From 0dad784d584dbba9ad75d6fbbb262f4a2e8f77be Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 6 Jul 2019 23:12:23 +0200 Subject: [PATCH] move dokuwiki to new web role group --- ansible/host_playbooks/vex2.yml | 2 +- ansible/roles/dokuwiki/defaults/main.yml | 11 ---- ansible/roles/dokuwiki/tasks/main.yml | 72 ------------------------ ansible/roles/dokuwiki/tasks/plugins.yml | 41 -------------- ansible/roles/dokuwiki/tasks/templates.yml | 41 -------------- ansible/roles/dokuwiki/templates/nginx.j2 | 46 --------------- ansible/roles/web/dokuwiki/defaults/main.yml | 11 ++++ ansible/roles/web/dokuwiki/tasks/main.yml | 72 ++++++++++++++++++++++++ ansible/roles/web/dokuwiki/tasks/plugins.yml | 41 ++++++++++++++ ansible/roles/web/dokuwiki/tasks/templates.yml | 41 ++++++++++++++ ansible/roles/web/dokuwiki/templates/nginx.j2 | 46 +++++++++++++++ 11 files changed, 212 insertions(+), 212 deletions(-) delete mode 100644 ansible/roles/dokuwiki/defaults/main.yml delete mode 100644 ansible/roles/dokuwiki/tasks/main.yml delete mode 100644 ansible/roles/dokuwiki/tasks/plugins.yml delete mode 100644 ansible/roles/dokuwiki/tasks/templates.yml delete mode 100644 ansible/roles/dokuwiki/templates/nginx.j2 create mode 100644 ansible/roles/web/dokuwiki/defaults/main.yml create mode 100644 ansible/roles/web/dokuwiki/tasks/main.yml create mode 100644 ansible/roles/web/dokuwiki/tasks/plugins.yml create mode 100644 ansible/roles/web/dokuwiki/tasks/templates.yml create mode 100644 ansible/roles/web/dokuwiki/templates/nginx.j2 diff --git a/ansible/host_playbooks/vex2.yml b/ansible/host_playbooks/vex2.yml index e9f36ec..6308d03 100644 --- a/ansible/host_playbooks/vex2.yml +++ b/ansible/host_playbooks/vex2.yml @@ -5,4 +5,4 @@ - role: base - role: acmetool/base - role: nginx - - role: dokuwiki + - role: web/dokuwiki diff --git a/ansible/roles/dokuwiki/defaults/main.yml b/ansible/roles/dokuwiki/defaults/main.yml deleted file mode 100644 index 87d6087..0000000 --- a/ansible/roles/dokuwiki/defaults/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -dokuwiki_templates: {} -dokuwiki_plugins: {} - -## example, mind that only tar.gz archives are allowed here! -## (dokuwiki_templates uses the same format) -# dokuwiki_plugins: -# pluginname: -# url: https://example.com/dokuwiki-pluginname.tar.gz -# sha256: 129192409230902134091230940230940932 -# diff --git a/ansible/roles/dokuwiki/tasks/main.yml b/ansible/roles/dokuwiki/tasks/main.yml deleted file mode 100644 index 30e634f..0000000 --- a/ansible/roles/dokuwiki/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: install dokuwiki packages - apt: - name: - - dokuwiki - - php-fpm - state: present - -- name: install nginx vhost config - template: - src: nginx.j2 - dest: "/etc/nginx/sites-available/{{ dokuwiki_urls[0] }}" - notify: reload nginx - -- name: eanble nginx vhost config - file: - src: "../sites-available/{{ dokuwiki_urls[0] }}" - dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}" - state: link - notify: reload nginx - -- name: check if acme certs already exists - stat: - path: "/var/lib/acme/live/{{ item }}" - with_items: "{{ dokuwiki_urls }}" - register: acme_cert_stat - -- name: set acmecert_missing_hostnames variable - set_fact: - acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(dokuwiki_urls) }}" - -- name: link nonexistent hostnames to self-signed interim cert - when: acmecert_missing_hostnames | length > 0 - block: - - name: get id of existing selfsigned interim certificate - command: cat /var/lib/acme/.selfsigned-interim-cert - changed_when: false - check_mode: false - register: selfsigned_interim_cert_id - - - name: set selfsigned_interim_cert_id variable - set_fact: - selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" - - - name: link to snakeoil cert