Initial commit

2014-11-23 19:45:01 +00:00
commit 3b1b23732e
19 changed files with 625 additions and 0 deletions
--- a/templates/local.php.erb
+++ b/templates/local.php.erb
@@ -0,0 +1,13 @@
+<?php
+/**
+ * This initial file was deployed via puppet but will not be replaced
+ * and can be modified using the dokuwiki admin interface. Settings
+ * that should be continually managed by puppet should be put into the
+ * local.protected.php file instead.
+ *
+ * This is an example of how a local.php could look like.
+ * Simply copy the options you want to change from dokuwiki.php
+ * to this file and change them.
+ */
+
+
--- a/templates/local.protected.php.erb
+++ b/templates/local.protected.php.erb
@@ -0,0 +1,49 @@
+<?php
+    # Managed by puppet
+    # Local modifications to this file will be lost
+
+$conf['title']       = '<%= @wiki_title %>';
+$conf['savedir']     = '<%= @data_dir %>';
+$conf['useacl']      = <%= @use_acl ? 1 : 0 %>;
+$conf['userewrite']  = <%= @use_rewrite ? 1 : 0 %>;
+
+# Disable use of any standard content licenses, e.g. CC
+$conf['license']     = '<%= @content_license %>';
+
+# Override the page lock timer
+$conf['locktime']    = <%= @locktime %>; # 30*60
+
+# User interface tweaks
+$conf['breadcrumbs'] = <%= @breadcrumbs ? 1 : 0 %>;
+$conf['youarehere']  = <%= @youarehere ? 1 : 0 %>;
+$conf['updatecheck'] = <%= @updatecheck ? 1 : 0 %>;
+
+# Authentication
+$conf['openregister']                     = 
+$conf['authtype']                         = '<%= @auth_type %>';
+<%- if @auth_type == 'ldap' -%>
+$conf['auth']['ldap']['version']          = '<%= @ldap_version %>';
+$conf['auth']['ldap']['server']           = 'ldap://<%= @ldap_servers.join(" ") %>:389';
+$conf['auth']['ldap']['usertree']         = '<%= @ldap_user_tree %>';
+$conf['auth']['ldap']['userfilter']       = '<%= @ldap_user_filter %>';
+$conf['auth']['ldap']['userscope']        = '<%= @ldap_user_scope %>';
+$conf['auth']['ldap']['grouptree']        = '<%= @ldap_group_tree %>';
+$conf['auth']['ldap']['groupfilter']      = '<%= @ldap_group_filter %>';
+$conf['auth']['ldap']['groupscope']       = '<%= @ldap_group_scope %>';
+$conf['auth']['ldap']['starttls']         =  <%= @ldap_starttls ? 1 : 0 %>;
+$conf['auth']['ldap']['sso']              =  <%= @ldap_use_sso ? 1 : 0 %>;
+$conf['auth']['ldap']['recursive']        =  <%= @ldap_recursive_search ? 1 : 0 %>;
+$conf['auth']['ldap']['binddn']           = '<%= @ldap_binddn %>';
+$conf['auth']['ldap']['bindpw']           = '<%= @ldap_bindpw %>';
+$conf['auth']['ldap']['referrals']        =  <%= @use_referrals ? 1 : 0 %>;
+$conf['auth']['ldap']['mapping']['name']  = '<%= @ldap_mapping_name %>';
+$conf['auth']['ldap']['mapping']['grps']  = array();
+<%- @ldap_mapping_groups.each do |key, value| -%>
+$conf['auth']['ldap']['mapping']['grps']['<%= key %>'] = '<%= value %>';
+<%- end -%>
+$conf['auth']['ldap']['debug']            = 1;
+<%- end -%>
+
+$conf['manager']                          = '<%= @management_group %>';
+$conf['superuser']                        = '<%= @management_group %>';
+
--- a/templates/vhost.conf.erb
+++ b/templates/vhost.conf.erb
@@ -0,0 +1,60 @@
+<VirtualHost *:80>
+ 
+     ServerName <%= @vhost %>
+     DocumentRoot <%= @install_dir %>/<%= @base_path %>
+ 
+     # Permit larger file uploads
+     php_value upload_max_filesize 20M
+     # Must be at least as large as upload_max_filesize, plus a bit
+     # for the form metadata
+     php_value post_max_size 24M
+ 
+     <Directory "<%= @install_dir %>/<%= @base_path %><%= @base_path_suffix %>">
+             AllowOverride None
+             Options +FollowSymLinks
+             Order Allow,Deny
+             Allow from All
+ 
+<%- if @auth_type == 'ldap' -%>
+             AuthType Basic
+             AuthName "LDAP Auth"
+             AuthBasicProvider "ldap"
+             AuthLDAPUrl "ldap://<%= @ldap_servers.join(" ") %>:389/<%= @ldap_usertree %>?<%= @ldap_user_account_attr %>?<%= @ldap_user_scope %>"
+             Require valid-user
+<%- end -%>
+ 
+             RewriteEngine on
+             RewriteBase /<%= @base_path %><%= @base_path_suffix %>
+             RewriteRule ^_media/(.*)              lib/exe/fetch.php?media=$1  [QSA,L]
+             RewriteRule ^_detail/(.*)             lib/exe/detail.php?media=$1  [QSA,L]
+             RewriteRule ^_export/([^/]+)/(.*)     doku.php?do=export_$1&id=$2  [QSA,L]
+             RewriteRule ^$                        doku.php  [L]
+             RewriteCond %{REQUEST_FILENAME}       !-f
+             RewriteCond %{REQUEST_FILENAME}       !-d
+             RewriteRule (.*)                      doku.php?id=$1  [QSA,L]
+             RewriteRule ^index.php$               doku.php
+     </Directory>
+ 
+     # Explicitly deny access to all code and configuration directories
+     <Directory "<%= @install_dir %>/<%= @base_path %><%= @base_path_suffix %>/inc">
+             Order Deny,Allow
+             Deny from all
+     </Directory>
+ 
+     <Directory "<%= @install_dir %>/<%= @base_path %><%= @base_path_suffix %>/inc/lang">
+             Order Deny,Allow
+             Deny from all
+     </Directory>
+ 
+     <Directory "<%= @install_dir %>/<%= @base_path %><%= @base_path_suffix %>/lib/_fla">
+             ## no access to the fla directory
+             Order allow,deny
+             Deny from all
+     </Directory>
+ 
+     <Directory /etc/dokuwiki>
+             Order Deny,Allow
+             Deny from all
+     </Directory>
+ 
+ </VirtualHost>