Update to 2020-05-19 21:00

4 years ago · 643bb034e9
parent 9cdb4c7413
commit 643bb034e9
5 changed files with 59 additions and 71 deletions
--- a/roles/dokuwiki/defaults/main.yml
+++ b/roles/dokuwiki/defaults/main.yml
@ -195,9 +195,9 @@ dokuwiki_ldap_group_key: cn
 # dokuwiki_ldap_bind_pass:

 # AD Settings
-dokuwiki_ad_dc: "{{ ad_ldap_servers }}"
+dokuwiki_ad_dc: "{{ ad_ldap_servers | default(ansible_domain) }}"
 dokuwiki_ad_starttls: True
-dokuwiki_ad_user_base: "{{ ad_ldap_user_search_base | default('DC=' + ad_realm | default(samba_realm) | regex_replace('\\.',',DC=')) }}"
+dokuwiki_ad_user_base: "{{ ad_ldap_user_search_base | default('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')) }}"
 # dokuwiki_ad_bind_dn:
 # dokuwiki_ad_bind_pass:
 ...
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@ -2,11 +2,13 @@

 - name: Set default install mode to none
  set_fact: dokuwiki_install_mode="none"
+  tags: dokuwiki

 - name: Install dependencies
  yum:
    name:
      - acl
+  tags: dokuwiki

 - name: Create PHP user acount
  user:
@ -14,21 +16,25 @@
    comment: "PHP FPM for dokuwiki {{ dokuwiki_id }}"
    system: yes
    shell: /sbin/nologin
+  tags: dokuwiki

 - name: Check if dokuwiki is already installed
  stat: path={{ dokuwiki_root_dir }}/meta/ansible_version
  register: dokuwiki_version_file
  changed_when: False
+  tags: dokuwiki

 - name: Check dokuwiki version
  command:  cat {{ dokuwiki_root_dir }}/meta/ansible_version
  register: dokuwiki_current_version
  changed_when: False
  when: dokuwiki_version_file.stat.exists
+  tags: dokuwiki

 - name: Set installation process to install
  set_fact: dokuwiki_install_mode='install'
  when: not dokuwiki_version_file.stat.exists
+  tags: dokuwiki

 - name: Set installation process to upgrade
  set_fact: dokuwiki_install_mode='upgrade'
@ -36,10 +42,12 @@
    - dokuwiki_version_file.stat.exists
    - dokuwiki_current_version.stdout != dokuwiki_version
    - dokuwiki_manage_upgrade
+  tags: dokuwiki

 - name: Create archive dir
  file: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }} state=directory mode=700
  when: dokuwiki_install_mode == 'upgrade'
+  tags: dokuwiki

 - name: Prepare dokuwiki upgrade
  synchronize:
@ -49,6 +57,7 @@
    delete: True
  delegate_to: "{{ inventory_hostname }}"
  when: dokuwiki_install_mode == 'upgrade'
+  tags: dokuwiki

 - name: Create directory structure
  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.groupe | default(omit) }} mode={{ item.mode | default(omit) }}
@ -70,6 +79,7 @@
    - dir: "{{ dokuwiki_root_dir }}/web/conf/tpl"
      group: "{{ dokuwiki_php_user }}"
      mode: 770
+  tags: dokuwiki

 - name: Download Dokuwiki
  get_url:
@ -77,6 +87,7 @@
    dest: "{{ dokuwiki_root_dir }}/tmp/"
    checksum: "sha1:{{ dokuwiki_archive_sha1 }}"
  when: dokuwiki_install_mode != 'none'
+  tags: dokuwiki

 - name: Extract dokuwiki archive
  unarchive:
@ -84,6 +95,7 @@
    dest: "{{ dokuwiki_root_dir }}/tmp/"
    remote_src: yes
  when: dokuwiki_install_mode != 'none'
+  tags: dokuwiki

 - name: Move the content of dokuwiki to the correct top directory
  synchronize:
@ -95,6 +107,7 @@
      - '--exclude=data/'
  delegate_to: "{{ inventory_hostname }}"
  when: dokuwiki_install_mode != 'none'
+  tags: dokuwiki

 - name: Populate the data dir
  synchronize:
@ -103,9 +116,10 @@
    recursive: True
  delegate_to: "{{ inventory_hostname }}"
  when: dokuwiki_install_mode != 'none'
+  tags: dokuwiki

 - name: Check existing conf to restore
-  stat: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/{{ item }}
+  stat: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version }}/web/{{ item }}
  with_items:
    - conf/local.php
    - conf/acl.auth.php
@ -113,6 +127,7 @@
    - conf/plugins.local.php
    - conf/tpl/
  register: dokuwiki_conf_to_restore
+  tags: dokuwiki

