external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2127 from holta/softcode

Browse source 
Refine @jvonau's softcode - subset of #2102 (WIP)
This commit is contained in:
A Holt 2020-01-11 22:55:36 -05:00 committed by GitHub
commit c80e21ade6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 543 additions and 621 deletions
Download patch file Download diff file Expand all files Collapse all files

28
roles/2-common/tasks/main.yml
View file

@ -20,76 +20,70 @@
- include_tasks: xo.yml
when: xo_model != "none" or osbuilder is defined
# the following installs common packages for both debian and fedora
- include_tasks: packages.yml
- include_tasks: iptables.yml
- sysctl:
name: net.ipv4.ip_forward
value: 1
value: '1'
state: present
- sysctl:
name: net.ipv4.conf.default.rp_filter
value: 1
value: '1'
state: present
- sysctl:
name: net.ipv4.conf.default.accept_source_route
value: 0
value: '0'
state: present
- sysctl:
name: kernel.sysrq
value: 1
value: '1'
state: present
- sysctl:
name: kernel.core_uses_pid
value: 1
value: '1'
state: present
- sysctl:
name: net.ipv4.tcp_syncookies
value: 1
value: '1'
state: present
- sysctl:
name: kernel.shmmax
value: 268435456
value: '268435456'
state: present
# IPv6 disabled
- sysctl:
name: net.ipv6.conf.all.disable_ipv6
value: 1
value: '1'
state: present
- sysctl:
name: net.ipv6.conf.default.disable_ipv6
value: 1
value: '1'
state: present
- sysctl:
name: net.ipv6.conf.lo.disable_ipv6
value: 1
value: '1'
state: present
- name: Install custom /etc/profile.d/zzz_iiab.sh from template
- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
template:
dest: /etc/profile.d/zzz_iiab.sh
src: zzz_iiab.sh
owner: root
mode: 0644
backup: no
- include_tasks: net_mods.yml
when: not is_debuntu and not is_F18
- include_tasks: udev.yml
- include_tasks: iiab-startup.yml
- name: Recording STAGE 2 HAS COMPLETED ==========================

55
roles/awstats/tasks/enable.yml
View file

@ -1,45 +1,42 @@
- name: Create symlink awstats.conf from sites-enabled to sites-available (Apache)
file:
src: /etc/apache2/sites-available/awstats.conf
path: /etc/apache2/sites-enabled/awstats.conf
state: link
when: awstats_enabled and not nginx_enabled
# Apache
- name: Remove symlink from sites-enabled, to disable AWStats (Apache)
file:
path: /etc/apache2/sites-enabled/awstats.conf
state: absent
when: not awstats_enabled or nginx_enabled
- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2ensite awstats.conf
when: apache_install and awstats_enabled
- name: Install nginx's files from template
- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
command: a2dissite awstats.conf
when: apache_install and not awstats_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_config_dir }}/awstats-nginx.conf from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
with_items:
- { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" }
- { src: "cgi-bin.php", dest: "/etc/nginx/" }
when: awstats_enabled and nginx_enabled
- { src: "awstats-nginx.conf", dest: "{{ nginx_config_dir }}/" }
- { src: "cgi-bin.php", dest: "/etc/nginx/" }
when: nginx_install and awstats_enabled
- name: Remove /etc/nginx/conf.d/awstats-nginx.conf
- name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_config_dir }}/awstats-nginx.conf
file:
path: /etc/nginx/conf.d/awstats-nginx.conf
path: "{{ nginx_config_dir }}/awstats-nginx.conf"
state: absent
when: not awstats_enabled
when: nginx_install and not awstats_enabled
- name: Restart Apache service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
state: restarted
when: awstats_enabled and not nginx_enabled
- name: Restart nginx service
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: awstats_enabled and nginx_enabled
when: nginx_enabled | bool
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
ini_file:

58
roles/awstats/tasks/install.yml
View file

@ -5,57 +5,42 @@
- pwauth
- openssl
state: present
tags:
- download
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external (debuntu)'
- name: 'Install 2 packages: apache2-utils, libapache2-mod-authnz-external'
package:
name:
- libapache2-mod-authnz-external
- apache2-utils
state: present
when: is_debuntu | bool
tags:
- download
- name: Enable cgi execution (debuntu)
- name: Enable cgi execution via Apache
command: a2enmod cgi
when: is_debuntu | bool
- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically
file:
path: "{{ item }}"
mode: 0750
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0750'
state: directory
recurse: yes
force: yes
with_items:
- "{{ awstats_data_dir }}"
- "{{ apache_log_dir }}"
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- /usr/lib/cgi-bin/awstats # create backward compatible path for awstats
- name: Install Apache's awstats.conf from template (debuntu)
- name: Install /etc/{{ apache_config_dir }}/awstats.conf from template
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
with_items:
# - { src: "awstats-nginx.conf", dest: "/etc/nginx/conf.d/" }
# - { src: "cgi-bin.php", dest: "/etc/nginx/" }
- { src: "apache-awstats.conf", dest: "/etc/{{ apache_config_dir }}/awstats.conf" }
when: awstats_enabled and is_debuntu
src: apache-awstats.conf
dest: "/etc/{{ apache_config_dir }}/awstats.conf"
- name: Ensure logrotate doesn't make logs unreadable (debuntu)
- name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
template:
src: logrotate.d.apache2
dest: /etc/logrotate.d/apache2
when: is_debuntu | bool
- name: Check if package installed /etc/awstats/awstats.conf
- name: Does /etc/awstats/awstats.conf exist?
stat:
path: /etc/awstats/awstats.conf
register: awstats
@ -64,37 +49,34 @@
command: mv /etc/awstats/awstats.conf /etc/awstats/awstats.conf.dist
when: awstats.stat.islnk is defined and not awstats.stat.islnk
- name: Create symlink for awstats.pl from cgi-bin/awstats/awstats.pl to ../ so that the old apache links to awstats will work after change to nginx
- name: Symlink /usr/lib/cgi-bin/awstats/awstats.pl -> /usr/lib/cgi-bin/awstats.pl so old Apache links to awstats will work after change to NGINX
file:
src: /usr/lib/cgi-bin/awstats.pl
path: /usr/lib/cgi-bin/awstats/awstats.pl
state: link
- name: Install /etc/awstats/awstats.schoolserver.conf
- name: Install /etc/awstats/awstats.schoolserver.conf from template
template:
src: awstats.schoolserver.conf.j2
dest: /etc/awstats/awstats.schoolserver.conf
owner: root
group: root
mode: 0644
when: awstats_enabled | bool
# when: awstats_enabled | bool
- name: Create a symlink /etc/awstats/awstats.conf for access by IP address
- name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address
file:
src: /etc/awstats/awstats.schoolserver.conf
path: /etc/awstats/awstats.conf
state: link
when: awstats_enabled | bool
# when: awstats_enabled | bool
- name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and not is_debuntu
# - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
# shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
# when: awstats_enabled and not is_debuntu
- name: On first enabling of AWStats, summarize httpd logs up to now (debuntu)
- name: On first enabling of AWStats, summarize httpd logs up to now
shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
when: awstats_enabled and is_debuntu
# when: awstats_enabled | bool
- name: Add 'awstats_installed' variable values to {{ iiab_state_file }}
- name: "Add 'awstats_installed: True' to {{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^awstats_installed'

