Add DokuWiki role

It deploys without issue, naisu
This commit is contained in:
Salt 2020-02-18 02:39:55 -06:00
parent b2c402b97e
commit 9ad7a4b5ec
5 changed files with 132 additions and 0 deletions

View File

@ -31,6 +31,11 @@
redirect_from: "assburgers.club"
redirect_to: "www.assburgers.club"
redirect_webroot: "/var/www/redirect"
- role: dokuwiki
vars:
dokuwiki_tgz: "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz"
dokuwiki_url: "wiki.assburgers.club"
dokuwiki_webroot: "/var/www/dokuwiki"
- role: nextcloud
vars:
nextcloud_mysql_password: !vault |

View File

@ -0,0 +1,4 @@
---
allow_duplicates: no
dependencies:
- role: apache-php

View File

@ -0,0 +1,77 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install, configure, and start Dokuwiki
block:
- name: Set up Apache
block:
- name: Create webroot
file:
path: "{{ dokuwiki_webroot }}"
mode: "0755"
recurse: yes
state: directory
- name: Check for existing installation
stat:
path: "{{ dokuwiki_webroot }}/index.html"
register: stat_webroot_index
- name: Install Dokuwiki
block:
- name: Download Dokuwiki
get_url:
dest: /var/www/dokuwiki.tgz
url: "{{ dokuwiki_tgz }}"
- name: Extract Dokuwiki
unarchive:
src: /var/www/dokuwiki.tgz
remote_src: yes
dest: "{{ dokuwiki_webroot }}"
extra_opts: [--strip-components=1]
- name: Create data directory
file:
path: "/var/dokuwiki"
state: directory
mode: 0700
owner: www-data
group: www-data
- name: Chown webroot
file:
path: "{{ dokuwiki_webroot }}"
state: directory
recurse: yes
owner: www-data
group: www-data
- name: Cleanup
file:
path: /var/www/dokuwiki.tgz
state: absent
when: not stat_webroot_index.stat.exists
- name: Register certificates
block:
# Note: We copy over some insecure configs now
# Reason being there's no way for the https role to handle every site's
# configuration on its own. If it doesn't have to update the key, it
# won't reload Apache and our site will never actually see https downtime
- name: Configure insecure virtual host configs
template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf"
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ dokuwiki_url }}"
website_webroot: "{{ dokuwiki_webroot }}"
- name: Secure Apache
block:
# If we copied over http-only configs before, they get oblooterated now
- name: Copy over virtual host configs
template:
src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf"
- name: Reload Apache
service:
name: apache2
state: reloaded
enabled: true
become: yes

View File

@ -0,0 +1,33 @@
# Configuration for {{ dokuwiki_url }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ dokuwiki_url }}
Redirect permanent / https://{{ dokuwiki_url }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ dokuwiki_url }}
DocumentRoot {{ dokuwiki_webroot }}
<Directory "{{ dokuwiki_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>

View File

@ -0,0 +1,13 @@
# Configuration for {{ dokuwiki_url }}
# vim:ft=apache:
# Website configuration
<VirtualHost *:80>
ServerName {{ dokuwiki_url }}
DocumentRoot {{ dokuwiki_webroot }}
<Directory "{{ dokuwiki_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
</VirtualHost>