summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Franke <nobody@nowhere.ws>2015-10-26 20:38:25 +0100
committerChristian Franke <nobody@nowhere.ws>2015-10-26 20:38:25 +0100
commitf38450f9f2037244300082f3e4211b790ac87058 (patch)
tree074ffa7d0512e099742641df8065d7b4139a6e99
parent4e5034f57b54f1a5052fd859d3419002a477e628 (diff)
Assorted changesHEADmaster
- add hooks between webserver and gitserver: git->website and wiki->git work now, git->wiki is still missing, https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/ should contain the right info for that - actually configure repo_service - replace LDAP auth with dummy password auth for now
-rw-r--r--roles/cgit/files/htpasswd1
-rw-r--r--roles/cgit/tasks/main.yaml4
-rw-r--r--roles/cgit/templates/repocreate-ssl.conf.j221
-rw-r--r--roles/git_server_rpc/tasks/main.yaml31
-rw-r--r--roles/git_server_rpc/templates/git_server_rpc.sudoers1
-rw-r--r--roles/gitserver/tasks/as_gituser.yaml5
-rw-r--r--roles/gitserver/tasks/main.yaml16
-rw-r--r--roles/gitserver/templates/website-post-update-hook.j23
-rw-r--r--roles/repo_service/defaults/main.yaml122
-rw-r--r--roles/repo_service/files/repo_service.service13
-rw-r--r--roles/repo_service/handlers/main.yaml5
-rw-r--r--roles/repo_service/meta/main.yaml4
-rw-r--r--roles/repo_service/tasks/as_repo_service.yaml40
-rw-r--r--roles/repo_service/tasks/main.yaml13
-rw-r--r--roles/subdap/tasks/as_subdap.yaml2
-rw-r--r--roles/sublab_web/defaults/main.yaml116
-rw-r--r--roles/sublab_web/files/htpasswd1
-rw-r--r--roles/sublab_web/meta/main.yaml1
-rw-r--r--roles/sublab_web/tasks/as_webuser.yaml2
-rw-r--r--roles/sublab_web/tasks/as_wikiuser.yaml29
-rw-r--r--roles/sublab_web/tasks/main.yaml4
-rw-r--r--roles/sublab_web/templates/subdap-ssl.conf.j25
-rw-r--r--roles/sublab_web/templates/website-rebuild.sh.j24
-rw-r--r--roles/sublab_web/templates/wiki.conf.j223
-rw-r--r--vars/main.yaml1
25 files changed, 449 insertions, 18 deletions
diff --git a/roles/cgit/files/htpasswd b/roles/cgit/files/htpasswd
new file mode 100644
index 0000000..4ba5edb
--- /dev/null
+++ b/roles/cgit/files/htpasswd
@@ -0,0 +1 @@
+webuser:$apr1$CTQ3rSnN$MTEV4h/Y.9HBT1Apjey1t0
diff --git a/roles/cgit/tasks/main.yaml b/roles/cgit/tasks/main.yaml
index 8c7f92b..595e738 100644
--- a/roles/cgit/tasks/main.yaml
+++ b/roles/cgit/tasks/main.yaml
@@ -72,6 +72,10 @@
- ssl.conf
notify: Reload apache
+- name: Place reposervice htpasswd
+ copy: dest=/etc/apache2/sites/{{ git_server_name }}/htpasswd
+ src=htpasswd
+
- include: ../../apache/tasks/ssl.yaml
vars:
ssl_server_name: "{{git_server_name}}"
diff --git a/roles/cgit/templates/repocreate-ssl.conf.j2 b/roles/cgit/templates/repocreate-ssl.conf.j2
index c9014be..b1dd553 100644
--- a/roles/cgit/templates/repocreate-ssl.conf.j2
+++ b/roles/cgit/templates/repocreate-ssl.conf.j2
@@ -1,9 +1,12 @@
-#Alias /create /var/www/git.sublab.org/htdocs/create
-#ProxyPass /create/api http://127.0.0.1:8023/
+Alias /create /var/lib/repo_service/src/frontend
+ProxyPass /create/api http://127.0.0.1:8023/
+
+<Location /create>
+ Options -Indexes -ExecCGI
+ Allow from *
+
#
-#<Location /create>
-# Options -Indexes -ExecCGI
-# Allow from *
+# Disable LDAP auth for now :/
#
# AuthType basic
# AuthBasicProvider ldap
@@ -14,5 +17,11 @@
# # AuthzLDAPAuthoritative on
# # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
# Require valid-user
-#</Location>
+
+# And use basic auth instead
+ AuthType basic
+ AuthName "Wiki Login"
+ AuthUserFile "/etc/apache2/sites/{{ git_server_name }}/htpasswd"
+ Require valid-user
+</Location>
#LDAPTrustedMode TLS
diff --git a/roles/git_server_rpc/tasks/main.yaml b/roles/git_server_rpc/tasks/main.yaml
new file mode 100644
index 0000000..a69e9e3
--- /dev/null
+++ b/roles/git_server_rpc/tasks/main.yaml
@@ -0,0 +1,31 @@
+---
+- name: Create git_server_rpc user
+ user: name=git_server_rpc
+ home=/home/git_server_rpc
+
+- name: Create git_server_rpc ssh dir
+ file: path=/home/git_server_rpc/.ssh
+ owner=git_server_rpc
+ group=git_server_rpc
+ mode=0700
+ state=directory
+
+- name: Make sure sudo is installed
+ apt: name=sudo state=present update_cache=yes
+
+- name: Configure git_server_rpc sudo rights
+ template: dest=/etc/sudoers.d/git_server_rpc
+ mode=0440
+ src=git_server_rpc.sudoers
+
+- name: Read git user ssh-key
+ slurp: src=/var/lib/gitolite/.ssh/id_rsa.pub
+ register: git_server_key
+ delegate_to: "{{groups['gitservers'][0]}}"
+
