From f38450f9f2037244300082f3e4211b790ac87058 Mon Sep 17 00:00:00 2001
From: Christian Franke <nobody@nowhere.ws>
Date: Mon, 26 Oct 2015 20:38:25 +0100
Subject: Assorted changes

- add hooks between webserver and gitserver:
    git->website and wiki->git work now,
    git->wiki is still missing,
      https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/
    should contain the right info for that
- actually configure repo_service
- replace LDAP auth with dummy password auth for now
---
 roles/sublab_web/templates/subdap-ssl.conf.j2    |  5 +++++
 roles/sublab_web/templates/website-rebuild.sh.j2 |  4 ++++
 roles/sublab_web/templates/wiki.conf.j2          | 23 ++++++++++++++++-------
 3 files changed, 25 insertions(+), 7 deletions(-)

(limited to 'roles/sublab_web/templates')

diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2
index bec8c54..2e543b8 100644
--- a/roles/sublab_web/templates/subdap-ssl.conf.j2
+++ b/roles/sublab_web/templates/subdap-ssl.conf.j2
@@ -1,3 +1,4 @@
+{% if 0 %}
 <Location "/subdap/">
     ProxyPass "http://127.0.0.1:8001/"
 </Location>
@@ -11,3 +12,7 @@ Alias /subdap/static /var/subdap/src/static
   AllowOverride None
   Require all granted
 </Directory>
+{% else %}
+RedirectMatch temp ^/(subdap(/?|/.*))$   https://{{ sublab_web_server_name }}/account-creation-suspended
+{% endif %}
+
diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2
index ac29e3d..5cd3964 100644
--- a/roles/sublab_web/templates/website-rebuild.sh.j2
+++ b/roles/sublab_web/templates/website-rebuild.sh.j2
@@ -3,6 +3,10 @@
 # {{ ansible_managed }}
 #
 
+if [ "$USER" != "sublab_web" ]; then
+	exec sudo -u sublab_web /var/www/{{sublab_web_server_name}}/website-rebuild.sh
+fi
+
 cd /var/www/{{sublab_web_server_name}}/htdocs
 
 if [ x"$1" != x"-l" ]; then
diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2
index 5328335..a5c47ba 100644
--- a/roles/sublab_web/templates/wiki.conf.j2
+++ b/roles/sublab_web/templates/wiki.conf.j2
@@ -6,14 +6,23 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/
         Options +ExecCGI
 </Directory>
 <Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth>
+#
+#  Disable LDAP auth for now :/
+#
+#        AuthType basic
+#        AuthBasicProvider ldap
+#        AuthName "LDAP Login"
+#        AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
+#        AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
+#        AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
+#        # AuthzLDAPAuthoritative on
+#        # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+#        Require valid-user
+
+#  And use basic auth instead
         AuthType basic
-        AuthBasicProvider ldap
-        AuthName "LDAP Login"
-        AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
-        AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
-        AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
-        # AuthzLDAPAuthoritative on
-        # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+        AuthName "Wiki Login"
+        AuthUserFile "/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd"
         Require valid-user
 </Directory>
 LDAPTrustedMode TLS
-- 
cgit v1.2.1