for nonexistent hostnames - file: - src: "../certs/{{ selfsigned_interim_cert_id }}" - dest: "/var/lib/acme/live/{{ item }}" - state: link - with_items: "{{ acmecert_missing_hostnames }}" - -- name: enable vhost config using acme cert - file: - src: "../sites-available/{{ dokuwiki_urls[0] }}" - dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}" - state: link - -- name: make sure nginx config has been loaded - meta: flush_handlers - -- name: get certificate using acmetool - import_role: - name: acmetool/cert - vars: - acmetool_cert_name: "{{ dokuwiki_urls[0] }}" - acmetool_cert_hostnames: "{{ dokuwiki_urls }}" - -- name: install dokuwiki plugins - import_tasks: plugins.yml - -- name: install dokuwiki templates - import_tasks: templates.yml diff --git a/ansible/roles/dokuwiki/tasks/plugins.yml b/ansible/roles/dokuwiki/tasks/plugins.yml deleted file mode 100644 index 29888c3..0000000 --- a/ansible/roles/dokuwiki/tasks/plugins.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -## TODO: remove superflous plugins - -- name: create plugin directories - with_dict: "{{ dokuwiki_plugins }}" - loop_control: - label: "{{ item.key }}" - file: - path: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}/extracted" - state: directory - -- name: download dokuwiki plugins - with_dict: "{{ dokuwiki_plugins }}" - loop_control: - label: "{{ item.key }}" - get_url: - url: "{{ item.value.url }}" - dest: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}" - checksum: "sha256:{{ item.value.sha256 }}" - register: dokuwiki_plugins_downloaded - -## TODO: fix update!!! -- name: extract dokuwiki plugins - with_list: "{{ dokuwiki_plugins_downloaded.results }}" - loop_control: - label: "{{ item.item.key }}" - unarchive: - remote_src: yes - src: "{{ item.dest }}" - dest: "{{ item.dest | dirname }}/extracted" - extra_opts: - - '--strip-components=1' - -- name: activate dokuwiki plugins - with_dict: "{{ dokuwiki_plugins }}" - loop_control: - label: "{{ item.key }}" - file: - state: link - src: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}/extracted" - dest: "/var/lib/dokuwiki/lib/plugins/{{ item.key }}" diff --git a/ansible/roles/dokuwiki/tasks/templates.yml b/ansible/roles/dokuwiki/tasks/templates.yml deleted file mode 100644 index 5b3bdc6..0000000 --- a/ansible/roles/dokuwiki/tasks/templates.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -## TODO: remove superflous templates - -- name: create plugin directories - with_dict: "{{ dokuwiki_templates }}" - loop_control: - label: "{{ item.key }}" - file: - path: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}/extracted" - state: directory - -- name: download dokuwiki templates - with_dict: "{{ dokuwiki_templates }}" - loop_control: - label: "{{ item.key }}" - get_url: - url: "{{ item.value.url }}" - dest: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}" - checksum: "sha256:{{ item.value.sha256 }}" - register: dokuwiki_templates_downloaded - -## TODO: fix update!!! -- name: extract dokuwiki templates - with_list: "{{ dokuwiki_templates_downloaded.results }}" - loop_control: - label: "{{ item.item.key }}" - unarchive: - remote_src: yes - src: "{{ item.dest }}" - dest: "{{ item.dest | dirname }}/extracted" - extra_opts: - - '--strip-components=1' - -- name: activate dokuwiki templates - with_dict: "{{ dokuwiki_templates }}" - loop_control: - label: "{{ item.key }}" - file: - state: link - src: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}/extracted" - dest: "/var/lib/dokuwiki/lib/tpl/{{ item.key }}" diff --git a/ansible/roles/dokuwiki/templates/nginx.j2 b/ansible/roles/dokuwiki/templates/nginx.j2 deleted file mode 100644 index 2ddea1c..0000000 --- a/ansible/roles/dokuwiki/templates/nginx.j2 +++ /dev/null @@ -1,46 +0,0 @@ -server { - listen [::]:443 