add role for dokuwiki

README.md

@@ -102,6 +102,7 @@ Create `A` and `AAAA` or `CNAME` records which point to your server's IP address
 * `social.example.com` (for mastodon)
 * `comments.example.com` (for commento)
 * `iot.example.com` (for grafana)
+* `wiki.example.com` (for dokuwiki)
 
 #### Run the Ansible Playbooks
 

roles/common/tasks/apache.yml

@@ -9,6 +9,10 @@
   command: a2enmod headers creates=/etc/apache2/mods-enabled/headers.load
   notify: restart apache
 
+- name: Enable Apache rewrite module
+  command: a2enmod rewrite creates=/etc/apache2/mods-enabled/rewrite.load
+  notify: restart apache
+
 - name: Enable Apache proxy module
   command: a2enmod proxy creates=/etc/apache2/mods-enabled/proxy.load
   notify: restart apache

roles/dokuwiki/defaults/main.yml

@@ -0,0 +1,10 @@
+dokuwiki_subdomain: "wiki"
+dokuwiki_domain: "{{ dokuwiki_subdomain }}.{{ domain }}"
+
+# see https://github.com/splitbrain/dokuwiki/releases
+dokuwiki_version: "stable_2020-07-29"
+dokuwiki_release: "https://github.com/splitbrain/dokuwiki/archive/refs/tags/release_{{ dokuwiki_version }}.tar.gz"
+
+dokuwiki_admin_username: "{{ main_user_name }}"
+dokuwiki_admin_email: "{{ admin_email }}"
+dokuwiki_admin_password: "{{ lookup('password', secret + '/' + 'dokuwiki_admin_password length=32') }}"

roles/dokuwiki/files/var_www_dokuwiki_conf_acl_auth.php

@@ -0,0 +1,8 @@
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+
+*               @ALL          1
+*               @user         8

roles/dokuwiki/files/var_www_dokuwiki_htaccess

@@ -0,0 +1,43 @@
+## You should disable Indexes and MultiViews either here or in the
+## global config. Symlinks maybe needed for URL rewriting.
+#Options -Indexes -MultiViews +FollowSymLinks
+
+## make sure nobody gets the htaccess, README, COPYING or VERSION files
+<Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
+    <IfModule mod_authz_core.c>
+        Require all denied
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        Order allow,deny
+        Deny from all
+    </IfModule>
+</Files>
+
+## Don't allow access to git directories
+<IfModule alias_module>
+    RedirectMatch 404 /\.git
+</IfModule>
+
+## Uncomment these rules if you want to have nice URLs using
+## $conf['userewrite'] = 1 - not needed for rewrite mode 2
+RewriteEngine on
+
+RewriteRule ^_media/(.*)              lib/exe/fetch.php?media=$1  [QSA,L]
+RewriteRule ^_detail/(.*)             lib/exe/detail.php?media=$1  [QSA,L]
+RewriteRule ^_export/([^/]+)/(.*)     doku.php?do=export_$1&id=$2  [QSA,L]
+RewriteRule ^$                        doku.php  [L]
+RewriteCond %{REQUEST_FILENAME}       !-f
+RewriteCond %{REQUEST_FILENAME}       !-d
+RewriteRule (.*)                      doku.php?id=$1  [QSA,L]
+RewriteRule ^index.php$               doku.php
+
+## Not all installations will require the following line.  If you do,
+## change "/dokuwiki" to the path to your dokuwiki directory relative
+## to your document root.
+#RewriteBase /dokuwiki
+
+## If you enable DokuWikis XML-RPC interface, you should consider to
+## restrict access to it over HTTPS only! Uncomment the following two
+## rules if your server setup allows HTTPS.
+#RewriteCond %{HTTPS} !=on
+#RewriteRule ^lib/exe/xmlrpc.php$      https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

roles/dokuwiki/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: restart apache
+  service: name=apache2 state=restarted

