From acb068b4a5af0654d21c2830655b7c6156a2b845 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 31 May 2015 23:10:53 +0200 Subject: Configure ikiwiki (website + wiki). --- roles/wiki/files/etc/nginx/sites-available/website | 42 +++ roles/wiki/files/etc/nginx/sites-available/wiki | 54 +++ .../var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm | 18 + .../wiki/files/var/lib/ikiwiki/fripost-wiki.setup | 411 +++++++++++++++++++++ roles/wiki/handlers/main.yml | 7 + roles/wiki/tasks/main.yml | 100 +++++ 6 files changed, 632 insertions(+) create mode 100644 roles/wiki/files/etc/nginx/sites-available/website create mode 100644 roles/wiki/files/etc/nginx/sites-available/wiki create mode 100644 roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm create mode 100644 roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup create mode 100644 roles/wiki/handlers/main.yml create mode 100644 roles/wiki/tasks/main.yml (limited to 'roles/wiki') diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website new file mode 100644 index 0000000..a4abdce --- /dev/null +++ b/roles/wiki/files/etc/nginx/sites-available/website @@ -0,0 +1,42 @@ +server { + listen 80; + listen [::]:80; + + server_name fripost.org; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log info; + + return 301 https://$host$request_uri; +} + + +server { + listen 443; + listen [::]:443; + + server_name fripost.org; + + include ssl/config; + # include the intermediate certificate, see + # - https://www.ssllabs.com/ssltest/analyze.html?d=fripost.org + # - http://nginx.org/en/docs/http/configuring_https_servers.html + ssl_certificate /etc/nginx/ssl/fripost.org.chained.pem; + ssl_certificate_key /etc/nginx/ssl/fripost.org.key; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log info; + + location / { + try_files $uri $uri/ =404; + index index.html; + root /var/lib/ikiwiki/public_html/fripost-wiki/website; + } + location /static/ { + alias /var/lib/ikiwiki/public_html/fripost-wiki/static/; + } + + location = /ikiwiki.cgi { + return 403; + } +} diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki new file mode 100644 index 0000000..304ea1a --- /dev/null +++ b/roles/wiki/files/etc/nginx/sites-available/wiki @@ -0,0 +1,54 @@ +server { + listen 80; + listen [::]:80; + + server_name wiki.fripost.org; + + access_log /var/log/nginx/wiki.access.log; + error_log /var/log/nginx/wiki.error.log info; + + location / { + location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } + try_files $uri $uri/ =404; + index index.html; + root /var/lib/ikiwiki/public_html/fripost-wiki; + } + + location = /ikiwiki.cgi { + return 302 https://$host$request_uri; + } +} + + +server { + listen 443; + listen [::]:443; + + server_name wiki.fripost.org; + + include ssl/config; + # include the intermediate certificate, see + # - https://www.ssllabs.com/ssltest/analyze.html?d=wiki.fripost.org + # - http://nginx.org/en/docs/http/configuring_https_servers.html + ssl_certificate /etc/nginx/ssl/fripost.org.chained.pem; + ssl_certificate_key /etc/nginx/ssl/fripost.org.key; + + access_log /var/log/nginx/wiki.access.log; + error_log /var/log/nginx/wiki.error.log info; + + location / { + location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } + try_files $uri $uri/ =404; + index index.html; + root /var/lib/ikiwiki/public_html/fripost-wiki; + } + + location = /ikiwiki.cgi { + fastcgi_param DOCUMENT_ROOT /var/lib/ikiwiki/public_html/fripost-wiki; + fastcgi_param SCRIPT_FILENAME /var/lib/ikiwiki/public_html/ikiwiki.cgi; + fastcgi_index ikiwiki.cgi; + include fastcgi/params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + gzip off; + } +} diff --git a/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm b/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm new file mode 100644 index 0000000..c602fd9 --- /dev/null +++ b/roles/wiki/files/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm @@ -0,0 +1,18 @@ +#!/usr/bin/perl + +package IkiWiki::Plugin::isWebsite; + +use warnings; +use strict; +use IkiWiki 3.00; + +sub import { + hook(type => "pagetemplate", id => "isWebsite", call => \&pagetemplate); +} + +sub pagetemplate (@) { + my %params = @_; + $params{template}->param(ISWEBSITE => 1) if $params{page} =~ /^website(?:\/.*)?