github-migration
/
dokuwiki-sandstorm
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Initial commit.

This commit is contained in:
Nolan Darilek 2015-11-15 21:57:07 -06:00
commit 6d20100350
14 changed files with 5945 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
.vagrant
*.spk

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "dokuwiki"]
path = dokuwiki
url = git://github.com/splitbrain/dokuwiki.git

96
.sandstorm/Vagrantfile vendored Normal file
View File

@ -0,0 +1,96 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Guess at a reasonable name for the VM based on the folder vagrant-spk is
# run from. The timestamp is there to avoid conflicts if you have multiple
# folders with the same name.
VM_NAME = File.basename(File.dirname(File.dirname(__FILE__))) + "_sandstorm_#{Time.now.utc.to_i}"
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# We base ourselves off Debian Jessie
config.vm.box = "debian/jessie64"
if Vagrant.has_plugin?("vagrant-vbguest") then
# vagrant-vbguest is a Vagrant plugin that upgrades
# the version of VirtualBox Guest Additions within each
# guest. If you have the vagrant-vbguest plugin, then it
# needs to know how to compile kernel modules, etc., and so
# we give it this hint about operating system type.
config.vm.guest = "debian"
end
# We forward port 6080, the Sandstorm web port, so that developers can
# visit their sandstorm app from their browser as local.sandstorm.io:6080
# (aka 127.0.0.1:6080).
config.vm.network :forwarded_port, guest: 6080, host: 6080
# Use a shell script to "provision" the box. This installs Sandstorm using
# the bundled installer.
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/global-setup.sh", keep_color: true
# Then, do stack-specific and app-specific setup.
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/setup.sh", keep_color: true
# Shared folders are configured per-provider since vboxsf can't handle >4096 open files,
# NFS requires privilege escalation every time you bring a VM up,
# and 9p is only available on libvirt.
# Calculate the number of CPUs and the amount of RAM the system has,
# in a platform-dependent way; further logic below.
cpus = nil
total_kB_ram = nil
host = RbConfig::CONFIG['host_os']
if host =~ /darwin/
cpus = `sysctl -n hw.ncpu`.to_i
total_kB_ram = `sysctl -n hw.memsize`.to_i / 1024
elsif host =~ /linux/
cpus = `nproc`.to_i
total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i
elsif host =~ /mingw/
# powershell may not be available on Windows XP and Vista, so wrap this in a rescue block
begin
cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i
total_kB_ram = `powershell -Command "Get-CimInstance -class cim_physicalmemory | % $_.Capacity}"`.to_i / 1024
rescue
end
end
# Use the same number of CPUs within Vagrant as the system, with 1
# as a default.
#
# Use at least 512MB of RAM, and if the system has more than 2GB of
# RAM, use 1/4 of the system RAM. This seems a reasonable compromise
# between having the Vagrant guest operating system not run out of
# RAM entirely (which it basically would if we went much lower than
# 512MB) and also allowing it to use up a healthily large amount of
# RAM so it can run faster on systems that can afford it.
if cpus.nil? or cpus.zero?
cpus = 1
end
if total_kB_ram.nil? or total_kB_ram < 2048000
assign_ram_mb = 512
else
assign_ram_mb = (total_kB_ram / 1024 / 4)
end
# Actually apply these CPU/memory values to the providers.
config.vm.provider :virtualbox do |vb, override|
vb.cpus = cpus
vb.memory = assign_ram_mb
vb.name = VM_NAME
override.vm.synced_folder "..", "/opt/app"
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm"
override.vm.synced_folder "..", "/vagrant"
end
config.vm.provider :libvirt do |libvirt, override|
libvirt.cpus = cpus
libvirt.memory = assign_ram_mb
libvirt.default_prefix = VM_NAME
override.vm.synced_folder "..", "/opt/app", type: "9p", accessmode: "passthrough"
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", type: "9p", accessmode: "passthrough"
override.vm.synced_folder "..", "/vagrant", type: "9p", accessmode: "passthrough"
end
end

13
.sandstorm/build.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# Checks if there's a composer.json, and if so, installs/runs composer.
set -euo pipefail
cd /opt/app/dokuwiki
if [ -f /opt/app/dokuwiki/composer.json ] ; then
if [ ! -f composer.phar ] ; then
curl -sS https://getcomposer.org/installer | php
fi
php composer.phar install
fi

34
.sandstorm/global-setup.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
set -euo pipefail
CURL_OPTS="--silent --show-error"
echo localhost > /etc/hostname
hostname localhost
curl $CURL_OPTS https://install.sandstorm.io/ > /host-dot-sandstorm/caches/install.sh
SANDSTORM_CURRENT_VERSION=$(curl $CURL_OPTS -f "https://install.sandstorm.io/dev?from=0&type=install")
SANDSTORM_PACKAGE="sandstorm-$SANDSTORM_CURRENT_VERSION.tar.xz"
if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then
echo -n "Downloading Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
curl $CURL_OPTS --output "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "https://dl.sandstorm.io/$SANDSTORM_PACKAGE"
mv "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE"
echo "...done."
fi
if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then
echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
bash /host-dot-sandstorm/caches/install.sh -d -e "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null
echo "...done."
fi
modprobe ip_tables
# Make the vagrant user part of the sandstorm group so that commands like
# `spk dev` work.
usermod -a -G 'sandstorm' 'vagrant'
# Bind to all addresses, so the vagrant port-forward works.
sudo sed --in-place='' \
--expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \
/opt/sandstorm/sandstorm.conf
sudo service sandstorm restart
# Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP
GATEWAY_IP=$(ip route | grep ^default | cut -d ' ' -f 3)
if nc -z "$GATEWAY_IP" 3142 ; then
echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy
fi

29
.sandstorm/launcher.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Create a bunch of folders under the clean /var that php and nginx expect to exist
mkdir -p /var/lib/nginx
mkdir -p /var/lib/php5/sessions
mkdir -p /var/log
mkdir -p /var/log/nginx
mkdir -p /var/www
# Wipe /var/run, since pidfiles and socket files from previous launches should go away
# TODO someday: I'd prefer a tmpfs for these.
rm -rf /var/run
mkdir -p /var/run
# Spawn php
/usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf &
# Wait until php have bound its socket, indicating readiness
while [ ! -e /var/run/php5-fpm.sock ] ; do
echo "waiting for php5-fpm to be available at /var/run/php5-fpm.sock"
sleep .2
done
rsync -a /opt/app/dokuwiki/ /var/www
if [ ! -f /var/www/conf/local.php ]; then
cp /opt/app/local.php /var/www/conf
fi
# Start nginx.
/usr/sbin/nginx -g "daemon off;"

5421
.sandstorm/sandstorm-files.list Normal file
View File

File diff suppressed because it is too large Load Diff

239
.sandstorm/sandstorm-pkgdef.capnp Normal file
View File

@ -0,0 +1,239 @@
@0xf1392eefc31cb097;
using Spk = import "/sandstorm/package.capnp";
# This imports:
# $SANDSTORM_HOME/latest/usr/include/sandstorm/package.capnp
# Check out that file to see the full, documented package definition format.
const pkgdef :Spk.PackageDefinition = (
# The package definition. Note that the spk tool looks specifically for the
# "pkgdef" constant.
id = "nx3dqcmz2sjjz939vkg4847vvxrzqsatqfjrt3ea50z3jac5kv7h",
# Your app ID is actually its public key. The private key was placed in
# your keyring. All updates must be signed with the same key.
manifest = (
# This manifest is included in your app package to tell Sandstorm
# about your app.
appTitle = (defaultText = "DokuWiki"),
appVersion = 0, # Increment this for every release.
appMarketingVersion = (defaultText = "2015-08-10a"),
# Human-readable representation of appVersion. Should match the way you
# identify versions of your app in documentation and marketing.
actions = [
# Define your "new document" handlers here.
( title = (defaultText = "New Wiki"),
command = .myCommand
# The command to run when starting for the first time. (".myCommand"
# is just a constant defined at the bottom of the file.)
)
],
continueCommand = .myCommand,
# This is the command called to start your app back up after it has been
# shut down for inactivity. Here we're using the same command as for
# starting a new instance, but you could use different commands for each
# case.
metadata = (
# Data which is not needed specifically to execute the app, but is useful
# for purposes like marketing and display. These fields are documented at
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#add-required-metadata
# and (in deeper detail) in the sandstorm source code, in the Metadata section of
# https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
icons = (
# Various icons to represent the app in various contexts.
#appGrid = (svg = embed "path/to/appgrid-128x128.svg"),
#grain = (svg = embed "path/to/grain-24x24.svg"),
#market = (svg = embed "path/to/market-150x150.svg"),
#marketBig = (svg = embed "path/to/market-big-300x300.svg"),
),
website = "http://dokuwiki.org",
# This should be the app's main website url.
codeUrl = "https://dev.thewordnerd.info/nolan/dokuwiki-sandstorm",
# URL of the app's source code repository, e.g. a GitHub URL.
# Required if you specify a license requiring redistributing code, but optional otherwise.
license = (none = void),
# The license this package is distributed under. See
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#license
categories = [],
# A list of categories/genres to which this app belongs, sorted with best fit first.
# See the list of categories at
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#categories
author = (
# Fields relating to the author of this app.
contactEmail = "nolan@thewordnerd.info",
# Email address to contact for any issues with this app. This includes end-user support
# requests as well as app store administrator requests, so it is very important that this be a
# valid address with someone paying attention to it.
pgpSignature = embed "../pgp-signature",
# PGP signature attesting responsibility for the app ID. This is a binary-format detached
# signature of the following ASCII message (not including the quotes, no newlines, and
# replacing <app-id> with the standard base-32 text format of the app's ID):
#
# "I am the author of the Sandstorm.io app with the following ID: <app-id>"
#
# You can create a signature file using `gpg` like so:
#
# echo -n "I am the author of the Sandstorm.io app with the following ID: <app-id>" | gpg --sign > pgp-signature
#
# Further details including how to set up GPG and how to use keybase.io can be found
# at https://docs.sandstorm.io/en/latest/developing/publishing-apps/#verify-your-identity
upstreamAuthor = "DokuWiki Team",
# Name of the original primary author of this app, if it is different from the person who
# produced the Sandstorm package. Setting this implies that the author connected to the PGP
# signature only "packaged" the app for Sandstorm, rather than developing the app.
# Remove this line if you consider yourself as the author of the app.
),
pgpKeyring = embed "../pgp-keyring",
# A keyring in GPG keyring format containing all public keys needed to verify PGP signatures in
# this manifest (as of this writing, there is only one: `author.pgpSignature`).
#
# To generate a keyring containing just your public key, do:
#
# gpg --export <key-id> > keyring
#
# Where `<key-id>` is a PGP key ID or email address associated with the key.
description = (defaultText = embed "../description.md"),