+- name: Put pubkey from gitserver to authorized_keys
+ copy: dest=/home/git_server_rpc/.ssh/authorized_keys
+ content="{{git_server_key.content|b64decode}}"
+ owner=git_server_rpc
+ group=git_server_rpc
+ mode=0644
diff --git a/roles/git_server_rpc/templates/git_server_rpc.sudoers b/roles/git_server_rpc/templates/git_server_rpc.sudoers
new file mode 100644
index 0000000..bd84908
--- /dev/null
+++ b/roles/git_server_rpc/templates/git_server_rpc.sudoers
@@ -0,0 +1 @@
+git_server_rpc ALL=(ALL) NOPASSWD: /var/www/{{sublab_web_server_name}}/website-rebuild.sh
diff --git a/roles/gitserver/tasks/as_gituser.yaml b/roles/gitserver/tasks/as_gituser.yaml
index 69157fd..9c4b67c 100644
--- a/roles/gitserver/tasks/as_gituser.yaml
+++ b/roles/gitserver/tasks/as_gituser.yaml
@@ -11,3 +11,8 @@
- name: Initialize gitolite and restore backup
include: restore_gitolite.yaml
when: not gitolite_dir.stat.exists
+
+- name: Put Post-update-hook for website
+ template: dest=/var/lib/gitolite/repositories/website.git/hooks/post-update
+ mode=0755
+ src=website-post-update-hook.j2
diff --git a/roles/gitserver/tasks/main.yaml b/roles/gitserver/tasks/main.yaml
index aca95f4..7143c64 100644
--- a/roles/gitserver/tasks/main.yaml
+++ b/roles/gitserver/tasks/main.yaml
@@ -13,6 +13,20 @@
name=git
group=git
home="/var/lib/gitolite"
+ generate_ssh_key=yes
+
+- name: Get Webserver Hostkey
+ slurp: src=/etc/ssh/ssh_host_ecdsa_key.pub
+ register: webserver_host_key
+ delegate_to: "{{groups['webservers'][0]}}"
+
+- name: Put Webserver Hostkey into knownhosts
+ lineinfile: dest=/var/lib/gitolite/.ssh/known_hosts
+ create=yes
+ owner=git
+ group=git
+ mode=0644
+ line="{{groups['webservers'][0]}} {{webserver_host_key.content|b64decode}}"
- name: Make git dir world readable
file:
@@ -32,6 +46,8 @@
- name: Ensure correct permissions on cgitrc.repo_service
file:
name=/etc/cgitrc.repo_service
+ owner=repo_service
+ group=repo_service
mode=0644
- name: Configure git-daemon
diff --git a/roles/gitserver/templates/website-post-update-hook.j2 b/roles/gitserver/templates/website-post-update-hook.j2
new file mode 100644
index 0000000..bdc655e
--- /dev/null
+++ b/roles/gitserver/templates/website-post-update-hook.j2
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ssh git_server_rpc@{{groups['webservers'][0]}} sudo /var/www/{{sublab_web_server_name}}/website-rebuild.sh
diff --git a/roles/repo_service/defaults/main.yaml b/roles/repo_service/defaults/main.yaml
new file mode 100644
index 0000000..b297c97
--- /dev/null
+++ b/roles/repo_service/defaults/main.yaml
@@ -0,0 +1,122 @@
+$ANSIBLE_VAULT;1.1;AES256
+33356535393466363739663333613465616166363139663531323631303032396466303261333334
+3632393239333765313863353735313263366533623663300a393130376563646639383261633636
+31616332653035366630323465333431626663393434303430363935396561646433383739346433
+3862376663646564650a383866663436663761353139633838653738313134653366376466303761
+30353030663330356463653530643234346131306534623466373337623530666266636637393539
+38343065363765626561376265336330363563356231643138376337623863356265363837313739
+65366534356666393231366263386139656636316632313865343363646566633738393834616234
+37343838663035373336383566336161643965373235383835313332356237393735313735383965
+30336333633566383638623439323034383938353334386633643936623630306632353933376536
+36643630386666636330373439663361343635343334643230623232346337373336663635633236
+65326337643265666634653332653964383634666432663631386164393739336132303634633235
+33373065646662323066653233646339623237616531303131653833373764643233323331626138
+32613031613436393531343734363338383331376466376663326232343463396665306137353030
+35636632336537643965343034373966613539663533663233336537646665393430663666393862
+37333635653537363539346135613934373133333639316436646364396261313533333164396638
+34363639306666303231306331373034316263323136616235353635616134613437343561656536
+33313565623737326130396264636365613036613034383962373339336162643065666138636266
+38613438643665326331393933613636373066316432356661623434343865303161303634626139
+38343137353361656435336161316563613730346637646466373035366262643965613437613739
+39333932366163386537623961386133373738383035333838383233636136633238653939623739
+33393732363938353935663566313333303166616663326664306337356661373161633865393038
+63383762363334336136306461356466633738633531666666656232376236626332396330653533
+63373764613133353964333530366635626230666365303766333330306338666531623531326265
+66633534616435623035666464656362626564356264356666353732353437323265363464643866
+64343564383432393461636563653435646530633566346434323966653232303335306333643535
+37303065666663376463613038656164366632366365623232353662383032613438353061336136
+34653939393363366263376433303163383461353232386134393236633136396437653637393134
+34393266303332326335343138393338626632353162393066666332303836326338323437313563
+61326338653631383637663065653730383330383031366266643066633363633533373161643032
+37666365313237386539376563336438356366666235376562303061313238353066383664396663
+31343065306433363165646139396162356365333831383537383332306536336461653631356234
+38643136316330333536346138303835326134656439613638356632363934373438383861653761
+35393333643364366133353465656664333232313635656634376536623532393130373839353262
+61393238613765303536613737383463323335343131313633646132323032366231323133613362
+64396361373533616535326664323865336333623935626261356235656566376163363932323935
+31316265356364666231353833353764353633613332386633396638613231336364343238303937
+35353037633031313438323336643636336230383762393434656562653038383761343461393462
+39303730643831326335376332313130653764393731393762376139623832373966366361646433
+38366633626239313666373035353261336132636537646163313164343064613534633230616565
+66323462633961356536353631383634326633373662613537376133306561333433303436363936
+66656364333732393666306362373665376430323133313333623462363362326461643062343163
+31356266336336313139393537346535616161366630653436343937306532386266353963386665
+39626165303462326137373637643264383163343638393837656631626533336633353339643762
+61313933616132633330333066313136383232353362383835623565373665383031393461383133
+35343335366437346466613338646239326161663533666431363231396130653531333331373334
+35663034663061323264373935313864353763366237316634383530326633376166303864313361
+33313061303666366132353839613932346336643131313364646435373639636634396437616362
+62316566663963666166663435653962363661336364306631616633616534643330386466646462
+33303330356238626435353030326232353962326364613362336265353532656633316364613430
+36613632353132616138633962626533373734313539346333366564363533383432306534383133
+63636635613865313437643161316337633661303334393130633135306330663430346432326639
+38343931353631333031316235343132373030316431613537333165393635336333336433396537
+36363035623062336361363736663563363766623632366633336235353833333966626264363162
+61386535633661643161346135633434653634353363383865346636643030303233633132323432
+65383364303461356333363936313831393038663334326232333631333162336461376263303030
+64363464653830613266636137393433303632323737306261663736393435646332623638336436
+39666464323638616635363832623730633239323433326536366132306330346435366130326462
+35623238616438656164336464303636323664646235356638306466373939633637653063656430
+38626564343666356635643732336464663666616135356562303636373932613665336466383834
+64366130373436623933386138633533646536666238613162383364613565323761373433336166
+62393832326239303738363234383164643065316133396439653338376330373166643762613638
+62393132613336633935633464313736386664343433343233386131656266393264616533343636
+34306636366330386538346333326632343165346363613930393238663631323663393036383262
+35613637643664663730363631653336323534633062373434316538313366343432613162646435
+36643038323136386166656436303766626263353961383733643632613535383333346537303336
+35646265316239343363643065336232633362363031643963306539626666353434363838613632
+31613665346366356137646663643338653635306563616137663835666264636636643662396164
+38393066656666646634623638623662363338663930643231383330613036306631346338376234
+36373661626438636261656533653931636663613362623363616266656532616361366536363239
+38666135333763643137386433623039353837323532366336353731353636353366376431356634
+33646262313033373335306161626661633038333664613738353232663565373563636433373239
+64393037386536653064303462653231383531643038366335306537393761616333393630303263
+34633131323861383938363461393065383766643532373761666233343436366366396333366533
+36366361346164666533626135653434366163373730353634633163636431323361383865323166
+63393562393236393063616564666637346165363634356161616662346534646638396163636262
+34396633323634326130353836386261333136636136393736396435626439646530313864396366
+66336435643462396663336232316164316331396634366533313130346264346365633263643032
+37666266323131386561393332626362333231316330313433333964343731386466383362656135
+63373064346464343366373333326638393365643634303238653363623730363635643866386436
+38306537356563363962666366623137623762396233366136346365623332636231636366626335
+65613934346662376338393537326532396661316263623062303662613266653930323132336236
+37323730353662343939343331373335346464626235666263663865653630333434303433363039
+30343561343130313831373835383665306435343232623330393439323334346262396439306534
+30636230653964613030613663656466316637643632336662343339323562613730346336393465
+63663261373538383063376534376165363162323333363937356265656366303432343137343836
+63373730373339663530663932643838333039396231323438353165666563313962623835623266
+34336436333836386435613862383962346435323463323735643562396463663664316537666631
+35373635303864643837366135373430353364663333356261363364353765633965356437623336
+30343435313962653662656537666630333330396631323162333133363963346564356237336462
+31346639363939633263633738623834643433393264303161346466303830353465626365313665
+35623933653963616136313437653339356239633166666238353039313066336138613362633930
+64616130363835386161653034623833323866363066313461313531643765353666363133376265
+31663462666433643464313632636263633939643636343133386632613237613866356530643561
+64356135613630303166633736333363366339663336336630643864393835623439306261666234
+33346335363935653032363436343464393636396430626366376235373263333433663035653263
+38373036333237643261626335373436386439353538333337623139396433313963343634633262
+30383633386436343031323537383231336265333632633237303465373936396535343336386333
+38363261656639663064376234636266666334316532323462366430613632386234656438646436
+63613339343361663030316437383763616664626537306635303438356264373434656164366663
+37376366623865333133383361303365313962386338613733373164303235666132313265653535
+31343762366332353061396466633065643566323738393633393836306265346437373633373632
+33383637373336353362613733626237633164616538633963356132366164303933366533336538
+65663330353434616165393264373463613239343332616430666530636263656366643965366230
+31626630313462343235646533613366613931363039626633316231346565366637633136363131
+64323634663664636534376139653135303432386633373933346233333135336635353637653136
+36356435363466333561623063666466633238343136396565333331663662353334613265643063
+30626562393564633762336230646436356337306361623333653332346463663831383262323033
+65303766616636393336613762656562353163316231323739653936643962643864383864303730
+31626662656431623465663432386363666632613761653832636634323366353663656435313734
+33366434353764633330366565303538316566363463313266613464653133623163613533626237
+32393363303533346630333838313366313264636636343735326133653134373035363662616231
+30366535646362666535636564656661383138346632316539626666393164613938323033383936
+66643232313362333632313362643032373039346331343965393837323138303364316634663035
+30623761396564306564336662613238623365623866383339636662393735643666383231313366
+39336435383233306330346338643164663731366362646362363330343965653230653863643339
+66316462666435336334653432383161653563353532386662636364316666623331616135383737
+36313863666531313062643636643832616335356336393265323132303630303666656130356235
+61643165393134386438303136616665386265373534666136663563313035336432366162643661
+62316638646262376563633835643164376530643063373731373338363063353763656138663264
+61313432363039316265323131336566663365376163323032663833636639363437396564666261
+30636537373534643931383738643864303661383736323639333062663539323464
diff --git a/roles/repo_service/files/repo_service.service b/roles/repo_service/files/repo_service.service
new file mode 100644
index 0000000..15c40ea
--- /dev/null
+++ b/roles/repo_service/files/repo_service.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=repository creation service
+After=network.target
+
+[Service]
+User=repo_service
+Group=repo_service
+WorkingDirectory=/var/lib/repo_service/src/backend
+ExecStart=/usr/bin/python /var/lib/repo_service/src/backend/repo_service.py
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/repo_service/handlers/main.yaml b/roles/repo_service/handlers/main.yaml
new file mode 100644
index 0000000..4ed34df
--- /dev/null
+++ b/roles/repo_service/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+- name: Restart repo_service
+ service:
+ name: repo_service
+ state: restarted
diff --git a/roles/repo_service/meta/main.yaml b/roles/repo_service/meta/main.yaml
new file mode 100644
index 0000000..7947c74
--- /dev/null
+++ b/roles/repo_service/meta/main.yaml
@@ -0,0 +1,4 @@
+---
+dependencies:
+ - role: common
+ when: false
diff --git a/roles/repo_service/tasks/as_repo_service.yaml b/roles/repo_service/tasks/as_repo_service.yaml
index 6b364d8..b9a99ab 100644
--- a/roles/repo_service/tasks/as_repo_service.yaml
+++ b/roles/repo_service/tasks/as_repo_service.yaml
@@ -3,3 +3,43 @@
git:
repo=https://github.com/cfra/repo_service.git
dest=/var/lib/repo_service/src
+ notify:
+ - Restart repo_service
+
+- name: Create .ssh dir
+ file:
+ path="/var/lib/repo_service/.ssh"
+ state=directory
+ mode=0700
+
+- name: Add repo_service ssh privkey
+ copy:
+ dest="/var/lib/repo_service/.ssh/id_rsa"
+ content="{{repo_service_privkey}}"
+ mode=0600
+
+- name: Add repo_service ssh pubkey
+ copy:
+ dest="/var/lib/repo_service/.ssh/id_rsa.pub"
+ content="{{repo_service_pubkey}}"
+ mode=0644
+
+- name: Read Gitserver Hostkey
+ slurp: src=/etc/ssh/ssh_host_ecdsa_key.pub
+ register: gitserver_host_key
+
+- name: Put Gitserver Hostkey into knownhosts
+ lineinfile: dest=/var/lib/repo_service/.ssh/known_hosts
+ create=yes
+ owner=repo_service
+ group=repo_service
+ mode=0644
+ line="127.0.0.1 {{gitserver_host_key.content|b64decode}}"
+
+# Configure git
+- name: Configure git push for repo service
+ command: git config --global push.default simple
+- name: Configure git name
+ command: git config --global user.name "Repo Service {{ansible_hostname}}"
+- name:
+ command: git config --global user.email "nobody@nowhere.ws"
diff --git a/roles/repo_service/tasks/main.yaml b/roles/repo_service/tasks/main.yaml
index b17319c..19139e0 100644
--- a/roles/repo_service/tasks/main.yaml
+++ b/roles/repo_service/tasks/main.yaml
@@ -12,3 +12,16 @@
become: yes
become_user: repo_service
become_method: su
+
+- name: Create systemd service
+ copy:
+ src=repo_service.service
+ dest=/etc/systemd/system/repo_service.service
+ notify:
+ - Reload systemd daemons
+ - Restart repo_service
+
+- name: Enable systemd service
+ service:
+ name: repo_service
+ enabled: yes
diff --git a/roles/subdap/tasks/as_subdap.yaml b/roles/subdap/tasks/as_subdap.yaml
index f0b9073..f51e098 100644
--- a/roles/subdap/tasks/as_subdap.yaml
+++ b/roles/subdap/tasks/as_subdap.yaml
@@ -2,7 +2,7 @@
- name: Clone subdap code
git:
dest=/var/subdap/src
- repo=git://git.sublab.org/subdap
+ repo="git://{{ groups['gitservers'][0] }}/subdap"
accept_hostkey=yes
- name: Setup virtualenv for subdap
diff --git a/roles/sublab_web/defaults/main.yaml b/roles/sublab_web/defaults/main.yaml
index 55f5b5f..2122383 100644
--- a/roles/sublab_web/defaults/main.yaml
+++ b/roles/sublab_web/defaults/main.yaml
@@ -1,2 +1,114 @@
----
-sublab_web_server_name: "{{inventory_hostname}}"
+$ANSIBLE_VAULT;1.1;AES256
+33643763303764333037643462663530636364373132666663353165383739636563393636346136
+6634613765343031363935363233663833373238346431360a316133303361313631373732643665
+37343631363437643663306537323039363835636135363537323063386566383832323933646535
+6163623431306139320a343161356565613665623834396465353530383265313565663962333131
+62363737633463303736313034373639383661373566386264303938353532393436366564316262
+64353137316639313464663230346663313639636365663434643637303336373836623865343633
+30623530383761636462326335363635386434313830393130613366386161333230383531646139
+37336631326137663332353930616665623265643835356433343137383334393961356664366366
+66396430396366383133613130616231306333636631376366633137356535373339373539383865
+34626561326331613831636362313563353264336466366161376634363236653638396632343930
+61363531333166336131323133613662373933393665316365633536333864623737616333363161
+63616433393437656438633636663635653433396330313730333437316337363839383935393561
+33343166616161626464623837643262653934643032653563653632653933343764336161356364
+30333261393134373062616561363762616262306661373264333762643039613966323539326233
+30386564316330633565393865663561323036356163313430616235386661373465383039663631
+31316461346339323263363830373438653430333830656332346437626436633333333864356461
+61363532636134306335363936316331663930626462353738656535613736373364626233656436