0
roles/awstats/templates/cron.d.awstats → roles/awstats/templates/cron.d.awstats.deprecated
View file

77
roles/calibre-web/tasks/enable.yml
View file

@ -6,54 +6,55 @@
state: restarted
when: calibreweb_enabled | bool
# Default: http://box/books
# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache
command: a2ensite calibre-web.conf
when: calibreweb_enabled | bool
#- name: Restart Apache after enabling calibre-web httpd2 site
# command: apachectl -k graceful
# when: calibreweb_enabled | bool
- name: Disable 'calibre-web' systemd service
- name: Disable & Stop 'calibre-web' systemd service
systemd:
name: calibre-web
daemon_reload: yes
enabled: no
state: stopped
when: not calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} with Apache
# SEE ALSO: https://github.com/janeczku/calibre-web/wiki/Setup-Reverse-Proxy
# Apache
# i.e. http://box/books, http://box/libros, http://box/livres
- name: Enable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2ensite calibre-web.conf
when: apache_install and calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache
command: a2dissite calibre-web.conf
when: not calibreweb_enabled or nginx_enabled | bool
#- name: Restart Apache after disabling calibre-web httpd2 site
# command: apachectl -k graceful
# when: not calibreweb_enabled
- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' }
when: calibreweb_enabled | bool and nginx_enabled | bool
- name: Restart nginx systemd service
systemd:
name: nginx
state: restarted
when: calibreweb_enabled | bool and nginx_enabled | bool
when: apache_install and not calibreweb_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: not nginx_enabled | bool
when: apache_enabled | bool
# NGINX
# TO DO: restore http://box/libros & http://box/livres, along English (http://box/books)
- name: Enable http://box{{ calibreweb_url1 }} via NGINX, by installing {{ nginx_config_dir }}/calibre-web-nginx.conf from template
template:
src: calibre-web-nginx.conf.j2
dest: "{{ nginx_config_dir }}/calibre-web-nginx.conf"
when: nginx_install and calibreweb_enabled
- name: Disable http://box{{ calibreweb_url1 }} via NGINX, by removing {{ nginx_config_dir }}/calibre-web-nginx.conf
file:
path: "{{ nginx_config_dir }}/calibre-web-nginx.conf"
state: absent
when: nginx_install and not calibreweb_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'calibre-web' variable values to {{ iiab_ini_file }}
ini_file:
@ -82,5 +83,3 @@
value: "{{ calibreweb_database }}"
- option: calibreweb_enabled
value: "{{ calibreweb_enabled }}"
# - option: calibreweb_provision
# value: "{{ calibreweb_provision }}"

4
roles/calibre-web/templates/calibre-web-nginx.conf.j2
View file

@ -1,7 +1,7 @@
location /books/ {
location {{ calibreweb_url1 }}/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Script-Name /books;
proxy_set_header X-Script-Name {{ calibreweb_url1 }};
proxy_pass http://127.0.0.1:8083;
}

64
roles/gitea/tasks/enable.yml
View file

@ -1,64 +1,58 @@
- name: Enable 'gitea' service
- name: Enable & Restart 'gitea' systemd service
systemd:
daemon_reload: yes
name: gitea
daemon_reload: yes
enabled: yes
state: restarted
when: gitea_enabled | bool
- name: Disable 'gitea' service
- name: Disable & Restart 'gitea' systemd service
systemd:
daemon_reload: yes
name: gitea
enabled: no
state: stopped
when: not gitea_enabled
# Configure HTTPD
# Apache
- name: Copy gitea httpd conf file
template:
src: gitea.conf.j2
dest: "/etc/{{ apache_config_dir }}/gitea.conf"
- name: Enable http://box{{ gitea_url }} via Apache # i.e. http://box/gitea
command: a2ensite gitea.conf
when: apache_install and gitea_enabled
- name: Enable httpd conf file (apache)
file:
src: /etc/{{ apache_config_dir }}/gitea.conf
dest: /etc/apache2/sites-enabled/gitea.conf
state: link
when: gitea_enabled and is_debuntu
- name: Disable http://box{{ gitea_url }} via Apache
command: a2dissite gitea.conf
when: apache_install and not gitea_enabled
- name: Remove apache httpd conf file (OS's other than debuntu)
file:
path: /etc/apache2/sites-enabled/gitea.conf
state: absent
when: not gitea_enabled or nginx_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
- name: Remove nginx httpd conf file
file:
path: /etc/nginx/conf.d/gitea-nginx.conf
state: absent
when: not gitea_enabled
# NGINX
- name: Enable nginx httpd conf file
- name: Enable http://box{{ gitea_url }} via NGINX, by installing {{ nginx_config_dir }}/gitea-nginx.conf from template
template:
src: gitea-nginx.conf.j2
dest: /etc/nginx/conf.d/gitea-nginx.conf
when: gitea_enabled and nginx_enabled
dest: "{{ nginx_config_dir }}/gitea-nginx.conf"
when: nginx_install and gitea_enabled
- name: >-
Restart Apache ({{ apache_service }}) to {% if gitea_enabled %}enable{%
else %}disable{% endif %} http://box/gitea
- name: Disable http://box{{ gitea_url }} via NGINX, by removing {{ nginx_config_dir }}/gitea-nginx.conf
file:
path: "{{ nginx_config_dir }}/gitea-nginx.conf"
state: absent
when: nginx_install and not gitea_enabled
- name: Restart 'nginx' systemd service
systemd:
name: "{{ apache_service }}"
daemon_reload: yes
name: nginx
state: restarted
when: nginx_enabled | bool
# Add Gitea to registry
- name: Add 'gitea' to list of services at {{ iiab_ini_file }}
ini_file:
dest: "{{ iiab_ini_file }}"
path: "{{ iiab_ini_file }}"
section: gitea
option: "{{ item.option }}"
value: "{{ item.value | string }}"

17
roles/gitea/tasks/install.yml
View file

@ -113,19 +113,18 @@
owner: root
group: gitea
mode: 0664
tags:
- config
# Create systemd service
# Create systemd service & prepare Apache for http://box/gitea
- name: Create 'gitea' service
- name: "Install from templates: /etc/systemd/system/gitea.service, /etc/apache2/sites-available/gitea.conf"
template:
src: gitea.service.j2
dest: "/etc/systemd/system/gitea.service"
tags:
- systemd
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'gitea.service.j2', dest: '/etc/systemd/system/gitea.service' }
- { src: 'gitea.conf.j2', dest: "/etc/{{ apache_config_dir }}/gitea.conf" }
- name: Add 'gitea_installed' variable values to {{ iiab_state_file }}
- name: "Add 'gitea_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^gitea_installed'