$/; +} + +1 diff --git a/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup new file mode 100644 index 0000000..dc82e28 --- /dev/null +++ b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup @@ -0,0 +1,411 @@ +# IkiWiki::Setup::Yaml - YAML formatted setup file +# +# Setup file for ikiwiki. +# +# Passing this to ikiwiki --setup will make ikiwiki generate +# wrappers and build the wiki. +# +# Remember to re-run ikiwiki --setup any time you edit this file. +# +# name of the wiki +wikiname: Fripost wiki +# contact email for wiki +adminemail: admin@fripost.org +# users who are wiki admins +adminuser: + - gustaveek + - Grégoire + - moza +# users who are banned from the wiki +banned_users: [] +# where the source of the wiki is located +srcdir: /var/lib/ikiwiki/fripost-wiki +# where to build the wiki +destdir: /var/lib/ikiwiki/public_html/fripost-wiki +# base url to the wiki +url: http://wiki.fripost.org +# url to the ikiwiki.cgi +cgiurl: http://wiki.fripost.org/ikiwiki.cgi +# do not adjust cgiurl if CGI is accessed via different URL +reverse_proxy: 0 +# filename of cgi wrapper to generate +cgi_wrapper: /var/lib/ikiwiki/public_html/ikiwiki.cgi +# mode for cgi_wrapper (can safely be made suid) +cgi_wrappermode: 06755 +# number of seconds to delay CGI requests when overloaded +cgi_overload_delay: '' +# message to display when overloaded (may contain html) +cgi_overload_message: '' +# enable optimization of only refreshing committed changes? +only_committed_changes: 0 +# rcs backend to use +rcs: git +# plugins to add to the default configuration +add_plugins: + - goodstuff + - websetup + - 404 + - remove + - attachment + - highlight + - toc + - htmlbalance + ### + - isWebsite +# plugins to disable +disable_plugins: + - smiley +# additional directory to search for template files +templatedir: /usr/share/ikiwiki/templates +# base wiki source location +underlaydir: /usr/share/ikiwiki/basewiki +# display verbose messages? +#verbose: 1 +# log to syslog? +syslog: 1 +# create output files named page/index.html? +usedirs: 1 +# use '!'-prefixed preprocessor directives? +prefix_directives: 1 +# use page/index.mdwn source files +indexpages: 0 +# enable Discussion pages? +discussion: 1 +# name of Discussion pages +discussionpage: Discussion +# generate HTML5? +html5: 1 +# only send cookies over SSL connections? +sslcookie: 1 +# extension to use for new pages +default_pageext: mdwn +# extension to use for html files +htmlext: html +# strftime format string to display date +timeformat: '%c' +# UTF-8 locale to use +#locale: en_US.UTF-8 +# put user pages below specified page +userdir: '' +# how many backlinks to show before hiding excess (0 to show all) +numbacklinks: 10 +# attempt to hardlink source files? (optimisation for large files) +hardlink: 0 +# force ikiwiki to use a particular umask (keywords public, group or private, or a number) +#umask: public +# group for wrappers to run in +wrappergroup: ikiwiki +# extra library and plugin directory +libdir: /var/lib/ikiwiki +# environment variables +ENV: {} +# time zone name +#timezone: US/Eastern +# regexp of normally excluded files to include +#include: ^\.htaccess$ +# regexp of files that should be skipped +#exclude: ^(*\.private|Makefile)$ +# specifies the characters that are allowed in source filenames +wiki_file_chars: -[:alnum:]+/.:_ +# allow symlinks in the path leading to the srcdir (potentially insecure) +allow_symlinks_before_srcdir: 0 +# cookie control +cookiejar: + file: /var/lib/ikiwiki/.ikiwiki/cookies +# set custom user agent string for outbound HTTP requests e.g. when fetching aggregated RSS feeds +useragent: ikiwiki/3.20141016.2 + +###################################################################### +# core plugins +# (editpage, git, htmlscrubber, inline, link, meta, parentlinks, +# templatebody) +###################################################################### + +# git plugin +# git hook to generate +git_wrapper: /var/lib/ikiwiki/wiki.fripost.org +# shell command for git_wrapper to run, in the background +#git_wrapper_background_command: git push github +# mode for git_wrapper (can safely be made suid) +#git_wrappermode: 06755 +# git pre-receive hook to generate +#git_test_receive_wrapper: /git/wiki.git/hooks/pre-receive +# unix users whose commits should be checked by the pre-receive hook +#untrusted_committers: [] +# gitweb url to show file history ([[file]] substituted) +historyurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=history;f=[[file]];hb=HEAD +# gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted) +diffurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]] +# where to pull and push changes (set to empty string to disable) +gitorigin_branch: origin +# branch that the wiki is stored in +gitmaster_branch: master + +# htmlscrubber plugin +# PageSpec specifying pages not to scrub +#htmlscrubber_skip: '!