summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--all.yml1
-rw-r--r--common.yml2
-rw-r--r--roles/common/templates/etc/iptables/services.j22
-rw-r--r--roles/wiki/files/etc/nginx/sites-available/website42
-rw-r--r--roles/wiki/files/etc/nginx/sites-available/wiki54
-rw-r--r--roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm18
-rw-r--r--roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup411
-rw-r--r--roles/wiki/handlers/main.yml7
-rw-r--r--roles/wiki/tasks/main.yml100
9 files changed, 635 insertions, 2 deletions
diff --git a/all.yml b/all.yml
index fd2ea2e..dbdc327 100644
--- a/all.yml
+++ b/all.yml
@@ -10,3 +10,4 @@
- include: webmail.yml
- include: lists.yml
- include: git.yml
+- include: wiki.yml
diff --git a/common.yml b/common.yml
index eac74aa..3eade06 100644
--- a/common.yml
+++ b/common.yml
@@ -34,7 +34,7 @@
- LDAP-provider
- name: Configure the Web servers
- hosts: webmail:lists:git
+ hosts: webmail:wiki:lists:git
gather_facts: False
tags: nginx,www,web
roles:
diff --git a/roles/common/templates/etc/iptables/services.j2 b/roles/common/templates/etc/iptables/services.j2
index 8812537..c729e1a 100644
--- a/roles/common/templates/etc/iptables/services.j2
+++ b/roles/common/templates/etc/iptables/services.j2
@@ -52,7 +52,7 @@ in tcp {{ postfix_instance.lists.port }}
{% if 'MSA' in group_names %}
in tcp 587 # SMTP-AUTH
{% endif %}
-{% if 'webmail' in group_names or 'lists' in group_names or 'website' in group_names %}
+{% if 'webmail' in group_names or 'lists' in group_names or 'wiki' in group_names %}
in tcp 80,443 # HTTP/HTTPS
{% endif %}
{% if 'webmail' in group_names and 'IMAP' not in group_names %}
diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website
new file mode 100644
index 0000000..a4abdce
--- /dev/null
+++ b/roles/wiki/files/etc/nginx/sites-available/website
@@ -0,0 +1,42 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name fripost.org;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log info;
+
+ return 301 https://$host$request_uri;
+}
+
+
+server {
+ listen 443;
+ listen [::]:443;
+
+ server_name fripost.org;
+
+ include ssl/config;
+ # include the intermediate certificate, see
+ # - https://www.ssllabs.com/ssltest/analyze.html?d=fripost.org
+ # - http://nginx.org/en/docs/http/configuring_https_servers.html
+ ssl_certificate /etc/nginx/ssl/fripost.org.chained.pem;
+ ssl_certificate_key /etc/nginx/ssl/fripost.org.key;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log info;
+
+ location / {
+ try_files $uri $uri/ =404;
+ index index.html;
+ root /var/lib/ikiwiki/public_html/fripost-wiki/website;
+ }
+ location /static/ {
+ alias /var/lib/ikiwiki/public_html/fripost-wiki/static/;
+ }
+
+ location = /ikiwiki.cgi {
+ return 403;
+ }
+}
diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki
new file mode 100644
index 0000000..304ea1a
--- /dev/null
+++ b/roles/wiki/files/etc/nginx/sites-available/wiki
@@ -0,0 +1,54 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name wiki.fripost.org;
+
+ access_log /var/log/nginx/wiki.access.log;
+ error_log /var/log/nginx/wiki.error.log info;
+
+ location / {
+ location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
+ try_files $uri $uri/ =404;
+ index index.html;
+ root /var/lib/ikiwiki/public_html/fripost-wiki;
+ }
+
+ location = /ikiwiki.cgi {
+ return 302 https://$host$request_uri;
+ }
+}
+
+
+server {
+ listen 443;
+ listen [::]:443;
+
+ server_name wiki.fripost.org;
+
+ include ssl/config;
+ # include the intermediate certificate, see
+ # - https://www.ssllabs.com/ssltest/analyze.html?d=wiki.fripost.org
