From a8ed434149106aaa82225f2bb35af75ac6c5cb75 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@realraum.at>
Date: Sat, 6 Jul 2019 04:01:22 +0200
Subject: [PATCH] basic dokuwiki install works now

---
 ansible/host_playbooks/vex2.yml           |    1 +
 ansible/host_vars/vex2/main.yml           |    3 ++
 ansible/roles/dokuwiki/tasks/main.yml     |   66 +++++++++++++++++++++++++++++
 ansible/roles/dokuwiki/templates/nginx.j2 |   46 ++++++++++++++++++++
 ansible/roles/nginx/tasks/main.yml        |    7 +++
 5 files changed, 123 insertions(+)
 create mode 100644 ansible/host_vars/vex2/main.yml
 create mode 100644 ansible/roles/dokuwiki/tasks/main.yml
 create mode 100644 ansible/roles/dokuwiki/templates/nginx.j2

diff --git a/ansible/host_playbooks/vex2.yml b/ansible/host_playbooks/vex2.yml
index 50d1c52..e9f36ec 100644
--- a/ansible/host_playbooks/vex2.yml
+++ b/ansible/host_playbooks/vex2.yml
@@ -5,3 +5,4 @@
   - role: base
   - role: acmetool/base
   - role: nginx
+  - role: dokuwiki
diff --git a/ansible/host_vars/vex2/main.yml b/ansible/host_vars/vex2/main.yml
new file mode 100644
index 0000000..d16802e
--- /dev/null
+++ b/ansible/host_vars/vex2/main.yml
@@ -0,0 +1,3 @@
+---
+dokuwiki_urls:
+  - wiki2.realraum.at
diff --git a/ansible/roles/dokuwiki/tasks/main.yml b/ansible/roles/dokuwiki/tasks/main.yml
new file mode 100644
index 0000000..5911ce5
--- /dev/null
+++ b/ansible/roles/dokuwiki/tasks/main.yml
@@ -0,0 +1,66 @@
+---
+- name: install dokuwiki packages
+  apt:
+    name:
+      - dokuwiki
+      - php-fpm
+    state: present
+
+- name: install nginx vhost config
+  template:
+    src: nginx.j2
+    dest: "/etc/nginx/sites-available/{{ dokuwiki_urls[0] }}"
+  notify: reload nginx
+
+- name: eanble nginx vhost config
+  file:
+    src: "../sites-available/{{ dokuwiki_urls[0] }}"
+    dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
+    state: link
+  notify: reload nginx
+
+- name: check if acme certs already exists
+  stat:
+    path: "/var/lib/acme/live/{{ item }}"
+  with_items: "{{ dokuwiki_urls }}"
+  register: acme_cert_stat
+
+- name: set acmecert_missing_hostnames variable
+  set_fact:
+    acmecert_missing_hostnames: "{{ acme_cert_stat.results | acme_cert_nonexistent(dokuwiki_urls) }}"
+
+- name: link nonexistent hostnames to self-signed interim cert
+  when: acmecert_missing_hostnames | length > 0
+  block:
+    - name: get id of existing selfsigned interim certificate
+      command: cat /var/lib/acme/.selfsigned-interim-cert
+      changed_when: false
+      check_mode: false
+      register: selfsigned_interim_cert_id
+
+    - name: set selfsigned_interim_cert_id variable
+      set_fact:
+        selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}"
+
+    - name: link to snakeoil cert for nonexistent hostnames
+      file:
+        src: "../certs/{{ selfsigned_interim_cert_id }}"
+        dest: "/var/lib/acme/live/{{ item }}"
+        state: link
+      with_items: "{{ acmecert_missing_hostnames }}"
+
+- name: enable vhost config using acme cert
+  file:
+    src: "../sites-available/{{ dokuwiki_urls[0] }}"
+    dest: "/etc/nginx/sites-enabled/{{ dokuwiki_urls[0] }}"
+    state: link
+
+- name: make sure nginx config has been loaded
+  meta: flush_handlers
+
+- name: get certificate using acmetool
+  import_role:
+    name: acmetool/cert
+  vars:
+    acmetool_cert_name: "{{ dokuwiki_urls[0] }}"
+    acmetool_cert_hostnames: "{{ dokuwiki_urls }}"
diff --git a/ansible/roles/dokuwiki/templates/nginx.j2 b/ansible/roles/dokuwiki/templates/nginx.j2
new file mode 100644
index 0000000..2ddea1c
--- /dev/null
+++ b/ansible/roles/dokuwiki/templates/nginx.j2
@@ -0,0 +1,46 @@
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+
+    server_name {{ dokuwiki_urls | join(' ') }};
+
+    client_max_body_size 4M;
+    client_body_buffer_size 128k;
+
+    root /usr/share/dokuwiki;
+    index doku.php;
+
+    #Remember to comment the below out when you're installing, and uncomment it when done.
+    location ~ /(conf/|bin/|inc/|install.php) {
+        deny all;
+    }
+
+    #Support for X-Accel-Redirect
+    location ~ ^/data/ {
+        internal;
+    }
+
+    location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ {
+        expires 365d;
+    }
+
+    location / {
+        try_files $uri $uri/ @dokuwiki;
+    }
+
+    location @dokuwiki {
+        # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page
+        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+        rewrite ^/(.*) /doku.php?id=$1&$args last;
+    }
+
+    location ~ \.php$ {
+        try_files $uri $uri/ /doku.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param REDIRECT_STATUS 200;
+        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+    }
+}
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
index a7388c0..975d7b7 100644
--- a/ansible/roles/nginx/tasks/main.yml
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -13,6 +13,13 @@
     dest: "/etc/nginx/snippets/{{ item | basename | splitext | first }}"
   notify: reload nginx
 
+- name: set server_names_hash_bucket_size to a reasonable value
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    backrefs: yes
+    regexp: '^(\s*)#?\s*server_names_hash_bucket_size'
+    line: '\1server_names_hash_bucket_size 64;'
+
 - name: install default vhost
   template:
     src: vhosts/default.j2
-- 
1.7.10.4