Add dokuwiki role

For an Alpine Linux VM.
This commit is contained in:
Timotej Lazar 2024-01-20 18:38:41 +01:00
parent 4420846817
commit 02f778604c
9 changed files with 246 additions and 1 deletions

View file

@ -12,4 +12,4 @@ query_filters:
- tenant: 'fri-it'
- role: 'compute-node'
- role: 'storage-node'
- role: 'switch'
- role: 'server'

View file

@ -0,0 +1,11 @@
# Handle .well-known for all domains.
server {
listen 80 default_server;
listen [::]:80 default_server;
location /.well-known/ {
alias /srv/http/.well-known/;
}
location / {
return 301 https://$host$request_uri;
}
}

View file

@ -0,0 +1,33 @@
a.interwiki,
a.urlextern,
a.windows {
padding-left: 0 !important;
background: none !important;
}
.dokuwiki div.page {
padding: 2em 2.5em;
}
.page h2,
.page h3,
.page h4 {
margin: 1em 0 0.5em;
}
.page p, .page ol, .page ul {
line-height: 1.5em;
margin: 0 0 0.5em;
}
.page code,
.page pre {
font-size: 0.9em;
}
.page pre {
border-color: #eee;
box-shadow: none;
margin: 0 1em 0.5em;
padding: 0.25em 0.5em;
}

View file

@ -0,0 +1,5 @@
- name: reload nginx
service:
name: nginx
state: reloaded
when: "'handler' not in ansible_skip_tags"

View file

@ -0,0 +1,69 @@
- name: Set dokuwiki version
set_fact:
dokuwiki_version: 2023-04-04a
- name: Enable community package repo
lineinfile:
path: /etc/apk/repositories
regexp: '^# *(http.*/v[^/]*/community)'
line: '\1'
backrefs: yes
register: result
- name: Update package cache
package:
update_cache: true
when: result.changed
- name: Set up nginx
import_tasks: nginx.yml
- name: Set up PHP
import_tasks: php.yml
- name: Install packages
package:
name: php-openssl,php-session,php-xml
- name: Get current dokuwiki version if any
lineinfile:
path: /srv/http/doku.fri.uni-lj.si/VERSION
search_string: '{{ dokuwiki_version }}'
state: absent
check_mode: true
changed_when: false
register: current_version
- name: Install or upgrade dokuwiki
when: 'current_version.found|default(0) == 0'
block:
- name: Download dokuwiki tarball
get_url:
url: 'https://download.dokuwiki.org/src/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tgz'
dest: /var/tmp/
- name: Unpack tarball
command: 'tar xvf dokuwiki-{{ dokuwiki_version }}.tgz'
args:
chdir: /var/tmp
- name: Copy dokuwiki files
copy:
dest: /srv/http/doku.fri.uni-lj.si/
src: '/var/tmp/dokuwiki-{{ dokuwiki_version }}/'
remote_src: true
owner: nginx
group: nginx
- name: Copy user style overrides
copy:
dest: /srv/http/doku.fri.uni-lj.si/conf/
src: userstyle.css
owner: nginx
group: nginx
- name: Create nginx site
template:
dest: /etc/nginx/http.d/doku.fri.uni-lj.si.conf
src: doku.fri.uni-lj.si.conf.j2
notify: reload nginx

View file

@ -0,0 +1,42 @@
- name: Enable community package repo
lineinfile:
path: /etc/apk/repositories
regexp: '^# *(http.*/v[^/]*/community)'
line: '\1'
backrefs: yes
- name: Install packages
package:
name: certbot,nginx
- name: Create HTTP server directories
file:
path: /srv/http/.well-known
recurse: true
state: directory
owner: nginx
group: nginx
- name: Set up default HTTP server
copy:
dest: /etc/nginx/http.d
src: default.conf
- name: Enable nginx service
service:
name: nginx
enabled: true
state: started
- name: Get LE certificate
command:
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d doku.fri.uni-lj.si
creates: '/etc/letsencrypt/renewal/doku.fri.uni-lj.si.conf'
- name: Enable certbot renewal
cron:
name: "certbot renew"
job: "certbot renew --quiet"
user: root
hour: "2,14"
minute: "18"

View file

@ -0,0 +1,45 @@
- name: Install packages
package:
name: acl,php,php-fpm
- name: Find PHP package
command: apk info -e php
register: php_package
changed_when: false
- name: Set PHP version
set_fact:
php_version: "{{ php_package.stdout | regex_search('[0-9.]+') }}"
- name: Set PHP-FPM settings
lineinfile:
path: '/etc/php{{ php_version }}/php-fpm.d/www.conf'
regexp: '^;?{{ item.key }}\s*='
line: '{{ item.key }} = {{ item.value }}'
loop:
- key: user
value: nginx
- key: group
value: nginx
- key: listen
value: '/run/php-fpm.socket'
- key: listen.acl_users
value: nginx
- key: listen.acl_groups
value: nginx
- name: Set PHP settings
lineinfile:
path: '/etc/php{{ php_version }}/php.ini'
regexp: '^{{ item.key }}\s*='
line: '{{ item.key }} = {{ item.value }}'
loop:
- key: upload_max_filesize
value: 200M
notify: restart php-fpm
- name: Enable php-fpm service
service:
name: 'php-fpm{{ php_version }}'
enabled: true
state: started

View file

@ -0,0 +1,36 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name doku.fri.uni-lj.si;
ssl_certificate /etc/letsencrypt/live/doku.fri.uni-lj.si/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doku.fri.uni-lj.si/privkey.pem;
client_max_body_size 100M;
root /srv/http/doku.fri.uni-lj.si;
index index.php;
location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; }
location ~ ^/data/ { internal; }
location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { expires 365d; }
location / { try_files $uri $uri/ @dokuwiki; }
location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}
location ~ \.php$ {
try_files $uri $uri/ /doku.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTPS on;
fastcgi_pass unix:/run/php-fpm.socket;
}
}

View file

@ -6,3 +6,7 @@
- hosts: proxmox-rc-next-*
roles:
- proxmox
- hosts: doku
roles:
- dokuwiki