From 037b2539fdd6de92cdf9f0846476393af3590dd8 Mon Sep 17 00:00:00 2001 From: Christian Franke Date: Tue, 25 Aug 2015 22:06:38 +0200 Subject: Make the wiki work --- roles/sublab_web/files/ikiwiki-editpage.tmpl | 92 ++++++ roles/sublab_web/handlers/as_webuser.yaml | 4 +- roles/sublab_web/handlers/as_wikiuser.yaml | 6 + roles/sublab_web/handlers/main.yaml | 5 + roles/sublab_web/tasks/as_webuser.yaml | 10 + roles/sublab_web/tasks/as_wikiuser.yaml | 33 ++ roles/sublab_web/tasks/main.yaml | 24 +- roles/sublab_web/templates/dump.conf.j2 | 7 - roles/sublab_web/templates/ikiwiki-rebuild.sh.j2 | 12 + roles/sublab_web/templates/ikiwiki.setup.j2 | 387 +++++++++++++++++++++++ roles/sublab_web/templates/server.conf.j2 | 1 + roles/sublab_web/templates/vhost.conf.j2 | 1 - roles/sublab_web/templates/website-rebuild.sh.j2 | 11 + roles/sublab_web/templates/wiki.conf.j2 | 3 +- 14 files changed, 582 insertions(+), 14 deletions(-) create mode 100644 roles/sublab_web/files/ikiwiki-editpage.tmpl create mode 100644 roles/sublab_web/handlers/as_wikiuser.yaml create mode 100644 roles/sublab_web/tasks/as_wikiuser.yaml delete mode 100644 roles/sublab_web/templates/dump.conf.j2 create mode 100644 roles/sublab_web/templates/ikiwiki-rebuild.sh.j2 create mode 100644 roles/sublab_web/templates/ikiwiki.setup.j2 create mode 100644 roles/sublab_web/templates/website-rebuild.sh.j2 (limited to 'roles/sublab_web') diff --git a/roles/sublab_web/files/ikiwiki-editpage.tmpl b/roles/sublab_web/files/ikiwiki-editpage.tmpl new file mode 100644 index 0000000..3e0c40a --- /dev/null +++ b/roles/sublab_web/files/ikiwiki-editpage.tmpl @@ -0,0 +1,92 @@ + + +
+ + + + + + + + + + + + + +
+
+
+ + +
+
+Bitte stelle nur Texte und Dokumente ins Wiki die du unter CC BY-SA 2.0 veröffentlichen willst und darfst.
+ + + +Attachments + + + +
+
+ + + +
+ + + + +
" />
+
+ + + +
+
+
+ + + +
+
+Page preview: +
+
+ +
+
+ +
+
+Diff: +
+
+ +
+
diff --git a/roles/sublab_web/handlers/as_webuser.yaml b/roles/sublab_web/handlers/as_webuser.yaml index 53c6444..11e8074 100644 --- a/roles/sublab_web/handlers/as_webuser.yaml +++ b/roles/sublab_web/handlers/as_webuser.yaml @@ -1,5 +1,5 @@ --- - name: Rebuild subweb website - shell: python template.py + shell: ./website-rebuild.sh args: - chdir: "/var/www/{{sublab_web_server_name}}/htdocs/scripts" + chdir: "/var/www/{{sublab_web_server_name}}" diff --git a/roles/sublab_web/handlers/as_wikiuser.yaml b/roles/sublab_web/handlers/as_wikiuser.yaml new file mode 100644 index 0000000..e7dfa33 --- /dev/null +++ b/roles/sublab_web/handlers/as_wikiuser.yaml @@ -0,0 +1,6 @@ +--- +- name: Rebuild ikiwiki + shell: ./ikiwiki-rebuild.sh + args: + chdir: "/home/wiki-{{sublab_web_server_name}}" + diff --git a/roles/sublab_web/handlers/main.yaml b/roles/sublab_web/handlers/main.yaml index 1ea02c8..ac01b01 100644 --- a/roles/sublab_web/handlers/main.yaml +++ b/roles/sublab_web/handlers/main.yaml @@ -3,3 +3,8 @@ become: yes become_method: su become_user: sublab_web + +- include: as_wikiuser.yaml + become: yes + become_method: su + become_user: sublab_wiki diff --git a/roles/sublab_web/tasks/as_webuser.yaml b/roles/sublab_web/tasks/as_webuser.yaml index 44c209a..859c1bf 100644 --- a/roles/sublab_web/tasks/as_webuser.yaml +++ b/roles/sublab_web/tasks/as_webuser.yaml @@ -1,7 +1,17 @@ --- +- name: Put rebuild script + template: + dest="/var/www/{{sublab_web_server_name}}/website-rebuild.sh" + src=website-rebuild.sh.j2 + mode=0755 + notify: Rebuild subweb website + +# Updates to git are pushed automatically and should not +# go through ansible - this is for initial deployment only - name: Clone sublab website git: dest="/var/www/{{sublab_web_server_name}}/htdocs" repo=git://git.sublab.org/website accept_hostkey=yes + update=no notify: Rebuild subweb website diff --git a/roles/sublab_web/tasks/as_wikiuser.yaml b/roles/sublab_web/tasks/as_wikiuser.yaml new file mode 100644 index 0000000..adfa473 --- /dev/null +++ b/roles/sublab_web/tasks/as_wikiuser.yaml @@ -0,0 +1,33 @@ +--- +- name: Put wiki configuration + template: + src=ikiwiki.setup.j2 + dest="/home/wiki-{{sublab_web_server_name}}/wiki.setup" + notify: Rebuild ikiwiki + +- name: Put wiki rebuild script + template: + src=ikiwiki-rebuild.sh.j2 + dest="/home/wiki-{{sublab_web_server_name}}/ikiwiki-rebuild.sh" + mode=0755 + notify: Rebuild ikiwiki + +- name: Create Template dir + file: + path="/home/wiki-{{sublab_web_server_name}}/templates" + state=directory + +- name: Put editpage template + copy: + src=ikiwiki-editpage.tmpl + dest="/home/wiki-{{sublab_web_server_name}}/templates/editpage.tmpl" + +# Updates to git are pushed automatically and should not +# go through ansible - this is for initial deployment only +- name: Clone wiki git + git: + dest="/home/wiki-{{sublab_web_server_name}}/wiki" + repo=git://git.sublab.org/ikiwiki + accept_hostkey=yes + update=no + notify: Rebuild ikiwiki diff --git a/roles/sublab_web/tasks/main.yaml b/roles/sublab_web/tasks/main.yaml index 5e52a65..fcfc7cb 100644 --- a/roles/sublab_web/tasks/main.yaml +++ b/roles/sublab_web/tasks/main.yaml @@ -1,5 +1,12 @@ --- -# Deploy sublab web config +- name: Install ikiwiki package and dependencies + apt: name={{ item }} state=present + with_items: + - ikiwiki + - perlmagick + - libmagickcore-extra + notify: Rebuild ikiwiki + - name: Place vhost config template: dest=/etc/apache2/sites-enabled/000-default_subweb.conf @@ -17,7 +24,6 @@ dest=/etc/apache2/sites/{{ sublab_web_server_name }}/{{ item }} src={{ item }}.j2 with_items: - - dump.conf - server.conf - ssl.conf - subdap-plain.conf @@ -34,7 +40,21 @@ group=sublab_web home="/var/www/{{sublab_web_server_name}}" +- name: Create Wiki group + group: name=sublab_wiki + +- name: Create Wiki user + user: + name=sublab_wiki + group=sublab_wiki + home="/home/wiki-{{sublab_web_server_name}}" + - include: as_webuser.yaml become: yes become_method: su become_user: sublab_web + +- include: as_wikiuser.yaml + become: yes + become_method: su + become_user: sublab_wiki diff --git a/roles/sublab_web/templates/dump.conf.j2 b/roles/sublab_web/templates/dump.conf.j2 deleted file mode 100644 index e0d74f6..0000000 --- a/roles/sublab_web/templates/dump.conf.j2 +++ /dev/null @@ -1,7 +0,0 @@ -Alias /dump /var/www/{{ sublab_web_server_name }}/dump - - AllowOverride None - Order allow,deny - Allow from all - Options +FollowSymLinks - diff --git a/roles/sublab_web/templates/ikiwiki-rebuild.sh.j2 b/roles/sublab_web/templates/ikiwiki-rebuild.sh.j2 new file mode 100644 index 0000000..7bea990 --- /dev/null +++ b/roles/sublab_web/templates/ikiwiki-rebuild.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/sh -e +# +# {{ ansible_managed }} +# + +cd /home/wiki-{{sublab_web_server_name}} + +rm -Rf wiki-html +cp /var/www/{{sublab_web_server_name}}/wiki-page.tmpl templates/page.tmpl +ikiwiki --setup wiki.setup +mkdir wiki-html/auth +ln -sv ../ikiwiki.cgi wiki-html/auth/ikiwiki.cgi diff --git a/roles/sublab_web/templates/ikiwiki.setup.j2 b/roles/sublab_web/templates/ikiwiki.setup.j2 new file mode 100644 index 0000000..d09bb2b --- /dev/null +++ b/roles/sublab_web/templates/ikiwiki.setup.j2 @@ -0,0 +1,387 @@ +# IkiWiki::Setup::Yaml - YAML formatted setup file +# +# {{ ansible_managed }} +# +# Setup file for ikiwiki. +# +# Passing this to ikiwiki --setup will make ikiwiki generate +# wrappers and build the wiki. +# +# Remember to re-run ikiwiki --setup any time you edit this file. +# +# name of the wiki +wikiname: wiki +# contact email for wiki +adminemail: {{ admin_email }} +# users who are wiki admins +adminuser: +- nihilus +# users who are banned from the wiki +banned_users: [] +# where the source of the wiki is located +srcdir: /home/wiki-{{sublab_web_server_name}}/wiki +# where to build the wiki +destdir: /home/wiki-{{sublab_web_server_name}}/wiki-html +# base url to the wiki +url: https://{{sublab_web_server_name}}/wiki +# url to the ikiwiki.cgi +cgiurl: https://{{sublab_web_server_name}}/wiki/ikiwiki.cgi +# filename of cgi wrapper to generate +cgi_wrapper: /home/wiki-{{sublab_web_server_name}}/wiki-html/ikiwiki.cgi +# mode for cgi_wrapper (can safely be made suid) +cgi_wrappermode: 06755 +# rcs backend to use +rcs: git +# plugins to add to the default configuration +add_plugins: +- goodstuff +- httpauth +- attachment +- img +- autoindex +- format +- highlight +# plugins to disable +disable_plugins: +- blogspam +- openid +- passwordauth +# additional directory to search for template files +templatedir: /home/wiki-{{sublab_web_server_name}}/templates +# base wiki source location +underlaydir: /usr/share/ikiwiki/basewiki +# display verbose messages? +#verbose: 1 +# log to syslog? +syslog: 1 +# create output files named page/index.html? +usedirs: 1 +# use '!'-prefixed preprocessor directives? +prefix_directives: 1 +# use page/index.mdwn source files +indexpages: 0 +# enable Discussion pages? +discussion: 0 +# name of Discussion pages +discussionpage: Discussion +# generate HTML5? +html5: 0 +# only send cookies over SSL connections? +sslcookie: 0 +# extension to use for new pages +default_pageext: mdwn +# extension to use for html files +htmlext: html +# strftime format string to display date +timeformat: '%c' +# UTF-8 locale to use +#locale: en_US.UTF-8 +# put user pages below specified page +userdir: '' +# how many backlinks to show before hiding excess (0 to show all) +numbacklinks: 10 +# attempt to hardlink source files? (optimisation for large files) +hardlink: 0 +# force ikiwiki to use a particular umask (keywords public, group or private, or a number) +umask: public +# group for wrappers to run in +#wrappergroup: ikiwiki +# extra library and plugin directory +libdir: /home/wiki-{{sublab_web_server_name}}/.ikiwiki +# environment variables +ENV: {} +# time zone name +#timezone: US/Eastern +# regexp of normally excluded files to include +#include: ^\.htaccess$ +# regexp of files that should be skipped +#exclude: ^(*\.private|Makefile)$ +# specifies the characters that are allowed in source filenames +wiki_file_chars: -[:alnum:]+/.:_ +# allow symlinks in the path leading to the srcdir (potentially insecure) +allow_symlinks_before_srcdir: 0 + +###################################################################### +# core plugins +# (editpage, git, htmlscrubber, inline, link, meta, parentlinks) +###################################################################### + +# git plugin +# git hook to generate +git_wrapper: /home/wiki-{{sublab_web_server_name}}/git-hook +# shell command for git_wrapper to run, in the background +#git_wrapper_background_command: git push github +# mode for git_wrapper (can safely be made suid) +#git_wrappermode: 06755 +# git pre-receive hook to generate +#git_test_receive_wrapper: /git/wiki.git/hooks/pre-receive +# unix users whose commits should be checked by the pre-receive hook +#untrusted_committers: [] +# gitweb url to show file history ([[file]] substituted) +#historyurl: http://git.example.com/gitweb.cgi?p=wiki.git;a=history;f=[[file]];hb=HEAD +# gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted) +#diffurl: http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]] +# where to pull and push changes (set to empty string to disable) +#gitorigin_branch: origin +# branch that the wiki is stored in +#gitmaster_branch: master + +# htmlscrubber plugin +# PageSpec specifying pages not to scrub +#htmlscrubber_skip: '!*/Discussion' + +# inline plugin +# enable rss feeds by default? +rss: 1 +# enable atom feeds by default? +atom: 1 +# allow rss feeds to be used? +#allowrss: 0 +# allow atom feeds to be used? +#allowatom: 0 +# urls to ping (using XML-RPC) on feed update +#pingurl: http://rpc.technorati.com/rpc/ping + +###################################################################### +# auth plugins +# (anonok, blogspam, httpauth, lockedit, moderatedcomments, +# opendiscussion, openid, passwordauth, signinedit) +###################################################################### + +# anonok plugin +# PageSpec to limit which pages anonymous users can edit +#anonok_pagespec: '*/discussion' + +# blogspam plugin +# PageSpec of pages to check for spam +#blogspam_pagespec: postcomment(*) +# options to send to blogspam server +#blogspam_options: blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10 +# blogspam server XML-RPC url +#blogspam_server: '' + +# httpauth plugin +# url to redirect to when authentication is needed +cgiauthurl: https://{{sublab_web_server_name}}/wiki/auth/ikiwiki.cgi +# PageSpec of pages where only httpauth will be used for authentication +#httpauth_pagespec: '!*/Discussion' + +# lockedit plugin +# PageSpec controlling which pages are locked +#locked_pages: '!*/Discussion' + +# moderatedcomments plugin +# PageSpec matching users or comment locations to moderate +#moderate_pagespec: '*' + +# openid plugin +# url pattern of openid realm (default is cgiurl) +#openid_realm: '' +# url to ikiwiki cgi to use for openid authentication (default is cgiurl) +#openid_cgiurl: '' + +# passwordauth plugin +# a password that must be entered when signing up for an account +#account_creation_password: s3cr1t +# cost of generating a password using Authen::Passphrase::BlowfishCrypt +#password_cost: 8 + +###################################################################### +# format plugins +# (creole, highlight, hnb, html, mdwn, otl, rawhtml, rst, textile, txt) +###################################################################### + +# highlight plugin +# types of source files to syntax highlight +#tohighlight: .c .h .cpp .pl .py Makefile:make +# location of highlight's filetypes.conf +#filetypes_conf: /etc/highlight/filetypes.conf +# location of highlight's langDefs directory +#langdefdir: /usr/share/highlight/langDefs + +# mdwn plugin +# enable multimarkdown features? +#multimarkdown: 0 +# disable use of markdown discount? +#nodiscount: 0 + +###################################################################### +# special-purpose plugins +# (osm) +###################################################################### + +# osm plugin +# the default zoom when you click on the map link +#osm_default_zoom: 15 +# the icon shown on links and on the main map +#osm_default_icon: ikiwiki/images/osm.png +# the alt tag of links, defaults