Wiki

Admins: Til, Nerade

Das Wiki nutzt Gollum mit CommonMarker als Renderer und Omnigollum und Omniauth openid_connect für Authentication. Der Kontent liegt in einem Repo.

Das Wiki des Wiki Systems ist eine ganz gute Quelle falls man speziellere Dinge vor hat.

Maintenance

Änderung die potentiell nach einem Update erneuert werden müssen:

omniauth_openid_connect-0.4.0/lib/omniauth/strategies/openid_connect.rb:17: Die Exception wurde auskommentiert.

/var/lib/gems/2.7.0/gems/omnigollum-0.1.6/lib/omnigollum.rb:218: Hinzugefügt

app.set :session_secret, SecureRandom.hex(64)
app.set :sessions, :expire_after, 24 * 60 * 60
app.set :protection, :session => true
app.set :sessions, :same_site => :lax
app.set :protection, :except => [:http_origin]

Defaultmässig wird Kramdown oder Redcarpet als MarkDown Renderer verwendet, diese sollten mit CommonMarker ersetzt werden

Zum Updaten wie normal # apt update && apt upgrade && apt auto-remove und dazu # gem update ausführen. Services:

gollum.service: Der Gollum Server
gollum-wiki-pull.service und gollum-wiki-pull.timer: Script das alle 15sec das Repo vom Gittea pullt

Config (ohne Secrets)

# Options for wiki usage
wiki_options = {
  :h1_title => true,
  :user_icons => 'gravatar',
  :live_preview => false,
  :allow_uploads => true,
  :per_page_uploads => false,
  :allow_editing => true,
  :css => true,
  :js => false,
  :mathjax => true,
  :emoji => true,
  :show_all => true,
  :universal_toc => true
}
Precious::App.set(:wiki_options, wiki_options)

gollum_path = '/srv/gollum/repo'
Precious::App.set(:gollum_path, gollum_path)

require 'omnigollum'
require 'omniauth/strategies/openid_connect'

# https://github.com/arr2036/omnigollum/issues/64#issuecomment-861526646
OmniAuth.config.allowed_request_methods = [:post, :get]

auth_options = {
  :providers => Proc.new do
    provider :openid_connect, {
      name: 'openid_connect', # Apparently name must be the same than the provider name
      scope: [:openid, :email, :user_name, :display_name],
      response_type: :code,
      uid_field: "preferred_username",
      discovery: true,
      issuer: "https://gluu.labor23.org",
      client_options: {
        port: 443,
        scheme: "https",
        host: "gluu.labor23.org",
        identifier: "CENSORED",
        secret: "CENSORED",
        redirect_uri: "https://wiki.labor23.org/__omnigollum__/auth/openid_connect/callback",
      },
    }
  end,
  :dummy_auth => false,
  :protected_routes => Omnigollum::Config.default_options[:protected_routes] + ['/intern/*', '/intern'],
  :authorized_users => nil,
  :author_format => Proc.new { |user| user.name },
  :author_email => Proc.new { |user| user.email }
}

Precious::App.set(:environment, :production)
#Precious::App.set(:environment, :development)
Precious::App.set(:omnigollum, auth_options)
Precious::App.register Omnigollum::Sinatra

# Gollum hooks for keeping in sync with origin repo
Gollum::Hook.register(:post_commit, :hook_id) do |committer, sha1|
  # This would be cleaner, but sadly doesn't work
  #committer.wiki.repo.git.pull('origin', committer.wiki.ref)
  #committer.wiki.repo.git.push('origin', committer.wiki.ref)

  system('cd ' + gollum_path + '; git pull; git push')
end