external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-13 03:32:12 +00:00
Code Issues Releases Wiki Activity

Merge pull request #496 from iiab/master

Browse source 
Sync from iiab/iiab:master
This commit is contained in:
A Holt 2021-05-22 10:51:23 -04:00 committed by GitHub
commit 2814adb7dc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 34 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/3-base-server/tasks/main.yml
View file

@ -8,9 +8,9 @@
name: mysql
#when: mysql_install
# 2020-05-21: Apache role 'httpd' is installed as nec by any of these 7 roles:
# 2021-05-21: Apache role 'httpd' is installed as nec by any of these 6 roles:
#
# cups, elgg, lokole, moodle, nodered, pbx, phpmyadmin
# cups, elgg, moodle, nodered, pbx, phpmyadmin
#
# These 14 roles conditionally touch /etc/apache2/sites-available/*.conf files:
#

32
roles/awstats/tasks/install.yml
View file

@ -1,31 +1,29 @@
# TO DO:
#
# - Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined'
# - 1 'when: nginx_install'
# - 8 core stanzas w/o such 'when:' clauses
# Prepare for a possible future w/o Apache by verifying/refining below...
# - 5 'when: apache_installed is defined' (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
# - 1 'when: nginx_install'
# - 8 core stanzas w/o such 'when:' clauses
- name: 'Install 3 packages: awstats, openssl, pwauth'
- name: 'Install package: awstats'
package:
name:
- awstats
- pwauth
- openssl
name: awstats
state: present
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
- name: 'Install package: pwauth (when: apache_installed is defined)'
package:
name:
- libapache2-mod-authnz-external
- apache2-utils
- pwauth # Auto-installs apache2-bin and libapache2-mod-authnz-external
#- apache2-utils # Unneeded? (In any case, already installed by Apache itself.)
#- openssl # Unneeded? (In any case, already installed by most every Linux distro.)
state: present
when: apache_installed is defined
- name: Run 'a2enmod cgi' to enable cgi execution via Apache
- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
command: a2enmod cgi
when: apache_installed is defined
- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
file:
state: directory
recurse: yes
@ -41,7 +39,7 @@
state: directory
recurse: yes
path: "{{ item }}"
owner: "{{ apache_user }}"
owner: "{{ apache_user }}" # USED FOR NGINX TOO: 'www-data' on debuntu
group: "{{ apache_user }}"
mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits
#force: yes
@ -49,13 +47,13 @@
- "{{ awstats_data_dir }}" # /library/awstats
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
template:
src: apache-awstats.conf
dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu
when: apache_installed is defined
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
template:
src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2

6
roles/mediawiki/tasks/install.yml
View file

@ -18,7 +18,7 @@
unarchive:
src: "{{ downloads_dir }}/{{ mediawiki_src }}"
dest: "{{ mediawiki_install_path }}" # /library
owner: "{{ apache_user }}"
owner: "{{ apache_user }}" # www-data on debuntu
group: "{{ apache_user }}"
mode: u+rw,g+r,o+r # '0755' forced executable bits on files
keep_newer: yes
@ -31,7 +31,7 @@
- name: Start MySQL systemd service ({{ mysql_service }}) so we can create db
systemd:
name: "{{ mysql_service }}"
name: "{{ mysql_service }}" # mariadb on debuntu
state: started
- name: Create MySQL database {{ mediawiki_db_name }}
@ -64,7 +64,7 @@
chdir: "{{ mediawiki_abs_path }}" # /library/mediawiki-1.XY.Z
creates: "{{ mediawiki_abs_path }}/LocalSettings.php"
- name: Configure wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
- name: Configure $wgArticlePath variable in {{ mediawiki_abs_path }}/LocalSettings.php
lineinfile:
path: "{{ mediawiki_abs_path }}/LocalSettings.php" # /library/mediawiki-1.XY.Z
line: '$wgArticlePath = "/wiki/$1";'

12
roles/nginx/README.md
View file

@ -10,7 +10,7 @@
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state of IIAB App/Service migrations as of 2021-05-15:
3. Current state of IIAB App/Service migrations as of 2021-05-21: *(SEE ALSO [#2762](https://github.com/iiab/iiab/issues/2762))*
1. These support "Native" NGINX but ***NOT*** Apache
* Admin Console
@ -34,16 +34,16 @@
* sugarizer
* wordpress
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of IIAB Apps/Services that auto-enable Apache.
3. These support Apache but ***NOT*** "Native" NGINX. They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090. See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.
* elgg
* moodle
* moodle [*, PLEASE HELP IF YOU CAN: [#2785](https://github.com/iiab/iiab/issues/2785)]
* nodered
4. These each run their own web server or non-web / backend services, e.g. off of their own [unique port(s)](https://github.com/iiab/iiab/wiki/IIAB-Networking#list-of-ports--services) (IIAB home pages link directly to these destinations). In future we'd like mnemonic URL's for all of these: (e.g. http://box/calibre, http://box/archive, http://box/kalite)
* bluetooth
* calibre (menu goes directly to port 8080)
* cups [(available on port 631) * shim not yet in place.]
* internetarchive (menu goes directly to port 4244, [PR #2120](https://github.com/iiab/iiab/pull/2120)) [*]
* cups (menu goes directly to port 631) [*, shim not yet in place, [PR #2775](https://github.com/iiab/iiab/pull/2775)]
* internetarchive (menu goes directly to port 4244) [*, [PR #2120](https://github.com/iiab/iiab/pull/2120)]
* kalite (menu goes directly to ports 8006-8008)
* minetest
* mosquitto
@ -55,4 +55,4 @@
* transmission
* vnstat
[*] The 4 above starred roles could use improvement, as of 2021-05-15.
[*] The 5 above starred roles could use improvement, as of 2021-05-21.

17
roles/nginx/tasks/install.yml
View file

@ -5,16 +5,15 @@
ignore_errors: yes
# 'when: apache_installed is defined' insuff b/c mysql's php installs apache2
- name: Install required and helper packages for NGINX
- name: 'Install 5 packages for NGINX: libnginx-mod-http-subs-filter, nginx-extras, php-fpm, uwsgi, uwsgi-plugin-python3'
package:
name: "{{ item }}"
name:
- libnginx-mod-http-subs-filter
- nginx-extras
- php-fpm
- uwsgi
- uwsgi-plugin-python3
state: present
with_items:
- nginx-extras
- uwsgi
- uwsgi-plugin-python3
- php-fpm
- libnginx-mod-http-subs-filter
# 2020-10-16: Removed per #2560
#- name: Add user '{{ apache_user }}' to shadow group, so it can authenticate Admin Console
@ -27,7 +26,7 @@
path: /etc/nginx/sites-enabled/default
state: absent
- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
- name: 'Install 3 (of 5) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/nginx/mime.types'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"