Wiki: Fix oauth, create role from playbook

This commit is contained in:
jtbx 2023-05-11 20:19:14 +02:00
parent 73db1dd077
commit 804becdd31
9 changed files with 115 additions and 46 deletions

View file

@ -57,6 +57,11 @@
roles: roles:
- zigbee2mqtt - zigbee2mqtt
- name: Ensure Dokuwiki config
hosts: wiki
roles:
- dokuwiki
- name: Ensure certificate deployment on cert_hosts - name: Ensure certificate deployment on cert_hosts
hosts: cert_hosts hosts: cert_hosts
roles: roles:
@ -81,6 +86,3 @@
hosts: nginx_hosts:!public_reverse_proxy_hosts hosts: nginx_hosts:!public_reverse_proxy_hosts
roles: roles:
- nginx - nginx
- name: dokuwiki_specific_tasks
ansible.builtin.import_playbook: dokuwiki_specific_tasks.yaml

View file

@ -1,35 +0,0 @@
---
- name: dokuwiki on wiki.z9 specific tasks
hosts: wiki
tasks:
# TODO: make this a role
- name: Install php-fpm
ansible.builtin.apt:
name:
- php-fpm
- php-xml
- php-mbstring
- php-zip
- php-intl
- php-gd
diff: false
- name: Make sure php-fpm is enabled
ansible.builtin.systemd:
service: php7.4-fpm.service
enabled: true
# place dokuwiki zip into /var/www/dokuwiki manually!
- name: Create www dir
become: true
ansible.builtin.file:
path: /var/www
state: directory
owner: nginx
group: nginx
mode: "0755"
- name: Custom php-fpm config
become: true
ansible.builtin.copy:
src: configs/wiki/php-fpm-dokuwiki.conf
dest: /etc/php/7.4/fpm/pool.d/dokuwiki.conf
mode: "0755"

View file

@ -22,8 +22,8 @@ server {
# HSTS (ngx_http_headers_module is required) (63072000 seconds) # HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
# Maximum file upload size is 4MB - change accordingly if needed # Maximum file upload size is 20MB - change accordingly if needed
client_max_body_size 4M; client_max_body_size 20M;
client_body_buffer_size 128k; client_body_buffer_size 128k;
proxy_set_header Host $host; proxy_set_header Host $host;

View file

@ -0,0 +1,49 @@
# Role `dokuwiki`
Makes sure that all required packages for a [DokuWiki](https://www.dokuwiki.org/dokuwiki) powered by php-fpm are installed.
The DokuWiki tarball has to be unpacked to `/var/www/dokuwiki` (see variable below) manually afterwards.
Please download it from https://download.dokuwiki.org.
## Supported Distributions
The following distributions are supported:
- Debian 11
## Required Arguments
None.
## Optional Argument
- `dokuwiki__installpath`: Where your DokiWiki lives, default `/var/www/dokuwiki`
- `dokuwiki__php_version`: Your PHP version, default `7.4`
- `dokuwiki__php_user`: User of your php-fpm process, default `www-data`
- `dokuwiki__nginx_user`: User of your nginx process, default `nginx`
## nginx Configuration
This role does not configure your nginx server.
Please take a look at https://www.dokuwiki.org/install:nginx for a starting point.
This role expects to work with our `nginx` role, which installs nginx from nginx's repo instead of Debian's package.
This means, that nginx will not run as the `www-data`, which is used by php-fpm.
So your `server` directive in the nginx configuration needs to use:
```conf
root /var/www/dokuwiki;
[...]
location ~ \.php$ {
[...]
fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock;
}
```
## Updates
This role doesn't handle updates.
Please use the updater from Dokuwiki's admin interface to install updates.

View file

@ -0,0 +1,5 @@
---
dokuwiki__installpath: "/var/www/dokuwiki"
dokuwiki__php_version: "7.4"
dokuwiki__php_user: "www-data"
dokuwiki__nginx_user: "nginx"

View file

@ -0,0 +1,5 @@
- name: Restart php-fpm
become: true
ansible.builtin.systemd:
name: "php{{ dokuwiki__php_version }}-fpm.service"
state: restarted

View file

@ -0,0 +1,8 @@
---
dependencies:
- role: distribution_check
vars:
distribution_check__distribution_support_spec:
- name: Debian
versions:
- 11

View file

@ -0,0 +1,35 @@
- name: Install php-fpm
become: true
ansible.builtin.apt:
name:
- php-fpm
- php-xml
- php-mbstring
- php-zip
- php-intl
- php-gd
- php-sqlite3
diff: false
- name: Ensure `php-fpm` is enabled
become: true
ansible.builtin.systemd:
service: "php{{ dokuwiki__php_version }}-fpm.service"
enabled: true
- name: Create custom php-fpm pool
become: true
ansible.builtin.template:
src: "{{ role_path }}/templates/php-fpm-dokuwiki.conf"
dest: "/etc/php/{{ dokuwiki__php_version }}/fpm/pool.d/dokuwiki.conf"
mode: "0755"
notify: Restart php-fpm
- name: Create `/var/www` directory
become: true
ansible.builtin.file:
path: /var/www
state: directory
owner: "{{ dokuwiki__nginx_user }}"
group: "{{ dokuwiki__nginx_user }}"
mode: "0755"

View file

@ -1,15 +1,15 @@
[dokuwiki] [dokuwiki]
user = www-data user = {{ dokuwiki__php_user }}
group = www-data group = {{ dokuwiki__php_user }}
listen = /var/run/php/php-fpm-dokuwiki.sock listen = /var/run/php/php-fpm-dokuwiki.sock
listen.owner = nginx listen.owner = {{ dokuwiki__nginx_user }}
listen.group = nginx listen.group = {{ dokuwiki__nginx_user }}
php_admin_value[disable_functions] = exec,passthru,shell_exec,system php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off php_admin_flag[allow_url_fopen] = on
; Choose how the process manager will control the number of child processes. ; Choose how the process manager will control the number of child processes.
pm = dynamic pm = dynamic
pm.max_children = 75 pm.max_children = 75
pm.start_servers = 10 pm.start_servers = 10
pm.min_spare_servers = 5 pm.min_spare_servers = 5
pm.max_spare_servers = 20 pm.max_spare_servers = 20
pm.process_idle_timeout = 10s pm.process_idle_timeout = 10s