diff --git a/servers/puppet/modules/humbug/files/apache/sites/mediawiki b/servers/puppet/modules/humbug/files/apache/sites/mediawiki
new file mode 100644
index 0000000000..c53d21c89f
--- /dev/null
+++ b/servers/puppet/modules/humbug/files/apache/sites/mediawiki
@@ -0,0 +1,57 @@
+
+ ServerName wiki.zulip.net
+ Redirect permanent / https://wiki.zulip.net/
+
+
+
+ ServerName wiki.zulip.net
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/wiki.zulip.net.crt
+ SSLCertificateKeyFile /etc/ssl/private/wiki.key
+
+ SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
+ SSLCACertificateFile /etc/ssl/certs/ca.pem
+
+ Header add Strict-Transport-Security "max-age=15768000"
+ Header add X-Frame-Options DENY
+
+
+ AuthType Digest
+ AuthName "wiki"
+ AuthDigestProvider file
+ AuthUserFile /etc/apache2/users/wiki
+ Require valid-user
+
+
+
+ Alias /wiki /var/lib/mediawiki/index.php
+ RewriteEngine on
+ RewriteRule ^(/)?$ /wiki [L,R=301]
+
+
+ ErrorLog /var/log/apache2/error.log
+ LogLevel warn
+
+ CustomLog /var/log/apache2/access.log combined
+ ServerSignature On
+
+Alias /w /var/lib/mediawiki
+
+
+ Options +FollowSymLinks
+ AllowOverride All
+ order allow,deny
+ allow from all
+
+
+# some directories must be protected
+
+ Options -FollowSymLinks
+ AllowOverride None
+
+
+ Options -FollowSymLinks
+ AllowOverride None
+
+
diff --git a/servers/puppet/modules/humbug/files/mediawiki/LocalSettings.php b/servers/puppet/modules/humbug/files/mediawiki/LocalSettings.php
new file mode 100644
index 0000000000..850ce2c9a8
--- /dev/null
+++ b/servers/puppet/modules/humbug/files/mediawiki/LocalSettings.php
@@ -0,0 +1,163 @@
+
+$wgSecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
+
+# Site upgrade key. Must be set to a string (default provided) to turn on the
+# web installer while LocalSettings.php is in place
+$wgUpgradeKey = "xxxxxxxxxxxxxxxx";
+
+## Default skin: you can change the default skin. Use the internal symbolic
+## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':
+$wgDefaultSkin = "modern";
+
+## For attaching licensing metadata to pages, and displaying an
+## appropriate copyright notice / icon. GNU Free Documentation
+## License and Creative Commons licenses are supported so far.
+$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
+$wgRightsUrl = "";
+$wgRightsText = "";
+$wgRightsIcon = "";
+
+# Path to the GNU diff3 utility. Used for conflict resolution.
+$wgDiff3 = "/usr/bin/diff3";
+
+# debian-specific include:
+if (is_file("/etc/mediawiki-extensions/extensions.php")) {
+ include("/etc/mediawiki-extensions/extensions.php");
+}
+
+# Query string length limit for ResourceLoader. You should only set this if
+# your web server has a query string length limit (then set it to that limit),
+# or if you have suhosin.get.max_value_length set in php.ini (then set it to
+# that value)
+$wgResourceLoaderMaxQueryLength = -1;
+
+# Enabled Extensions. Most extensions are enabled by including the base extension file here
+# but check specific extension documentation for more details
+# The following extensions were automatically enabled:
+require_once( "$IP/extensions/Cite/Cite.php" );
+require_once( "$IP/extensions/Vector/Vector.php" );
+require_once( "$IP/extensions/WikiEditor/WikiEditor.php" );
+
+
+# End of automatically generated settings.
+# Add more configuration options below.
+$wgAuth = new Auth_remoteuser();
+
+
+// Don't let anonymous people do things...
+$wgGroupPermissions['*']['createaccount'] = false;
+$wgGroupPermissions['*']['read'] = false;
+$wgGroupPermissions['*']['edit'] = false;
+$wgFileExtensions[] = 'svg';
diff --git a/servers/puppet/modules/humbug/files/mediawiki/apache_config b/servers/puppet/modules/humbug/files/mediawiki/apache_config
new file mode 120000
index 0000000000..9ee3495653
--- /dev/null
+++ b/servers/puppet/modules/humbug/files/mediawiki/apache_config
@@ -0,0 +1 @@
+../apache/sites/mediawiki
\ No newline at end of file
diff --git a/servers/puppet/modules/humbug/manifests/mediawiki.pp b/servers/puppet/modules/humbug/manifests/mediawiki.pp
new file mode 100644
index 0000000000..973eb7d207
--- /dev/null
+++ b/servers/puppet/modules/humbug/manifests/mediawiki.pp
@@ -0,0 +1,39 @@
+class humbug::mediawiki {
+ class { 'humbug::postgres-common': }
+
+
+ $mediawiki_packages = [ "mediawiki", "mediawiki-extensions" ]
+ package { $mediawiki_packages: ensure => "installed" }
+
+ apache2site {'mediawiki':
+ require => [File['/etc/apache2/sites-available/'],
+ Apache2mod['headers'], Apache2mod['ssl'],
+ ],
+ ensure => present,
+ }
+
+ file { '/etc/mediawiki/LocalSettings.php':
+ ensure => file,
+ owner => "root",
+ group => "root",
+ mode => 644,
+ source => "puppet:///modules/humbug/mediawiki/LocalSettings.php",
+ }
+
+ file { '/usr/local/share/mediawiki/extensions/Auth_remoteuser.php':
+ ensure => file,
+ owner => "root",
+ group => "root",
+ mode => 644,
+ source => "puppet:///modules/humbug/mediawiki/Auth_remoteuser.php",
+ }
+
+ file { '/etc/mediawiki-extensions/extensions-available/Auth_remoteuser.php':
+ ensure => 'link',
+ target => '/usr/local/share/mediawiki/extensions/Auth_remoteuser.php',
+ }
+ file { '/etc/mediawiki-extensions/extensions-enabled/Auth_remoteuser.php':
+ ensure => 'link',
+ target => '../extensions-available/Auth_remoteuser.php',
+ }
+}
diff --git a/servers/puppet/modules/humbug/manifests/trac.pp b/servers/puppet/modules/humbug/manifests/trac.pp
index 4eee4ee92a..d9ef138d78 100644
--- a/servers/puppet/modules/humbug/manifests/trac.pp
+++ b/servers/puppet/modules/humbug/manifests/trac.pp
@@ -1,6 +1,7 @@
class humbug::trac {
class { 'humbug::base': }
class { 'humbug::apache': }
+ class { 'humbug::mediawiki': }
$trac_packages = [ "trac", ]
package { $trac_packages: ensure => "installed" }