+38333535326631336165363263663565656537333363303638356632306430363563383031636661
+34346436366539306236653264383731393430313765376161613234633162376634656563316339
+62633832643738643733323165323262613466353332353661616634303037623935616235383233
+37653735633564373739656538633563393265316663303132623139663439613964613738346366
+35376131376537303038613135653938396133626338306137346331356463373361343065633431
+36616462386666656566346230303235393634666261316262663939306338393635333338346435
+61393834623835393065366563323932653539623439626662633032306165636565393337313038
+37346237393435383232343236653836323666333838623132383537376230646666643338366564
+34306461663434626562303435313532613565643935356361616332383661306633356435653564
+62363332643639336430326161663663303038633364356237373265623433333062386135366161
+31633236373664383939393162326638316533663334366431393930333337626336353539393364
+64356366666366383962346138333436353232383563373332306339306532613532613337376335
+62383235373635316161656166616433633761626462316136613861643161313237316239353164
+30666637653039306431353737336635356532336662363361386538306563333432303461303235
+35316362643765353433306464393764313863303230656631323864363736653636356134373537
+31363339343137373536363134333761616133656339373263373866666333643262336331303838
+38633265366662643966616262653736626339393566343938646638323862333461393366623936
+66343964323137653238336661333039323334366135383837333038393336373332613937623633
+35383835643737306366623831653838323433353763653866393532623165633634366238383731
+37643930666462666434646336383631646135353436363161306335643064353730616462653537
+62303838323839333163653038303238353738336337363461396635373439333139376636353034
+62323832356538613664346239623533383564363264373464326433623065396239316334633332
+37336364363362343832633063626236666661303464303631653733393539386330656361346334
+36616131353336353062353934393234376633633138383332663130343230626536353465356264
+35356266646165303638663837656230373839396137646366636330323735366466623061333030
+37346162336538363130303839346561363336613266623738353065383263626433326433643937
+35656162636531363364313337666635333261343539636432333763653033363839356562653331
+32396536343630366538343764623561363461643431663861613139343965303664376631636432
+33306330373538383038373966343839383737326535333136316565623737373630323265326666
+30386533373637343538313734333361353766656536306638373633326236643038326432386563
+30616437343465323531663737343833373336663366313839616238653065386137306434396232
+36383435623434353035313161363730306533386533366234626531306131613862343463613936
+66303664333434623932333764633063353236303364353166303036333439666630323137343365
+36663831633131383438336639353833613439623434613164613066653361613330366164336233
+63656139373630316639326561386233653634333564616432613063383930376232656264323363
+39353934386335373532623463663637346466393636346131356631343830343931663064326138
+31323236396162323335643036343936633332393966396662303530663535313366353061653831
+34613536333462646463326461643463396162393934666433376136373933363465643866643939
+66356135653038316137666264306666623464306664323530316334663236306262623338663262
+30313636623434646366356632643566376333353633653232643130666561643663386661663336
+62316366626261636534313962373832383661623937313864383031363032623761353139316637
+32323035653964623961363766383966643964653365316530393339363264363133663833396466
+33633834396565326634366364313062336630646666653537623066626137343537653031396630
+35666463633264376664623765666536663630613338356236373133336365316432353362633731
+34373531373764343064346562346461366436336433313764393964356665323337316435353932
+66633734323035313835366439343763336565303833623830366439333432663837373262643030
+61633039313565313761653466383066346231666333323662336132313165666531356637383031
+37313962313965623665313436306430376637666334626335643366653935313336323632636433
+36643863613764653161613432633436313535333436336565383932393034656231633031623564
+35633865666139336337336535663464303437636161323566633839643263396138376636623636
+39633636363133336430383962313765636463316532633238653366653637636561323064303466
+61356664313035643935383734623462386439393562626161383130656238343734636134653564
+35353430316133373433393235313261303434363364303563383839386137646465616464393366
+34323962373036646530313362383766316464336461343935333166303630653133333561316265
