Browse Source

add role for dokuwiki

Thomas Buck 3 years ago
parent
commit
426c2f2186

+ 1
- 0
README.md View File

@@ -102,6 +102,7 @@ Create `A` and `AAAA` or `CNAME` records which point to your server's IP address
102 102
 * `social.example.com` (for mastodon)
103 103
 * `comments.example.com` (for commento)
104 104
 * `iot.example.com` (for grafana)
105
+* `wiki.example.com` (for dokuwiki)
105 106
 
106 107
 #### Run the Ansible Playbooks
107 108
 

+ 4
- 0
roles/common/tasks/apache.yml View File

@@ -9,6 +9,10 @@
9 9
   command: a2enmod headers creates=/etc/apache2/mods-enabled/headers.load
10 10
   notify: restart apache
11 11
 
12
+- name: Enable Apache rewrite module
13
+  command: a2enmod rewrite creates=/etc/apache2/mods-enabled/rewrite.load
14
+  notify: restart apache
15
+
12 16
 - name: Enable Apache proxy module
13 17
   command: a2enmod proxy creates=/etc/apache2/mods-enabled/proxy.load
14 18
   notify: restart apache

+ 10
- 0
roles/dokuwiki/defaults/main.yml View File

@@ -0,0 +1,10 @@
1
+dokuwiki_subdomain: "wiki"
2
+dokuwiki_domain: "{{ dokuwiki_subdomain }}.{{ domain }}"
3
+
4
+# see https://github.com/splitbrain/dokuwiki/releases
5
+dokuwiki_version: "stable_2020-07-29"
6
+dokuwiki_release: "https://github.com/splitbrain/dokuwiki/archive/refs/tags/release_{{ dokuwiki_version }}.tar.gz"
7
+
8
+dokuwiki_admin_username: "{{ main_user_name }}"
9
+dokuwiki_admin_email: "{{ admin_email }}"
10
+dokuwiki_admin_password: "{{ lookup('password', secret + '/' + 'dokuwiki_admin_password length=32') }}"

+ 8
- 0
roles/dokuwiki/files/var_www_dokuwiki_conf_acl_auth.php View File

@@ -0,0 +1,8 @@
1
+# acl.auth.php
2
+# <?php exit()?>
3
+# Don't modify the lines above
4
+#
5
+# Access Control Lists
6
+
7
+*               @ALL          1
8
+*               @user         8

+ 43
- 0
roles/dokuwiki/files/var_www_dokuwiki_htaccess View File

@@ -0,0 +1,43 @@
1
+## You should disable Indexes and MultiViews either here or in the
2
+## global config. Symlinks maybe needed for URL rewriting.
3
+#Options -Indexes -MultiViews +FollowSymLinks
4
+
5
+## make sure nobody gets the htaccess, README, COPYING or VERSION files
6
+<Files ~ "^([\._]ht|README$|VERSION$|COPYING$)">
7
+    <IfModule mod_authz_core.c>
8
+        Require all denied
9
+    </IfModule>
10
+    <IfModule !mod_authz_core.c>
11
+        Order allow,deny
12
+        Deny from all
13
+    </IfModule>
14
+</Files>
15
+
16
+## Don't allow access to git directories
17
+<IfModule alias_module>
18
+    RedirectMatch 404 /\.git
19
+</IfModule>
20
+
21
+## Uncomment these rules if you want to have nice URLs using
22
+## $conf['userewrite'] = 1 - not needed for rewrite mode 2
23
+RewriteEngine on
24
+
25
+RewriteRule ^_media/(.*)              lib/exe/fetch.php?media=$1  [QSA,L]
26
+RewriteRule ^_detail/(.*)             lib/exe/detail.php?media=$1  [QSA,L]
27
+RewriteRule ^_export/([^/]+)/(.*)     doku.php?do=export_$1&id=$2  [QSA,L]
28
+RewriteRule ^$                        doku.php  [L]
29
+RewriteCond %{REQUEST_FILENAME}       !-f
30
+RewriteCond %{REQUEST_FILENAME}       !-d
31
+RewriteRule (.*)                      doku.php?id=$1  [QSA,L]
32
+RewriteRule ^index.php$               doku.php
33
+
34
+## Not all installations will require the following line.  If you do,
35
+## change "/dokuwiki" to the path to your dokuwiki directory relative
36
+## to your document root.
37
+#RewriteBase /dokuwiki
38
+
39
+## If you enable DokuWikis XML-RPC interface, you should consider to
40
+## restrict access to it over HTTPS only! Uncomment the following two
41
+## rules if your server setup allows HTTPS.
42
+#RewriteCond %{HTTPS} !=on
43
+#RewriteRule ^lib/exe/xmlrpc.php$      https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