 - name: Restore Configuration
  synchronize:
@ -124,6 +139,7 @@
  when:
    - dokuwiki_install_mode == 'upgrade'
    - item.stat.exists
+  tags: dokuwiki

 - name: List previously installed plugins
  shell: find {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/lib/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
@ -131,6 +147,7 @@
  when:
    - dokuwiki_install_mode == 'upgrade'
    - not dokuwiki_remove_unmanaged_plugins
+  tags: dokuwiki

 - name: Restore unmanaged previous plugins
  synchronize:
@ -142,6 +159,7 @@
  when:
    - dokuwiki_install_mode == 'upgrade'
    - not dokuwiki_remove_unmanaged_plugins
+  tags: dokuwiki

 - name: List previously installed templates
  shell: find {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/lib/tpl -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
@ -149,6 +167,7 @@
  when:
    - dokuwiki_install_mode == 'upgrade'
    - not dokuwiki_remove_unmanaged_tpl
+  tags: dokuwiki

 - name: Restore unmanaged previous templates
  synchronize:
@ -160,10 +179,12 @@
  when:
    - dokuwiki_install_mode == 'upgrade'
    - not dokuwiki_remove_unmanaged_tpl
+  tags: dokuwiki

 - name: Write dokuwiki version
  copy: content={{ dokuwiki_version }} dest={{ dokuwiki_root_dir }}/meta/ansible_version
  when: dokuwiki_install_mode != 'none'
+  tags: dokuwiki

 - name: Compress previous version
  command: tar cJf {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}.txz ./
@ -172,18 +193,22 @@
  args:
    chdir: "{{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}"
  when: dokuwiki_install_mode == 'upgrade'
+  tags: dokuwiki

 - name: Remove archive directory
  file: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }} state=absent
  when: dokuwiki_install_mode == 'upgrade'
+  tags: dokuwiki

 - name: Build a list of installed plugins
  shell: find {{ dokuwiki_root_dir }}/web/lib/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
  register: dokuwiki_installed_plugins
  changed_when: False
+  tags: dokuwiki

 - name: Install authhttpldap plugin
  copy: src=authhttpldap dest={{ dokuwiki_root_dir }}/web/lib/plugins
+  tags: dokuwiki

 - name: Download plugins
  get_url:
@ -194,6 +219,7 @@
    - dokuwiki_plugins[item] is defined
    - dokuwiki_plugins[item].type | default('plugin') == 'plugin'
  with_items: "{{ dokuwiki_plugins_to_install }}"
+  tags: dokuwiki

 - name: Extract plugins
  unarchive:
@ -205,6 +231,7 @@
    - dokuwiki_plugins[item] is defined
    - dokuwiki_plugins[item].type | default('plugin') == 'plugin'
  with_items: "{{ dokuwiki_plugins_to_install }}"
+  tags: dokuwiki

 - name: Move plugins to the final dir
  synchronize:
@ -218,6 +245,7 @@
    - dokuwiki_plugins[item] is defined
    - dokuwiki_plugins[item].type | default('plugin') == 'plugin'
  with_items: "{{ dokuwiki_plugins_to_install }}"
+  tags: dokuwiki

 - name: Remove unmanaged plugins
  file: path={{ dokuwiki_root_dir }}/web/lib/plugins/{{ item }} state=absent
@ -226,11 +254,13 @@
    - item not in dokuwiki_plugins_to_install
    - item not in dokuwiki_core_plugins
    - dokuwiki_remove_unmanaged_plugins
+  tags: dokuwiki

 - name: Build a list of installed templates
  shell: find {{ dokuwiki_root_dir }}/web/lib/tpl -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
  register: dokuwiki_installed_tpl
  changed_when: False
+  tags: dokuwiki

 - name: Download templates
  get_url:
@ -241,6 +271,7 @@
    - dokuwiki_plugins[item].type | default('plugin') == 'tpl'
    - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki'])
  with_items: "{{ dokuwiki_tpl_to_install }}"
+  tags: dokuwiki

 - name: Extract templates
  unarchive:
@ -252,6 +283,7 @@
    - dokuwiki_plugins[item].type | default('plugin') == 'tpl'
    - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki'])
  with_items: "{{ dokuwiki_tpl_to_install }}"
+  tags: dokuwiki

 - name: Move templates to the final dir
  synchronize:
@ -265,6 +297,7 @@
    - dokuwiki_plugins[item].type | default('plugin') == 'tpl'
    - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki'])
  with_items: "{{ dokuwiki_tpl_to_install }}"
+  tags: dokuwiki