+36366531326465323839633434656363383563343138373862666666653865376637333932343136
+62383439396231306133353833663738333462383766666337366566343136313731623437323530
+39306165636564336338616635666239346661373831386437663066343664326438313135616230
+63353062636133656566666364343630316564316233393664353938356434356332346631386163
+35663334356235346539393966616663303163323033653330343335323762353637333965366262
+39346136613635363831393734303832316234326536316165373235636531303562663762393766
+66376364323635623233666330663764616263366236393032393138643038353634316132663166
+37343163386164663233356237346561656665363638373835333763666537613939393434393364
+36353763306635353239346566613966343836336236653432313833393631616161303330656531
+36386264383234303135386137633166323438386435346337393032393865613038303264393435
+62363663343064336362623532383262373231616133396164643032653161646639613030623833
+61336436363666356236396533356666656463333536386335346330613263316636303561396433
+62653236393432376135663565633431656437333266343264323435653030363262633439633434
+34333931393465313831346434373837373138626538633262306464366634626234363963396165
+36663862626634626634623330643830646235323334636139633564646139353336653962366537
+33303764323034663630306265636136363838393630653731323137313964386463643563383662
+34393030326361373138356161303363383637343162646331326133336138313038326664623338
+65326466343131323538333661346538333338646433366365663637303832323265363939373434
+30623264373934313538646334633766363731663163633633386565336335653261663533363839
+65393638613430623938356131323837653739363066306566613065653330343064666163306563
+64356363653337343733343239336635643634303532353034353434333935336662386139643261
+33376365613065306566626135306235393938316337343464636333623165373931633038616133
+64636266393538663361353632303433616562393266346266613831346431306464666633383834
+37366330663561303164373937613064386566643164383433333539356534346136356339623265
+63323431626264366431336435316562623735633131633033313335616231616663346231656363
+30393931376635393366376464366135626339663461306663353037376566616365343066386235
+39613236316663363639613630333939326231643135373362666432666535663630353033616235
+65616435316464326134623666313632373932636439653334366235656461623532613037393430
+35393537316264313963386334646539383038326664643064366430326261383335646638616238
+62653633633838643366323533666165353631666339323036373733333438663863306337306464
+39643337616431363164393433356264616132666665373464383966306135636634623064633166
+32316334363134323932663763366638373234356230333139393535353266373530343065623361
+62313363663233323132643163663163326639303436336165363132633766356237333638336162
+66323232366538656330336463663132323832343737386665353063323163323030643032313162
+30323039346337613834356361616237323166303430363638623863323238653630313630633331
+38643035363464313034626537653061633339613665363539323566663039633130303130376365
+30633665346463656133306465343463383832626562663638343365353338643937306161653762
+37363634343165383333656461396636353963323166383362663036633431373733313963303930
+38346663393431363330396433386462353332353634313336313436386465613830333632333234
+33346361396563616163356333653661613861623863346537313136343865323638313065656333
+66393236323339646633663433396166636537323232323238666635356464623031313139623432
+34656237366633646464306163373230383864316565663438343262343333393765
diff --git a/roles/sublab_web/files/htpasswd b/roles/sublab_web/files/htpasswd
new file mode 100644
index 0000000..4ba5edb
--- /dev/null
+++ b/roles/sublab_web/files/htpasswd
@@ -0,0 +1 @@
+webuser:$apr1$CTQ3rSnN$MTEV4h/Y.9HBT1Apjey1t0
diff --git a/roles/sublab_web/meta/main.yaml b/roles/sublab_web/meta/main.yaml
index f185875..3d84cbe 100644
--- a/roles/sublab_web/meta/main.yaml
+++ b/roles/sublab_web/meta/main.yaml
@@ -2,3 +2,4 @@
dependencies:
- role: apache
- role: subdap
+ - role: git_server_rpc
diff --git a/roles/sublab_web/tasks/as_webuser.yaml b/roles/sublab_web/tasks/as_webuser.yaml
index 859c1bf..c6725aa 100644
--- a/roles/sublab_web/tasks/as_webuser.yaml
+++ b/roles/sublab_web/tasks/as_webuser.yaml
@@ -11,7 +11,7 @@
- name: Clone sublab website
git:
dest="/var/www/{{sublab_web_server_name}}/htdocs"
- repo=git://git.sublab.org/website
+ repo="git://{{ groups['gitservers'][0] }}/website"
accept_hostkey=yes
update=no
