nginx/tasks/install.yml: Overwrite /etc/apache2/ports.conf + Deprecate unmaintained Elgg

roles/0-DEPRECATED-ROLES/elgg/README.rst

@@ -0,0 +1,57 @@
+===========
+Elgg README
+===========
+
+Elgg is an award-winning social networking engine, delivering the building blocks
+that enable businesses, schools, universities and associations to create their own
+fully-featured social networks and applications.
+
+https://elgg.org
+
+After Installation
+------------------
+
+Go to http://box/elgg or http://box.lan/elgg and log on as Admin with password changeme.
+
+Change the following:
+
+* Administrator password
+
+* Title to appear on Elgg screens and any other settings as desired.
+
+Locations
+---------
+
+- The uploaded files are expected to be in /library/elgg
+- The software is in /opt/elgg -> /opt/elgg-x.y.z (i.e. actual version number)
+- The URL is http://box/elgg
+
+Parameters
+----------
+
+Please review vars/main.yml as the installation parameters have
+some constraints.
+
+Users and Passwords
+-------------------
+
+There are a number of seemingly similar usernames and passwords in this installation:
+
+* dbuser - the MySQL user that Elgg uses to access the database
+           This is a local variable, the name of which corresponds to that in /opt/elgg/elgg-config/settings.php
+
+* dbpassword - password for dbuser
+               This is also a local variable, the name of which corresponds to that in /opt/elgg/elgg-config/settings.php
+
+* elgg_mysql_password - this is the global name for dbpassword in default_vars.yml
+
+* elgg_admin_user - the Elgg (not MySQL) user that is the administrator
+
+* elgg_admin_password - the password for elgg_admin_user
+
+More Tips & Tricks
+------------------
+
+If you're online, please see "Elgg Administration: What tips & tricks exist?" at: http://FAQ.IIAB.IO
+
+If you're offline, Internet-in-a-Box's FAQ (Frequently Asked Questions) is here: http://box/info

roles/0-DEPRECATED-ROLES/elgg/defaults/main.yml

@@ -0,0 +1,29 @@
+# elgg_install: False
+# elgg_enabled: False
+
+# # elgg_mysql_password: $6$iiab51$jeTwnATcbaa92xo0QBTgjLBU.5aVDDrbKeNyyC99R/TAWz6pvfzj.L7lfnOVVjD78nxqT.gkNn6XZmuRV0W3o1
+# elgg_mysql_password: elgg4kids
+
+# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
+# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
+
+elgg_xx: elgg
+elgg_version: 2.3.17
+
+# elgg_mysql_password: defined in default_vars
+elgg_url: /elgg
+elgg_upload_path: "{{ content_base }}/elgg"    # /library/elgg
+
+# Variables used by template to create /opt/elgg/elgg-config/settings.php
+dbuser: Admin
+dbpassword: changeme
+dbname: elggdb
+dbhost: localhost
+dbprefix: elgg_
+
+# The following variables must be in sync with templates/elggdb.sql.j2
+# If you change them, you will probably have to rebuild the database.
+# They can be changed from the administrative interface once Elgg is installed.
+
+elgg_admin_user: Admin
+elgg_admin_password: changeme

roles/0-DEPRECATED-ROLES/elgg/tasks/apache.yml.unused

@@ -0,0 +1,12 @@
+- name: Enable http://box{{ elgg_url }} via Apache    # http://box/elgg
+  command: a2ensite elgg.conf
+  when: elgg_enabled
+
+- name: Disable http://box{{ elgg_url }} via Apache    # http://box/elgg
+  command: a2dissite elgg.conf
+  when: not elgg_enabled
+
+- name: (Re)Start '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted

roles/0-DEPRECATED-ROLES/elgg/tasks/install.yml

@@ -0,0 +1,131 @@
+# - name: "Set 'apache_install: True' and 'apache_enabled: True'"
+#   set_fact:
+#     apache_install: True
+#     apache_enabled: True
+#
+# - name: APACHE - run 'httpd' role
+#   include_role:
+#     name: httpd
+
+
+# 2020-06-15: roles/httpd/tasks/install.yml now takes care of this.
+# # 2020-05-21: Required now that mysql/tasks/install.yml installs
+# # "php{{ php_version }}-common" rather than the full "php{{ php_version }}"
+# - name: "Install package: libapache2-mod-php{{ php_version }}"
+#   package:
+#     name: "libapache2-mod-php{{ php_version }}"
+
+# Assume (enforce?) MySQL is running
+#
+# - name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+#   set_fact:
+#     mysql_install: True
+#     mysql_enabled: True
+#
+# - name: MYSQL - run 'mysql' role (attempt to install & enable MySQL)
+#   include_role:
+#     name: mysql
+
+
+- name: Download {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip to {{ downloads_dir }}
+  #shell: wget {{ iiab_download_url }}/elgg-{{ elgg_version }}.zip -c -P {{ downloads_dir }}
+  #args:
+  #  creates: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip"
+  get_url:
+    url: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
+    dest: "{{ downloads_dir }}"    # /opt/iiab/downloads
+    timeout: "{{ download_timeout }}"
+  when: internet_available
+
+- name: Check for existence of /opt/elgg-{{ elgg_version }}/index.php
+  stat:
+    path: "/opt/elgg-{{ elgg_version }}/index.php"
+  register: elgg
+
+- name: Unpack (unarchive) .zip to /opt, if above index.php doesn't exist ({{ apache_user }}:{{ apache_user }})
+  #shell: "/usr/bin/unzip -o {{ downloads_dir }}/elgg-{{ elgg_version }}.zip -d /opt"
+  unarchive:
+    #remote_src: yes
+    #src: "{{ iiab_download_url }}/elgg-{{ elgg_version }}.zip"
+    src: "{{ downloads_dir }}/elgg-{{ elgg_version }}.zip"
+    dest: /opt
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+  when: elgg.stat.exists is defined and not elgg.stat.exists
+
+- name: Symlink /opt/elgg -> /opt/elgg-{{ elgg_version }}
+  file:
+    src: "./elgg-{{ elgg_version }}"
+    path: /opt/elgg
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    state: link
+    force: yes
+
+- name: 'Install /opt/elgg/elgg-config/settings.php from template (WARNING: overwrites manual settings!)'
+  template:
+    src: "settings.php.j2"
+    dest: "/opt/{{ elgg_xx }}/elgg-config/settings.php"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+
+# The name of this file changed from 1.9 to 1.10.
+- name: Copy default .htaccess into /opt/{{ elgg_xx }}, root of Elgg tree (0644)
+  copy:
+    src: "/opt/{{ elgg_xx }}/vendor/elgg/elgg/install/config/htaccess.dist"
+    dest: "/opt/{{ elgg_xx }}/.htaccess"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: 0644
+
+#regexp='^#RewriteBase'
+- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }}    # http://box/elgg
+  lineinfile:
+    backup: no
+    path: "/opt/{{ elgg_xx }}/.htaccess"
+    state: present
+    insertafter: '^#RewriteBase'
+    line: "RewriteBase {{ elgg_url }}/"
+
+- name: Set /opt/elgg/engine directory permissions to 0755 (owner {{ apache_user }}) so Apache can write there
+  file:
+    state: directory
+    path: /opt/elgg/engine/
+    owner: "{{ apache_user }}"
+    mode: 0755
+
+- name: Change /opt/elgg-{{ elgg_version }} ownership to {{ apache_user }}:{{ apache_user }} (likely not nec, as unarchive & all do this above)
+  file:
+    state: directory    # Overkill given recurse below?
+    path: "/opt/elgg-{{ elgg_version }}"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    recurse: yes
+
+- name: Create upload directory {{ elgg_upload_path }} that Apache (and Elgg) can write to
+  file:
+    path: "{{ elgg_upload_path }}"    # /library/elgg
+    state: directory
+    owner: "{{ apache_user }}"
+
+# - name: Install /etc/{{ apache_conf_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
+#   template:
+#     src: elgg.conf
+#     dest: "/etc/{{ apache_conf_dir }}/elgg.conf"
+
+
+- name: Set up Elgg's MySQL database
+  include_tasks: setup.yml
+
+
+# RECORD Elgg AS INSTALLED
+
+- name: "Set 'elgg_installed: True'"
+  set_fact:
+    elgg_installed: True
+
+- name: "Add 'elgg_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^elgg_installed'
+    line: 'elgg_installed: True'

