aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/mw-backend
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-02-25 07:15:53 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2018-02-25 07:15:53 +0100
commit37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a (patch)
tree9e5bd01097ccadf6de2ba59dc264df51cd335665 /ansible/roles/mw-backend
parent443efffc41984ac604ffa733dd936fecd83006dd (diff)
downloadinfra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.gz
infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.bz2
infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.tar.xz
infra-37d104f7d74fd7b5fd6b65caf6f4d0dcf0cd614a.zip
wip
Diffstat (limited to 'ansible/roles/mw-backend')
-rw-r--r--ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf56
-rw-r--r--ansible/roles/mw-backend/handlers/main.yml6
-rw-r--r--ansible/roles/mw-backend/tasks/main.yml67
3 files changed, 117 insertions, 12 deletions
diff --git a/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf b/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf
new file mode 100644
index 0000000..3823cf1
--- /dev/null
+++ b/ansible/roles/mw-backend/files/etc/apache2/sites-enabled/000-default.conf
@@ -0,0 +1,56 @@
+# Based on /etc/apache2/conf-available/mediawiki.conf
+
+<VirtualHost *:80>
+ ServerName mw.trygvis.io
+
+ ServerAdmin webmaster@trygvis.io
+ DocumentRoot /var/lib/mediawiki
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+<Directory /var/lib/mediawiki/>
+ Options +FollowSymLinks
+ AllowOverride All
+ <IfVersion >= 2.3>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.3>
+ order allow,deny
+ allow from all
+ </IfVersion>
+</Directory>
+
+# some directories must be protected
+<Directory /var/lib/mediawiki/config>
+ Options -FollowSymLinks
+ AllowOverride None
+ <IfModule mod_php7.c>
+ php_admin_flag engine off
+ </IfModule>
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
+</Directory>
+<Directory /var/lib/mediawiki/images>
+ Options -FollowSymLinks
+ AllowOverride None
+ <IfModule mod_php7.c>
+ php_admin_flag engine off
+ </IfModule>
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
+</Directory>
+<Directory /var/lib/mediawiki/upload>
+ Options -FollowSymLinks
+ AllowOverride None
+ <IfModule mod_php7.c>
+ php_admin_flag engine off
+ </IfModule>
+ <IfModule mod_php5.c>
+ php_admin_flag engine off
+ </IfModule>
+</Directory>
+</VirtualHost>
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/ansible/roles/mw-backend/handlers/main.yml b/ansible/roles/mw-backend/handlers/main.yml
index 0298ff9..3588f2b 100644
--- a/ansible/roles/mw-backend/handlers/main.yml
+++ b/ansible/roles/mw-backend/handlers/main.yml
@@ -1,5 +1,9 @@
---
- name: update apt cache
- become: yes
apt:
update_cache: yes
+
+- name: reload apache
+ service:
+ name: apache2
+ state: reloaded
diff --git a/ansible/roles/mw-backend/tasks/main.yml b/ansible/roles/mw-backend/tasks/main.yml
index 799f0e5..a60f08d 100644
--- a/ansible/roles/mw-backend/tasks/main.yml
+++ b/ansible/roles/mw-backend/tasks/main.yml
@@ -1,21 +1,66 @@
---
- name: apt setup
- tags: packages
- become: yes
+ tags:
+ - mw-backend
+ - packages
block:
- copy:
dest: /etc/apt/apt.conf.d/99force-ipv4
content: 'Acquire::ForceIPv4 "true";'
notify: update apt cache
+ - name: configure debian repositories
+ notify: update apt cache
+ copy:
+ dest: /etc/apt/sources.list
+ content: |
+ deb http://httpredir.debian.org/debian/ stretch main contrib non-free
+ deb-src http://httpredir.debian.org/debian/ stretch main contrib non-free
+
+ deb http://security.debian.org/debian-security stretch/updates main contrib non-free
+ deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free
+
+ deb http://httpredir.debian.org/debian/ stretch-updates main contrib non-free
+ deb-src http://httpredir.debian.org/debian/ stretch-updates main contrib non-free
- meta: flush_handlers
-# - name: packages
-# tags: packages
-# become: yes
-# apt:
-# name: "{{ item }}"
-# install_recommends: no
-# with_items:
-# - ping
-# - apache2
+ - name: packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - git
+ - etckeeper
+
+ - name: packages
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - iputils-ping
+ - vim-nox
+ - host
+ - less
+
+- name: Mediawiki
+ tags:
+ - mw-backend
+ - mediawiki
+ block:
+ - name: packages
+ notify: reload apache
+ apt:
+ name: "{{ item }}"
+ install_recommends: no
+ with_items:
+ - git
+ - php-pgsql
+ - php-intl
+ - php-gd
+ - php-apcu
+ - mediawiki
+ - name: apache config
+ notify: reload apache
+ copy:
+ src: etc/apache2/sites-enabled/000-default.conf
+ dest: /etc/apache2/sites-enabled/000-default.conf