notify: Rebuild subweb website
diff --git a/roles/sublab_web/tasks/as_wikiuser.yaml b/roles/sublab_web/tasks/as_wikiuser.yaml
index adfa473..bd30e9d 100644
--- a/roles/sublab_web/tasks/as_wikiuser.yaml
+++ b/roles/sublab_web/tasks/as_wikiuser.yaml
@@ -22,12 +22,39 @@
src=ikiwiki-editpage.tmpl
dest="/home/wiki-{{sublab_web_server_name}}/templates/editpage.tmpl"
+- name: Create .ssh dir
+ file:
+ path="/home/wiki-{{sublab_web_server_name}}/.ssh"
+ state=directory
+ mode=0700
+
+# This ssh keypair is authorized to push to the git-server wiki repo
+- name: Put ssh pubkey
+ copy:
+ dest="/home/wiki-{{sublab_web_server_name}}/.ssh/id_rsa.pub"
+ content="{{wiki_user_pubkey}}"
+ mode=0644
+
+- name: Put ssh privkey
+ copy:
+ dest="/home/wiki-{{sublab_web_server_name}}/.ssh/id_rsa"
+ content="{{wiki_user_privkey}}"
+ mode=0600
+
+# Configure git
+- name: Configure git push for wikiuser
+ command: git config --global push.default simple
+- name: Configure git name
+ command: git config --global user.name "Wiki User {{ansible_hostname}}"
+- name:
+ command: git config --global user.email "nobody@nowhere.ws"
+
# Updates to git are pushed automatically and should not
# go through ansible - this is for initial deployment only
- name: Clone wiki git
git:
dest="/home/wiki-{{sublab_web_server_name}}/wiki"
- repo=git://git.sublab.org/ikiwiki
+ repo=git+ssh://git@{{groups['gitservers'][0]}}/ikiwiki
accept_hostkey=yes
update=no
notify: Rebuild ikiwiki
diff --git a/roles/sublab_web/tasks/main.yaml b/roles/sublab_web/tasks/main.yaml
index 7416cba..145c549 100644
--- a/roles/sublab_web/tasks/main.yaml
+++ b/roles/sublab_web/tasks/main.yaml
@@ -31,6 +31,10 @@
- wiki.conf
notify: Reload apache
+- name: Place wiki htpasswd
+ copy: dest=/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd
+ src=htpasswd
+
- include: ../../apache/tasks/ssl.yaml
vars:
ssl_server_name: "{{sublab_web_server_name}}"
diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2
index bec8c54..2e543b8 100644
--- a/roles/sublab_web/templates/subdap-ssl.conf.j2
+++ b/roles/sublab_web/templates/subdap-ssl.conf.j2
@@ -1,3 +1,4 @@
+{% if 0 %}
<Location "/subdap/">
ProxyPass "http://127.0.0.1:8001/"
</Location>
@@ -11,3 +12,7 @@ Alias /subdap/static /var/subdap/src/static
AllowOverride None
Require all granted
</Directory>
+{% else %}
+RedirectMatch temp ^/(subdap(/?|/.*))$ https://{{ sublab_web_server_name }}/account-creation-suspended
+{% endif %}
+
diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2
index ac29e3d..5cd3964 100644
--- a/roles/sublab_web/templates/website-rebuild.sh.j2
+++ b/roles/sublab_web/templates/website-rebuild.sh.j2
@@ -3,6 +3,10 @@
# {{ ansible_managed }}
#
+if [ "$USER" != "sublab_web" ]; then
+ exec sudo -u sublab_web /var/www/{{sublab_web_server_name}}/website-rebuild.sh
+fi
+
cd /var/www/{{sublab_web_server_name}}/htdocs
if [ x"$1" != x"-l" ]; then
diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2
index 5328335..a5c47ba 100644
--- a/roles/sublab_web/templates/wiki.conf.j2
+++ b/roles/sublab_web/templates/wiki.conf.j2
@@ -6,14 +6,23 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/
Options +ExecCGI
</Directory>
<Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth>
+#
+# Disable LDAP auth for now :/
+#
+# AuthType basic
+# AuthBasicProvider ldap
+# AuthName "LDAP Login"
+# AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
+# AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
+# AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
+# # AuthzLDAPAuthoritative on
+# # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+# Require valid-user
+
+# And use basic auth instead
AuthType basic
- AuthBasicProvider ldap
- AuthName "LDAP Login"
- AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
- AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
- AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
- # AuthzLDAPAuthoritative on
- # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+ AuthName "Wiki Login"
+ AuthUserFile "/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd"
Require valid-user
</Directory>
LDAPTrustedMode TLS
diff --git a/vars/main.yaml b/vars/main.yaml
index 448afa4..c3a325b 100644
--- a/vars/main.yaml
+++ b/vars/main.yaml
@@ -1,2 +1,3 @@
---
ldap_url: "ldaps://{{ groups['authservers'][0] }}"
+sublab_web_server_name: "{{hostvars[groups['webservers'][0]]['sublab_web_server_name']|default(groups['webservers'][0])}}"