Wiki: Fix oauth, create role from playbook

playbooks/deploy.yaml

@@ -57,6 +57,11 @@
   roles:
     - zigbee2mqtt
 
+- name: Ensure Dokuwiki config
+  hosts: wiki
+  roles:
+    - dokuwiki
+
 - name: Ensure certificate deployment on cert_hosts
   hosts: cert_hosts
   roles:
@@ -81,6 +86,3 @@
   hosts: nginx_hosts:!public_reverse_proxy_hosts
   roles:
     - nginx
-
-- name: dokuwiki_specific_tasks
-  ansible.builtin.import_playbook: dokuwiki_specific_tasks.yaml

playbooks/dokuwiki_specific_tasks.yaml

@@ -1,35 +0,0 @@
----
-- name: dokuwiki on wiki.z9 specific tasks
-  hosts: wiki
-  tasks:
-    # TODO: make this a role
-    - name: Install php-fpm
-      ansible.builtin.apt:
-        name:
-          - php-fpm
-          - php-xml
-          - php-mbstring
-          - php-zip
-          - php-intl
-          - php-gd
-      diff: false
-    - name: Make sure php-fpm is enabled
-      ansible.builtin.systemd:
-        service: php7.4-fpm.service
-        enabled: true
-
-    # place dokuwiki zip into /var/www/dokuwiki manually!
-    - name: Create www dir
-      become: true
-      ansible.builtin.file:
-        path: /var/www
-        state: directory
-        owner: nginx
-        group: nginx
-        mode: "0755"
-    - name: Custom php-fpm config
-      become: true
-      ansible.builtin.copy:
-        src: configs/wiki/php-fpm-dokuwiki.conf
-        dest: /etc/php/7.4/fpm/pool.d/dokuwiki.conf
-        mode: "0755"

playbooks/files/chaosknoten/configs/wiki/nginx/wiki.ccchh.net.conf

@@ -22,8 +22,8 @@ server {
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;
 
-    # Maximum file upload size is 4MB - change accordingly if needed
-    client_max_body_size 4M;
+    # Maximum file upload size is 20MB - change accordingly if needed
+    client_max_body_size 20M;
     client_body_buffer_size 128k;
 
     proxy_set_header Host $host;

playbooks/roles/dokuwiki/README.md

@@ -0,0 +1,49 @@
+# Role `dokuwiki`
+
+Makes sure that all required packages for a [DokuWiki](https://www.dokuwiki.org/dokuwiki) powered by php-fpm are installed.
+
+The DokuWiki tarball has to be unpacked to `/var/www/dokuwiki` (see variable below) manually afterwards.
+Please download it from https://download.dokuwiki.org.
+
+## Supported Distributions
+
+The following distributions are supported:
+
+- Debian 11
+
+## Required Arguments
+
+None.
+
+## Optional Argument
+
+- `dokuwiki__installpath`: Where your DokiWiki lives, default `/var/www/dokuwiki`
+- `dokuwiki__php_version`: Your PHP version, default `7.4`
+- `dokuwiki__php_user`: User of your php-fpm process, default `www-data`
+- `dokuwiki__nginx_user`: User of your nginx process, default `nginx`
+
+## nginx Configuration
+
+This role does not configure your nginx server.
+Please take a look at https://www.dokuwiki.org/install:nginx for a starting point.
+
+This role expects to work with our `nginx` role, which installs nginx from nginx's repo instead of Debian's package.
+This means, that nginx will not run as the `www-data`, which is used by php-fpm.
+
+So your `server` directive in the nginx configuration needs to use:
+```conf
+  root /var/www/dokuwiki;
+
+  [...]
+
+  location ~ \.php$ {
+    [...]
+    fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock;
+  }
+```
+
+
+## Updates
+
+This role doesn't handle updates.
+Please use the updater from Dokuwiki's admin interface to install updates.

playbooks/roles/dokuwiki/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+dokuwiki__installpath: "/var/www/dokuwiki"
+dokuwiki__php_version: "7.4"
+dokuwiki__php_user: "www-data"
+dokuwiki__nginx_user: "nginx"

playbooks/roles/dokuwiki/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: Restart php-fpm
+  become: true
+  ansible.builtin.systemd:
+    name: "php{{ dokuwiki__php_version }}-fpm.service"
+    state: restarted

playbooks/roles/dokuwiki/meta/main.yml

@@ -0,0 +1,8 @@
+---
+dependencies:
+  - role: distribution_check
+    vars:
+      distribution_check__distribution_support_spec:
+        - name: Debian
+          versions:
+            - 11

playbooks/roles/dokuwiki/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: Install php-fpm
+  become: true
+  ansible.builtin.apt:
+    name:
+      - php-fpm
+      - php-xml
+      - php-mbstring
+      - php-zip
+      - php-intl
+      - php-gd
+      - php-sqlite3
+  diff: false
+
+- name: Ensure `php-fpm` is enabled
+  become: true
+  ansible.builtin.systemd:
+    service: "php{{ dokuwiki__php_version }}-fpm.service"
+    enabled: true
+
+- name: Create custom php-fpm pool
+  become: true
+  ansible.builtin.template:
+    src: "{{ role_path }}/templates/php-fpm-dokuwiki.conf"
+    dest: "/etc/php/{{ dokuwiki__php_version }}/fpm/pool.d/dokuwiki.conf"
+    mode: "0755"
+  notify: Restart php-fpm
+
+- name: Create `/var/www` directory
+  become: true
+  ansible.builtin.file:
+    path: /var/www
+    state: directory
+    owner: "{{ dokuwiki__nginx_user }}"
+    group: "{{ dokuwiki__nginx_user }}"
+    mode: "0755"

playbooks/roles/dokuwiki/templates/php-fpm-dokuwiki.conf

@@ -1,11 +1,11 @@
 [dokuwiki]
-user = www-data
-group = www-data
+user = {{ dokuwiki__php_user }}
+group = {{ dokuwiki__php_user }}
 listen = /var/run/php/php-fpm-dokuwiki.sock
-listen.owner = nginx
-listen.group = nginx
+listen.owner = {{ dokuwiki__nginx_user }}
+listen.group = {{ dokuwiki__nginx_user }}
 php_admin_value[disable_functions] = exec,passthru,shell_exec,system
-php_admin_flag[allow_url_fopen] = off
+php_admin_flag[allow_url_fopen] = on
 ; Choose how the process manager will control the number of child processes. 
 pm = dynamic
 pm.max_children = 75