8
roles/kiwix/defaults/main.yml
View file

@ -30,9 +30,11 @@ kiwix_path: "{{ iiab_base }}/kiwix" # /opt/iiab/kiwix
# /library/zims contains 3 important things:
# - library.xml
# - content directory for all *.zim's
# - index directory for legacy *.zim.idx's
# - content = directory for all *.zim's
# - index = directory for legacy *.zim.idx's
kiwix_library_xml: "{{ iiab_zim_path }}/library.xml"
# MOVE FILE /opt/iiab/kiwix/bin/kiwix-serve TO FORCE A REINSTALL OF kiwix-tools
# INSTRUCTIONS TO REINSTALL kiwix (1) VERIFY ITS VARS IN /etc/iiab/local_vars.yml (2) THEN RUN EITHER BELOW...
# - NEW WAY: cd /opt/iiab/iiab; ./runrole --reinstall kiwix
# - OLD WAY: rm /opt/iiab/kiwix/bin/kiwix-serve; cd /opt/iiab/iiab; ./runrole kiwix
kiwix_force_install: False

41
roles/kiwix/tasks/kiwix_install.yml → roles/kiwix/tasks/install.yml
View file

@ -1,4 +1,5 @@
# 1. CREATE/VERIFY CRITICAL DIRECTORIES & FILES ARE IN PLACE
- name: Download Kiwix software to /opt/iiab/downloads
get_url:
url: "{{ iiab_download_url }}/{{ kiwix_src_file }}"
@ -14,9 +15,6 @@
- name: Create directory {{ iiab_zim_path }} and subdirs {content, index} for Kiwix ZIM files
file:
path: "{{ item }}"
owner: root
group: root
mode: 0755
state: directory
with_items:
- "{{ iiab_zim_path }}"
@ -28,47 +26,33 @@
path: "{{ kiwix_library_xml }}"
register: kiwix_xml
- name: Install a stub /library/zims/library.xml if one doesn't exist
- name: Install stub /library/zims/library.xml from template, if one doesn't exist
template:
src: library.xml
dest: "{{ kiwix_library_xml }}"
mode: 0644
owner: root
group: root
force: no
when: not kiwix_xml.stat.exists
- name: Install {{ iiab_zim_path }}/content/test.zim if kiwix_force_install
- name: Install {{ iiab_zim_path }}/content/test.zim
copy:
src: test.zim
dest: "{{ iiab_zim_path }}/content/test.zim"
mode: 0644
owner: root
group: root
force: no
when: kiwix_force_install | bool
- name: Create {{ kiwix_path }}/bin directory # /opt/iiab/kiwix/bin
file:
path: "{{ kiwix_path }}/bin"
owner: root
group: root
mode: 0755
state: directory
# 2. INSTALL KIWIX-TOOLS EXECUTABLES IF kiwix_force_install
# 2. INSTALL KIWIX-TOOLS EXECUTABLES
- name: Unarchive {{ kiwix_src_file }} to /tmp # e.g. kiwix-tools_linux-armhf-0.6.1-1.tar.gz
unarchive:
src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
dest: /tmp
owner: root
group: root
when: kiwix_force_install | bool
- name: Move /tmp/{{ kiwix_src_dir }}/* to permanent location /opt/iiab/kiwix/bin (armhf & linux64 & i686)
shell: "mv /tmp/{{ kiwix_src_dir }}/* {{ kiwix_path }}/bin/"
when: kiwix_force_install | bool
# 3. ENABLE MODS FOR APACHE PROXY IF DEBUNTU
@ -84,23 +68,22 @@
# - rewrite
# when: is_debuntu | bool
# 4. CREATE/ENABLE/RESTART (OR DISABLE) KIWIX SERVICE & ITS CRON JOB
# 4. INSTALL iiab-make-kiwix-lib*, kiwix-serve.service, kiwix.conf for Apache
- name: 'Install from templates: kiwix-serve.service, iiab-make-kiwix-lib, iiab-make-kiwix-lib.py, kiwix.conf'
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644'}
- { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755'}
- { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'}
- { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644'}
- { src: 'kiwix-serve.service.j2', dest: '/etc/systemd/system/kiwix-serve.service', mode: '0644' }
- { src: 'iiab-make-kiwix-lib', dest: '/usr/bin/iiab-make-kiwix-lib', mode: '0755' }
- { src: 'iiab-make-kiwix-lib3.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755' }
- { src: 'kiwix.conf.j2', dest: '/etc/{{ apache_config_dir }}/kiwix.conf', mode: '0644' }
- name: Add 'kiwix_installed' variable values to {{ iiab_state_file }}
# 5. RECORD KIWIX AS INSTALLED IN /etc/iiab/iiab_state.yml
- name: "Add 'kiwix_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^kiwix_installed'

75
roles/kiwix/tasks/kiwix_enable.yml
View file

@ -1,43 +1,19 @@
- name: Create softlink kiwix.conf from sites-enabled to sites-available - for Kiwix Proxy in Apache - is disabled by turning off service kiwix-serve (debuntu)
file:
src: /etc/apache2/sites-available/kiwix.conf
path: /etc/apache2/sites-enabled/kiwix.conf
state: link
when: kiwix_enabled | bool and not nginx_enabled | bool
- name: Install nginx support
template:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf', mode: '0644' }
when: kiwix_enabled | bool and nginx_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
file:
path: /etc/apache2/sites-enabled/kiwix.conf
state: absent
when: not kiwix_enabled | bool or nginx_enabled | bool
- name: Enable & Restart 'kiwix-serve' service
- name: Enable & Restart 'kiwix-serve' systemd service
systemd:
daemon_reload: yes
name: kiwix-serve
daemon_reload: yes
enabled: yes
state: restarted
when: kiwix_enabled | bool
- name: Disable 'kiwix-serve' service
- name: Disable & Stop 'kiwix-serve' systemd service
systemd:
name: kiwix-serve
enabled: no
state: stopped
when: not kiwix_enabled
# IN THEORY: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
# TO DO: BOTH CRON ENTRIES BELOW *SHOULD* BE DELETED "when: not kiwix_enabled"
# In the past kiwix-serve did not stay running, so we'd been doing this hourly.
# @mgautierfr & others suggest kiwix-serve might be auto-restarted w/o cron in
@ -58,12 +34,43 @@
dest: /etc/crontab
when: kiwix_enabled and is_redhat
- name: Restart Apache, so it picks up kiwix.conf
service:
name: "{{ apache_service }}"
state: restarted
# Apache
- name: Enable http://box{{ kiwix_url_without_slash }} via Apache
command: a2ensite kiwix.conf
when: apache_install and kiwix_enabled
- name: Disable http://box{{ kiwix_url_without_slash }} via Apache
command: a2dissite kiwix.conf
when: apache_install and not kiwix_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon-reload: yes
state: restarted
when: apache_enabled | bool
# NGINX
- name: Enable http://box{{ kiwix_url_without_slash }} via NGINX, by installing {{ nginx_config_dir }}/kiwix-nginx.conf from template
template:
src: kiwix-nginx.conf
dest: "{{ nginx_config_dir }}/kiwix-nginx.conf"
when: nginx_install and kiwix_enabled
- name: Disable http://box{{ kiwix_url_without_slash }} via NGINX, by removing {{ nginx_config_dir }}/kiwix-nginx.conf
file:
path: "{{ nginx_config_dir }}/kiwix-nginx.conf"
state: absent
when: nginx_install and not kiwix_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
# 5. FINALIZE
- name: Add 'kiwix' variable values to {{ iiab_ini_file }}
ini_file:

12
roles/kiwix/tasks/main.yml
View file

@ -33,12 +33,8 @@
kiwix_force_install: True
when: not kiwix_bin.stat.exists or reinstall is defined
- include_tasks: kiwix_install.yml
when: (kiwix_install | bool and not kiwix_installed is defined) or kiwix_force_install | bool
tags:
- kiwix
- include_tasks: install.yml
when: (kiwix_install and not kiwix_installed is defined) or kiwix_force_install
- include_tasks: kiwix_enable.yml
when: kiwix_install | bool or kiwix_installed is defined
tags:
- kiwix
- include_tasks: enable.yml
when: kiwix_enabled # or kiwix_installed is defined

59
roles/kolibri/tasks/enable.yml
View file

@ -1,52 +1,55 @@
- name: Start 'kolibri' systemd service, if kolibri_enabled
- name: Enable & Start 'kolibri' systemd service
systemd:
name: kolibri
state: started
daemon_reload: yes
enabled: yes
state: started
when: kolibri_enabled | bool
- name: Enable http://box{{ kolibri_url }} with Apache (a2ensite) if kolibri_enabled # i.e. http://box/kolibri
command: a2ensite kolibri.conf
when: kolibri_enabled | bool and not nginx_enabled | bool
- name: Disable & Stop 'kolibri' systemd service if not kolibri_enabled
- name: Disable & Stop 'kolibri' systemd service
systemd:
name: kolibri
enabled: no
state: stopped
when: not kolibri_enabled
- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled
# Apache
- name: Enable http://box{{ kolibri_url }} via Apache # i.e. http://box/kolibri
command: a2ensite kolibri.conf
when: apache_install and kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via Apache
command: a2dissite kolibri.conf
when: not kolibri_enabled or nginx_enabled | bool
when: apache_install and not kolibri_enabled
- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when nginx_enabled
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' }
when: kolibri_enabled | bool and nginx_enabled | bool
- name: Disable http://box{{ kolibri_url }} with Apache (a2dissite) if not kolibri_enabled
command: a2dissite kolibri.conf
when: not kolibri_enabled or nginx_enabled | bool
- name: Restart Apache service ({{ apache_service }}) # e.g. apache2
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: not nginx_enabled | bool
when: apache_enabled | bool
- name: Restart nginx service
# NGINX
- name: Enable http://box{{ kolibri_url }} via NGINX, by installing {{ nginx_config_dir }}/kolibri-nginx.conf from template
template:
src: kolibri-nginx.conf.j2
dest: "{{ nginx_config_dir }}/kolibri-nginx.conf"
when: nginx_install and kolibri_enabled
- name: Disable http://box{{ kolibri_url }} via NGINX, by removing {{ nginx_config_dir }}/kolibri-nginx.conf
file:
path: "{{ nginx_config_dir }}/kolibri-nginx.conf"
state: absent
when: nginx_install and not kolibri_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'kolibri' variable values to {{ iiab_ini_file }} # /etc/iiab/iiab.ini
ini_file:
path: "{{ iiab_ini_file }}"

41
roles/mediawiki/tasks/enable.yml
View file

@ -1,39 +1,40 @@
- name: Create softlink mediawiki.conf from sites-enabled to sites-available, if mediawiki_enabled (debuntu)
file:
src: /etc/apache2/sites-available/mediawiki.conf
dest: /etc/apache2/sites-enabled/mediawiki.conf
state: link
when: mediawiki_enabled and is_debuntu
# Apache
- name: Remove mediawiki.conf if not mediawiki_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/mediawiki.conf
state: absent
when: not mediawiki_enabled and is_debuntu
- name: Enable http://box{{ mediawiki_url }} via Apache # i.e. http://box/mediawiki
command: a2ensite mediawiki.conf
when: apache_install and mediawiki_enabled
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ mediawiki_url }}
- name: Disable http://box{{ mediawiki_url }} via Apache
command: a2dissite mediawiki.conf
when: apache_install and not mediawiki_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
daemon_reload: yes
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
- name: Install {{ nginx_config_dir }}/mediawiki-nginx.conf from template, for http://box{{ mediawiki_url }}
# NGINX
- name: Enable http://box{{ mediawiki_url }} via NGINX, by installing {{ nginx_config_dir }}/mediawiki-nginx.conf from template
template:
src: mediawiki-nginx.conf.j2
dest: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
when: mediawiki_enabled
when: nginx_install and mediawiki_enabled
- name: Remove mediawiki-nginx.conf if not mediawiki_enabled (debuntu)
- name: Disable http://box{{ mediawiki_url }} via NGINX, by removing {{ nginx_config_dir }}/mediawiki-nginx.conf
file:
path: "{{ nginx_config_dir }}/mediawiki-nginx.conf"
state: absent
when: not mediawiki_enabled and is_debuntu
when: nginx_install and not mediawiki_enabled
- name: Restart nginx service to enable/disable http://box{{ mediawiki_url }}
- name: Restart 'nginx' systemd service
systemd:
name: nginx
daemon_reload: yes
state: restarted
when: nginx_enabled | bool
- name: Add 'mediawiki' variable values to {{ iiab_ini_file }}
ini_file:

50
roles/nginx/README.md
View file

@ -1,24 +1,28 @@
### Transition to NGINX
1. Initial testing strategy is to move nginx to port 80, and proxy everything to apache on port 8090-- creating a shim.
2. Without php available via fastcgi, any function at all for php based applications validates nginx.
3. Current state (10/16/19)
1. Principal functions migrated to nginx.
* Admin Console
* Awstats
* kalite -- goes directly to port 8009
* usb-lib
* maps
2. Dual support
* kiwix -- goes directly to port 3000
* calibre-web
* kolibri
* sugarizer
3. Still proxied to Apache
* mediawiki
* elgg
* nodered
* nextcloud
* wordpress
* moodle
4. Not dealt with yet
* archive.org
1. Initial testing strategy is to move nginx to port 80, and proxy everything to Apache on port 8090 -- creating a shim.
2. Without PHP available via FastCGI, any function at all for PHP-based applications validates NGINX.
3. Current state (2020-01-11)
1. Principal functions migrated to NGINX
* Admin Console
* kalite -- goes directly to port 8009
* mediawiki
* osm-vector-maps
* usb-lib
* wordpress
2. Dual support, see: https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/only_nginx.yml
* awstats ([#2124](https://github.com/iiab/iiab/issues/2124))
* calibre-web
* gitea
* kiwix -- goes directly to port 3000
* kolibri
* sugarizer
3. Still proxied to Apache, see: https://github.com/iiab/iiab/blob/master/roles/nginx/tasks/uses_apache.yml
* dokuwiki ([#2056](https://github.com/iiab/iiab/issues/2056))
* elgg
* lokole
* moodle
* nodered
* nextcloud ([PR #2119](https://github.com/iiab/iiab/pull/2119))
4. Not yet dealt with
* internetarchive ([#2120](https://github.com/iiab/iiab/pull/2120))

31
roles/nginx/tasks/install.yml
View file

@ -1,5 +1,7 @@
- name: Install nginx required and helper packages
package: name={{ item }} state=present
- name: Install NGINX required and helper packages
package:
name: "{{ item }}"
state: present
with_items:
- nginx-extras
- uwsgi
@ -12,24 +14,23 @@
name: "{{ apache_user }}"
groups: shadow
- name: Remove the nginx default config
- name: Remove NGINX default config /etc/nginx/sites-enabled/default
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Put config files in place (2 into /etc/nginx, 1 into /etc/{{ apache_service }})
- name: 'Install 4 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, /etc/systemd/system/uwsgi.service'
template:
src: '{{ item.src}}'
dest: '{{ item.dest }}'
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
- { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
- { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
- { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
- { src: 'roles/nginx/templates/server.conf', dest: '/etc/nginx/' }
- { src: 'roles/nginx/templates/nginx.conf', dest: '/etc/nginx/' }
- { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' }
- { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' }
- name: Let uwsgi running as {{ apache_user }} write log files
- name: Let uwsgi (running as {{ apache_user }}) write log files
file:
path: /var/log/uwsgi/app
state: directory
owner: "{{ apache_user }}"
path: /var/log/uwsgi/app
state: directory
owner: "{{ apache_user }}"

50
roles/nginx/tasks/main.yml
View file

@ -1,32 +1,32 @@
- name: Put the config file in place
- name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf"
template:
src: '{{ item.src}}'
dest: '{{ item.dest }}'
src: "{{ item.src}}"
dest: "{{ item.dest }}"
with_items:
- { src: "server.conf",dest: "/etc/nginx/" }
- { src: "nginx.conf",dest: "/etc/nginx/" }
- { src: "ports.conf" , dest: "/etc/{{ apache_service }}/" }
- { src: "iiab.conf.j2",dest: "/etc/nginx/conf.d/iiab.conf" }
when: nginx_enabled
- { src: "server.conf", dest: "/etc/nginx/" }
- { src: "nginx.conf", dest: "/etc/nginx/" }
- { src: "ports.conf", dest: "/etc/{{ apache_service }}/" }
- { src: "iiab.conf.j2", dest: "{{ nginx_config_dir }}/iiab.conf" }
when: nginx_enabled | bool
- name: Clean stale config files
- name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_config_dir }}
file:
state: absent
path: '{{ item.path }}'
path: "{{ item.path }}"
with_items:
- { path: "/etc/nginx/conf.d/usb-lib.conf" }
- { path: "/etc/nginx/conf.d/modules.conf" }
- { path: "{{ nginx_config_dir }}/usb-lib.conf" }
- { path: "{{ nginx_config_dir }}/modules.conf" }
- name: Insure that apache2 is not running -- we may need port swap
- name: Ensure that Apache (({{ apache_service }})) is not running -- we may need port swap
systemd:
name: apache2
name: "{{ apache_service }}"
state: stopped
# the below slides in nginx's proxypass config files for apache on localhost
# via the ports.conf file installed above
- name: Install proxpass to apache running on localhost port {{ apache_port }}
- name: Install proxpass to Apache running on localhost port {{ apache_port }}
include_tasks: uses_apache.yml
when: nginx_enabled
when: nginx_enabled | bool
# the below task contains the same logic contained in the playbooks to enable
# 'runrole nginx' to do the right thing but with the 'src' path set to role's
@ -34,9 +34,9 @@
- name: Install proxpass to other services 'dual mode' roles
include_tasks: only_nginx.yml
when: nginx_enabled
when: nginx_enabled | bool
- name: Stop and disable nginx when not nginx_enabled
- name: Stop and disable NGINX when not nginx_enabled
systemd:
name: nginx
state: stopped
@ -50,21 +50,21 @@
when: not nginx_enabled
# should have the logic to handle both modes in the playbook
- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is diabled
- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
include_tasks: disable.yml
when: not nginx_enabled
- name: Since we stopped apache2, start it again
- name: Enable & Restart Apache, since we stopped it ({{ apache_service }})
systemd:
name: apache2
name: "{{ apache_service }}"
daemon_reload: yes
state: restarted
enabled: true
daemon_reload: yes
when: apache_enabled
when: apache_enabled | bool
- name: Restart nginx to pick up the config files installed
- name: Enable & Restart NGINX, to pick up the config files installed
systemd:
name: nginx
state: restarted
enabled: true
when: nginx_enabled
when: nginx_enabled | bool

187
roles/nginx/tasks/only_nginx.yml
View file

@ -3,131 +3,122 @@
path: /etc/apache2/sites-enabled/awstats.conf
state: absent
- name: Install nginx support for awstats if awstats_enabled
copy:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'roles/awstats/templates/awstats-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' }
when: awstats_enabled
- name: Install /etc/nginx/conf.d/awstats-nginx.conf from template, if awstats_enabled
template:
src: roles/awstats/templates/awstats-nginx.conf
dest: /etc/nginx/conf.d/awstats-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: awstats_enabled | bool
- name: Remove nginx support for AWStats
- name: Remove NGINX support for AWStats, if not awstats_enabled
file:
path: /etc/nginx/conf.d/awstats-nginx.conf
state: absent
when: not awstats_enabled
- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
file:
path: /etc/apache2/sites-enabled/kiwix.conf
state: absent
- name: Install nginx support for kiwix if kiwix_enabled
copy:
backup: no
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'roles/kiwix/templates/kiwix-nginx.conf', dest: '/etc/nginx/conf.d/kiwix-nginx.conf' , mode: '0644' }
when: kiwix_enabled | bool
- name: Remove nginx support for kiwix
file:
path: /etc/nginx/conf.d/kiwix-nginx.conf
state: absent
when: not kiwix_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf
file:
path: /etc/apache2/sites-enabled/sugarizer.conf
state: absent
- name: "Install sugarizer-nginx.conf (nginx) if sugarizer_enabled"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'roles/sugarizer/templates/sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf', mode: '0644' }
when: sugarizer_enabled | bool
- name: Remove nginx support for sugarizer
file:
path: /etc/nginx/conf.d/sugarizer-nginx.conf
state: absent
when: not sugarizer_enabled | bool
- name: Remove /etc/apache2/sites-enabled/kolibri.conf
file:
path: /etc/apache2/sites-enabled/kolibri.conf
state: absent
- name: Supply /etc/nginx/conf.d/kolibri-nginx.conf when kolibri_enabled
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'roles/kolibri/templates/kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' }
when: kolibri_enabled | bool
- name: Remove nginx support for kolibri when not kolibri_enabled
file:
path: /etc/nginx/conf.d/kolibri-nginx.conf
state: absent
when: not kolibri_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/calibre-web.conf
file:
path: /etc/apache2/sites-enabled/calibre-web.conf
state: absent
- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf
- name: Install /etc/nginx/conf.d/calibre-web-nginx.conf from template, if calibreweb_enabled
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/calibre-web/templates/calibre-web-nginx.conf.j2', dest: '/etc/nginx/conf.d/calibre-web-nginx.conf', mode: '0644' }
when: calibreweb_enabled
src: roles/calibre-web/templates/calibre-web-nginx.conf.j2
dest: /etc/nginx/conf.d/calibre-web-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: calibreweb_enabled | bool
- name: Remove nginx support for Calibre-Web
- name: Remove NGINX support for Calibre-Web, if not calibreweb_enabled
file:
path: /etc/nginx/conf.d/calibre-web-nginx.conf
state: absent
when: not calibreweb_enabled
- name: Remove symlink /etc/apache2/sites-enabled/gitea.conf
file:
path: /etc/apache2/sites-enabled/gitea.conf
state: absent
- name: Install /etc/nginx/conf.d/gitea-nginx.conf
- name: Install /etc/nginx/conf.d/gitea-nginx.conf from template, if gitea_enabled
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { src: 'roles/gitea/templates/gitea-nginx.conf.j2', dest: '/etc/nginx/conf.d/gitea-nginx.conf', mode: '0644' }
when: gitea_enabled
src: roles/gitea/templates/gitea-nginx.conf.j2
dest: /etc/nginx/conf.d/gitea-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: gitea_enabled | bool
- name: Remove nginx support for Gitea
- name: Remove NGINX support for Gitea, if not gitea_enabled
file:
path: /etc/nginx/conf.d/gitea-nginx.conf
state: absent
when: not gitea_enabled
- name: Remove symlink /etc/apache2/sites-enabled/kiwix.conf
file:
path: /etc/apache2/sites-enabled/kiwix.conf
state: absent
- name: Install /etc/nginx/conf.d/kiwix-nginx.conf from template, if kiwix_enabled
template:
src: roles/kiwix/templates/kiwix-nginx.conf
dest: /etc/nginx/conf.d/kiwix-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: kiwix_enabled | bool
- name: Remove NGINX support for Kiwix, if not kiwix_enabled
file:
path: /etc/nginx/conf.d/kiwix-nginx.conf
state: absent
when: not kiwix_enabled
- name: Remove symlink /etc/apache2/sites-enabled/kolibri.conf
file:
path: /etc/apache2/sites-enabled/kolibri.conf
state: absent
- name: Install /etc/nginx/conf.d/kolibri-nginx.conf from template, if kolibri_enabled
template:
src: roles/kolibri/templates/kolibri-nginx.conf.j2
dest: /etc/nginx/conf.d/kolibri-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: kolibri_enabled | bool
- name: Remove NGINX support for Kolibri, if not kolibri_enabled
file:
path: /etc/nginx/conf.d/kolibri-nginx.conf
state: absent
when: not kolibri_enabled
- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf
file:
path: /etc/apache2/sites-enabled/sugarizer.conf
state: absent
- name: Install /etc/nginx/conf.d/sugarizer-nginx.conf from template, if sugarizer_enabled
template:
src: roles/sugarizer/templates/sugarizer-nginx.conf
dest: /etc/nginx/conf.d/sugarizer-nginx.conf
# owner: root
# group: root
# mode: '0644'
when: sugarizer_enabled | bool
- name: Remove NGINX support for Sugarizer, if not sugarizer_enabled
file:
path: /etc/nginx/conf.d/sugarizer-nginx.conf
state: absent
when: not sugarizer_enabled

