- name: Install ikiwiki apt: pkg={{ packages }} vars: packages: - ikiwiki - libauthen-passphrase-perl - highlight-common - libhighlight-perl - libimage-magick-perl - libmail-sendmail-perl - libnet-dns-sec-perl - fcgiwrap - pandoc - name: Stop and disable fcgiwrap socket service: name=fcgiwrap.socket state=stopped enabled=false - name: Stop fcgiwrap service service: name=fcgiwrap.service state=stopped - name: Create a user 'ikiwiki' user: name=ikiwiki system=yes home=/var/lib/ikiwiki shell=/usr/sbin/nologin password=! state=present generate_ssh_key=yes ssh_key_comment=ikiwiki@{{ ansible_fqdn }} - name: Create directory ~ikiwiki/IkiWiki/Plugin file: path=/var/lib/ikiwiki/IkiWiki/Plugin state=directory owner=ikiwiki group=ikiwiki mode=0755 - name: Copy ikiwiki plugins copy: src=var/lib/ikiwiki/IkiWiki/Plugin/{{ item }}.pm dest=/var/lib/ikiwiki/IkiWiki/Plugin/{{ item }}.pm owner=root group=root mode=0644 with_items: - isWebsite - pandoc notify: - Refresh ikiwiki # Add the ikiwiki git wrapper as a post-update hook in the git repos in # gitolite: "config hook.ikiwiki-wrapper = /var/lib/ikiwiki/wiki.fripost.org" # where the 'git_wrapper' can be found in # /var/lib/ikiwiki/fripost-wiki.setup # To create a new wiki: # $ /usr/bin/sudo -u ikiwiki git config --global user.name "Fripost Admins" # $ /usr/bin/sudo -u ikiwiki git config --global user.email "admin@fripost.org" # $ /usr/bin/sudo -u ikiwiki ikiwiki --setup /etc/ikiwiki/auto.setup # ## Add ikiwiki's key to gitolite # ## Create post-update hook, cf. http://rtime.felk.cvut.cz/~sojka/blog/using-ikiwiki-with-gitolite/ # $ /usr/bin/sudo -u ikiwiki git clone ssh://gitolite@localhost/fripost-wiki.git - name: Configure ikiwiki copy: src=var/lib/ikiwiki/fripost-wiki.setup dest=/var/lib/ikiwiki/fripost-wiki.setup owner=root group=root mode=0644 notify: - Refresh ikiwiki - name: Add fripost-wiki to /etc/ikiwiki/wikilist lineinfile: dest=/etc/ikiwiki/wikilist line='ikiwiki /var/lib/ikiwiki/fripost-wiki.setup' owner=root group=root mode=0644 - meta: flush_handlers - name: Copy ikiwiki service unit copy: src=etc/systemd/system/ikiwiki.service dest=/etc/systemd/system/ikiwiki.service owner=root group=root mode=0644 notify: - systemctl daemon-reload - Stop ikiwiki - name: Copy ikiwiki socket unit copy: src=etc/systemd/system/ikiwiki.socket dest=/etc/systemd/system/ikiwiki.socket owner=root group=root mode=0644 notify: - systemctl daemon-reload - Restart ikiwiki - name: Disable ikiwiki service service: name=ikiwiki.service enabled=false - name: Start ikiwiki socket service: name=ikiwiki.socket state=started enabled=true - meta: flush_handlers - name: Copy /etc/nginx/sites-available/{wiki,website} copy: src=etc/nginx/sites-available/{{ item }} dest=/etc/nginx/sites-available/{{ item }} owner=root group=root mode=0644 register: r1 with_items: - website - wiki notify: - Restart Nginx - name: Create /etc/nginx/sites-enabled/{wiki,website} file: src=../sites-available/{{ item }} dest=/etc/nginx/sites-enabled/{{ item }} owner=root group=root state=link force=yes register: r2 with_items: - website - wiki notify: - Restart Nginx - name: Copy HPKP header snippet # never modify the pined pubkeys as we don't want to lock out our users template: src=etc/nginx/snippets/fripost.org.hpkp-hdr.j2 dest=/etc/nginx/snippets/fripost.org.hpkp-hdr validate=/bin/false owner=root group=root mode=0644 register: r3 notify: - Restart Nginx - name: Start Nginx service: name=nginx state=started when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers - name: Fetch Nginx's X.509 certificate # Ensure we don't fetch private data become: False fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/nginx/ssl/www.fripost.org.pem dest=certs/public/fripost.org.pub tags: - genkey - name: Create directory /var/www/fripost.org/autoconfig/mail file: path=/var/www/fripost.org/autoconfig/mail state=directory owner=root group=root mode=0755 - name: Copy /var/www/fripost.org/autoconfig/mail/config-v1.1.xml copy: src=var/www/fripost.org/autoconfig/mail/config-v1.1.xml dest=/var/www/fripost.org/autoconfig/mail/config-v1.1.xml owner=root group=root mode=0644