add-file etc/nginx/sites/server-wiki_parabola_nu.conf <<EOF
# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-

server {
	server_name wiki.parabola.nu;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	error_log  /var/log/nginx/nginx.http.wiki_parabola_nu.error.log  error;
	access_log /var/log/nginx/nginx.http.wiki_parabola_nu.access.log specific;

	location = /favicon.ico {
		alias /srv/http/\$server_name/skins/ArchLinux/favicon.ico;
	}

	location = /robots.txt {
		alias /srv/http/\$server_name/robots.txt;
	}

	index index.php;
	location /                     { root /var/empty; try_files /bogus @rewrite; }
	location /images/              { }
	location /skins/               { }
	location /resources/           { }
	location /api.php              { root /var/empty; try_files /bogus @php; }
	location /api.php5             { root /var/empty; try_files /bogus @php; }
	location /img_auth.php         { root /var/empty; try_files /bogus @php; }
	location /img_auth.php5        { root /var/empty; try_files /bogus @php; }
	location /index.php            { root /var/empty; try_files /bogus @php; }
	location /index.php5           { root /var/empty; try_files /bogus @php; }
	location /load.php             { root /var/empty; try_files /bogus @php; }
	location /load.php5            { root /var/empty; try_files /bogus @php; }
	location /opensearch_desc.php  { root /var/empty; try_files /bogus @php; }
	location /opensearch_desc.php5 { root /var/empty; try_files /bogus @php; }
	location /profileinfo.php      { root /var/empty; try_files /bogus @php; }
	location /thumb.php            { root /var/empty; try_files /bogus @php; }
	location /thumb.php5           { root /var/empty; try_files /bogus @php; }
	location /thumb_handler.php    { root /var/empty; try_files /bogus @php; }
	location /thumb_handler.php5   { root /var/empty; try_files /bogus @php; }
	location /wiki.phtml           { root /var/empty; try_files /bogus @php; }

	location @rewrite {
		rewrite ^/(.*)\$ /index.php?title=\$1&\$args;
	}

	location @php {
		uwsgi_cache_key \$host\$request_uri;
		uwsgi_cache_valid 5m;
		#uwsgi_cache one;

		include uwsgi_params;
		uwsgi_modifier1 14; # Standard PHP request
		uwsgi_pass unix:/run/uwsgi/wiki.sock;
	}
}
EOF

add-file etc/cron.spool/wiki <<EOF
0 0 * * * /srv/http/wiki.parabola.nu/FunnyQuestion.conf.php.sh
EOF

add-file etc/uwsgi/wiki.ini <<EOF
[uwsgi]
master = true
processes = 4

uid = %n
gid = http

plugins = php

# Native code is faster than PHP fallback code
php-set = extension=intl.so

# Required for MediaWiki
php-set = extension=iconv.so

php-set = extension=mysqli.so

# Enable OPcache bytecode caching
php-set = zend_extension=opcache.so

# Enable APCu object caching (related to LocalSettings.php:$wgMainCacheType=CACHE_ACCEL)
php-set = extension=apcu.so
php-set = extension=apc.so

# Restrict the files that can be opened:
# - /srv/http/wiki.parabola.nu: duh, the PHP code
# - /usr/bin: to check for diff3, imagemagick, et c.
# - /tmp: eh?
php-set = open_basedir=/srv/http/wiki.parabola.nu:/usr/bin:/tmp
EOF

add-unit etc/systemd/system/sockets.target.wants/uwsgi@wiki.socket

postamble
}