From 02f778604c080907d3794c49438b1c5f60b39970 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Sat, 20 Jan 2024 18:38:41 +0100 Subject: [PATCH] Add dokuwiki role For an Alpine Linux VM. --- inventory.yml | 2 +- roles/dokuwiki/files/default.conf | 11 +++ roles/dokuwiki/files/userstyle.css | 33 +++++++++ roles/dokuwiki/handlers/main.yml | 5 ++ roles/dokuwiki/tasks/main.yml | 69 +++++++++++++++++++ roles/dokuwiki/tasks/nginx.yml | 42 +++++++++++ roles/dokuwiki/tasks/php.yml | 45 ++++++++++++ .../templates/doku.fri.uni-lj.si.conf.j2 | 36 ++++++++++ setup.yml | 4 ++ 9 files changed, 246 insertions(+), 1 deletion(-) create mode 100644 roles/dokuwiki/files/default.conf create mode 100644 roles/dokuwiki/files/userstyle.css create mode 100644 roles/dokuwiki/handlers/main.yml create mode 100644 roles/dokuwiki/tasks/main.yml create mode 100644 roles/dokuwiki/tasks/nginx.yml create mode 100644 roles/dokuwiki/tasks/php.yml create mode 100644 roles/dokuwiki/templates/doku.fri.uni-lj.si.conf.j2 diff --git a/inventory.yml b/inventory.yml index 002535c..8fee281 100644 --- a/inventory.yml +++ b/inventory.yml @@ -12,4 +12,4 @@ query_filters: - tenant: 'fri-it' - role: 'compute-node' - role: 'storage-node' - - role: 'switch' + - role: 'server' diff --git a/roles/dokuwiki/files/default.conf b/roles/dokuwiki/files/default.conf new file mode 100644 index 0000000..db3420b --- /dev/null +++ b/roles/dokuwiki/files/default.conf @@ -0,0 +1,11 @@ +# Handle .well-known for all domains. +server { + listen 80 default_server; + listen [::]:80 default_server; + location /.well-known/ { + alias /srv/http/.well-known/; + } + location / { + return 301 https://$host$request_uri; + } +} diff --git a/roles/dokuwiki/files/userstyle.css b/roles/dokuwiki/files/userstyle.css new file mode 100644 index 0000000..01b3ca1 --- /dev/null +++ b/roles/dokuwiki/files/userstyle.css @@ -0,0 +1,33 @@ +a.interwiki, +a.urlextern, +a.windows { + padding-left: 0 !important; + background: none !important; +} + +.dokuwiki div.page { + padding: 2em 2.5em; +} + +.page h2, +.page h3, +.page h4 { + margin: 1em 0 0.5em; +} + +.page p, .page ol, .page ul { + line-height: 1.5em; + margin: 0 0 0.5em; +} + +.page code, +.page pre { + font-size: 0.9em; +} + +.page pre { + border-color: #eee; + box-shadow: none; + margin: 0 1em 0.5em; + padding: 0.25em 0.5em; +} diff --git a/roles/dokuwiki/handlers/main.yml b/roles/dokuwiki/handlers/main.yml new file mode 100644 index 0000000..f6a6249 --- /dev/null +++ b/roles/dokuwiki/handlers/main.yml @@ -0,0 +1,5 @@ +- name: reload nginx + service: + name: nginx + state: reloaded + when: "'handler' not in ansible_skip_tags" diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml new file mode 100644 index 0000000..6dcc862 --- /dev/null +++ b/roles/dokuwiki/tasks/main.yml @@ -0,0 +1,69 @@ +- name: Set dokuwiki version + set_fact: + dokuwiki_version: 2023-04-04a + +- name: Enable community package repo + lineinfile: + path: /etc/apk/repositories + regexp: '^# *(http.*/v[^/]*/community)' + line: '\1' + backrefs: yes + register: result + +- name: Update package cache + package: + update_cache: true + when: result.changed + +- name: Set up nginx + import_tasks: nginx.yml + +- name: Set up PHP + import_tasks: php.yml + +- name: Install packages + package: + name: php-openssl,php-session,php-xml + +- name: Get current dokuwiki version if any + lineinfile: + path: /srv/http/doku.fri.uni-lj.si/VERSION + search_string: '{{ dokuwiki_version }}' + state: absent + check_mode: true + changed_when: false + register: current_version + +- name: Install or upgrade dokuwiki + when: 'current_version.found|default(0) == 0' + block: + - name: Download dokuwiki tarball + get_url: + url: 'https://download.dokuwiki.org/src/dokuwiki/dokuwiki-{{ dokuwiki_version }}.tgz' + dest: /var/tmp/ + + - name: Unpack tarball + command: 'tar xvf dokuwiki-{{ dokuwiki_version }}.tgz' + args: + chdir: /var/tmp + + - name: Copy dokuwiki files + copy: + dest: /srv/http/doku.fri.uni-lj.si/ + src: '/var/tmp/dokuwiki-{{ dokuwiki_version }}/' + remote_src: true + owner: nginx + group: nginx + +- name: Copy user style overrides + copy: + dest: /srv/http/doku.fri.uni-lj.si/conf/ + src: userstyle.css + owner: nginx + group: nginx + +- name: Create nginx site + template: + dest: /etc/nginx/http.d/doku.fri.uni-lj.si.conf + src: doku.fri.uni-lj.si.conf.j2 + notify: reload nginx diff --git a/roles/dokuwiki/tasks/nginx.yml b/roles/dokuwiki/tasks/nginx.yml new file mode 100644 index 0000000..3378611 --- /dev/null +++ b/roles/dokuwiki/tasks/nginx.yml @@ -0,0 +1,42 @@ +- name: Enable community package repo + lineinfile: + path: /etc/apk/repositories + regexp: '^# *(http.*/v[^/]*/community)' + line: '\1' + backrefs: yes + +- name: Install packages + package: + name: certbot,nginx + +- name: Create HTTP server directories + file: + path: /srv/http/.well-known + recurse: true + state: directory + owner: nginx + group: nginx + +- name: Set up default HTTP server + copy: + dest: /etc/nginx/http.d + src: default.conf + +- name: Enable nginx service + service: + name: nginx + enabled: true + state: started + +- name: Get LE certificate + command: + cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d doku.fri.uni-lj.si + creates: '/etc/letsencrypt/renewal/doku.fri.uni-lj.si.conf' + +- name: Enable certbot renewal + cron: + name: "certbot renew" + job: "certbot renew --quiet" + user: root + hour: "2,14" + minute: "18" diff --git a/roles/dokuwiki/tasks/php.yml b/roles/dokuwiki/tasks/php.yml new file mode 100644 index 0000000..5581670 --- /dev/null +++ b/roles/dokuwiki/tasks/php.yml @@ -0,0 +1,45 @@ +- name: Install packages + package: + name: acl,php,php-fpm + +- name: Find PHP package + command: apk info -e php + register: php_package + changed_when: false + +- name: Set PHP version + set_fact: + php_version: "{{ php_package.stdout | regex_search('[0-9.]+') }}" + +- name: Set PHP-FPM settings + lineinfile: + path: '/etc/php{{ php_version }}/php-fpm.d/www.conf' + regexp: '^;?{{ item.key }}\s*=' + line: '{{ item.key }} = {{ item.value }}' + loop: + - key: user + value: nginx + - key: group + value: nginx + - key: listen + value: '/run/php-fpm.socket' + - key: listen.acl_users + value: nginx + - key: listen.acl_groups + value: nginx + +- name: Set PHP settings + lineinfile: + path: '/etc/php{{ php_version }}/php.ini' + regexp: '^{{ item.key }}\s*=' + line: '{{ item.key }} = {{ item.value }}' + loop: + - key: upload_max_filesize + value: 200M + notify: restart php-fpm + +- name: Enable php-fpm service + service: + name: 'php-fpm{{ php_version }}' + enabled: true + state: started diff --git a/roles/dokuwiki/templates/doku.fri.uni-lj.si.conf.j2 b/roles/dokuwiki/templates/doku.fri.uni-lj.si.conf.j2 new file mode 100644 index 0000000..686e6f9 --- /dev/null +++ b/roles/dokuwiki/templates/doku.fri.uni-lj.si.conf.j2 @@ -0,0 +1,36 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name doku.fri.uni-lj.si; + + ssl_certificate /etc/letsencrypt/live/doku.fri.uni-lj.si/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/doku.fri.uni-lj.si/privkey.pem; + + client_max_body_size 100M; + + root /srv/http/doku.fri.uni-lj.si; + index index.php; + + location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; } + location ~ ^/data/ { internal; } + location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { expires 365d; } + + location / { try_files $uri $uri/ @dokuwiki; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + try_files $uri $uri/ /doku.php; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_param HTTPS on; + fastcgi_pass unix:/run/php-fpm.socket; + } +} diff --git a/setup.yml b/setup.yml index 2296139..576fcbb 100644 --- a/setup.yml +++ b/setup.yml @@ -6,3 +6,7 @@ - hosts: proxmox-rc-next-* roles: - proxmox + +- hosts: doku + roles: + - dokuwiki