Assorted changesHEAD master

- add hooks between webserver and gitserver: git->website and wiki->git work now, git->wiki is still missing, https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/ should contain the right info for that - actually configure repo_service - replace LDAP auth with dummy password auth for now
author: Christian Franke <nobody@nowhere.ws> 2015-10-26 20:38:25 +0100
committer: Christian Franke <nobody@nowhere.ws> 2015-10-26 20:38:25 +0100
commit: f38450f9f2037244300082f3e4211b790ac87058 (patch)
tree: 074ffa7d0512e099742641df8065d7b4139a6e99 /roles/sublab_web/templates
parent: 4e5034f57b54f1a5052fd859d3419002a477e628 (diff)
3 files changed, 25 insertions, 7 deletions
diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2
index bec8c54..2e543b8 100644
--- a/roles/sublab_web/templates/subdap-ssl.conf.j2
+++ b/roles/sublab_web/templates/subdap-ssl.conf.j2
@@ -1,3 +1,4 @@
+{% if 0 %}
 <Location "/subdap/">
     ProxyPass "http://127.0.0.1:8001/"
 </Location>
@@ -11,3 +12,7 @@ Alias /subdap/static /var/subdap/src/static
   AllowOverride None
   Require all granted
 </Directory>
+{% else %}
+RedirectMatch temp ^/(subdap(/?|/.*))$   https://{{ sublab_web_server_name }}/account-creation-suspended
+{% endif %}
+
diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2
index ac29e3d..5cd3964 100644
--- a/roles/sublab_web/templates/website-rebuild.sh.j2
+++ b/roles/sublab_web/templates/website-rebuild.sh.j2
@@ -3,6 +3,10 @@
 # {{ ansible_managed }}
 #
 
+if [ "$USER" != "sublab_web" ]; then
+	exec sudo -u sublab_web /var/www/{{sublab_web_server_name}}/website-rebuild.sh
+fi
+
 cd /var/www/{{sublab_web_server_name}}/htdocs
 
 if [ x"$1" != x"-l" ]; then
diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2
index 5328335..a5c47ba 100644
--- a/roles/sublab_web/templates/wiki.conf.j2
+++ b/roles/sublab_web/templates/wiki.conf.j2
@@ -6,14 +6,23 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/
         Options +ExecCGI
 </Directory>
 <Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth>
+#
+#  Disable LDAP auth for now :/
+#
+#        AuthType basic
+#        AuthBasicProvider ldap
+#        AuthName "LDAP Login"
+#        AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
+#        AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
+#        AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
+#        # AuthzLDAPAuthoritative on
+#        # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+#        Require valid-user
+
+#  And use basic auth instead
         AuthType basic
-        AuthBasicProvider ldap
-        AuthName "LDAP Login"
-        AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
-        AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
-        AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
-        # AuthzLDAPAuthoritative on
-        # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+        AuthName "Wiki Login"
+        AuthUserFile "/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd"
         Require valid-user
 </Directory>
 LDAPTrustedMode TLS
author	Christian Franke <nobody@nowhere.ws>	2015-10-26 20:38:25 +0100
committer	Christian Franke <nobody@nowhere.ws>	2015-10-26 20:38:25 +0100
commit	f38450f9f2037244300082f3e4211b790ac87058 (patch)
tree	074ffa7d0512e099742641df8065d7b4139a6e99 /roles/sublab_web/templates
parent	4e5034f57b54f1a5052fd859d3419002a477e628 (diff)