60
roles/nginx/tasks/uses_apache.yml
View file

@ -1,29 +1,39 @@
- name: Install nginx's config file from template, if moodle_enabled
template:
src: moodle-nginx.conf.j2
dest: "/etc/nginx/conf.d/moodle-nginx.conf"
owner: root
group: root
mode: 0644
when: moodle_enabled
- name: Install /etc/nginx/conf.d/dokuwiki-nginx.conf from template
- name: Install /etc/nginx/conf.d/dokuwiki-nginx.conf from template, if dokuwiki_enabled
template:
src: dokuwiki-nginx.conf
dest: /etc/nginx/conf.d/dokuwiki-nginx.conf
when: dokuwiki_enabled
when: dokuwiki_enabled | bool
- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template
- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template, if elgg_enabled
template:
src: elgg-nginx.conf
dest: "/etc/nginx/conf.d/elgg-nginx.conf"
when: elgg_enabled
dest: /etc/nginx/conf.d/elgg-nginx.conf
when: elgg_enabled | bool
- name: Install /etc/nginx/lokole-nginx.conf from template
- name: Install /etc/nginx/conf.d/lokole-nginx.conf from template, if lokole_enabled
template:
src: lokole-nginx.conf.j2
dest: "/etc/nginx/conf.d/lokole-nginx.conf"
when: lokole_enabled
dest: /etc/nginx/conf.d/lokole-nginx.conf
when: lokole_enabled | bool
- name: Install /etc/nginx/conf.d/moodle-nginx.conf from template, if moodle_enabled
template:
src: moodle-nginx.conf.j2
dest: /etc/nginx/conf.d/moodle-nginx.conf
when: moodle_enabled | bool
- name: Install /etc/nginx/conf.d/nextcloud-nginx.conf from template, if nextcloud_enabled
template:
src: nextcloud-nginx.conf
dest: /etc/nginx/conf.d/nextcloud-nginx.conf
when: nextcloud_enabled | bool
- name: Install /etc/nginx/conf.d/nodered-nginx.conf from template, if nodered_enabled
template:
src: nodered-nginx.conf.j2
dest: /etc/nginx/conf.d/nodered-nginx.conf
# mode: '0666'
when: nodered_enabled | bool
# mediawiki and wordpress are no longer proxied
@ -39,20 +49,4 @@
# dest: /etc/nginx/conf.d/
# when: wordpress_enabled
- name: Install Nextcloud's nginx conf.d file from template
template:
src: nextcloud-nginx.conf
dest: /etc/nginx/conf.d/nextcloud-nginx.conf
when: nextcloud_enabled
- name: Install NodeRed's nginx conf.d file from template
template:
src: nodered-nginx.conf.j2
dest: /etc/nginx/conf.d/nodered-nginx.conf
owner: root
group: root
mode: 0666
when: nodered_enabled
#- name: Install proxpass to apache running on localhost

2
roles/nginx/templates/dokuwiki-nginx.conf
View file

@ -1,3 +1,3 @@
location {{ dokuwiki_url }} {
proxy_pass http://127.0.0.1:{{ apache_port }}/{{ dokuwiki_url }};
proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }};
}

2
roles/nginx/templates/server.conf
View file

@ -10,7 +10,7 @@ server {
index index.php index.html index.htm;
# let individual services drop location blocks in conf.d
include /etc/nginx/conf.d/*;
include {{ nginx_config_dir }}/*;
location ~ .*\.php$ {
proxy_set_header X-Real-IP $remote_addr;