ssl; - listen 443 ssl; - - server_name {{ dokuwiki_urls | join(' ') }}; - - client_max_body_size 4M; - client_body_buffer_size 128k; - - root /usr/share/dokuwiki; - index doku.php; - - #Remember to comment the below out when you're installing, and uncomment it when done. - location ~ /(conf/|bin/|inc/|install.php) { - deny all; - } - - #Support for X-Accel-Redirect - location ~ ^/data/ { - internal; - } - - location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { - expires 365d; - } - - location / { - try_files $uri $uri/ @dokuwiki; - } - - location @dokuwiki { - # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page - rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; - rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; - rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; - rewrite ^/(.*) /doku.php?id=$1&$args last; - } - - location ~ \.php$ { - try_files $uri $uri/ /doku.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param REDIRECT_STATUS 200; - fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; - } -} diff --git a/ansible/roles/web/dokuwiki/defaults/main.yml b/ansible/roles/web/dokuwiki/defaults/main.yml new file mode 100644 index 0000000..87d6087 --- /dev/null +++ b/ansible/roles/web/dokuwiki/defaults/main.yml @@ -0,0 +1,11 @@ +--- +dokuwiki_templates: {} +dokuwiki_plugins: {} + +## example, mind that only tar.gz archives are allowed here! +## (dokuwiki_templates uses the same format) +# dokuwiki_plugins: +# pluginname: +# url: https://example.com/dokuwiki-pluginname.tar.gz +# sha256: 129192409230902134091230940230940932 +# diff --git a/ansible/roles/web/dokuwiki/tasks/main.yml b/ansible/roles/web/dokuwiki/tasks/main.yml new file mode 100644 index 0000000..30e634f --- /dev/null +++ b/ansible/roles/web/dokuwiki/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: install dokuwiki packages + apt: + name: + - dokuwiki + - php-fpm + state: present + +- name: install nginx vhost config + template: + src: nginx.j2 + dest: "/etc/nginx/sites-available/{{ dokuwiki_urls[0] }}" + notify: reload nginx + +- name: eanble nginx vhost config + file: + src: "../sites-available/{{ dokuwiki_urls[0] }}" + dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}" + state: link + notify: reload nginx + +- name: check if acme certs already exists + stat: + path: "/var/lib/acme/live/{{ item }}" + with_items: "{{ dokuwiki_urls }}" + register: acme_cert_stat + +- name: set acmecert_missing_hostnames variable + set_fact: + acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(dokuwiki_urls) }}" + +- name: link nonexistent hostnames to self-signed interim cert + when: acmecert_missing_hostnames | length > 0 + block: + - name: get id of existing selfsigned interim certificate + command: cat /var/lib/acme/.selfsigned-interim-cert + changed_when: false + check_mode: false + register: selfsigned_interim_cert_id + + - name: set selfsigned_interim_cert_id variable + set_fact: + selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" + + - name: link to snakeoil cert for nonexistent hostnames + file: + src: "../certs/{{ selfsigned_interim_cert_id }}" + dest: "/var/lib/acme/live/{{ item }}" + state: link + with_items: "{{ acmecert_missing_hostnames }}" + +- name: enable vhost config using acme cert + file: + src: "../sites-available/{{ dokuwiki_urls[0] }}" + dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}" + state: link + +- name: make sure nginx config has been loaded + meta: flush_handlers + +- name: get certificate using acmetool + import_role: + name: acmetool/cert + vars: + acmetool_cert_name: "{{ dokuwiki_urls[0] }}" + acmetool_cert_hostnames: "{{ dokuwiki_urls }}" + +- name: install dokuwiki plugins + import_tasks: plugins.yml + +- name: install dokuwiki templates + import_tasks: templates.yml diff --git a/ansible/roles/web/dokuwiki/tasks/plugins.yml b/ansible/roles/web/dokuwiki/tasks/plugins.yml new file mode 100644 index 0000000..29888c3 --- /dev/null +++ b/ansible/roles/web/dokuwiki/tasks/plugins.yml @@ -0,0 +1,41 @@ +--- +## TODO: remove superflous plugins + +- name: create plugin directories + with_dict: "{{ dokuwiki_plugins }}" + loop_control: + label: "{{ item.key }}" + file: + path: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}/extracted" + state: directory + +- name: download dokuwiki plugins + with_dict: "{{ dokuwiki_plugins }}" + loop_control: + label: "{{ item.key }}" + get_url: + url: "{{ item.value.url }}" + dest: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}" + checksum: "sha256:{{ item.value.sha256 }}" + register: dokuwiki_plugins_downloaded + +## TODO: fix update!!! +- name: extract dokuwiki plugins + with_list: "{{ dokuwiki_plugins_downloaded.results }}" + loop_control: + label: "{{ item.item.key }}" + unarchive: + remote_src: yes + src: "{{ item.dest }}" + dest: "{{ item.dest | dirname }}/extracted" + extra_opts: + - '--strip-components=1' + +- name: activate dokuwiki plugins + with_dict: "{{ dokuwiki_plugins }}" + loop_control: + label: "{{ item.key }}" + file: + state: link + src: "/var/lib/dokuwiki/.ansible-managed-plugins/{{ item.key }}/extracted" + dest: "/var/lib/dokuwiki/lib/plugins/{{ item.key }}" diff --git a/ansible/roles/web/dokuwiki/tasks/templates.yml b/ansible/roles/web/dokuwiki/tasks/templates.yml new file mode 100644 index 0000000..5b3bdc6 --- /dev/null +++ b/ansible/roles/web/dokuwiki/tasks/templates.yml @@ -0,0 +1,41 @@ +--- +## TODO: remove superflous templates + +- name: create plugin directories + with_dict: "{{ dokuwiki_templates }}" + loop_control: + label: "{{ item.key }}" + file: + path: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}/extracted" + state: directory + +- name: download dokuwiki templates + with_dict: "{{ dokuwiki_templates }}" + loop_control: + label: "{{ item.key }}" + get_url: + url: "{{ item.value.url }}" + dest: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}" + checksum: "sha256:{{ item.value.sha256 }}" + register: dokuwiki_templates_downloaded + +## TODO: fix update!!! +- name: extract dokuwiki templates + with_list: "{{ dokuwiki_templates_downloaded.results }}" + loop_control: + label: "{{ item.item.key }}" + unarchive: + remote_src: yes + src: "{{ item.dest }}" + dest: "{{ item.dest | dirname }}/extracted" + extra_opts: + - '--strip-components=1' + +- name: activate dokuwiki templates + with_dict: "{{ dokuwiki_templates }}" + loop_control: + label: "{{ item.key }}" + file: + state: link + src: "/var/lib/dokuwiki/.ansible-managed-templates/{{ item.key }}/extracted" + dest: "/var/lib/dokuwiki/lib/tpl/{{ item.key }}" diff --git a/ansible/roles/web/dokuwiki/templates/nginx.j2 b/ansible/roles/web/dokuwiki/templates/nginx.j2 new file mode 100644 index 0000000..2ddea1c --- /dev/null +++ b/ansible/roles/web/dokuwiki/templates/nginx.j2 @@ -0,0 +1,46 @@ +server { + listen [::]:443 ssl; + listen 443 ssl; + + server_name {{ dokuwiki_urls | join(' ') }}; + + client_max_body_size 4M; + client_body_buffer_size 128k; + + root /usr/share/dokuwiki; + index doku.php; + + #Remember to comment the below out when you're installing, and uncomment it when done. + location ~ /(conf/|bin/|inc/|install.php) { + deny all; + } + + #Support for X-Accel-Redirect + location ~ ^/data/ { + internal; + } + + location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { + expires 365d; + } + + location / { + try_files $uri $uri/ @dokuwiki; + } + + location @dokuwiki { + # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + try_files $uri $uri/ /doku.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + } +} -- 1.7.10.4