roles/0-DEPRECATED-ROLES/elgg/tasks/main.yml

@@ -0,0 +1,52 @@
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
+
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "elgg_install is sameas true" (boolean not string etc)
+  assert:
+    that: elgg_install is sameas true
+    fail_msg: "PLEASE SET 'elgg_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "elgg_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: elgg_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'elgg_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install Elgg if 'elgg_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: elgg_installed is undefined
+
+
+# #- name: Enable/Disable/Restart Apache if primary
+# - name: SHIM FOR NOW SO ALWAYS DO THE...Enable/Disable/Restart Apache
+#   include_tasks: apache.yml
+#   #when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+
+
+- name: Add 'elgg' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: elgg
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: Elgg
+    - option: description
+      value: '"Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications."'
+    - option: elgg_install
+      value: "{{ elgg_install }}"
+    - option: elgg_enabled
+      value: "{{ elgg_enabled }}"
+    - option: path
+      value: /opt/elgg

roles/0-DEPRECATED-ROLES/elgg/tasks/nginx.yml

@@ -0,0 +1,16 @@
+- name: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_conf_dir }}/elgg-nginx.conf from template    # http://box/elgg
+  template:
+    src: elgg-nginx.conf.j2
+    dest: "{{ nginx_conf_dir }}/elgg-nginx.conf"    # /etc/nginx/conf.d
+  when: elgg_enabled
+
+- name: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_conf_dir }}/elgg-nginx.conf    # http://box/elgg
+  file:
+    path: "{{ nginx_conf_dir }}/elgg-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not elgg_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted

roles/0-DEPRECATED-ROLES/elgg/tasks/setup.yml

@@ -0,0 +1,36 @@
+- name: Create Elgg's MySQL database {{ dbname }}, to be populated below - can be run more than once
+  mysql_db:
+    name: "{{ dbname }}"
+  register: create_elgg_database
+
+- name: Create MySQL user {{ dbuser }} and password to access Elgg database - can be run more than once
+  mysql_user:
+    name: "{{ dbuser }}"
+    host: "{{ item }}"
+    password: "{{ dbpassword }}"
+    priv: "{{ dbname }}.*:ALL"
+  with_items:
+#    - 127.0.0.1
+#    - ::1
+    - localhost
+
+- name: Create /tmp/elggdb.sql from template, to load database
+  template:
+    src: elggdb.sql.j2
+    dest: /tmp/elggdb.sql
+
+# elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
+# tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
+# form, which worries me a lot. (/var/lib/mysql/elggdb)
+
+- name: Populate Elgg's MySQL database {{ dbname }}, from /tmp/elggdb.sql
+  mysql_db:
+    name: "{{ dbname }}"
+    state: import
+    target: /tmp/elggdb.sql
+  when: create_elgg_database.changed
+
+- name: Remove database dump /tmp/elggdb.sql
+  file:
+    name: /tmp/elggdb.sql
+    state: absent

roles/0-DEPRECATED-ROLES/elgg/templates/elgg-nginx.conf.j2

@@ -0,0 +1,3 @@
+location {{ elgg_url }}/ {
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ elgg_url }}/;
+}

