# Wiki Host - MediaWiki

MediaWiki instance at 141.56.51.13 running in an LXC container.

## Overview

- **Hostname**: wiki
- **FQDN**: wiki.htw.stura-dresden.de
- **IP Address**: 141.56.51.13
- **Type**: Proxmox LXC Container
- **Services**: MediaWiki, MariaDB, Apache httpd, PHP-FPM

## Services

### MediaWiki

The StuRa HTW Dresden wiki runs MediaWiki with extensive customization:
- **Name**: Wiki StuRa HTW Dresden
- **Language**: German (de)
- **Default skin**: Vector (classic)
- **Session timeout**: 3 hours (10800 seconds)
- **ImageMagick**: Enabled for image processing
- **Instant Commons**: Enabled (access to Wikimedia Commons images)

### Custom Namespaces

The wiki defines several custom namespaces for organizational purposes:

| Namespace | ID | Purpose |
|-----------|-----|---------|
| StuRa | 100 | Standard StuRa content |
| Intern | 102 | Internal (non-public) StuRa content |
| Admin | 104 | Administrative wiki content |
| Person | 106 | Individual person pages (non-public) |
| Faranto | 108 | Faranto e.V. content |
| ET | 212 | ET Fachschaft content |
| ET_intern | 412 | ET internal content |
| LaUCh | 216 | LaUCh Fachschaft content |
| LaUCh_intern | 416 | LaUCh internal content |

Each namespace has a corresponding discussion namespace (odd numbered ID).

### User Groups and Permissions

**Custom user groups:**
- **intern**: Access to Intern and Person namespaces
- **ET**: Access to ET_intern namespace
- **LUC**: Access to LaUCh_intern namespace

These groups have the same base permissions as standard users (move pages, edit, upload, etc.) plus access to their respective restricted namespaces.

### Spam Prevention

**QuestyCaptcha** is configured to prevent automated spam:
- Challenges users with questions about HTW and StuRa
- Triggered on: edit, create, createtalk, addurl, createaccount, badlogin
- Questions are specific to local knowledge (e.g., "Welche Anzahl an Referaten hat unser StuRa geschaffen?")

### Extensions

The following extensions are installed:

- **Lockdown**: Restricts namespace access by user group
- **ContributionScores**: Statistics of contributions by user
- **UserMerge**: Merge and delete user accounts (for spam cleanup)
- **Interwiki**: Use interwiki links (e.g., Wikipedia references)
- **Cite**: Reference system (footnotes)
- **ConfirmEdit/QuestyCaptcha**: CAPTCHA challenges

## Deployment

See the [main README](../../README.md) for deployment methods.

### Initial Installation

**Using nixos-anywhere:**
```bash
nix run github:nix-community/nixos-anywhere -- --flake .#wiki --target-host root@141.56.51.13
```

**Using container tarball:**
```bash
nix build .#containers-wiki
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@proxmox-host:/var/lib/vz/template/cache/
pct create 113 /var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz \
  --hostname wiki \
  --net0 name=eth0,bridge=vmbr0,ip=141.56.51.13/24,gw=141.56.51.254 \
  --memory 2048 \
  --cores 2 \
  --rootfs local-lvm:10 \
  --unprivileged 1 \
  --features nesting=1
pct start 113
```

### Updates

```bash
# From local machine
nixos-rebuild switch --flake .#wiki --target-host root@141.56.51.13

# Or use auto-generated script
nix run .#wiki-update
```

## Post-Deployment Steps

After deploying for the first time:

1. **Set admin password:**
   ```bash
   echo "your-secure-password" > /var/lib/mediawiki/mediawiki-password
   chmod 600 /var/lib/mediawiki/mediawiki-password
   ```

2. **Set database password:**
   ```bash
   echo "your-db-password" > /var/lib/mediawiki/mediawiki-dbpassword
   chmod 600 /var/lib/mediawiki/mediawiki-dbpassword
   ```

3. **Access the web interface:**
   ```
   https://wiki.htw.stura-dresden.de
   ```

4. **Complete initial setup:**
   - Log in with admin credentials
   - Configure additional settings via Special:Version
   - Set up main page

5. **Configure namespace permissions:**
   - Add users to `intern`, `ET`, or `LUC` groups via Special:UserRights
   - Verify namespace restrictions work correctly
   - Test that non-members cannot access restricted namespaces

6. **Add users to appropriate groups:**
   - Navigate to Special:UserRights
   - Select user
   - Add to: intern, ET, LUC, sysop, bureaucrat (as needed)

7. **Upload logo and favicon** (optional):
   - Place files in `/var/lib/mediawiki/images/`
   - Files: `logo.png`, `logo.svg`, `favicon.png`

## Integration with Proxy

The central proxy at 141.56.51.1 handles:
- **SNI routing**: Routes HTTPS traffic for wiki.htw.stura-dresden.de
- **HTTP routing**: Routes HTTP traffic and redirects to HTTPS
- **ACME challenges**: Forwards certificate verification requests

This host manages its own ACME certificates. Apache httpd handles TLS termination.

## Troubleshooting

### Locale warnings

When accessing the container with `pct enter`, you may see:
```
sh: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
sh: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory
```

**This is a known issue and can be safely ignored.** It only affects the interactive shell environment, not the running services. Regular SSH access provides a proper shell with correct locale settings.

### Database connection issues

If MediaWiki cannot connect to the database:

```bash
# Check MariaDB status
systemctl status mysql

# Check database exists
mysql -u root -e "SHOW DATABASES;"

# Check user permissions
mysql -u root -e "SHOW GRANTS FOR 'mediawiki'@'localhost';"

# View MediaWiki logs
journalctl -u mediawiki -f
```

**Solution**: Ensure the database password in `/var/lib/mediawiki/mediawiki-dbpassword` matches the database user password.

### Extension loading problems

If extensions are not working:

```bash
# Check extension files exist
ls -l /nix/store/*-mediawiki-extensions/

# View PHP errors
tail -f /var/log/httpd/error_log

# Test MediaWiki configuration
php /var/lib/mediawiki/maintenance/checkSetup.php
```

**Solution**: Verify extensions are properly defined in the configuration and compatible with the MediaWiki version.

### ImageMagick configuration

If image uploads or thumbnails fail:

```bash
# Check ImageMagick installation
which convert
/run/current-system/sw/bin/convert --version

# Test image conversion
/run/current-system/sw/bin/convert input.png -resize 100x100 output.png

# Check MediaWiki image directory permissions
ls -ld /var/lib/mediawiki/images/
```

**Solution**: Ensure ImageMagick path is set correctly (`$wgImageMagickConvertCommand`) and the images directory is writable.

### Namespace permission issues

If users can access restricted namespaces:

```bash
# Check Lockdown extension is loaded
grep -i lockdown /var/lib/mediawiki/LocalSettings.php

# Verify user group membership
# Log in as admin and check Special:UserRights

# Check namespace permission configuration
grep -A 5 "wgNamespacePermissionLockdown" /var/lib/mediawiki/LocalSettings.php
```

**Solution**: Verify the Lockdown extension is installed and `$wgNamespacePermissionLockdown` is configured correctly for each restricted namespace.

### ACME certificate issues

If HTTPS is not working:

```bash
# Check ACME certificate status
systemctl status acme-wiki.htw.stura-dresden.de

# View ACME logs
journalctl -u acme-wiki.htw.stura-dresden.de -f

# Check Apache HTTPS configuration
httpd -t -D DUMP_VHOSTS
```

**Solution**: Ensure DNS points to proxy (141.56.51.1) and the proxy forwards ACME challenges to this host.

## Files and Directories

- **MediaWiki data**: `/var/lib/mediawiki/`
- **Password file**: `/var/lib/mediawiki/mediawiki-password`
- **DB password file**: `/var/lib/mediawiki/mediawiki-dbpassword`
- **Images**: `/var/lib/mediawiki/images/`
- **LocalSettings**: `/var/lib/mediawiki/LocalSettings.php` (generated)
- **Extensions**: `/nix/store/.../mediawiki-extensions/`
- **Database**: MariaDB stores data in `/var/lib/mysql/`

## Network

- **Interface**: eth0 (LXC container)
- **IP**: 141.56.51.13/24
- **Gateway**: 141.56.51.254
- **Firewall**: Ports 80, 443 allowed

## Configuration Details

- **Time zone**: Europe/Berlin
- **Table prefix**: sturawiki
- **Emergency contact**: wiki@stura.htw-dresden.de
- **Password sender**: wiki@stura.htw-dresden.de
- **External images**: Allowed
- **File uploads**: Enabled
- **Email notifications**: Enabled (user talk, watchlist)

## Automatic Maintenance

- **Auto-upgrade**: Enabled (system automatically updates)
- **Auto-reboot**: Allowed (system may reboot for updates)
- **Store optimization**: Automatic
- **Garbage collection**: Automatic

## See Also

- [Main README](../../README.md) - Deployment methods and architecture
- [Proxy README](../proxy/README.md) - How the central proxy routes traffic
- [MediaWiki Documentation](https://www.mediawiki.org/wiki/Documentation)
- [NixOS MediaWiki Options](https://search.nixos.org/options?query=services.mediawiki)
- [Extension:Lockdown](https://www.mediawiki.org/wiki/Extension:Lockdown)
- [Extension:QuestyCaptcha](https://www.mediawiki.org/wiki/Extension:QuestyCaptcha)