+ # - http://nginx.org/en/docs/http/configuring_https_servers.html
+ ssl_certificate /etc/nginx/ssl/fripost.org.chained.pem;
+ ssl_certificate_key /etc/nginx/ssl/fripost.org.key;
+
+ access_log /var/log/nginx/wiki.access.log;
+ error_log /var/log/nginx/wiki.error.log info;
+
+ location / {
+ location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
+ try_files $uri $uri/ =404;
+ index index.html;
+ root /var/lib/ikiwiki/public_html/fripost-wiki;
+ }
+
+ location = /ikiwiki.cgi {
+ fastcgi_param DOCUMENT_ROOT /var/lib/ikiwiki/public_html/fripost-wiki;
+ fastcgi_param SCRIPT_FILENAME /var/lib/ikiwiki/public_html/ikiwiki.cgi;
+ fastcgi_index ikiwiki.cgi;
+ include fastcgi/params;
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ gzip off;
+ }
+}
diff --git a/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm b/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm
new file mode 100644
index 0000000..c602fd9
--- /dev/null
+++ b/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm
@@ -0,0 +1,18 @@
+#!/usr/bin/perl
+
+package IkiWiki::Plugin::isWebsite;
+
+use warnings;
+use strict;
+use IkiWiki 3.00;
+
+sub import {
+ hook(type => "pagetemplate", id => "isWebsite", call => \&pagetemplate);
+}
+
+sub pagetemplate (@) {
+ my %params = @_;
+ $params{template}->param(ISWEBSITE => 1) if $params{page} =~ /^website(?:\/.*)?$/;
+}
+
+1
diff --git a/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup
new file mode 100644
index 0000000..dc82e28
--- /dev/null
+++ b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup
@@ -0,0 +1,411 @@
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+#
+# Setup file for ikiwiki.
+#
+# Passing this to ikiwiki --setup will make ikiwiki generate
+# wrappers and build the wiki.
+#
+# Remember to re-run ikiwiki --setup any time you edit this file.
+#
+# name of the wiki
+wikiname: Fripost wiki
+# contact email for wiki
+adminemail: admin@fripost.org
+# users who are wiki admins
+adminuser:
+ - gustaveek
+ - Grégoire
+ - moza
+# users who are banned from the wiki
+banned_users: []
+# where the source of the wiki is located
+srcdir: /var/lib/ikiwiki/fripost-wiki
+# where to build the wiki
+destdir: /var/lib/ikiwiki/public_html/fripost-wiki
+# base url to the wiki
+url: http://wiki.fripost.org
+# url to the ikiwiki.cgi
+cgiurl: http://wiki.fripost.org/ikiwiki.cgi
+# do not adjust cgiurl if CGI is accessed via different URL
+reverse_proxy: 0
+# filename of cgi wrapper to generate
+cgi_wrapper: /var/lib/ikiwiki/public_html/ikiwiki.cgi
+# mode for cgi_wrapper (can safely be made suid)
+cgi_wrappermode: 06755
+# number of seconds to delay CGI requests when overloaded
+cgi_overload_delay: ''
+# message to display when overloaded (may contain html)
+cgi_overload_message: ''
+# enable optimization of only refreshing committed changes?
+only_committed_changes: 0
+# rcs backend to use
+rcs: git
+# plugins to add to the default configuration
+add_plugins:
+ - goodstuff
+ - websetup
+ - 404
+ - remove
+ - attachment
+ - highlight
+ - toc
+ - htmlbalance
+ ###
+ - isWebsite
+# plugins to disable
+disable_plugins:
+ - smiley
+# additional directory to search for template files
+templatedir: /usr/share/ikiwiki/templates
+# base wiki source location
+underlaydir: /usr/share/ikiwiki/basewiki
+# display verbose messages?
+#verbose: 1
+# log to syslog?
+syslog: 1
+# create output files named page/index.html?
+usedirs: 1
+# use '!'-prefixed preprocessor directives?
+prefix_directives: 1
+# use page/index.mdwn source files
+indexpages: 0
+# enable Discussion pages?
+discussion: 1
+# name of Discussion pages
+discussionpage: Discussion
+# generate HTML5?
+html5: 1
+# only send cookies over SSL connections?
+sslcookie: 1
+# extension to use for new pages
+default_pageext: mdwn
+# extension to use for html files
+htmlext: html
+# strftime format string to display date
+timeformat: '%c'
+# UTF-8 locale to use
+#locale: en_US.UTF-8
+# put user pages below specified page
+userdir: ''
+# how many backlinks to show before hiding excess (0 to show all)
+numbacklinks: 10
+# attempt to hardlink source files? (optimisation for large files)
+hardlink: 0
+# force ikiwiki to use a particular umask (keywords public, group or private, or a number)
+#umask: public
+# group for wrappers to run in
+wrappergroup: ikiwiki
+# extra library and plugin directory
+libdir: /var/lib/ikiwiki
+# environment variables
+ENV: {}
+# time zone name
+#timezone: US/Eastern
+# regexp of normally excluded files to include
+#include: ^\.htaccess$
+# regexp of files that should be skipped
+#exclude: ^(*\.private|Makefile)$
+# specifies the characters that are allowed in source filenames
+wiki_file_chars: -[:alnum:]+/.:_
+# allow symlinks in the path leading to the srcdir (potentially insecure)
+allow_symlinks_before_srcdir: 0
+# cookie control
+cookiejar:
+ file: /var/lib/ikiwiki/.ikiwiki/cookies
+# set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds
+useragent: ikiwiki/3.20141016.2
+
+######################################################################
+# core plugins
+# (editpage, git, htmlscrubber, inline, link, meta, parentlinks,
+# templatebody)
+######################################################################
+
+# git plugin
+# git hook to generate
+git_wrapper: /var/lib/ikiwiki/wiki.fripost.org
+# shell command for git_wrapper to run, in the background
+#git_wrapper_background_command: git push github
+# mode for git_wrapper (can safely be made suid)
+#git_wrappermode: 06755
+# git pre-receive hook to generate
+#git_test_receive_wrapper: /git/wiki.git/hooks/pre-receive
+# unix users whose commits should be checked by the pre-receive hook
+#untrusted_committers: []
+# gitweb url to show file history ([[file]] substituted)
+historyurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=history;f=[[file]];hb=HEAD
+# gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted)
+diffurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]
+# where to pull and push changes (set to empty string to disable)
+gitorigin_branch: origin
+# branch that the wiki is stored in
+gitmaster_branch: master
+
+# htmlscrubber plugin
+# PageSpec specifying pages not to scrub
+#htmlscrubber_skip: '!*/Discussion'
+
+# inline plugin
+# enable rss feeds by default?
+rss: 1
+# enable atom feeds by default?
+atom: 1
+# allow rss feeds to be used?
+#allowrss: 0
+# allow atom feeds to be used?
+#allowatom: 0
+# urls to ping (using XML-RPC) on feed update
+#pingurl: http://rpc.technorati.com/rpc/ping
+
+######################################################################
+# auth plugins
+# (anonok, blogspam, httpauth, lockedit, moderatedcomments,
+# opendiscussion, openid, passwordauth, signinedit)
+######################################################################
+
+# anonok plugin
+# PageSpec to limit which pages anonymous users can edit
+#anonok_pagespec: '*/discussion'
+
+# blogspam plugin
+# PageSpec of pages to check for spam
+#blogspam_pagespec: postcomment(*)
+# options to send to blogspam server
+#blogspam_options: blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10
+# blogspam server JSON url
+#blogspam_server: ''
+
+# httpauth plugin
+# url to redirect to when authentication is needed
+#cgiauthurl: http://example.com/wiki/auth/ikiwiki.cgi
+# PageSpec of pages where only httpauth will be used for authentication
+#httpauth_pagespec: '!*/Discussion'
+
+# lockedit plugin
+# PageSpec controlling which pages are locked
+locked_pages: glob(static/*) or glob(images/*) or glob(minutes/*) or glob(material/*) or glob(website/*)
+
+# moderatedcomments plugin
+# PageSpec matching users or comment locations to moderate
+#moderate_pagespec: '*'
+
+# openid plugin
+# url pattern of openid realm (default is cgiurl)
+#openid_realm: ''
+# url to ikiwiki cgi to use for openid authentication (default is cgiurl)
+#openid_cgiurl: ''
+
+# passwordauth plugin
+# a password that must be entered when signing up for an account
+#account_creation_password: s3cr1t
+# cost of generating a password using Authen::Passphrase::BlowfishCrypt
+#password_cost: 8
+
+######################################################################
+# format plugins
+# (creole, highlight, hnb, html, mdwn, otl, rawhtml, rst, textile, txt)
+######################################################################
+
+# highlight plugin
+# types of source files to syntax highlight
+tohighlight: .c .h .cpp .pl .py .sh .patch .diff Makefile:make
+# location of highlight's filetypes.conf
+#filetypes_conf: /etc/highlight/filetypes.conf
+# location of highlight's langDefs directory
+#langdefdir: /usr/share/highlight/langDefs
+
+# mdwn plugin
+# enable multimarkdown features?
+#multimarkdown: 0
+# disable use of markdown discount?
+#nodiscount: 0
+
+######################################################################
+# special-purpose plugins
+# (osm, underlay)
+######################################################################
+
+# osm plugin
+# the default zoom when you click on the map link
+#osm_default_zoom: 15
+# the icon shown on links and on the main map
+#osm_default_icon: ikiwiki/images/osm.png
+# the alt tag of links, defaults to empty
+#osm_alt: ''
+# the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated)
+#osm_format: KML
+# the icon attached to a tag, displayed on the map for tagged pages
+#osm_tag_default_icon: icon.png
+# Url for the OpenLayers.js file
+#osm_openlayers_url: http://www.openlayers.org/api/OpenLayers.js
+# Layers to use in the map. Can be either the 'OSM' string or a type option for Google maps (GoogleNormal, GoogleSatellite, GoogleHybrid or GooglePhysical). It can also be an arbitrary URL in a syntax acceptable for OpenLayers.Layer.OSM.url parameter.
+#osm_layers:
+# OSM: GoogleSatellite
+# Google maps API key, Google layer not used if missing, see https://code.google.com/apis/console/ to get an API key
+#osm_google_apikey: ''
+
+# underlay plugin
+# extra underlay directories to add
+#add_underlays:
+#- /var/lib/ikiwiki/wiki.underlay
+
+######################################################################
+# web plugins
+# (404, attachment, comments, editdiff, edittemplate, getsource, google,
+# goto, mirrorlist, remove, rename, repolist, search, theme, userlist,
+# websetup, wmd)
+######################################################################
+
+# attachment plugin
+# enhanced PageSpec specifying what attachments are allowed
+#allowed_attachments: virusfree() and mimetype(image/*) and maxsize(50kb)
+allowed_attachments: virusfree() and (mimetype(application/mbox) or mimetype(text/plain) or mimetype(text/calendar) or mimetype(text/x-patch) or mimetype(image/* )) and maxsize(512kb)
+# virus checker program (reads STDIN, returns nonzero if virus found)
+virus_checker: clamdscan -
+
+# comments plugin
+# PageSpec of pages where comments are allowed
+#comments_pagespec: blog/* and !*/Discussion
+# PageSpec of pages where posting new comments is not allowed
+#comments_closed_pagespec: blog/controversial or blog/flamewar
+# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12"
+#comments_pagename: ''
+# Interpret directives in comments?
+#comments_allowdirectives: 0
+# Allow anonymous commenters to set an author name?
+#comments_allowauthor: 0
+# commit comments to the VCS
+#comments_commit: 1
+# Restrict formats for comments to (no restriction if empty)
+#comments_allowformats: mdwn txt
+
+# getsource plugin
+# Mime type for returned source.
+#getsource_mimetype: text/plain; charset=utf-8
+
+# mirrorlist plugin
+# list of mirrors
+#mirrorlist: {}
+# generate links that point to the mirrors' ikiwiki CGI
+#mirrorlist_use_cgi: 1
+
+# repolist plugin
+# URIs of repositories containing the wiki's source
+#repositories:
+#- svn://svn.example.org/wiki/trunk
+
+# search plugin
+# path to the omega cgi program
+#omega_cgi: /usr/lib/cgi-bin/omega/omega
+# use google site search rather than internal xapian index?
+#google_search: 1
+
+# theme plugin
+# name of theme to enable
+#theme: actiontabs
+
+# websetup plugin
+# list of plugins that cannot be enabled/disabled via the web interface
+#websetup_force_plugins: []
+# list of additional setup field keys to treat as unsafe
+#websetup_unsafe: []
+# show unsafe settings, read-only, in web interface?
+#websetup_show_unsafe: 1
+
+######################################################################
+# widget plugins
+# (calendar, color, conditional, cutpaste, date, format, fortune,
+# graphviz, haiku, headinganchors, img, linkmap, listdirectives, map,
+# more, orphans, pagecount, pagestats, poll, polygen, postsparkline,
+# progress, shortcut, sparkline, table, template, teximg, toc, toggle,
+# version)
+######################################################################
+
+# calendar plugin
+# base of the archives hierarchy
+#archivebase: archives
+# PageSpec of pages to include in the archives; used by ikiwiki-calendar command
+#archive_pagespec: page(posts/*) and !*/Discussion
+
+# listdirectives plugin
+# directory in srcdir that contains directive descriptions
+#directive_description_dir: ikiwiki/directive
+
+# teximg plugin
+# Should teximg use dvipng to render, or dvips and convert?
+#teximg_dvipng: ''
+# LaTeX prefix for teximg plugin
+#teximg_prefix: '\documentclass{article}
+#
+# \usepackage[utf8]{inputenc}
+#
+# \usepackage{amsmath}
+#
+# \usepackage{amsfonts}
+#
+# \usepackage{amssymb}
+#
+# \pagestyle{empty}
+#
+# \begin{document}
+#
+#'
+# LaTeX postfix for teximg plugin
+#teximg_postfix: \end{document}
+
+######################################################################
+# other plugins
+# (aggregate, autoindex, brokenlinks, camelcase, ddate, embed, favicon,
+# filecheck, flattr, goodstuff, htmlbalance, localstyle, notifyemail,
+# pagetemplate, pingee, pinger, prettydate, recentchanges,
+# recentchangesdiff, relativedate, rsync, sidebar, smiley,
+# sortnaturally, tag, testpagespec, trail, transient)
+######################################################################
+
+# aggregate plugin
+# enable aggregation to internal pages?
+#aggregateinternal: 1
+# allow aggregation to be triggered via the web?
+#aggregate_webtrigger: 0
+
+# autoindex plugin
+# commit autocreated index pages
+#autoindex_commit: 1
+
+# camelcase plugin
+# list of words to not turn into links
+#camelcase_ignore: []
+
+# flattr plugin
+# userid or user name to use by default for Flattr buttons
+#flattr_userid: joeyh
+
+# pinger plugin
+# how many seconds to try pinging before timing out
+#pinger_timeout: 15
+
+# prettydate plugin
+# format to use to display date
+#prettydateformat: '%X, %B %o, %Y'
+
+# recentchanges plugin
+# name of the recentchanges page
+#recentchangespage: recentchanges
+# number of changes to track
+#recentchangesnum: 100
+
+# rsync plugin
+# command to run to sync updated pages
+#rsync_command: rsync -qa --delete . user@host:/path/to/docroot/
+
+# sidebar plugin
+# show sidebar page on all pages?
+#global_sidebars: 1
+
+# tag plugin
+# parent page tags are located under
+#tagbase: tag
+# autocreate new tag pages?
+#tag_autocreate: 1
+# commit autocreated tag pages
+#tag_autocreate_commit: 1
diff --git a/roles/wiki/handlers/main.yml b/roles/wiki/handlers/main.yml
new file mode 100644
index 0000000..42ae6ef
--- /dev/null
+++ b/roles/wiki/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Restart Nginx
+ service: name=nginx state=restarted
+
+- name: Refresh ikiwiki
+ sudo_user: ikiwiki
+ command: ikiwiki --setup /var/lib/ikiwiki/fripost-wiki.setup --refresh --wrappers
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
new file mode 100644
index 0000000..8622ebd
--- /dev/null
+++ b/roles/wiki/tasks/main.yml
@@ -0,0 +1,100 @@
+- name: Install ikiwiki
+ apt: pkg={{ item }}
+ with_items:
+ - ikiwiki
+ - highlight-common
+ - libhighlight-perl
+ - fcgiwrap
+
+- name: Create a user 'ikiwiki'
+ user: name=ikiwiki system=yes
+ home=/var/lib/ikiwiki
+ shell=/usr/sbin/nologin
+ password=!