roles/0-DEPRECATED-ROLES/elgg/templates/elgg.conf.unused

@@ -0,0 +1,7 @@
+RewriteEngine on
+
+Alias /elgg /opt/elgg
+<Directory /opt/elgg>
+	AllowOverride all
+	require all granted
+</Directory>

roles/0-DEPRECATED-ROLES/elgg/templates/settings.php.j2

@@ -0,0 +1,212 @@
+<?php
+date_default_timezone_set({{ local_tz }});
+/**
+ * Defines database credentials.
+ *
+ * Most of Elgg's configuration is stored in the database.  This file contains the
+ * credentials to connect to the database, as well as a few optional configuration
+ * values.
+ *
+ * The Elgg installation attempts to populate this file with the correct settings
+ * and then rename it to settings.php.
+ *
+ * @todo Turn this into something we handle more automatically.
+ * @package    Elgg.Core
+ * @subpackage Configuration
+ */
+
+global $CONFIG;
+if (!isset($CONFIG)) {
+	$CONFIG = new \stdClass;
+}
+
+/*
+ * Standard configuration
+ *
+ * You will use the same database connection for reads and writes.
+ * This is the easiest configuration, and will suit 99.99% of setups. However, if you're
+ * running a really popular site, you'll probably want to spread out your database connections
+ * and implement database replication.  That's beyond the scope of this configuration file
+ * to explain, but if you know you need it, skip past this section.
+ */
+
+/**
+ * The database username
+ *
+ * @global string $CONFIG->dbuser
+ */
+$CONFIG->dbuser = '{{ dbuser }}';
+
+/**
+ * The database password
+ *
+ * @global string $CONFIG->dbpass
+ */
+$CONFIG->dbpass = '{{ dbpassword }}';
+
+/**
+ * The database name
+ *
+ * @global string $CONFIG->dbname
+ */
+$CONFIG->dbname = '{{ dbname }}';
+
+/**
+ * The database host.
+ *
+ * For most installations, this is 'localhost'
+ *
+ * @global string $CONFIG->dbhost
+ */
+$CONFIG->dbhost = '{{ dbhost }}';
+
+/**
+ * The database prefix
+ *
+ * This prefix will be appended to all Elgg tables.  If you're sharing
+ * a database with other applications, use a database prefix to namespace tables
+ * in order to avoid table name collisions.
+ *
+ * @global string $CONFIG->dbprefix
+ */
+$CONFIG->dbprefix = '{{ dbprefix }}';
+
+/**
+ * Multiple database connections
+ *
+ * Elgg supports master/slave MySQL configurations. The master should be set as
+ * the 'write' connection and the slave(s) as the 'read' connection(s).
+ *
+ * To use, uncomment the below configuration and update for your site.
+ */
+//$CONFIG->db['split'] = true;
+
+//$CONFIG->db['write']['dbuser'] = "";
+//$CONFIG->db['write']['dbpass'] = "";
+//$CONFIG->db['write']['dbname'] = "";
+//$CONFIG->db['write']['dbhost'] = "";
+
+//$CONFIG->db['read'][0]['dbuser'] = "";
+//$CONFIG->db['read'][0]['dbpass'] = "";
+//$CONFIG->db['read'][0]['dbname'] = "";
+//$CONFIG->db['read'][0]['dbhost'] = "";
+//$CONFIG->db['read'][1]['dbuser'] = "";
+//$CONFIG->db['read'][1]['dbpass'] = "";
+//$CONFIG->db['read'][1]['dbname'] = "";
+//$CONFIG->db['read'][1]['dbhost'] = "";
+
+/**
+ * Memcache setup (optional)
+ * This is where you may optionally set up memcache.
+ *
+ * Requirements:
+ * 	1) One or more memcache servers (http://www.danga.com/memcached/)
+ *  2) PHP memcache wrapper (http://php.net/manual/en/memcache.setup.php)
+ *
+ * Note: Multiple server support is only available on server 1.2.1
+ * or higher with PECL library > 2.0.0
+ */
+//$CONFIG->memcache = true;
+//
+//$CONFIG->memcache_servers = array (
+//	array('server1', 11211),
+//	array('server2', 11211)
+//);
+
+
+/**
+ * Better caching performance
+ *
+ * Configuring the location of your data directory and enabling simplecache in
+ * the settings.php file improves caching performance. It allows Elgg to skip
+ * connecting to the database when serving cached JavaScript and CSS files. If
+ * you uncomment and configure these settings, you will not be able to change
+ * them from the Elgg advanced settings page.
+ */
+//$CONFIG->dataroot = "";
+//$CONFIG->simplecache_enabled = true;
+
+
+/**
+ * Cookie configuration
+ *
+ * Elgg uses 2 cookies: a PHP session cookie and an extended login cookie
+ * (also called the remember me cookie). See the PHP manual for documentation on
+ * each of these parameters. Possible options:
+ *
+ *  - Set the session name to share the session across applications.
+ *  - Set the path because Elgg is not installed in the root of the web directory.
+ *  - Set the secure option to true if you only serve the site over HTTPS.
+ *  - Set the expire option on the remember me cookie to change its lifetime
+ *
+ * To use, uncomment the appropriate sections below and update for your site.
+ *
+ * @global array $CONFIG->cookies
+ */
+// get the default parameters from php.ini
+//$CONFIG->cookies['session'] = session_get_cookie_params();
+//$CONFIG->cookies['session']['name'] = "Elgg";
+// optionally overwrite the defaults from php.ini below
+//$CONFIG->cookies['session']['path'] = "/";
+//$CONFIG->cookies['session']['domain'] = "";
+//$CONFIG->cookies['session']['secure'] = false;
+//$CONFIG->cookies['session']['httponly'] = false;
+
+// extended session cookie
+//$CONFIG->cookies['remember_me'] = session_get_cookie_params();
+//$CONFIG->cookies['remember_me']['name'] = "elggperm";
+//$CONFIG->cookies['remember_me']['expire'] = strtotime("+30 days");
+// optionally overwrite the defaults from php.ini below
+//$CONFIG->cookies['remember_me']['path'] = "/";
+//$CONFIG->cookies['remember_me']['domain'] = "";
+//$CONFIG->cookies['remember_me']['secure'] = false;
+//$CONFIG->cookies['remember_me']['httponly'] = false;
+
+
+/**
+ * Use non-standard headers for broken MTAs.
+ *
+ * The default header EOL for headers is \r\n.  This causes problems
+ * on some broken MTAs.  Setting this to true will cause Elgg to use
+ * \n, which will fix some problems sending email on broken MTAs.
+ *
+ * @global bool $CONFIG->broken_mta
+ */
+$CONFIG->broken_mta = false;
+
+/**
+ * Disable the database query cache
+ *
+ * Elgg stores each query and its results in a query cache.
+ * On large sites or long-running scripts, this cache can grow to be
+ * large.  To disable query caching, set this to true.
+ *
+ * @global bool $CONFIG->db_disable_query_cache
+ */
+$CONFIG->db_disable_query_cache = false;
+
+/**
+ * Minimum password length
+ *
+ * This value is used when validating a user's password during registration.
+ *
+ * @global int $CONFIG->min_password_length
+ */
+$CONFIG->min_password_length = 6;
+
+/**
+ * This is an optional script used to override Elgg's default handling of
+ * uncaught exceptions.
+ *
+ * This should be an absolute file path to a php script that will be called
+ * any time an uncaught exception is thrown.
+ *
+ * The script will have access to the following variables as part of the scope
+ * global $CONFIG
+ * $exception - the unhandled exception
+ *
+ * @warning - the database may not be available
+ *
+ * @global string $CONFIG->exception_include
+ */
+$CONFIG->exception_include = '';