- php-fpm
state: present
-- name: install nginx vhost config
- template:
- src: nginx.j2
- dest: "/etc/nginx/sites-available/{{ dokuwiki_urls[0] }}"
- notify: reload nginx
-
-- name: eanble nginx vhost config
+- name: create dokuwiki service user
+ user:
+ name: dokuwiki
+ home: /srv/dokuwiki
+ system: yes
+ shell: /bin/false
+
+- name: create dokuwiki data and acl directory
+ with_items:
+ - data
+ - acl
file:
- src: "../sites-available/{{ dokuwiki_urls[0] }}"
- dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
- state: link
- notify: reload nginx
-
-- name: check if acme certs already exists
- stat:
- path: "/var/lib/acme/live/{{ item }}"
- with_items: "{{ dokuwiki_urls }}"
- register: acme_cert_stat
-
-- name: set acmecert_missing_hostnames variable
- set_fact:
- acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(dokuwiki_urls) }}"
-
-- name: link nonexistent hostnames to self-signed interim cert
- when: acmecert_missing_hostnames | length > 0
- block:
- - name: get id of existing selfsigned interim certificate
- command: cat /var/lib/acme/.selfsigned-interim-cert
- changed_when: false
- check_mode: false
- register: selfsigned_interim_cert_id
-
- - name: set selfsigned_interim_cert_id variable
- set_fact:
- selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}"
+ path: "/srv/dokuwiki/{{ item }}"
+ state: directory
+ owner: dokuwiki
+ group: dokuwiki
+ mode: 0700
+
+## TODO: fix hardcoded php version...
+- name: install php-fpm config
+ template:
+ src: php-fpm.conf.j2
+ dest: /etc/php/7.3/fpm/pool.d/dokuwiki.conf
+ notify: reload php-fpm
- - name: link to snakeoil cert for nonexistent hostnames
- file:
- src: "../certs/{{ selfsigned_interim_cert_id }}"
- dest: "/var/lib/acme/live/{{ item }}"
- state: link
- with_items: "{{ acmecert_missing_hostnames }}"
-- name: enable vhost config using acme cert
- file:
- src: "../sites-available/{{ dokuwiki_urls[0] }}"
- dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
- state: link
+## TODO: apply config options, at least to the following:
+## set $conf['savedir'] to '/srv/dokuwiki/data'
+## update acl symlinks in '/etc/dokuwiki' to '/srv/dokuwiki/acl'
-- name: make sure nginx config has been loaded
- meta: flush_handlers
-
-- name: get certificate using acmetool
- import_role:
- name: acmetool/cert
- vars:
- acmetool_cert_name: "{{ dokuwiki_urls[0] }}"
- acmetool_cert_hostnames: "{{ dokuwiki_urls }}"
+## TODO: install dokuwiki data backup
+## TODO: install dokuwiki acl backup
- name: install dokuwiki plugins
import_tasks: plugins.yml
- name: install dokuwiki templates
import_tasks: templates.yml
+
+- import_tasks: nginx.yml
--- /dev/null
+---
+- name: install nginx vhost config
+ template:
+ src: nginx.j2
+ dest: "/etc/nginx/sites-available/{{ dokuwiki_urls[0] }}"
+ notify: reload nginx
+
+- name: eanble nginx vhost config
+ file:
+ src: "../sites-available/{{ dokuwiki_urls[0] }}"
+ dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
+ state: link
+ notify: reload nginx
+
+- name: check if acme certs already exists
+ stat:
+ path: "/var/lib/acme/live/{{ item }}"
+ with_items: "{{ dokuwiki_urls }}"
+ register: acme_cert_stat
+
+- name: set acmecert_missing_hostnames variable
+ set_fact:
+ acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(dokuwiki_urls) }}"
+
+- name: link nonexistent hostnames to self-signed interim cert
+ when: acmecert_missing_hostnames | length > 0
+ block:
+ - name: get id of existing selfsigned interim certificate
+ command: cat /var/lib/acme/.selfsigned-interim-cert
+ changed_when: false
+ check_mode: false
+ register: selfsigned_interim_cert_id
+
+ - name: set selfsigned_interim_cert_id variable
+ set_fact:
+ selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}"
+
+ - name: link to snakeoil cert for nonexistent hostnames
+ file:
+ src: "../certs/{{ selfsigned_interim_cert_id }}"
+ dest: "/var/lib/acme/live/{{ item }}"
+ state: link
+ with_items: "{{ acmecert_missing_hostnames }}"
+
+- name: enable vhost config using acme cert
+ file:
+ src: "../sites-available/{{ dokuwiki_urls[0] }}"
+ dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
+ state: link
+
+- name: make sure nginx config has been loaded
+ meta: flush_handlers
+
+- name: get certificate using acmetool
+ import_role:
+ name: acmetool/cert
+ vars:
+ acmetool_cert_name: "{{ dokuwiki_urls[0] }}"
+ acmetool_cert_hostnames: "{{ dokuwiki_urls }}"
projects / noc.git / commitdiff