diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-02-25 07:15:53 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-02-25 07:15:53 +0100 |
commit | 37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a (patch) | |
tree | 9e5bd01097ccadf6de2ba59dc264df51cd335665 /ansible/roles/mw-backend | |
parent | 443efffc41984ac604ffa733dd936fecd83006dd (diff) | |
download | infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.gz infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.bz2 infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.xz infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.zip |
wip
Diffstat (limited to 'ansible/roles/mw-backend')
-rw-r--r-- | ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf | 56 | ||||
-rw-r--r-- | ansible/roles/mw-backend/handlers/main.yml | 6 | ||||
-rw-r--r-- | ansible/roles/mw-backend/tasks/main.yml | 67 |
3 files changed, 117 insertions, 12 deletions
diff --git a/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf b/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf new file mode 100644 index 0000000..3823cf1 --- /dev/null +++ b/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf @@ -0,0 +1,56 @@ +# Based on /etc/apache2/conf-available/mediawiki.conf + +<VirtualHost *:80> + ServerName mw.trygvis.io + + ServerAdmin webmaster@trygvis.io + DocumentRoot /var/lib/mediawiki + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + +<Directory /var/lib/mediawiki/> + Options +FollowSymLinks + AllowOverride All + <IfVersion >= 2.3> + Require all granted + </IfVersion> + <IfVersion < 2.3> + order allow,deny + allow from all + </IfVersion> +</Directory> + +# some directories must be protected +<Directory /var/lib/mediawiki/config> + Options -FollowSymLinks + AllowOverride None + <IfModule mod_php7.c> + php_admin_flag engine off + </IfModule> + <IfModule mod_php5.c> + php_admin_flag engine off + </IfModule> +</Directory> +<Directory /var/lib/mediawiki/images> + Options -FollowSymLinks + AllowOverride None + <IfModule mod_php7.c> + php_admin_flag engine off + </IfModule> + <IfModule mod_php5.c> + php_admin_flag engine off + </IfModule> +</Directory> +<Directory /var/lib/mediawiki/upload> + Options -FollowSymLinks + AllowOverride None + <IfModule mod_php7.c> + php_admin_flag engine off + </IfModule> + <IfModule mod_php5.c> + php_admin_flag engine off + </IfModule> +</Directory> +</VirtualHost> +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/ansible/roles/mw-backend/handlers/main.yml b/ansible/roles/mw-backend/handlers/main.yml index 0298ff9..3588f2b 100644 --- a/ansible/roles/mw-backend/handlers/main.yml +++ b/ansible/roles/mw-backend/handlers/main.yml @@ -1,5 +1,9 @@ --- - name: update apt cache - become: yes apt: update_cache: yes + +- name: reload apache + service: + name: apache2 + state: reloaded diff --git a/ansible/roles/mw-backend/tasks/main.yml b/ansible/roles/mw-backend/tasks/main.yml index 799f0e5..a60f08d 100644 --- a/ansible/roles/mw-backend/tasks/main.yml +++ b/ansible/roles/mw-backend/tasks/main.yml @@ -1,21 +1,66 @@ --- - name: apt setup - tags: packages - become: yes + tags: + - mw-backend + - packages block: - copy: dest: /etc/apt/apt.conf.d/99force-ipv4 content: 'Acquire::ForceIPv4 "true";' notify: update apt cache + - name: configure debian repositories + notify: update apt cache + copy: + dest: /etc/apt/sources.list + content: | + deb http://httpredir.debian.org/debian/ stretch main contrib non-free + deb-src http://httpredir.debian.org/debian/ stretch main contrib non-free + + deb http://security.debian.org/debian-security stretch/updates main contrib non-free + deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free + + deb http://httpredir.debian.org/debian/ stretch-updates main contrib non-free + deb-src http://httpredir.debian.org/debian/ stretch-updates main contrib non-free - meta: flush_handlers -# - name: packages -# tags: packages -# become: yes -# apt: -# name: "{{ item }}" -# install_recommends: no -# with_items: -# - ping -# - apache2 + - name: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - git + - etckeeper + + - name: packages + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - iputils-ping + - vim-nox + - host + - less + +- name: Mediawiki + tags: + - mw-backend + - mediawiki + block: + - name: packages + notify: reload apache + apt: + name: "{{ item }}" + install_recommends: no + with_items: + - git + - php-pgsql + - php-intl + - php-gd + - php-apcu + - mediawiki + - name: apache config + notify: reload apache + copy: + src: etc/apache2/sites-enabled/000-default.conf + dest: /etc/apache2/sites-enabled/000-default.conf |