# The app's description description in Github-flavored Markdown format, to be displayed e.g.
# in an app store. Note that the Markdown is not permitted to contain HTML nor image tags (but
# you can include a list of screenshots separately).
shortDescription = (defaultText = "Wiki"),
# A very short (one-to-three words) description of what the app does. For example,
# "Document editor", or "Notetaking", or "Email client". This will be displayed under the app
# title in the grid view in the app market.
screenshots = [
# Screenshots to use for marketing purposes. Examples below.
# Sizes are given in device-independent pixels, so if you took these
# screenshots on a Retina-style high DPI screen, divide each dimension by two.
#(width = 746, height = 795, jpeg = embed "path/to/screenshot-1.jpeg"),
#(width = 640, height = 480, png = embed "path/to/screenshot-2.png"),
],
changeLog = (defaultText = embed "../changelog.md"),
# Documents the history of changes in Github-flavored markdown format (with the same restrictions
# as govern `description`). We recommend formatting this with an H1 heading for each version
# followed by a bullet list of changes.
),
),
sourceMap = (
# Here we defined where to look for files to copy into your package. The
# `spk dev` command actually figures out what files your app needs
# automatically by running it on a FUSE filesystem. So, the mappings
# here are only to tell it where to find files that the app wants.
searchPath = [
( sourcePath = "." ), # Search this directory first.
( sourcePath = "/", # Then search the system root directory.
hidePaths = [ "home", "proc", "sys",
"etc/passwd", "etc/hosts", "etc/host.conf",
"etc/nsswitch.conf", "etc/resolv.conf" ]
# You probably don't want the app pulling files from these places,
# so we hide them. Note that /dev, /var, and /tmp are implicitly
# hidden because Sandstorm itself provides them.
)
]
),
fileList = "sandstorm-files.list",
# `spk dev` will write a list of all the files your app uses to this file.
# You should review it later, before shipping your app.
alwaysInclude = ["opt/app/dokuwiki"],
# Fill this list with more names of files or directories that should be
# included in your package, even if not listed in sandstorm-files.list.
# Use this to force-include stuff that you know you need but which may
# not have been detected as a dependency during `spk dev`. If you list
# a directory here, its entire contents will be included recursively.
bridgeConfig = (
# # Used for integrating permissions and roles into the Sandstorm shell
# # and for sandstorm-http-bridge to pass to your app.
# # Uncomment this block and adjust the permissions and roles to make
# # sense for your app.
# # For more information, see high-level documentation at
# # https://docs.sandstorm.io/en/latest/developing/auth/
# # and advanced details in the "BridgeConfig" section of
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
viewInfo = (
permissions = [
(
name = "admin",
title = (defaultText = "admin"),
description = (defaultText = "grants ability to administer wiki"),
),
(
name = "manager",
title = (defaultText = "manager"),
description = (defaultText = "grants ability to manage wiki"),
),
(
name = "user",
title = (defaultText = "user"),
description = (defaultText = "grants ability to edit wiki"),
),
],
roles = [
(
title = (defaultText = "administrator"),
permissions = [true, true, true],
verbPhrase = (defaultText = "can administer the wiki"),
description = (defaultText = "administrators have full access to the wiki's data and settings."),
),
(
title = (defaultText = "manager"),
permissions = [false, true, true],
verbPhrase = (defaultText = "can manage the wiki"),
description = (defaultText = "Managers can manage the wiki."),
),
(
title = (defaultText = "user"),
permissions = [false, false, true],
verbPhrase = (defaultText = "can edit the wiki"),
description = (defaultText = "Users can edit the wiki."),
),
(
title = (defaultText = "viewer"),
permissions = [false, false, false],
verbPhrase = (defaultText = "can view the wiki"),
description = (defaultText = "Viewers can view the wiki."),
),
],
),
# #apiPath = "/api",
# # Apps can export an API to the world. The API is to be used primarily by Javascript
# # code and native apps, so it can't serve out regular HTML to browsers. If a request
# # comes in to your app's API, sandstorm-http-bridge will prefix the request's path with
# # this string, if specified.
),
);
const myCommand :Spk.Manifest.Command = (
# Here we define the command used to start up your server.
argv = ["/sandstorm-http-bridge", "8000", "--", "/opt/app/.sandstorm/launcher.sh"],
environ = [
# Note that this defines the *entire* environment seen by your app.
(key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"),
(key = "SANDSTORM", value = "1"),
# Export SANDSTORM=1 into the environment, so that apps running within Sandstorm
# can detect if $SANDSTORM="1" at runtime, switching UI and/or backend to use
# the app's Sandstorm-specific integration code.
]
);

85
.sandstorm/setup.sh Normal file
View File

@ -0,0 +1,85 @@
#!/bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx php5-fpm php5-cli php5-curl git php5-dev
unlink /etc/nginx/sites-enabled/default
cat > /etc/nginx/sites-available/sandstorm-php <<EOF
server {
listen 8000 default_server;
listen [::]:8000 default_server ipv6only=on;
# Allow arbitrarily large bodies - Sandstorm can handle them, and requests
# are authenticated already, so there's no reason for apps to add additional
# limits by default.
client_max_body_size 0;
server_name localhost;
root /var/www;
location / {
index doku.php;
try_files \$uri \$uri/ @dokuwiki;
}
location ^~ /lib/ {
expires 30d;
}
location ^~ /conf/ { return 403; }
location ^~ /data/ { return 403; }
location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=\$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=\$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_\$1&id=\$2 last;
rewrite ^/(.*) /doku.php?id=\$1 last;
}
location ~ \\.php\$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\\.php)(/.+)\$;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
include fastcgi_params;
}
}
EOF
ln -s /etc/nginx/sites-available/sandstorm-php /etc/nginx/sites-enabled/sandstorm-php
service nginx stop
service php5-fpm stop
systemctl disable nginx
systemctl disable php5-fpm
# patch /etc/php5/fpm/pool.d/www.conf to not change uid/gid to www-data
sed --in-place='' \
--expression='s/^listen.owner = www-data/#listen.owner = www-data/' \
--expression='s/^listen.group = www-data/#listen.group = www-data/' \
--expression='s/^user = www-data/#user = www-data/' \
--expression='s/^group = www-data/#group = www-data/' \
/etc/php5/fpm/pool.d/www.conf
# patch /etc/php5/fpm/php-fpm.conf to not have a pidfile
sed --in-place='' \
--expression='s/^pid =/#pid =/' \
/etc/php5/fpm/php-fpm.conf
# patch /etc/php5/fpm/pool.d/www.conf to no clear environment variables
# so we can pass in SANDSTORM=1 to apps
sed --in-place='' \
--expression='s/^;clear_env = no/clear_env=no/' \
/etc/php5/fpm/pool.d/www.conf
# patch nginx conf to not bother trying to setuid, since we're not root
# also patch errors to go to stderr, and logs nowhere.
sed --in-place='' \
--expression 's/^user www-data/#user www-data/' \
--expression 's#^pid /run/nginx.pid#pid /var/run/nginx.pid#' \
--expression 's/^\s*error_log.*/error_log stderr;/' \
--expression 's/^\s*access_log.*/access_log off;/' \
/etc/nginx/nginx.conf
# Add a conf snippet providing what sandstorm-http-bridge says the protocol is as var fe_https
cat > /etc/nginx/conf.d/50sandstorm.conf << EOF
# Trust the sandstorm-http-bridge's X-Forwarded-Proto.
map \$http_x_forwarded_proto \$fe_https {
default "";
https on;
}
EOF
# Adjust fastcgi_params to use the patched fe_https
sed --in-place='' \
--expression 's/^fastcgi_param *HTTPS.*$/fastcgi_param HTTPS \$fe_https if_not_empty;/' \
/etc/nginx/fastcgi_params

1
.sandstorm/stack Normal file
View File

@ -0,0 +1 @@
lemp

3
changelog.md Normal file
View File

@ -0,0 +1,3 @@
# V0
* Initial release

1
description.md Normal file
View File

@ -0,0 +1 @@
DokuWiki is a simple to use and highly versatile Open Source wiki software that doesn't require a database. It is loved by users for its clean and readable syntax. The ease of maintenance, backup and integration makes it an administrator's favorite. Built in access controls and authentication connectors make DokuWiki especially useful in the enterprise context and the large number of plugins contributed by its vibrant community allow for a broad range of use cases beyond a traditional wiki.

1
dokuwiki Submodule

@ -0,0 +1 @@
Subproject commit 8bb94359b937d75319a05ffea59f725c775072e2

17
local.php Normal file
View File

@ -0,0 +1,17 @@
<?php
/**
* This is an example of how a local.php could look like.
* Simply copy the options you want to change from dokuwiki.php
* to this file and change them.
*
* When using the installer, a correct local.php file be generated for
* you automatically.
*/
$conf['useacl'] = 1; //Use Access Control Lists to restrict access?
$conf['autopasswd'] = 0; //autogenerate passwords and email them to user
$conf['authtype'] = 'sandstorm'; //which authentication backend should be used
$conf['superuser'] = '@admin'; //The admin can be user or @group or comma separated list user1,@group1,user2
$conf['manager'] = '@manager'; //The manager can be user or @group or comma separated list user1,@group1,user2
$conf['profileconfirm'] = 0; //Require current password to confirm changes to user profile
$conf['disableactions']='login';