2017-10-23 21:03:55 +02:00
|
|
|
---
|
2019-09-25 04:03:49 +02:00
|
|
|
- name: run maintenance mode
|
|
|
|
include_role:
|
|
|
|
name: maintenance
|
|
|
|
vars:
|
|
|
|
service_name: "wiki"
|
|
|
|
service_domain: "{{ archwiki_domain }}"
|
|
|
|
service_alternate_domains: []
|
|
|
|
service_nginx_conf: "{{ archwiki_nginx_conf }}"
|
|
|
|
when: maintenance is defined
|
2017-10-23 21:03:55 +02:00
|
|
|
|
2018-03-02 23:46:04 +01:00
|
|
|
- name: create ssl cert
|
|
|
|
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ archwiki_domain }}' creates='/etc/letsencrypt/live/{{ archwiki_domain }}/fullchain.pem'
|
|
|
|
when: 'archwiki_domain is defined'
|
|
|
|
|
2017-10-23 21:03:55 +02:00
|
|
|
- name: install packages
|
2019-09-24 12:39:24 +02:00
|
|
|
pacman: name=git,php-intl state=present
|
2017-10-23 21:03:55 +02:00
|
|
|
|
|
|
|
- name: make archwiki user
|
|
|
|
user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
|
|
|
|
register: user_created
|
|
|
|
|
|
|
|
- name: fix home permissions
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
|
2017-10-23 21:03:55 +02:00
|
|
|
|
|
|
|
- name: set up nginx
|
2019-09-25 04:03:49 +02:00
|
|
|
template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
|
2017-10-23 21:03:55 +02:00
|
|
|
notify:
|
|
|
|
- reload nginx
|
2019-09-25 04:03:49 +02:00
|
|
|
when: maintenance is not defined
|
2018-03-02 12:44:43 +01:00
|
|
|
tags: ['nginx']
|
2017-10-23 21:03:55 +02:00
|
|
|
|
2019-09-12 22:33:49 +02:00
|
|
|
- name: configure robots.txt
|
|
|
|
copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
|
|
|
|
|
2017-10-23 21:03:55 +02:00
|
|
|
- name: make nginx log dir
|
|
|
|
file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755
|
|
|
|
|
2018-08-05 12:31:19 +02:00
|
|
|
- name: make debug log dir
|
2020-06-13 01:49:50 +02:00
|
|
|
file: path=/var/log/archwiki state=directory owner={{ archwiki_user }} group=root mode=0700
|
2018-08-05 12:31:19 +02:00
|
|
|
|
2017-10-23 21:03:55 +02:00
|
|
|
- name: clone archwiki repo
|
2018-03-03 00:11:37 +01:00
|
|
|
git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
|
2017-10-23 21:03:55 +02:00
|
|
|
become: true
|
|
|
|
become_user: "{{ archwiki_user }}"
|
2018-03-07 12:02:02 +01:00
|
|
|
notify:
|
|
|
|
- run wiki updatescript
|
2017-10-23 21:03:55 +02:00
|
|
|
|
|
|
|
- name: fix home permissions
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
|
2017-10-23 21:03:55 +02:00
|
|
|
|
2018-03-02 22:09:57 +01:00
|
|
|
- name: fix cache permissions
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/cache"
|
2018-03-02 22:09:57 +01:00
|
|
|
|
|
|
|
- name: fix sessions permissions
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/sessions"
|
2018-03-02 22:09:57 +01:00
|
|
|
|
|
|
|
- name: fix uploads permissions
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
|
2018-03-02 22:09:57 +01:00
|
|
|
|
2017-11-16 12:27:51 +01:00
|
|
|
- name: configure archwiki
|
|
|
|
template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
|
|
|
|
register: config
|
|
|
|
no_log: true
|
|
|
|
|
2017-10-23 21:03:55 +02:00
|
|
|
- name: create archwiki db
|
2018-06-07 00:02:56 +02:00
|
|
|
mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
|
2017-10-23 21:03:55 +02:00
|
|
|
register: db_created
|
|
|
|
|
|
|
|
- name: create archwiki db user
|
2018-06-07 00:16:47 +02:00
|
|
|
mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
|
2018-06-07 00:02:56 +02:00
|
|
|
login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
|
2017-10-23 21:03:55 +02:00
|
|
|
priv="{{ archwiki_db }}.*:ALL"
|
|
|
|
no_log: true
|
|
|
|
|
|
|
|
- name: configure php-fpm
|
|
|
|
template:
|
|
|
|
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
|
|
|
|
owner=root group=root mode=0644
|
|
|
|
notify:
|
|
|
|
- restart php-fpm@{{ archwiki_user }}
|
|
|
|
|
2019-09-24 12:39:24 +02:00
|
|
|
- name: install archwiki memcached service
|
|
|
|
template: src="archwiki-memcached.service.j2" dest="/etc/systemd/system/archwiki-memcached.service" owner=root group=root mode=0644
|
2019-09-15 18:33:08 +02:00
|
|
|
|
2017-10-23 21:03:55 +02:00
|
|
|
- name: start and enable systemd socket
|
|
|
|
service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
|
2018-03-02 23:46:04 +01:00
|
|
|
|
2019-01-15 12:33:10 +01:00
|
|
|
- name: install systemd services/timers
|
2020-06-13 01:49:50 +02:00
|
|
|
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
|
2019-01-15 12:33:10 +01:00
|
|
|
loop:
|
|
|
|
- archwiki-runjobs.service
|
|
|
|
- archwiki-runjobs-wait.service
|
|
|
|
- archwiki-runjobs.timer
|
|
|
|
- archwiki-prune-cache.service
|
|
|
|
- archwiki-prune-cache.timer
|
2019-01-15 15:22:02 +01:00
|
|
|
- archwiki-question-updater.service
|
2019-09-24 12:39:24 +02:00
|
|
|
- archwiki-memcached.service
|
2018-03-02 23:46:04 +01:00
|
|
|
|
2020-06-12 22:08:11 +02:00
|
|
|
- name: start and enable archwiki timers and services
|
|
|
|
systemd:
|
|
|
|
name: "{{ item }}"
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
daemon_reload: yes
|
|
|
|
with_items:
|
|
|
|
- archwiki-runjobs.timer
|
|
|
|
- archwiki-prune-cache.timer
|
|
|
|
- archwiki-runjobs-wait.service
|
|
|
|
- archwiki-memcached.service
|
2019-01-15 15:22:02 +01:00
|
|
|
|
|
|
|
- name: create question answer file
|
2020-06-12 22:08:11 +02:00
|
|
|
systemd:
|
|
|
|
name: archwiki-question-updater.service
|
|
|
|
state: started
|
|
|
|
daemon_reload: yes
|
2019-09-24 12:39:24 +02:00
|
|
|
|
2019-01-15 15:22:02 +01:00
|
|
|
- name: ensure question answer file exists and set permissions
|
2020-06-12 21:55:13 +02:00
|
|
|
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
|
2019-11-04 17:21:06 +01:00
|
|
|
|
|
|
|
- name: create pacman.d hooks dir
|
2020-08-18 20:25:24 +02:00
|
|
|
file: state=directory owner=root group=root mode=0755 path=/etc/pacman.d/hooks
|
2019-11-04 17:21:06 +01:00
|
|
|
|
|
|
|
- name: install archwiki question updater hook
|
|
|
|
template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
|