to empty +#osm_alt: '' +# the output format for waypoints, can be KML, GeoJSON or CSV (one or many, comma-separated) +#osm_format: KML +# the icon attached to a tag, displayed on the map for tagged pages +#osm_tag_default_icon: icon.png + +###################################################################### +# web plugins +# (404, attachment, comments, editdiff, edittemplate, getsource, google, +# goto, mirrorlist, remove, rename, repolist, search, theme, userlist, +# websetup, wmd) +###################################################################### + +# attachment plugin +# enhanced PageSpec specifying what attachments are allowed +allowed_attachments: maxsize(4mb) and !glob(*.cgi) +# virus checker program (reads STDIN, returns nonzero if virus found) +#virus_checker: clamdscan - + +# comments plugin +# PageSpec of pages where comments are allowed +#comments_pagespec: blog/* and !*/Discussion +# PageSpec of pages where posting new comments is not allowed +#comments_closed_pagespec: blog/controversial or blog/flamewar +# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12" +#comments_pagename: '' +# Interpret directives in comments? +#comments_allowdirectives: 0 +# Allow anonymous commenters to set an author name? +#comments_allowauthor: 0 +# commit comments to the VCS +#comments_commit: 1 + +# getsource plugin +# Mime type for returned source. +#getsource_mimetype: text/plain; charset=utf-8 + +# mirrorlist plugin +# list of mirrors +#mirrorlist: {} +# generate links that point to the mirrors' ikiwiki CGI +#mirrorlist_use_cgi: 1 + +# repolist plugin +# URIs of repositories containing the wiki's source +#repositories: +#- svn://svn.example.org/wiki/trunk + +# search plugin +# path to the omega cgi program +#omega_cgi: /usr/lib/cgi-bin/omega/omega + +# theme plugin +# name of theme to enable +#theme: actiontabs + +# websetup plugin +# list of plugins that cannot be enabled/disabled via the web interface +#websetup_force_plugins: [] +# list of additional setup field keys to treat as unsafe +#websetup_unsafe: [] +# show unsafe settings, read-only, in web interface? +#websetup_show_unsafe: 1 + +###################################################################### +# widget plugins +# (calendar, color, conditional, cutpaste, date, format, fortune, +# graphviz, haiku, headinganchors, img, linkmap, listdirectives, map, +# more, orphans, pagecount, pagestats, poll, polygen, postsparkline, +# progress, shortcut, sparkline, table, template, teximg, toc, toggle, +# version) +###################################################################### + +# calendar plugin +# base of the archives hierarchy +#archivebase: archives +# PageSpec of pages to include in the archives; used by ikiwiki-calendar command +#archive_pagespec: page(posts/*) and !*/Discussion + +# listdirectives plugin +# directory in srcdir that contains directive descriptions +#directive_description_dir: ikiwiki/directive + +# teximg plugin +# Should teximg use dvipng to render, or dvips and convert? +#teximg_dvipng: '' +# LaTeX prefix for teximg plugin +#teximg_prefix: '\documentclass{article} +# +# \usepackage[utf8]{inputenc} +# +# \usepackage{amsmath} +# +# \usepackage{amsfonts} +# +# \usepackage{amssymb} +# +# \pagestyle{empty} +# +# \begin{document} +# +#' +# LaTeX postfix for teximg plugin +#teximg_postfix: \end{document} + +###################################################################### +# other plugins +# (aggregate, autoindex, brokenlinks, camelcase, ddate, embed, favicon, +# filecheck, flattr, goodstuff, htmlbalance, localstyle, notifyemail, +# pagetemplate, pingee, pinger, prettydate, recentchanges, +# recentchangesdiff, relativedate, rsync, sidebar, smiley, +# sortnaturally, tag, testpagespec, trail, transient, underlay) +###################################################################### + +# aggregate plugin +# enable aggregation to internal pages? +#aggregateinternal: 1 +# allow aggregation to be triggered via the web? +#aggregate_webtrigger: 0 +# cookie control +#cookiejar: +# file: /home/wiki-{{sublab_web_server_name}}/.ikiwiki/cookies + +# autoindex plugin +# commit autocreated index pages +#autoindex_commit: 1 + +# camelcase plugin +# list of words to not turn into links +#camelcase_ignore: [] + +# flattr plugin +# userid or user name to use by default for Flattr buttons +#flattr_userid: joeyh + +# pinger plugin +# how many seconds to try pinging before timing out +#pinger_timeout: 15 + +# prettydate plugin +# format to use to display date +#prettydateformat: '%X, %B %o, %Y' + +# recentchanges plugin +# name of the recentchanges page +#recentchangespage: recentchanges +# number of changes to track +#recentchangesnum: 100 + +# rsync plugin +# command to run to sync updated pages +#rsync_command: rsync -qa --delete . user@host:/path/to/docroot/ + +# sidebar plugin +# show sidebar page on all pages? +#global_sidebars: 1 + +# tag plugin +# parent page tags are located under +#tagbase: tag +# autocreate new tag pages? +#tag_autocreate: 1 +# commit autocreated tag pages +#tag_autocreate_commit: 1 + +# underlay plugin +# extra underlay directories to add +#add_underlays: +#- /home/wiki-{{sublab_web_server_name}}/wiki.underlay diff --git a/roles/sublab_web/templates/server.conf.j2 b/roles/sublab_web/templates/server.conf.j2 index aee5ab4..94ff4f7 100644 --- a/roles/sublab_web/templates/server.conf.j2 +++ b/roles/sublab_web/templates/server.conf.j2 @@ -17,6 +17,7 @@ RewriteRule ^/vokue/?$ /wiki/Phantomspeisung/ [R=301] RewriteRule ^/cryptocon14(/?|.*)$ https://cryptocon.org/14$1 [R=301,last] RewriteRule ^/cryptocon15(/?|.*)$ https://cryptocon.org/15$1 [R=301,last] +RewriteRule ^/dump(/?|.*)$ http://dump.sublab.org$1 [R=301,last] # Allow the drop of .html RewriteRule ^/([^/\.]+)$ /$1.html diff --git a/roles/sublab_web/templates/vhost.conf.j2 b/roles/sublab_web/templates/vhost.conf.j2 index 6c3851d..bb6a255 100644 --- a/roles/sublab_web/templates/vhost.conf.j2 +++ b/roles/sublab_web/templates/vhost.conf.j2 @@ -2,7 +2,6 @@ Include sites/{{ sublab_web_server_name }}/subdap-plain.conf Include sites/{{ sublab_web_server_name }}/server.conf Include sites/{{ sublab_web_server_name }}/wiki.conf - Include sites/{{ sublab_web_server_name }}/dump.conf Include sites/{{ sublab_web_server_name }}/ssl.conf diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2 new file mode 100644 index 0000000..227fb65 --- /dev/null +++ b/roles/sublab_web/templates/website-rebuild.sh.j2 @@ -0,0 +1,11 @@ +#!/bin/sh -e +# +# {{ ansible_managed }} +# + +cd /var/www/{{sublab_web_server_name}}/htdocs +git fetch git://git.sublab.org/website.git master +git reset --hard FETCH_HEAD +cd scripts +python template.py +python wikitemplate.py > ../../wiki-page.tmpl diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2 index 90a2f1d..5328335 100644 --- a/roles/sublab_web/templates/wiki.conf.j2 +++ b/roles/sublab_web/templates/wiki.conf.j2 @@ -1,8 +1,7 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/ AllowOverride None - Order allow,deny - allow from all + Require all granted AddHandler cgi-script .cgi Options +ExecCGI -- cgit v1.2.1