 - name: Remove unmanaged tpl
  file: path={{ dokuwiki_root_dir }}/web/lib/tpl/{{ item }} state=absent
@ -273,61 +306,74 @@
    - item not in dokuwiki_tpl_to_install
    - item != 'dokuwiki'
    - dokuwiki_remove_unmanaged_tpl
+  tags: dokuwiki

 - name: Remove temp files
  file: path={{ dokuwiki_root_dir }}/tmp/{{ item }} state=absent
  with_items:
    - dokuwiki-{{ dokuwiki_version }}
    - dokuwiki-{{ dokuwiki_version }}.tgz
+  tags: dokuwiki

 - name: Remove plugins archives
  file: path={{ dokuwiki_root_dir }}/tmp/{{ dokuwiki_plugins[item].archive_name }} state=absent
  when: dokuwiki_plugins[item] is defined
  with_items: "{{ dokuwiki_plugins_to_install + dokuwiki_tpl_to_install }}"
+  tags: dokuwiki

 - name: Remove plugins temp files
  file: path={{ dokuwiki_root_dir }}/tmp/{{ dokuwiki_plugins[item].archive_dir | default(dokuwiki_plugins[item].archive_name | splitext | first) }} state=absent
  when: dokuwiki_plugins[item] is defined
  with_items: "{{ dokuwiki_plugins_to_install + dokuwiki_tpl_to_install }}"
+  tags: dokuwiki

 - name: Deploy permission script
  template: src=perms.sh.j2 dest={{ dokuwiki_root_dir }}/perms.sh mode=755
+  tags: dokuwiki

 - name: Deploy httpd configuration
  template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-dokuwiki_{{ dokuwiki_id }}.conf
  notify: reload httpd
+  tags: dokuwiki

 - name: Deploy php configuration
  template: src=php.conf.j2 dest={{ httpd_php_versions[dokuwiki_php_version].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf
  notify: restart php-fpm
+  tags: dokuwiki

 - name: Remove PHP config from other versions
  file: path={{ httpd_php_versions[item].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf state=absent
  with_items: "{{ httpd_php_versions.keys() | list | difference([ dokuwiki_php_version ]) }}"
  notify: restart php-fpm
+  tags: dokuwiki

 - name: Remove PHP config (using a custom pool)
  file: path={{ httpd_php_versions[item].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf state=absent
  with_items: "{{ httpd_php_versions.keys() | list }}"
  when: dokuwiki_php_fpm_pool is defined
  notify: restart php-fpm
+  tags: dokuwiki

 - name: Deploy dokuwiki configuration
  template: src={{ item }}.j2 dest={{ dokuwiki_root_dir }}/web/conf/{{ item }} owner=root group={{ dokuwiki_php_user }} mode=660
  with_items:
    - local.protected.php
    - plugins.protected.php
+  tags: dokuwiki

 - name: Check if local.php exists
  stat: path={{ dokuwiki_root_dir }}/web/conf/local.php
  register: dokuwiki_local_php
+  tags: dokuwiki

 - name: Set default values
  template: src=local.php.j2 dest={{ dokuwiki_root_dir }}/web/conf/local.php
  when: not dokuwiki_local_php.stat.exists
+  tags: dokuwiki

 - name: Deploy htaccess
  template: src=htaccess.j2 dest={{ dokuwiki_root_dir }}/web/.htaccess
+  tags: dokuwiki

 - name: Set correct SElinux context
  sefcontext:
@ -335,10 +381,12 @@
    setype: httpd_sys_content_t
    state: present
  when: ansible_selinux.status == 'enabled'
+  tags: dokuwiki

 - name: Set optimal permissions
  command: "{{ dokuwiki_root_dir }}/perms.sh"
  changed_when: False
+  tags: dokuwiki