38
roles/osm-vector-maps/tasks/main.yml
View file

@ -1,15 +1,15 @@
- name: Ensure directory {{ vector_map_path }}/maplist/assets exists
file:
path: '{{ vector_map_path }}/maplist/assets'
path: "{{ vector_map_path }}/maplist/assets"
state: directory
owner: '{{ apache_user }}'
group: '{{ apache_user }}'
owner: "{{ apache_user }}"
group: "{{ apache_user }}"
mode: '0755'
- name: Download map catalog {{ iiab_map_url }}/assets/regions.json to {{ vector_map_path }}/maplist/assets/
get_url:
url: "{{ iiab_map_url }}/assets/regions.json"
dest: '{{ vector_map_path }}/maplist/assets/'
dest: "{{ vector_map_path }}/maplist/assets/"
- name: Symlink catalog {{ doc_root }}/common/assets/regions.json -> {{ vector_map_path }}/maplist/assets/regions.json
file:
@ -20,19 +20,19 @@
- name: Download the JavaScript bundle with OpenLayers (main.js) for test page http://box/maps/maplist
get_url:
url: "{{ iiab_map_url }}/../main.js"
dest: '{{ vector_map_path }}/maplist/'
dest: "{{ vector_map_path }}/maplist/"
- name: Install {{ vector_map_path }}/maplist/index.html from template, for test page http://box/maps/maplist
template:
src: "index.html"
dest: '{{ vector_map_path }}/maplist/index.html'
src: index.html
dest: "{{ vector_map_path }}/maplist/index.html"
# Bboxes (bounding boxes) are currently square. But geofabrik has non-rectangular bboxes.
# So bring the bounding box definition from cloud (bboxes.geojson is big)
- name: Download bounding box definitions (bboxes.geojson) to {{ vector_map_path }}/maplist/assets/
get_url:
url: "{{ iiab_map_url }}/assets/bboxes.geojson"
dest: '{{ vector_map_path }}/maplist/assets/'
dest: "{{ vector_map_path }}/maplist/assets/"
# REMOVE this stanza once the transition to Python 3 is confirmed
#- name: Install python-geojson package (OS's prior to Ubuntu 19.10)
@ -48,11 +48,11 @@
# name: python3-geojson # 2019-10-19: available across most/all recent
# state: present # OS's, but not yet used by osm-vector-maps code?
- name: Install /usr/bin/iiab-update-map for updating of Map Pack catalog & descriptions
- name: Install /usr/bin/iiab-update-map from template, for updating of Map Pack catalog & descriptions
template:
src: iiab-update-map
dest: /usr/bin/iiab-update-map
mode: "0755"
mode: '0755'
# This depends on iiab-admin-console which is not yet installed
#- name: Run the script that does osm-vector-maps housekeeping
@ -61,25 +61,25 @@
- name: Copy countries.json (geojson) to {{ vector_map_path }}/maplist/assets
copy:
src: countries.json
dest: '{{ vector_map_path }}/maplist/assets'
dest: "{{ vector_map_path }}/maplist/assets"
# It is too complicated to use a single file for both iiab and admin-console
- name: Copy the duplicated JavaScript (map_functions.js) to {{ vector_map_path }}/maplist/assets
copy:
src: map_functions.js
dest: '{{ vector_map_path }}/maplist/assets'
dest: "{{ vector_map_path }}/maplist/assets"
- name: Install /etc/nginx/conf.d/osm-vector-maps.conf from template
- name: Install {{ nginx_config_dir }}/osm-vector-maps.conf from template
template:
src: osm-vector-maps-nginx.conf
dest: "/etc/nginx/conf.d/osm-vector-maps-nginx.conf"
dest: "{{ nginx_config_dir }}/osm-vector-maps-nginx.conf"
when: osm_vector_maps_enabled | bool
- name: Remove config /etc/nginx/conf,d/osm-vector-maps.conf (debuntu)
- name: Remove {{ nginx_config_dir }}/osm-vector-maps.conf
file:
path: /etc/nginx/conf.d/osm-vector-maps-nginx.conf
path: "{{ nginx_config_dir }}/osm-vector-maps-nginx.conf"
state: absent
when: not osm_vector_maps_enabled | bool
when: not osm_vector_maps_enabled
#- name: Does the {{ vector_map_path }}/index.html redirect already exist?
# stat:
@ -94,7 +94,7 @@
dest: "{{ vector_map_path }}/index.html"
#when: not osm_redirect.stat.exists
- name: Reload Apache service ({{ apache_service }}) # e.g. apache2
- name: Reload 'nginx' systemd service
systemd:
name: "{{ apache_service }}"
name: nginx
state: reloaded

83
roles/sugarizer/tasks/enable.yml
View file

@ -1,75 +1,54 @@
- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled)
file:
src: /etc/apache2/sites-available/sugarizer.conf
path: /etc/apache2/sites-enabled/sugarizer.conf
state: link
when: sugarizer_enabled | bool and not nginx_enabled | bool
- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled)
file:
path: /etc/apache2/sites-enabled/sugarizer.conf
state: absent
when: not sugarizer_enabled | bool or nginx_enabled | bool
- name: "Install sugarizer-nginx.conf (nginx)"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
owner: root
group: root
with_items:
- { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' , mode: '0644' }
when: sugarizer_enabled | bool and nginx_enabled | bool
# 6. RESTART/STOP SYSTEMD SERVICE
# with "systemctl daemon-reload" in case mongodb.service changed, etc
- name: Enable & Restart 'sugarizer' systemd service (if sugarizer_enabled)
- name: Enable & Restart 'sugarizer' systemd service
systemd:
name: sugarizer
daemon_reload: yes
daemon_reload: yes # in case mongodb.service changed, etc
enabled: yes
state: restarted
when: sugarizer_enabled | bool
- name: Disable & Stop 'sugarizer' systemd service (if not sugarizer_enabled)
- name: Disable & Stop 'sugarizer' systemd service
systemd:
name: sugarizer
daemon_reload: yes
enabled: no
state: stopped
when: not sugarizer_enabled
#- name: Enable services (all OS's)
# service:
# name: "{{ item.name }}"
# enabled: yes
# state: restarted
# with_items:
## - { name: mongodb } # 2018-07-14: NICE TRY, but still doesn't bring http://box:8089 to life reliably, as a reboot usually does! (Is a "systemctl daemon-reload" or some such nec?)
# - { name: sugarizer }
# when: sugarizer_enabled | bool
# Apache
#- name: Disable service (all OS's)
# service:
# name: sugarizer
# enabled: no
# state: stopped
# when: not sugarizer_enabled
- name: Enable http://box/sugarizer & http://box/sugar via Apache
command: a2ensite sugarizer.conf
when: apache_install and sugarizer_enabled
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/sugarizer (not just http://box:{{ sugarizer_port }})
- name: Disable http://box/sugarizer & http://box/sugar via Apache
command: a2dissite sugarizer.conf
when: apache_install and not sugarizer_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}" # httpd or apache2
name: "{{ apache_service }}"
state: restarted
when: sugarizer_enabled | bool and not nginx_enabled | bool
when: apache_enabled | bool
- name: Restart nginx when enabled
# NGINX
- name: Enable http://box/sugarizer via NGINX, by installing {{ nginx_config_dir }}/sugarizer-nginx.conf from template
template:
src: sugarizer-nginx.conf
dest: "{{ nginx_config_dir }}/sugarizer-nginx.conf"
when: nginx_install and sugarizer_enabled
- name: Disable http://box/sugarizer via NGINX, by removing {{ nginx_config_dir }}/sugarizer-nginx.conf
file:
path: "{{ nginx_config_dir }}/sugarizer-nginx.conf"
state: absent
when: nginx_install and not sugarizer_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
daemon_reload: yes
when: sugarizer_enabled and nginx_enabled
when: nginx_enabled | bool
- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
ini_file:

