diff options
Diffstat (limited to 'roles/wiki/tasks')
| -rw-r--r-- | roles/wiki/tasks/main.yml | 101 |
1 files changed, 77 insertions, 24 deletions
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 7aa4d1d..74c11f8 100644 --- a/roles/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml @@ -1,113 +1,166 @@ - name: Install ikiwiki - apt: pkg={{ item }} - with_items: + apt: pkg={{ packages }} + vars: + packages: - ikiwiki + - libauthen-passphrase-perl - highlight-common - libhighlight-perl - libimage-magick-perl + - libmail-sendmail-perl + - libnet-dns-sec-perl - fcgiwrap + - pandoc + ### + - fonts-font-awesome + - libjs-bootstrap4 + - libjs-jquery + +- name: Stop and disable fcgiwrap socket + service: name=fcgiwrap.socket state=stopped enabled=false + +- name: Stop fcgiwrap service + service: name=fcgiwrap.service state=stopped - name: Create a user 'ikiwiki' user: name=ikiwiki system=yes home=/var/lib/ikiwiki shell=/usr/sbin/nologin password=! state=present generate_ssh_key=yes ssh_key_comment=ikiwiki@{{ ansible_fqdn }} -- name: Add 'www-data' to the group 'ikiwiki' - user: name=www-data groups=ikiwiki append=yes - - name: Create directory ~ikiwiki/IkiWiki/Plugin file: path=/var/lib/ikiwiki/IkiWiki/Plugin state=directory owner=ikiwiki group=ikiwiki mode=0755 -- name: Copy isWebsite plugin - copy: src=var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm - dest=/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm +- name: Copy ikiwiki plugins + copy: src=var/lib/ikiwiki/IkiWiki/Plugin/{{ item }}.pm + dest=/var/lib/ikiwiki/IkiWiki/Plugin/{{ item }}.pm owner=root group=root mode=0644 + with_items: + - isWebsite + - pandoc notify: - Refresh ikiwiki # Add the ikiwiki git wrapper as a post-update hook in the git repos in # gitolite: "config hook.ikiwiki-wrapper = /var/lib/ikiwiki/wiki.fripost.org" # where the 'git_wrapper' can be found in # /var/lib/ikiwiki/fripost-wiki.setup # To create a new wiki: # $ /usr/bin/sudo -u ikiwiki git config --global user.name "Fripost Admins" # $ /usr/bin/sudo -u ikiwiki git config --global user.email "admin@fripost.org" # $ /usr/bin/sudo -u ikiwiki ikiwiki --setup /etc/ikiwiki/auto.setup # ## Add ikiwiki's key to gitolite -# sudo ln -s /var/lib/ikiwiki/wiki.fripost.org /var/lib/gitolite/repositories/fripost-wiki.git/hooks/post-update +# ## Create post-update hook, cf. http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ # $ /usr/bin/sudo -u ikiwiki git clone ssh://gitolite@localhost/fripost-wiki.git - name: Configure ikiwiki copy: src=var/lib/ikiwiki/fripost-wiki.setup dest=/var/lib/ikiwiki/fripost-wiki.setup owner=root group=root mode=0644 notify: - Refresh ikiwiki - name: Add fripost-wiki to /etc/ikiwiki/wikilist lineinfile: dest=/etc/ikiwiki/wikilist - "line=ikiwiki /var/lib/ikiwiki/fripost-wiki.setup" + line='ikiwiki /var/lib/ikiwiki/fripost-wiki.setup' owner=root group=root mode=0644 - meta: flush_handlers -- name: Generate a private key and a X.509 certificate for Nginx - command: genkeypair.sh x509 - --pubkey=/etc/nginx/ssl/fripost.org.pem - --privkey=/etc/nginx/ssl/fripost.org.key - --ou=WWW --cn=fripost.org --dns=fripost.org --dns=wiki.fripost.org - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 +- name: Copy ikiwiki service unit + copy: src=etc/systemd/system/ikiwiki.service + dest=/etc/systemd/system/ikiwiki.service + owner=root group=root + mode=0644 notify: - - Restart Nginx - tags: - - genkey + - systemctl daemon-reload + - Stop ikiwiki + +- name: Copy ikiwiki socket unit + copy: src=etc/systemd/system/ikiwiki.socket + dest=/etc/systemd/system/ikiwiki.socket + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + - Restart ikiwiki + +- name: Disable ikiwiki service + service: name=ikiwiki.service enabled=false + +- name: Start ikiwiki socket + service: name=ikiwiki.socket state=started enabled=true + +- meta: flush_handlers - name: Copy /etc/nginx/sites-available/{wiki,website} copy: src=etc/nginx/sites-available/{{ item }} dest=/etc/nginx/sites-available/{{ item }} owner=root group=root mode=0644 - register: r2 + register: r1 with_items: - website - wiki notify: - Restart Nginx - name: Create /etc/nginx/sites-enabled/{wiki,website} file: src=../sites-available/{{ item }} dest=/etc/nginx/sites-enabled/{{ item }} owner=root group=root state=link force=yes - register: r3 + register: r2 with_items: - website - wiki notify: - Restart Nginx +- name: Copy HPKP header snippet + # never modify the pined pubkeys as we don't want to lock out our users + template: src=etc/nginx/snippets/fripost.org.hpkp-hdr.j2 + dest=/etc/nginx/snippets/fripost.org.hpkp-hdr + validate=/bin/false + owner=root group=root + mode=0644 + register: r3 + notify: + - Restart Nginx + +- name: Start Nginx + service: name=nginx state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers + +- name: Fetch Nginx's X.509 certificate + # Ensure we don't fetch private data + become: False + fetch_cmd: cmd="openssl x509 -noout -pubkey" + stdin=/etc/nginx/ssl/www.fripost.org.pem + dest=certs/public/fripost.org.pub + tags: + - genkey + - name: Create directory /var/www/fripost.org/autoconfig/mail file: path=/var/www/fripost.org/autoconfig/mail state=directory owner=root group=root mode=0755 - name: Copy /var/www/fripost.org/autoconfig/mail/config-v1.1.xml copy: src=var/www/fripost.org/autoconfig/mail/config-v1.1.xml dest=/var/www/fripost.org/autoconfig/mail/config-v1.1.xml owner=root group=root mode=0644 |