+ state=present
+ generate_ssh_key=yes
+ ssh_key_comment=ikiwiki@{{ ansible_fqdn }}
+
+- name: Add 'www-data' to the group 'ikiwiki'
+ user: name=www-data groups=ikiwiki append=yes
+
+- name: Create directory ~ikiwiki/IkiWiki/Plugin
+ file: path=/var/lib/ikiwiki/IkiWiki/Plugin
+ state=directory
+ owner=ikiwiki group=ikiwiki
+ mode=0755
+
+- name: Copy isWebsite plugin
+ copy: src=var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm
+ dest=/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm
+ owner=root group=root
+ mode=0644
+ notify:
+ - Refresh ikiwiki
+
+# Add the ikiwiki git wrapper as a post-update hook in the git repos in
+# gitolite: "config hook.ikiwiki-wrapper = /var/lib/ikiwiki/wiki.fripost.org"
+# where the 'git_wrapper' can be found in
+# /var/lib/ikiwiki/fripost-wiki.setup
+
+# To create a new wiki:
+# $ /usr/bin/sudo -u ikiwiki git config --global user.name "Fripost Admins"
+# $ /usr/bin/sudo -u ikiwiki git config --global user.email "admin@fripost.org"
+# $ /usr/bin/sudo -u ikiwiki ikiwiki --setup /etc/ikiwiki/auto.setup
+# ## Add ikiwiki's key to gitolite
+# sudo ln -s /var/lib/ikiwiki/wiki.fripost.org /var/lib/gitolite/repositories/fripost-wiki.git/hooks/post-update
+# $ /usr/bin/sudo -u ikiwiki git clone ssh://gitolite@localhost/fripost-wiki.git
+
+- name: Configure ikiwiki
+ copy: src=var/lib/ikiwiki/fripost-wiki.setup
+ dest=/var/lib/ikiwiki/fripost-wiki.setup
+ owner=root group=root
+ mode=0644
+ notify:
+ - Refresh ikiwiki
+
+- name: Add fripost-wiki to /etc/ikiwiki/wikilist
+ lineinfile: dest=/etc/ikiwiki/wikilist
+ "line=ikiwiki /var/lib/ikiwiki/fripost-wiki.setup"
+ owner=root group=root
+ mode=0644
+
+- meta: flush_handlers
+
+- name: Generate a private key and a X.509 certificate for Nginx
+ command: genkeypair.sh x509
+ --pubkey=/etc/nginx/ssl/fripost.org.pem
+ --privkey=/etc/nginx/ssl/fripost.org.key
+ --ou=WWW --cn=fripost.org --dns=fripost.org --dns=wiki.fripost.org
+ -t rsa -b 4096 -h sha512
+ register: r1
+ changed_when: r1.rc == 0
+ failed_when: r1.rc > 1
+ notify:
+ - Restart Nginx
+ tags:
+ - genkey
+
+- name: Copy /etc/nginx/sites-available/{wiki,website}
+ copy: src=etc/nginx/sites-available/{{ item }}
+ dest=/etc/nginx/sites-available/{{ item }}
+ owner=root group=root
+ mode=0644
+ register: r2
+ with_items:
+ - website
+ - wiki
+ notify:
+ - Restart Nginx
+
+- name: Create /etc/nginx/sites-enabled/{wiki,website}
+ file: src=../sites-available/{{ item }}
+ dest=/etc/nginx/sites-enabled/{{ item }}
+ owner=root group=root
+ state=link force=yes
+ register: r3
+ with_items:
+ - website
+ - wiki
+ notify:
+ - Restart Nginx