Add DokuWiki role

It deploys without issue, naisu
2020-02-18 02:39:55 -06:00 · 2020-02-18 02:39:55 -06:00 · 9ad7a4b5ec
commit 9ad7a4b5ec
parent b2c402b97e
5 changed files with 132 additions and 0 deletions
--- a/ec2.yml
+++ b/ec2.yml
@ -31,6 +31,11 @@
        redirect_from: "assburgers.club"
        redirect_to: "www.assburgers.club"
        redirect_webroot: "/var/www/redirect"
+    - role: dokuwiki
+      vars:
+        dokuwiki_tgz: "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz"
+        dokuwiki_url: "wiki.assburgers.club"
+        dokuwiki_webroot: "/var/www/dokuwiki"
    - role: nextcloud
      vars:
        nextcloud_mysql_password: !vault |
--- a/roles/dokuwiki/meta/main.yml
+++ b/roles/dokuwiki/meta/main.yml
@ -0,0 +1,4 @@
+---
+allow_duplicates: no
+dependencies:
+  - role: apache-php
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@ -0,0 +1,77 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Install, configure, and start Dokuwiki
+  block:
+  - name: Set up Apache
+    block:
+      - name: Create webroot
+        file:
+          path: "{{ dokuwiki_webroot }}"
+          mode: "0755"
+          recurse: yes
+          state: directory
+      - name: Check for existing installation
+        stat:
+          path: "{{ dokuwiki_webroot }}/index.html"
+        register: stat_webroot_index
+      - name: Install Dokuwiki
+        block:
+          - name: Download Dokuwiki
+            get_url:
+              dest: /var/www/dokuwiki.tgz
+              url: "{{ dokuwiki_tgz }}"
+          - name: Extract Dokuwiki
+            unarchive:
+              src: /var/www/dokuwiki.tgz
+              remote_src: yes
+              dest: "{{ dokuwiki_webroot }}"
+              extra_opts: [--strip-components=1]
+          - name: Create data directory
+            file:
+              path: "/var/dokuwiki"
+              state: directory
+              mode: 0700
+              owner: www-data
+              group: www-data
+          - name: Chown webroot
+            file:
+              path: "{{ dokuwiki_webroot }}"
+              state: directory
+              recurse: yes
+              owner: www-data
+              group: www-data
+          - name: Cleanup
+            file:
+              path: /var/www/dokuwiki.tgz
+              state: absent
+        when: not stat_webroot_index.stat.exists
+  - name: Register certificates
+    block:
+      # Note: We copy over some insecure configs now
+      # Reason being there's no way for the https role to handle every site's
+      # configuration on its own. If it doesn't have to update the key, it
+      # won't reload Apache and our site will never actually see https downtime
+      - name: Configure insecure virtual host configs
+        template:
+          src: apache2-vhost.conf
+          dest: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf"
+      - name: Generate certificate
+        include_role:
+          name: https
+        vars:
+          website_url: "{{ dokuwiki_url }}"
+          website_webroot: "{{ dokuwiki_webroot }}"
+  - name: Secure Apache
+    block:
+      # If we copied over http-only configs before, they get oblooterated now
+      - name: Copy over virtual host configs
+        template:
+          src: apache2-vhost-ssl.conf
+          dest: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf"
+      - name: Reload Apache
+        service:
+          name: apache2
+          state: reloaded
+          enabled: true
+  become: yes
--- a/roles/dokuwiki/templates/apache2-vhost-ssl.conf
+++ b/roles/dokuwiki/templates/apache2-vhost-ssl.conf
@ -0,0 +1,33 @@
+# Configuration for {{ dokuwiki_url }}
+# vim:ft=apache:
+
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ dokuwiki_url }}
+	Redirect permanent / https://{{ dokuwiki_url }}
+</VirtualHost>
+<VirtualHost *:443>
+	SSLEngine on
+	SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+	</Directory>
+	ServerName {{ dokuwiki_url }}
+	DocumentRoot {{ dokuwiki_webroot }}
+	<Directory "{{ dokuwiki_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+	<IfModule mod_headers.c>
+		Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+	</IfModule>
+</VirtualHost>
--- a/roles/dokuwiki/templates/apache2-vhost.conf
+++ b/roles/dokuwiki/templates/apache2-vhost.conf
@ -0,0 +1,13 @@
+# Configuration for {{ dokuwiki_url }}
+# vim:ft=apache:
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ dokuwiki_url }}
+	DocumentRoot {{ dokuwiki_webroot }}
+	<Directory "{{ dokuwiki_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+</VirtualHost>