*/Discussion' + +# inline plugin +# enable rss feeds by default? +rss: 1 +# enable atom feeds by default? +atom: 1 +# allow rss feeds to be used? +#allowrss: 0 +# allow atom feeds to be used? +#allowatom: 0 +# urls to ping (using XML-RPC) on feed update +#pingurl: http://rpc.technorati.com/rpc/ping + +###################################################################### +# auth plugins +# (anonok, blogspam, httpauth, lockedit, moderatedcomments, +# opendiscussion, openid, passwordauth, signinedit) +###################################################################### + +# anonok plugin +# PageSpec to limit which pages anonymous users can edit +#anonok_pagespec: '*/discussion' + +# blogspam plugin +# PageSpec of pages to check for spam +#blogspam_pagespec: postcomment(*) +# options to send to blogspam server +#blogspam_options: blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10 +# blogspam server JSON url +#blogspam_server: '' + +# httpauth plugin +# url to redirect to when authentication is needed +#cgiauthurl: http://example.com/wiki/auth/ikiwiki.cgi +# PageSpec of pages where only httpauth will be used for authentication +#httpauth_pagespec: '!*/Discussion' + +# lockedit plugin +# PageSpec controlling which pages are locked +locked_pages: glob(static/*) or glob(images/*) or glob(minutes/*) or glob(material/*) or glob(website/*) + +# moderatedcomments plugin +# PageSpec matching users or comment locations to moderate +#moderate_pagespec: '*' + +# openid plugin +# url pattern of openid realm (default is cgiurl) +#openid_realm: '' +# url to ikiwiki cgi to use for openid authentication (default is cgiurl) +#openid_cgiurl: '' + +# passwordauth plugin +# a password that must be entered when signing up for an account +#account_creation_password: s3cr1t +# cost of generating a password using Authen::Passphrase::BlowfishCrypt +#password_cost: 8 + +###################################################################### +# format plugins +# (creole, highlight, hnb, html, mdwn, otl, rawhtml, rst, textile, txt) +###################################################################### + +# highlight plugin +# types of source files to syntax highlight +tohighlight: .c .h .cpp .pl .py .sh .patch .diff Makefile:make +# location of highlight's filetypes.conf +#filetypes_conf: /etc/highlight/filetypes.conf +# location of highlight's langDefs directory +#langdefdir: /usr/share/highlight/langDefs + +# mdwn plugin +# enable multimarkdown features? +#multimarkdown: 0 +# disable use of markdown discount? +#nodiscount: 0 + +###################################################################### +# special-purpose plugins +# (osm, underlay) +###################################################################### + +# osm plugin +# the default zoom when you click on the map link +#osm_default_zoom: 15 +# the icon shown on links and on the main map +#osm_default_icon: ikiwiki/images/osm.png +# the alt tag of links, defaults to empty +#osm_alt: '' +# the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated) +#osm_format: KML +# the icon attached to a tag, displayed on the map for tagged pages +#osm_tag_default_icon: icon.png +# Url for the OpenLayers.js file +#osm_openlayers_url: http://www.openlayers.org/api/OpenLayers.js +# Layers to use in the map. Can be either the 'OSM' string or a type option for Google maps (GoogleNormal, GoogleSatellite, GoogleHybrid or GooglePhysical). It can also be an arbitrary URL in a syntax acceptable for OpenLayers.Layer.OSM.url parameter. +#osm_layers: +# OSM: GoogleSatellite +# Google maps API key, Google layer not used if missing, see https://code.google.com/apis/console/ to get an API key +#osm_google_apikey: '' + +# underlay plugin +# extra underlay directories to add +#add_underlays: +#- /var/lib/ikiwiki/wiki.underlay + +###################################################################### +# web plugins +# (404, attachment, comments, editdiff, edittemplate, getsource, google, +# goto, mirrorlist, remove, rename, repolist, search, theme, userlist, +# websetup, wmd) +###################################################################### + +# attachment plugin +# enhanced PageSpec specifying what attachments are allowed +#allowed_attachments: virusfree() and mimetype(image/*) and maxsize(50kb) +allowed_attachments: virusfree() and (mimetype(application/mbox) or mimetype(text/plain) or mimetype(text/calendar) or mimetype(text/x-patch) or mimetype(image/* )) and maxsize(512kb) +# virus checker program (reads STDIN, returns nonzero if virus found) +virus_checker: clamdscan - + +# comments plugin +# PageSpec of pages where comments are allowed +#comments_pagespec: blog/* and !*/Discussion +# PageSpec of pages where posting new comments is not allowed +#comments_closed_pagespec: blog/controversial or blog/flamewar +# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12" +#comments_pagename: '' +# Interpret directives in comments? +#comments_allowdirectives: 0 +# Allow anonymous commenters to set an author name? +#comments_allowauthor: 0 +# commit comments to the VCS +#comments_commit: 1 +# Restrict formats for comments to (no restriction if empty) +#comments_allowformats: mdwn txt + +# getsource plugin +# Mime type for returned source. +#getsource_mimetype: text/plain; charset=utf-8 + +# mirrorlist plugin +# list of mirrors +#mirrorlist: {} +# generate links that point to the mirrors' ikiwiki CGI +#mirrorlist_use_cgi: 1 + +# repolist plugin +# URIs of repositories containing the wiki's source +#repositories: +#- svn://svn.example.org/wiki/trunk + +# search plugin +# path to the omega cgi program +#omega_cgi: /usr/lib/cgi-bin/omega/omega +# use google site search rather than internal xapian index? +#google_search: 1 + +# theme plugin +# name of theme to enable +#theme: actiontabs + +# websetup plugin +# list of plugins that cannot be enabled/disabled via the web interface +#websetup_force_plugins: [] +# list of additional setup field keys to treat as unsafe +#websetup_unsafe: [] +# show unsafe settings, read-only, in web interface? +#websetup_show_unsafe: 1 + +###################################################################### +# widget plugins +# (calendar, color, conditional, cutpaste, date, format, fortune, +# graphviz, haiku, headinganchors, img, linkmap, listdirectives, map, +# more, orphans, pagecount, pagestats, poll, polygen, postsparkline, +# progress, shortcut, sparkline, table, template, teximg, toc, toggle, +# version) +###################################################################### + +# calendar plugin +# base of the archives hierarchy +#archivebase: archives +# PageSpec of pages to include in the archives; used by ikiwiki-calendar command +#archive_pagespec: page(posts/*) and !*/Discussion + +# listdirectives plugin +# directory in srcdir that contains directive descriptions +#directive_description_dir: ikiwiki/directive + +# teximg plugin +# Should teximg use dvipng to render, or dvips and convert? +#teximg_dvipng: '' +# LaTeX prefix for teximg plugin +#teximg_prefix: '\documentclass{article} +# +# \usepackage[utf8]{inputenc} +# +# \usepackage{amsmath} +# +# \usepackage{amsfonts} +# +# \usepackage{amssymb} +# +# \pagestyle{empty} +# +# \begin{document} +# +#' +# LaTeX postfix for teximg plugin +#teximg_postfix: \end{document} + +###################################################################### +# other plugins +# (aggregate, autoindex, brokenlinks, camelcase, ddate, embed, favicon, +# filecheck, flattr, goodstuff, htmlbalance, localstyle, notifyemail, +# pagetemplate, pingee, pinger, prettydate, recentchanges, +# recentchangesdiff, relativedate, rsync, sidebar, smiley, +# sortnaturally, tag, testpagespec, trail, transient) +###################################################################### + +# aggregate plugin +# enable aggregation to internal pages? +#aggregateinternal: 1 +# allow aggregation to be triggered via the web? +#aggregate_webtrigger: 0 + +# autoindex plugin +# commit autocreated index pages +#autoindex_commit: 1 + +# camelcase plugin +# list