roles/dokuwiki/tasks/dokuwiki.yml

@@ -0,0 +1,100 @@
+- name: Install DokuWiki dependencies
+  apt:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - php
+    - libapache2-mod-php
+  tags:
+    - dependencies
+
+- name: Create temporary DokuWiki directory
+  file: state=directory path=/root/dokuwiki
+
+- name: Download DokuWiki {{ dokuwiki_version }} release
+  get_url:
+    url="{{ dokuwiki_release }}"
+    dest=/root/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tar.gz
+
+- name: Extract DokuWiki {{ dokuwiki_version }} release
+  shell: tar xzvf /root/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tar.gz
+  args:
+    chdir: /root/dokuwiki
+    creates: /root/dokuwiki/dokuwiki-release_{{ dokuwiki_version }}
+
+- name: Copy DokuWiki to web server directory
+  shell: cp -R /root/dokuwiki/dokuwiki-release_{{ dokuwiki_version }}/. /var/www/dokuwiki/
+
+- name: Copy DokuWiki initial data to out data directory
+  shell: cp -R /var/www/dokuwiki/data/. /data/dokuwiki/
+
+- name: Ensure proper DokuWiki data directory permissions
+  file:
+    state: directory
+    path: "/data/dokuwiki"
+    owner: www-data
+    group: www-data
+    mode: 0750
+    recurse: yes
+
+- name: Ensure proper DokuWiki permissions
+  file:
+    path=/var/www/dokuwiki
+    state=directory
+    recurse=yes
+    owner=www-data
+    group=www-data
+
+- name: Add DokuWiki htaccess
+  copy:
+    src=var_www_dokuwiki_htaccess
+    dest=/var/www/dokuwiki/.htaccess
+    owner=www-data
+    group=www-data
+    mode=0644
+
+- name: Remove DokuWiki installer
+  file:
+    path=/var/www/dokuwiki/install.php
+    state=absent
+
+- name: Add initial DokuWiki ACL config
+  copy:
+    src=var_www_dokuwiki_conf_acl_auth.php
+    dest=/var/www/dokuwiki/conf/acl.auth.php
+    owner=www-data
+    group=www-data
+    mode=0644
+    force=no
+
+- name: Add initial DokuWiki config file
+  template:
+    src=var_www_dokuwiki_conf_local.j2
+    dest=/var/www/dokuwiki/conf/local.php
+    owner=www-data
+    group=www-data
+    mode=0644
+    force=no
+
+- name: Add initial DokuWiki admin user
+  template:
+    src=var_www_dokuwiki_conf_users_auth.j2
+    dest=/var/www/dokuwiki/conf/users.auth.php
+    owner=www-data
+    group=www-data
+    mode=0644
+    force=no
+
+- name: Create the Apache dokuwiki sites config files
+  template:
+    src=etc_apache2_sites-available_dokuwiki.j2
+    dest=/etc/apache2/sites-available/dokuwiki_{{ item.name }}.conf
+    owner=root
+    group=root
+  with_items: "{{ virtual_domains }}"
+
+- name: Enable Apache sites (creates new sites-enabled symlinks)
+  command: a2ensite dokuwiki_{{ item }}.conf creates=/etc/apache2/sites-enabled/dokuwiki_{{ item }}.conf
+  notify: restart apache
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"

roles/dokuwiki/tasks/main.yml

@@ -0,0 +1 @@
+- include: dokuwiki.yml tags=dokuwiki

roles/dokuwiki/templates/etc_apache2_sites-available_dokuwiki.j2

@@ -0,0 +1,22 @@
+<VirtualHost *:80>
+    ServerName {{ dokuwiki_subdomain }}.{{ item.name }}
+
+    Redirect temp / https://{{ dokuwiki_subdomain }}.{{ item.name }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ dokuwiki_subdomain }}.{{ item.name }}
+
+    SSLEngine               On
+    DocumentRoot            /var/www/dokuwiki
+    Options                 -Indexes
+    LogLevel                warn
+    ErrorLog                /var/log/apache2/dokuwiki.info-error_log
+    CustomLog               /var/log/apache2/dokuwiki.info-access_log common
+
+    <Directory /var/www/dokuwiki>
+        AllowOverride All
+        Require all granted
+        DirectoryIndex index.php
+    </Directory>
+</VirtualHost>

roles/dokuwiki/templates/var_www_dokuwiki_conf_local.j2

@@ -0,0 +1,25 @@
+<?php
+/**
+ * This is an example of how a local.php could look like.
+ * Simply copy the options you want to change from dokuwiki.php
+ * to this file and change them.
+ *
+ * When using the installer, a correct local.php file be generated for
+ * you automatically.
+ */
+
+
+$conf['title'] = '{{ domain }} Wiki';
+$conf['lang'] = 'en';
+$conf['license'] = 'cc-by-sa';
+
+$conf['savedir'] = '/data/dokuwiki';
+
+$conf['useacl'] = 1;
+$conf['superuser'] = '@admin';
+$conf['passcrypt'] = 'bcrypt';
+
+$conf['disableactions'] = 'register';
+
+$conf['userewrite'] = 1;
+$conf['useslash'] = 1;

roles/dokuwiki/templates/var_www_dokuwiki_conf_users_auth.j2

@@ -0,0 +1,11 @@
+# users.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Userfile
+#
+# Format:
+#
+# login:passwordhash:Real Name:email:groups,comma,separated
+
+{{ dokuwiki_admin_username }}:{{ dokuwiki_admin_password | password_hash('ldap_salted_md5') }}:{{ dokuwiki_admin_username }}:{{ dokuwiki_admin_email }}:admin,user

roles/sslletsencrypt/files/letsencrypt-gencert

@@ -17,7 +17,8 @@ for domain in "$@"; do
   fi
 
   # subdomains - www.foo.com mail.foo.com ...
-  for sub in eddie www mail autoconfig stats news cloud git matrix status social comments iot; do
+  # TODO includes servername (eddie / stage)!
+  for sub in stage www mail autoconfig stats news cloud git matrix status social comments iot wiki; do
     # only add if the DNS entry for the subdomain does actually exist
     if (getent hosts $sub.$domain > /dev/null); then
       if [ -z "$d" ]; then