18
roles/sugarizer/tasks/install.yml
View file

@ -120,12 +120,6 @@
# when: internet_available and git_sug_server_output.changed # OLD WAY 3
# when: internet_available and not is_F18 and not node_modules_exists # OLD WAY 1
#- name: Create the express framework for Node.js (Fedora 18)
# shell: npm install
# args:
# chdir: "{{ iiab_base }}/sugarizer/server"
# when: internet_available and is_F18 and not node_modules_exists
# Add a Node.js Express function that appends a prefix to URLs.
# SEE "AUTO-INSERTED BY IIAB" ~61 LINES BELOW: as those two "pathPrefix" lines
# MUST be added to /opt/iiab/sugarizer-server/sugarizer.js
@ -138,16 +132,16 @@
# 5. CONFIG FILES
- name: "Install from templates: sugarizer.service (systemd), sugarizer-nginx.conf (nginx)"
- name: "Install from templates: /etc/systemd/system/sugarizer.service, /etc/apache2/sites-available/sugarizer.conf"
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0644
owner: root
group: root
# owner: root
# group: root
# mode: '0644'
with_items:
- { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
- { src: 'sugarizer.conf.j2', dest: '/etc/apache2/sites-available/sugarizer.conf' }
- { src: 'sugarizer.conf.j2', dest: "/etc/{{ apache_config_dir }}/sugarizer.conf" }
#- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
#- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
@ -221,7 +215,7 @@
# # Use this instead, if tabs are truly nec:
# # block: "\tvar pathPrefix = '/sugarizer';\n\tapp.use(pathPrefix, require('path-prefix-proxy')(pathPrefix));"
- name: Add 'sugarizer_installed' variable values to {{ iiab_state_file }}
- name: "Add 'sugarizer_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^sugarizer_installed'

45
roles/wordpress/tasks/enable.yml
View file

@ -1,20 +1,39 @@
- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
file:
src: /etc/apache2/sites-available/wordpress.conf
path: /etc/apache2/sites-enabled/wordpress.conf
state: link
when: wordpress_enabled and is_debuntu
# Apache
- name: Remove /etc/apache2/sites-enabled/wordpress.conf if not wordpress_enabled (debuntu)
file:
path: /etc/apache2/sites-enabled/wordpress.conf
state: absent
when: not wordpress_enabled and is_debuntu
- name: "Enable http://box{{ wp_url }} via Apache"
command: a2ensite wordpress.conf
when: apache_install and wordpress_enabled
- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box{{ wp_url }}
- name: "Disable http://box{{ wp_url }} via Apache"
command: a2dissite wordpress.conf
when: apache_install and not wordpress_enabled
- name: Restart Apache systemd service ({{ apache_service }})
systemd:
name: "{{ apache_service }}"
name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
state: restarted
when: apache_enabled | bool
# NGINX
- name: "Enable http://box{{ wp_url }} via NGINX, by installing {{ nginx_config_dir }}/wordpress-nginx.conf from template"
template:
src: wordpress-nginx.conf.j2
dest: "{{ nginx_config_dir }}/wordpress-nginx.conf"
when: nginx_install and wordpress_enabled
- name: "Disable http://box{{ wp_url }} via NGINX, by removing {{ nginx_config_dir }}/wordpress-nginx.conf"
file:
path: "{{ nginx_config_dir }}/wordpress-nginx.conf"
state: absent
when: nginx_install and not wordpress_enabled
- name: Restart 'nginx' systemd service
systemd:
name: nginx
state: restarted
when: nginx_enabled | bool
- name: Add 'wordpress' variable values to {{ iiab_ini_file }}
ini_file:

59
roles/wordpress/tasks/install.yml
View file

@ -16,24 +16,24 @@
url: "{{ wordpress_download_base_url }}/{{ wordpress_src }}"
dest: "{{ downloads_dir }}"
timeout: "{{ download_timeout }}"
# force: yes
# backup: yes
# force: yes
# backup: yes
register: wp_download_output
when: internet_available | bool
- name: Create symlink from /opt/iiab/downloads/wordpress.tar.gz to {{ wp_download_output.dest }}
- name: Symlink {{ downloads_dir }}/wordpress.tar.gz -> {{ wp_download_output.dest }}
file:
src: "{{ wp_download_output.dest }}"
path: "{{ downloads_dir }}/wordpress.tar.gz"
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
state: link
when: wp_download_output.dest is defined
- name: Does /opt/iiab/downloads/wordpress.tar.gz link exist?
- name: Does {{ downloads_dir }}/wordpress.tar.gz link exist?
stat:
path: "{{ downloads_dir }}/wordpress.tar.gz"
path: "{{ downloads_dir }}/wordpress.tar.gz" # /opt/iiab/downloads
register: wp_link
- name: FAIL (force Ansible to exit) IF /opt/iiab/downloads/wordpress.tar.gz doesn't exist
- name: FAIL (force Ansible to exit) IF {{ downloads_dir }}/wordpress.tar.gz doesn't exist
fail:
msg: "{{ downloads_dir }}/wordpress.tar.gz is REQUIRED in order to install WordPress."
when: not wp_link.stat.exists
@ -42,22 +42,11 @@
unarchive:
src: "{{ downloads_dir }}/wordpress.tar.gz"
dest: "{{ wp_install_path }}"
owner: root
group: "{{ apache_user }}"
mode: 0664
# owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0664'
keep_newer: yes
# - name: Rename /library/wordpress* to /library/wordpress
# shell: if [ ! -d {{ wp_abs_path }} ]; then mv {{ wp_abs_path }}* {{ wp_abs_path }}; fi
#- name: Make Apache owner and group, 1st pass permissions set to 0664
# file: path={{ wp_abs_path }}
# recurse=yes
# owner=root
# group={{ apache_user }}
# mode=0664
# state=directory
- name: Make /library/wordpress directories 775 so Apache can traverse and write (most files remain 0664)
command: "/usr/bin/find {{ wp_abs_path }} -type d -exec chmod 775 {} +"
@ -65,9 +54,9 @@
copy:
src: wp-keys.php.BAK
dest: "{{ wp_abs_path }}/wp-keys.php.BAK"
owner: root
group: "{{ apache_user }}"
mode: 0640
# owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0640'
# Fetch random salts for WordPress config into wp-keys.php file by generating script and running
@ -75,9 +64,9 @@
template:
src: get-iiab-wp-salts.j2
dest: /tmp/get-iiab-wp-salts
owner: root
group: root
mode: 0700
# owner: root
# group: root
mode: '0700'
- name: Run /tmp/get-iiab-wp-salts to create /library/wordpress/wp-keys.php
command: /tmp/get-iiab-wp-salts
@ -91,23 +80,17 @@
template:
src: wp-config.php.j2
dest: "{{ wp_abs_path }}/wp-config.php"
owner: root
group: "{{ apache_user }}"
mode: 0660
# owner: root
group: "{{ apache_user }}" # DO WE REALLY STILL WANT THIS FOR NGINX?
mode: '0660'
- name: Install etc/{{ apache_config_dir }}/wordpress.conf from template, for http://box{{ wp_url }}
template:
src: wordpress.conf.j2
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
when: apache_enabled
when: apache_enabled | bool
- name: Install {{ nginx_config_dir }}/wordpress-nginx.conf from template, for http://box{{ wp_url }}
template:
src: wordpress-nginx.conf.j2
dest: "{{ nginx_config_dir }}/wordpress-nginx.conf"
when: nginx_enabled
- name: Add 'wordpress_installed' variable values to {{ iiab_state_file }}
- name: "Add 'wordpress_installed: True' to {{ iiab_state_file }}"
lineinfile:
dest: "{{ iiab_state_file }}"
regexp: '^wordpress_installed'