of words to not turn into links +#camelcase_ignore: [] + +# flattr plugin +# userid or user name to use by default for Flattr buttons +#flattr_userid: joeyh + +# pinger plugin +# how many seconds to try pinging before timing out +#pinger_timeout: 15 + +# prettydate plugin +# format to use to display date +#prettydateformat: '%X, %B %o, %Y' + +# recentchanges plugin +# name of the recentchanges page +#recentchangespage: recentchanges +# number of changes to track +#recentchangesnum: 100 + +# rsync plugin +# command to run to sync updated pages +#rsync_command: rsync -qa --delete . user@host:/path/to/docroot/ + +# sidebar plugin +# show sidebar page on all pages? +#global_sidebars: 1 + +# tag plugin +# parent page tags are located under +#tagbase: tag +# autocreate new tag pages? +#tag_autocreate: 1 +# commit autocreated tag pages +#tag_autocreate_commit: 1 diff --git a/roles/wiki/handlers/main.yml b/roles/wiki/handlers/main.yml new file mode 100644 index 0000000..42ae6ef --- /dev/null +++ b/roles/wiki/handlers/main.yml @@ -0,0 +1,7 @@ +--- +- name: Restart Nginx + service: name=nginx state=restarted + +- name: Refresh ikiwiki + sudo_user: ikiwiki + command: ikiwiki --setup /var/lib/ikiwiki/fripost-wiki.setup --refresh --wrappers diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml new file mode 100644 index 0000000..8622ebd --- /dev/null +++ b/roles/wiki/tasks/main.yml @@ -0,0 +1,100 @@ +- name: Install ikiwiki + apt: pkg={{ item }} + with_items: + - ikiwiki + - highlight-common + - libhighlight-perl + - fcgiwrap + +- name: Create a user 'ikiwiki' + user: name=ikiwiki system=yes + home=/var/lib/ikiwiki + shell=/usr/sbin/nologin + password=! + state=present + generate_ssh_key=yes + ssh_key_comment=ikiwiki@{{ ansible_fqdn }} + +- name: Add 'www-data' to the group 'ikiwiki' + user: name=www-data groups=ikiwiki append=yes + +- name: Create directory ~ikiwiki/IkiWiki/Plugin + file: path=/var/lib/ikiwiki/IkiWiki/Plugin + state=directory + owner=ikiwiki group=ikiwiki + mode=0755 + +- name: Copy isWebsite plugin + copy: src=var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm + dest=/var/lib/ikiwiki/IkiWiki/Plugin/isWebsite.pm + owner=root group=root + mode=0644 + notify: + - Refresh ikiwiki + +# Add the ikiwiki git wrapper as a post-update hook in the git repos in +# gitolite: "config hook.ikiwiki-wrapper = /var/lib/ikiwiki/wiki.fripost.org" +# where the 'git_wrapper' can be found in +# /var/lib/ikiwiki/fripost-wiki.setup + +# To create a new wiki: +# $ /usr/bin/sudo -u ikiwiki git config --global user.name "Fripost Admins" +# $ /usr/bin/sudo -u ikiwiki git config --global user.email "admin@fripost.org" +# $ /usr/bin/sudo -u ikiwiki ikiwiki --setup /etc/ikiwiki/auto.setup +# ## Add ikiwiki's key to gitolite +# sudo ln -s /var/lib/ikiwiki/wiki.fripost.org /var/lib/gitolite/repositories/fripost-wiki.git/hooks/post-update +# $ /usr/bin/sudo -u ikiwiki git clone ssh://gitolite@localhost/fripost-wiki.git + +- name: Configure ikiwiki + copy: src=var/lib/ikiwiki/fripost-wiki.setup + dest=/var/lib/ikiwiki/fripost-wiki.setup + owner=root group=root + mode=0644 + notify: + - Refresh ikiwiki + +- name: Add fripost-wiki to /etc/ikiwiki/wikilist + lineinfile: dest=/etc/ikiwiki/wikilist + "line=ikiwiki /var/lib/ikiwiki/fripost-wiki.setup" + owner=root group=root + mode=0644 + +- meta: flush_handlers + +- name: Generate a private key and a X.509 certificate for Nginx + command: genkeypair.sh x509 + --pubkey=/etc/nginx/ssl/fripost.org.pem + --privkey=/etc/nginx/ssl/fripost.org.key + --ou=WWW --cn=fripost.org --dns=fripost.org --dns=wiki.fripost.org + -t rsa -b 4096 -h sha512 + register: r1 + changed_when: r1.rc == 0 + failed_when: r1.rc > 1 + notify: + - Restart Nginx + tags: + - genkey + +- name: Copy /etc/nginx/sites-available/{wiki,website} + copy: src=etc/nginx/sites-available/{{ item }} + dest=/etc/nginx/sites-available/{{ item }} + owner=root group=root + mode=0644 + register: r2 + with_items: + - website + - wiki + notify: + - Restart Nginx + +- name: Create /etc/nginx/sites-enabled/{wiki,website} + file: src=../sites-available/{{ item }} + dest=/etc/nginx/sites-enabled/{{ item }} + owner=root group=root + state=link force=yes + register: r3 + with_items: + - website + - wiki + notify: + - Restart Nginx -- cgit v1.2.3