This was an attempt to block too many requests from bots but it leads to an increase of cpu usage and blocking wiki administrators.
125 lines
4.8 KiB
YAML
125 lines
4.8 KiB
YAML
---
|
|
- name: run maintenance mode
|
|
include_role:
|
|
name: maintenance
|
|
vars:
|
|
service_name: "wiki"
|
|
service_domain: "{{ archwiki_domain }}"
|
|
service_alternate_domains: []
|
|
service_nginx_conf: "{{ archwiki_nginx_conf }}"
|
|
when: maintenance is defined
|
|
|
|
- name: create ssl cert
|
|
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ archwiki_domain }}' creates='/etc/letsencrypt/live/{{ archwiki_domain }}/fullchain.pem'
|
|
when: 'archwiki_domain is defined'
|
|
|
|
- name: install packages
|
|
pacman: name=git,php-intl state=present
|
|
|
|
- name: make archwiki user
|
|
user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
|
|
register: user_created
|
|
|
|
- name: fix home permissions
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}"
|
|
|
|
- name: set up nginx
|
|
template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
|
|
notify:
|
|
- reload nginx
|
|
when: maintenance is not defined
|
|
tags: ['nginx']
|
|
|
|
- name: configure robots.txt
|
|
copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
|
|
|
|
- name: make nginx log dir
|
|
file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755
|
|
|
|
- name: make debug log dir
|
|
file: path=/var/log/archwiki state=directory owner={{archwiki_user}} group=root mode=0700
|
|
|
|
- name: clone archwiki repo
|
|
git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
|
|
become: true
|
|
become_user: "{{ archwiki_user }}"
|
|
notify:
|
|
- run wiki updatescript
|
|
|
|
- name: fix home permissions
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}"
|
|
|
|
- name: fix cache permissions
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/cache"
|
|
|
|
- name: fix sessions permissions
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/sessions"
|
|
|
|
- name: fix uploads permissions
|
|
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" path="{{ archwiki_dir }}/uploads"
|
|
|
|
- name: configure archwiki
|
|
template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
|
|
register: config
|
|
no_log: true
|
|
|
|
- name: create archwiki db
|
|
mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
|
|
register: db_created
|
|
|
|
- name: create archwiki db user
|
|
mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
|
|
login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
|
|
priv="{{ archwiki_db }}.*:ALL"
|
|
no_log: true
|
|
|
|
- name: configure php-fpm
|
|
template:
|
|
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
|
|
owner=root group=root mode=0644
|
|
notify:
|
|
- restart php-fpm@{{ archwiki_user }}
|
|
|
|
- name: install archwiki memcached service
|
|
template: src="archwiki-memcached.service.j2" dest="/etc/systemd/system/archwiki-memcached.service" owner=root group=root mode=0644
|
|
|
|
- name: start and enable systemd socket
|
|
service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
|
|
|
|
- name: install systemd services/timers
|
|
template: src="{{item}}.j2" dest="/etc/systemd/system/{{item}}" owner=root group=root mode=0644
|
|
notify:
|
|
- daemon reload
|
|
loop:
|
|
- archwiki-runjobs.service
|
|
- archwiki-runjobs-wait.service
|
|
- archwiki-runjobs.timer
|
|
- archwiki-prune-cache.service
|
|
- archwiki-prune-cache.timer
|
|
- archwiki-question-updater.service
|
|
- archwiki-memcached.service
|
|
|
|
- name: start and enable archwiki runjobs timer
|
|
service: name="archwiki-runjobs.timer" enabled=yes state=started
|
|
|
|
- name: start and enable archwiki prune cache timer
|
|
service: name="archwiki-prune-cache.timer" enabled=yes state=started
|
|
|
|
- name: start and enable archwiki runjobs wait service
|
|
service: name="archwiki-runjobs-wait.service" enabled=yes state=started
|
|
|
|
- name: create question answer file
|
|
service: name=archwiki-question-updater.service state=started
|
|
|
|
- name: start and enable archwiki memcached
|
|
service: name=archwiki-memcached.service enabled=yes state=started
|
|
|
|
- name: ensure question answer file exists and set permissions
|
|
file: state=file path="{{archwiki_question_answer_file}}" owner=root group=root mode=0644
|
|
|
|
- name: create pacman.d hooks dir
|
|
file: state=directory owner=root group=root path=/etc/pacman.d/hooks
|
|
|
|
- name: install archwiki question updater hook
|
|
template: src=archwiki-question-updater.hook.j2 dest=/etc/pacman.d/hooks/archwiki-question-updater.hook owner=root group=root mode=0644
|