+ 2
- 0
roles/dokuwiki/handlers/main.yml View File

@@ -0,0 +1,2 @@
1
+- name: restart apache
2
+  service: name=apache2 state=restarted

+ 100
- 0
roles/dokuwiki/tasks/dokuwiki.yml View File

@@ -0,0 +1,100 @@
1
+- name: Install DokuWiki dependencies
2
+  apt:
3
+    name: "{{ packages }}"
4
+    state: present
5
+  vars:
6
+    packages:
7
+    - php
8
+    - libapache2-mod-php
9
+  tags:
10
+    - dependencies
11
+
12
+- name: Create temporary DokuWiki directory
13
+  file: state=directory path=/root/dokuwiki
14
+
15
+- name: Download DokuWiki {{ dokuwiki_version }} release
16
+  get_url:
17
+    url="{{ dokuwiki_release }}"
18
+    dest=/root/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tar.gz
19
+
20
+- name: Extract DokuWiki {{ dokuwiki_version }} release
21
+  shell: tar xzvf /root/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tar.gz
22
+  args:
23
+    chdir: /root/dokuwiki
24
+    creates: /root/dokuwiki/dokuwiki-release_{{ dokuwiki_version }}
25
+
26
+- name: Copy DokuWiki to web server directory
27
+  shell: cp -R /root/dokuwiki/dokuwiki-release_{{ dokuwiki_version }}/. /var/www/dokuwiki/
28
+
29
+- name: Copy DokuWiki initial data to out data directory
30
+  shell: cp -R /var/www/dokuwiki/data/. /data/dokuwiki/
31
+
32
+- name: Ensure proper DokuWiki data directory permissions
33
+  file:
34
+    state: directory
35
+    path: "/data/dokuwiki"
36
+    owner: www-data
37
+    group: www-data
38
+    mode: 0750
39
+    recurse: yes
40
+
41
+- name: Ensure proper DokuWiki permissions
42
+  file:
43
+    path=/var/www/dokuwiki
44
+    state=directory
45
+    recurse=yes
46
+    owner=www-data
47
+    group=www-data
48
+
49
+- name: Add DokuWiki htaccess
50
+  copy:
51
+    src=var_www_dokuwiki_htaccess
52
+    dest=/var/www/dokuwiki/.htaccess
53
+    owner=www-data
54
+    group=www-data
55
+    mode=0644
56
+
57
+- name: Remove DokuWiki installer
58
+  file:
59
+    path=/var/www/dokuwiki/install.php
60
+    state=absent
61
+
62
+- name: Add initial DokuWiki ACL config
63
+  copy:
64
+    src=var_www_dokuwiki_conf_acl_auth.php
65
+    dest=/var/www/dokuwiki/conf/acl.auth.php
66
+    owner=www-data
67
+    group=www-data
68
+    mode=0644
69
+    force=no
70
+
71
+- name: Add initial DokuWiki config file
72
+  template:
73
+    src=var_www_dokuwiki_conf_local.j2
74
+    dest=/var/www/dokuwiki/conf/local.php
75
+    owner=www-data
76
+    group=www-data
77
+    mode=0644
78
+    force=no
79
+
80
+- name: Add initial DokuWiki admin user
81
+  template:
82
+    src=var_www_dokuwiki_conf_users_auth.j2
83
+    dest=/var/www/dokuwiki/conf/users.auth.php
84
+    owner=www-data
85
+    group=www-data
86
+    mode=0644
87
+    force=no
88
+
89
+- name: Create the Apache dokuwiki sites config files
90
+  template:
91
+    src=etc_apache2_sites-available_dokuwiki.j2
92
+    dest=/etc/apache2/sites-available/dokuwiki_{{ item.name }}.conf
93
+    owner=root
94
+    group=root
95
+  with_items: "{{ virtual_domains }}"
96
+
97
+- name: Enable Apache sites (creates new sites-enabled symlinks)
98
+  command: a2ensite dokuwiki_{{ item }}.conf creates=/etc/apache2/sites-enabled/dokuwiki_{{ item }}.conf
99
+  notify: restart apache
100
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"

+ 1
- 0
roles/dokuwiki/tasks/main.yml View File

@@ -0,0 +1 @@
1
+- include: dokuwiki.yml tags=dokuwiki

+ 22
- 0
roles/dokuwiki/templates/etc_apache2_sites-available_dokuwiki.j2 View File

@@ -0,0 +1,22 @@
1
+<VirtualHost *:80>
2
+    ServerName {{ dokuwiki_subdomain }}.{{ item.name }}
3
+
4
+    Redirect temp / https://{{ dokuwiki_subdomain }}.{{ item.name }}/
5
+</VirtualHost>
6
+
7
+<VirtualHost *:443>
8
+    ServerName {{ dokuwiki_subdomain }}.{{ item.name }}
9
+
10
+    SSLEngine               On
11
+    DocumentRoot            /var/www/dokuwiki
12
+    Options                 -Indexes
13
+    LogLevel                warn
14
+    ErrorLog                /var/log/apache2/dokuwiki.info-error_log
15
+    CustomLog               /var/log/apache2/dokuwiki.info-access_log common
16
+
17
+    <Directory /var/www/dokuwiki>
18
+        AllowOverride All
19
+        Require all granted
20
+        DirectoryIndex index.php
21
+    </Directory>
22
+</VirtualHost>

+ 25
- 0
roles/dokuwiki/templates/var_www_dokuwiki_conf_local.j2 View File

@@ -0,0 +1,25 @@
1
+<?php
2
+/**
3
+ * This is an example of how a local.php could look like.
4
+ * Simply copy the options you want to change from dokuwiki.php
5
+ * to this file and change them.
6
+ *
7
+ * When using the installer, a correct local.php file be generated for
8
+ * you automatically.
9
+ */
10
+
11
+
12
+$conf['title'] = '{{ domain }} Wiki';
13
+$conf['lang'] = 'en';
14
+$conf['license'] = 'cc-by-sa';
15
+
16
+$conf['savedir'] = '/data/dokuwiki';
17
+
18
+$conf['useacl'] = 1;
19
+$conf['superuser'] = '@admin';
20
+$conf['passcrypt'] = 'bcrypt';
21
+
22
+$conf['disableactions'] = 'register';
23
+
24
+$conf['userewrite'] = 1;
25
+$conf['useslash'] = 1;

+ 11
- 0
roles/dokuwiki/templates/var_www_dokuwiki_conf_users_auth.j2 View File

@@ -0,0 +1,11 @@
1
+# users.auth.php
2
+# <?php exit()?>
3
+# Don't modify the lines above
4
+#
5
+# Userfile
6
+#
7
+# Format:
8
+#
9
+# login:passwordhash:Real Name:email:groups,comma,separated
10
+
11
+{{ dokuwiki_admin_username }}:{{ dokuwiki_admin_password | password_hash('ldap_salted_md5') }}:{{ dokuwiki_admin_username }}:{{ dokuwiki_admin_email }}:admin,user

+ 2
- 1
roles/sslletsencrypt/files/letsencrypt-gencert View File

@@ -17,7 +17,8 @@ for domain in "$@"; do
17 17
   fi
18 18
 
19 19
   # subdomains - www.foo.com mail.foo.com ...
20
-  for sub in eddie www mail autoconfig stats news cloud git matrix status social comments iot; do
20
+  # TODO includes servername (eddie / stage)!
21
+  for sub in stage www mail autoconfig stats news cloud git matrix status social comments iot wiki; do
21 22
     # only add if the DNS entry for the subdomain does actually exist
22 23
     if (getent hosts $sub.$domain > /dev/null); then
23 24
       if [ -z "$d" ]; then

Loading…
Cancel
Save