 - include: filebeat.yml
 ...
--- a/roles/dokuwiki/templates/local.protected.php.j2
+++ b/roles/dokuwiki/templates/local.protected.php.j2
@ -13,10 +13,6 @@ $conf['plugin']['{{ dokuwiki_auth }}']['grouptree'] = '{{ dokuwiki_ldap_group_ba
 $conf['plugin']['{{ dokuwiki_auth }}']['userfilter'] = '{{ dokuwiki_ldap_user_filter }}';
 $conf['plugin']['{{ dokuwiki_auth }}']['groupfilter'] = '{{ dokuwiki_ldap_group_filter }}';
 $conf['plugin']['{{ dokuwiki_auth }}']['groupkey'] = '{{ dokuwiki_ldap_group_key }}';
-{% if dokuwiki_ldap_ad %}
-$conf['plugin']['authhttpldap']['referrals'] = 0;
-$conf['plugin']['authhttpldap']['mapping']['grps']  = array('memberof' => '/CN=(.+?),/i');
-{% endif %}
 {% if dokuwiki_ldap_bind_dn is defined and dokuwiki_ldap_bind_pass is defined %}
 $conf['plugin']['{{ dokuwiki_auth }}']['binddn'] = '{{ dokuwiki_ldap_bind_dn }}';
 $conf['plugin']['{{ dokuwiki_auth }}']['bindpw'] = '{{ dokuwiki_ldap_bind_pass }}';
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@ -61,9 +61,6 @@ synapse_enable_registration: False
 synapse_allow_guest_access: False
 # If set, allow registration if you know this key. Even if registration is otherwise disabled
 # synapse_registration_shared_secret:
-# Set both public and private key to enable reCaptcha on registration
-# synapse_recaptcha_public_key: 
-# synapse_recaptcha_private_key:

 # URL Preview
 synapse_url_preview: True
@ -83,20 +80,9 @@ synapse_max_spider_size: 10M
 #   - turns:turn.example.com?transport=tcp
 # synapse_turn_shared_secret:
 # Set this to true if you want guests to do VoIP/Video calls too
-synapse_turn_allow_guests: False
-
-# Third party ID servers
-synapse_trusted_third_party_id_servers:
-  - matrix.org
-  - vector.im
-  - riot.im
-
-synapse_email_notifs: False
-synapse_smtp_server: localhost
-synapse_smtp_port: 25
-# synapse_smtp_user:
-# synapse_smtp_pass:
-synapse_smtp_tls: False
+synapse_turn_allow_guests: True
+
+synapse_email_notifs: True
 synapse_smtp_from: "Your Friendly %(app)s Home Server <noreply@{{ ansible_domain }}>"
 synapse_app_name: Matrix
 #synapse_riot_base_url: https://messenger.example.com
--- a/roles/matrix_synapse/templates/homeserver.yaml.j2
+++ b/roles/matrix_synapse/templates/homeserver.yaml.j2
@ -74,31 +74,6 @@ federation_ip_range_blacklist: []
 media_store_path: "{{ synapse_root_dir }}/media_store"
 uploads_path: "{{ synapse_root_dir }}/uploads"
 max_upload_size: "{{ synapse_upload_max_size }}"
-max_image_pixels: "32M"
-dynamic_thumbnails: False
-thumbnail_sizes:
-  - width: 32
-    height: 32
-    method: crop
-  - width: 96
-    height: 96
-    method: crop
-  - width: 320
-    height: 240
-    method: scale
-  - width: 640
-    height: 480
-    method: scale
-  - width: 800
-    height: 600
-    method: scale
-
-{% if synapse_recaptcha_public_key is defined and synapse_recaptcha_private_key is defined %}
-recaptcha_public_key: "{{ synapse_recaptcha_public_key }}"
-recaptcha_private_key: "{{ synapse_recaptcha_private_key }}"
-enable_registration_captcha: True
-recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
-{% endif %}

 {% if synapse_turn_uris is defined and synapse_turn_uris | length > 0 %}
 turn_uris:
@ -120,20 +95,7 @@ allow_guest_access: {{ synapse_allow_guest_access | ternary('True', 'False') }}
 enable_metrics: False
 report_stats: False

-{% if synapse_trusted_third_party_id_servers is defined and synapse_trusted_third_party_id_servers | length > 0 %}
-trusted_third_party_id_servers:
-{% for server in synapse_trusted_third_party_id_servers %}
-  - {{ server }}
-{% endfor %}
-{% endif %}
-
-room_invite_state_types:
-  - "m.room.join_rules"
-  - "m.room.canonical_alias"
-  - "m.room.avatar"
-  - "m.room.name"
-
-app_service_config_files: []
+default_identity_server: {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }}

 macaroon_secret_key: "{{ synapse_macaroon_key }}"

@ -159,14 +121,10 @@ max_spider_size: {{ synapse_max_spider_size }}
 form_secret: "{{ synapse_form_secret }}"

 signing_key_path: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.signing.key"
-key_refresh_interval: "1d"
-
-perspectives:
-  servers:
-    "matrix.org":
-      verify_keys:
-        "ed25519:auto":
-          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+
+trusted_key_servers:
+  - server_name: "matrix.org"
+suppress_key_server_warning: True

 {% if synapse_email_notifs %}
 email: