From af8880f3a3281612340ec3d38e823684d9af5baa Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 16 May 2020 23:35:25 +0200 Subject: wiki/website: harden config and port to Debian 10. --- roles/wiki/tasks/main.yml | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) (limited to 'roles/wiki/tasks/main.yml') diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 718b433..9d436a9 100644 --- a/roles/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml @@ -12,6 +12,12 @@ - fcgiwrap - pandoc +- name: Stop and disable fcgiwrap socket + service: name=fcgiwrap.socket state=stopped enabled=false + +- name: Stop fcgiwrap service + service: name=fcgiwrap.service state=stopped + - name: Create a user 'ikiwiki' user: name=ikiwiki system=yes home=/var/lib/ikiwiki @@ -21,9 +27,6 @@ generate_ssh_key=yes ssh_key_comment=ikiwiki@{{ ansible_fqdn }} -- name: Add 'www-data' to the group 'ikiwiki' - user: name=www-data groups=ikiwiki append=yes - - name: Create directory ~ikiwiki/IkiWiki/Plugin file: path=/var/lib/ikiwiki/IkiWiki/Plugin state=directory @@ -70,6 +73,32 @@ - meta: flush_handlers +- name: Copy ikiwiki service unit + copy: src=etc/systemd/system/ikiwiki.service + dest=/etc/systemd/system/ikiwiki.service + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + - Stop ikiwiki + +- name: Copy ikiwiki socket unit + copy: src=etc/systemd/system/ikiwiki.socket + dest=/etc/systemd/system/ikiwiki.socket + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + - Restart ikiwiki + +- name: Disable ikiwiki service + service: name=ikiwiki.service enabled=false + +- name: Start ikiwiki socket + service: name=ikiwiki.socket state=started enabled=true + +- meta: flush_handlers + - name: Copy /etc/nginx/sites-available/{wiki,website} copy: src=etc/nginx/sites-available/{{ item }} dest=/etc/nginx/sites-available/{{ item }} -- cgit v1.2.3