From 643bb034e991398b7455b30e626c5001f0ac5ddb Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 19 May 2020 21:00:59 +0200 Subject: [PATCH] Update to 2020-05-19 21:00 --- roles/dokuwiki/defaults/main.yml | 4 +- roles/dokuwiki/tasks/main.yml | 50 +++++++++++++++++++++- roles/dokuwiki/templates/local.protected.php.j2 | 4 -- roles/matrix_synapse/defaults/main.yml | 20 ++------- roles/matrix_synapse/templates/homeserver.yaml.j2 | 52 +++-------------------- 5 files changed, 59 insertions(+), 71 deletions(-) diff --git a/roles/dokuwiki/defaults/main.yml b/roles/dokuwiki/defaults/main.yml index 62d6ccf..40d866f 100644 --- a/roles/dokuwiki/defaults/main.yml +++ b/roles/dokuwiki/defaults/main.yml @@ -195,9 +195,9 @@ dokuwiki_ldap_group_key: cn # dokuwiki_ldap_bind_pass: # AD Settings -dokuwiki_ad_dc: "{{ ad_ldap_servers }}" +dokuwiki_ad_dc: "{{ ad_ldap_servers | default(ansible_domain) }}" dokuwiki_ad_starttls: True -dokuwiki_ad_user_base: "{{ ad_ldap_user_search_base | default('DC=' + ad_realm | default(samba_realm) | regex_replace('\\.',',DC=')) }}" +dokuwiki_ad_user_base: "{{ ad_ldap_user_search_base | default('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')) }}" # dokuwiki_ad_bind_dn: # dokuwiki_ad_bind_pass: ... diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml index 79537e5..6f0b9eb 100644 --- a/roles/dokuwiki/tasks/main.yml +++ b/roles/dokuwiki/tasks/main.yml @@ -2,11 +2,13 @@ - name: Set default install mode to none set_fact: dokuwiki_install_mode="none" + tags: dokuwiki - name: Install dependencies yum: name: - acl + tags: dokuwiki - name: Create PHP user acount user: @@ -14,21 +16,25 @@ comment: "PHP FPM for dokuwiki {{ dokuwiki_id }}" system: yes shell: /sbin/nologin + tags: dokuwiki - name: Check if dokuwiki is already installed stat: path={{ dokuwiki_root_dir }}/meta/ansible_version register: dokuwiki_version_file changed_when: False + tags: dokuwiki - name: Check dokuwiki version command: cat {{ dokuwiki_root_dir }}/meta/ansible_version register: dokuwiki_current_version changed_when: False when: dokuwiki_version_file.stat.exists + tags: dokuwiki - name: Set installation process to install set_fact: dokuwiki_install_mode='install' when: not dokuwiki_version_file.stat.exists + tags: dokuwiki - name: Set installation process to upgrade set_fact: dokuwiki_install_mode='upgrade' @@ -36,10 +42,12 @@ - dokuwiki_version_file.stat.exists - dokuwiki_current_version.stdout != dokuwiki_version - dokuwiki_manage_upgrade + tags: dokuwiki - name: Create archive dir file: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }} state=directory mode=700 when: dokuwiki_install_mode == 'upgrade' + tags: dokuwiki - name: Prepare dokuwiki upgrade synchronize: @@ -49,6 +57,7 @@ delete: True delegate_to: "{{ inventory_hostname }}" when: dokuwiki_install_mode == 'upgrade' + tags: dokuwiki - name: Create directory structure file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.groupe | default(omit) }} mode={{ item.mode | default(omit) }} @@ -70,6 +79,7 @@ - dir: "{{ dokuwiki_root_dir }}/web/conf/tpl" group: "{{ dokuwiki_php_user }}" mode: 770 + tags: dokuwiki - name: Download Dokuwiki get_url: @@ -77,6 +87,7 @@ dest: "{{ dokuwiki_root_dir }}/tmp/" checksum: "sha1:{{ dokuwiki_archive_sha1 }}" when: dokuwiki_install_mode != 'none' + tags: dokuwiki - name: Extract dokuwiki archive unarchive: @@ -84,6 +95,7 @@ dest: "{{ dokuwiki_root_dir }}/tmp/" remote_src: yes when: dokuwiki_install_mode != 'none' + tags: dokuwiki - name: Move the content of dokuwiki to the correct top directory synchronize: @@ -95,6 +107,7 @@ - '--exclude=data/' delegate_to: "{{ inventory_hostname }}" when: dokuwiki_install_mode != 'none' + tags: dokuwiki - name: Populate the data dir synchronize: @@ -103,9 +116,10 @@ recursive: True delegate_to: "{{ inventory_hostname }}" when: dokuwiki_install_mode != 'none' + tags: dokuwiki - name: Check existing conf to restore - stat: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/{{ item }} + stat: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version }}/web/{{ item }} with_items: - conf/local.php - conf/acl.auth.php @@ -113,6 +127,7 @@ - conf/plugins.local.php - conf/tpl/ register: dokuwiki_conf_to_restore + tags: dokuwiki - name: Restore Configuration synchronize: @@ -124,6 +139,7 @@ when: - dokuwiki_install_mode == 'upgrade' - item.stat.exists + tags: dokuwiki - name: List previously installed plugins shell: find {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/lib/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \; @@ -131,6 +147,7 @@ when: - dokuwiki_install_mode == 'upgrade' - not dokuwiki_remove_unmanaged_plugins + tags: dokuwiki - name: Restore unmanaged previous plugins synchronize: @@ -142,6 +159,7 @@ when: - dokuwiki_install_mode == 'upgrade' - not dokuwiki_remove_unmanaged_plugins + tags: dokuwiki - name: List previously installed templates shell: find {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}/web/lib/tpl -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \; @@ -149,6 +167,7 @@ when: - dokuwiki_install_mode == 'upgrade' - not dokuwiki_remove_unmanaged_tpl + tags: dokuwiki - name: Restore unmanaged previous templates synchronize: @@ -160,10 +179,12 @@ when: - dokuwiki_install_mode == 'upgrade' - not dokuwiki_remove_unmanaged_tpl + tags: dokuwiki - name: Write dokuwiki version copy: content={{ dokuwiki_version }} dest={{ dokuwiki_root_dir }}/meta/ansible_version when: dokuwiki_install_mode != 'none' + tags: dokuwiki - name: Compress previous version command: tar cJf {{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}.txz ./ @@ -172,18 +193,22 @@ args: chdir: "{{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }}" when: dokuwiki_install_mode == 'upgrade' + tags: dokuwiki - name: Remove archive directory file: path={{ dokuwiki_root_dir }}/archives/{{ dokuwiki_current_version.stdout }} state=absent when: dokuwiki_install_mode == 'upgrade' + tags: dokuwiki - name: Build a list of installed plugins shell: find {{ dokuwiki_root_dir }}/web/lib/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \; register: dokuwiki_installed_plugins changed_when: False + tags: dokuwiki - name: Install authhttpldap plugin copy: src=authhttpldap dest={{ dokuwiki_root_dir }}/web/lib/plugins + tags: dokuwiki - name: Download plugins get_url: @@ -194,6 +219,7 @@ - dokuwiki_plugins[item] is defined - dokuwiki_plugins[item].type | default('plugin') == 'plugin' with_items: "{{ dokuwiki_plugins_to_install }}" + tags: dokuwiki - name: Extract plugins unarchive: @@ -205,6 +231,7 @@ - dokuwiki_plugins[item] is defined - dokuwiki_plugins[item].type | default('plugin') == 'plugin' with_items: "{{ dokuwiki_plugins_to_install }}" + tags: dokuwiki - name: Move plugins to the final dir synchronize: @@ -218,6 +245,7 @@ - dokuwiki_plugins[item] is defined - dokuwiki_plugins[item].type | default('plugin') == 'plugin' with_items: "{{ dokuwiki_plugins_to_install }}" + tags: dokuwiki - name: Remove unmanaged plugins file: path={{ dokuwiki_root_dir }}/web/lib/plugins/{{ item }} state=absent @@ -226,11 +254,13 @@ - item not in dokuwiki_plugins_to_install - item not in dokuwiki_core_plugins - dokuwiki_remove_unmanaged_plugins + tags: dokuwiki - name: Build a list of installed templates shell: find {{ dokuwiki_root_dir }}/web/lib/tpl -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \; register: dokuwiki_installed_tpl changed_when: False + tags: dokuwiki - name: Download templates get_url: @@ -241,6 +271,7 @@ - dokuwiki_plugins[item].type | default('plugin') == 'tpl' - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki']) with_items: "{{ dokuwiki_tpl_to_install }}" + tags: dokuwiki - name: Extract templates unarchive: @@ -252,6 +283,7 @@ - dokuwiki_plugins[item].type | default('plugin') == 'tpl' - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki']) with_items: "{{ dokuwiki_tpl_to_install }}" + tags: dokuwiki - name: Move templates to the final dir synchronize: @@ -265,6 +297,7 @@ - dokuwiki_plugins[item].type | default('plugin') == 'tpl' - item not in dokuwiki_installed_tpl.stdout_lines | difference(['dokuwiki']) with_items: "{{ dokuwiki_tpl_to_install }}" + tags: dokuwiki - name: Remove unmanaged tpl file: path={{ dokuwiki_root_dir }}/web/lib/tpl/{{ item }} state=absent @@ -273,61 +306,74 @@ - item not in dokuwiki_tpl_to_install - item != 'dokuwiki' - dokuwiki_remove_unmanaged_tpl + tags: dokuwiki - name: Remove temp files file: path={{ dokuwiki_root_dir }}/tmp/{{ item }} state=absent with_items: - dokuwiki-{{ dokuwiki_version }} - dokuwiki-{{ dokuwiki_version }}.tgz + tags: dokuwiki - name: Remove plugins archives file: path={{ dokuwiki_root_dir }}/tmp/{{ dokuwiki_plugins[item].archive_name }} state=absent when: dokuwiki_plugins[item] is defined with_items: "{{ dokuwiki_plugins_to_install + dokuwiki_tpl_to_install }}" + tags: dokuwiki - name: Remove plugins temp files file: path={{ dokuwiki_root_dir }}/tmp/{{ dokuwiki_plugins[item].archive_dir | default(dokuwiki_plugins[item].archive_name | splitext | first) }} state=absent when: dokuwiki_plugins[item] is defined with_items: "{{ dokuwiki_plugins_to_install + dokuwiki_tpl_to_install }}" + tags: dokuwiki - name: Deploy permission script template: src=perms.sh.j2 dest={{ dokuwiki_root_dir }}/perms.sh mode=755 + tags: dokuwiki - name: Deploy httpd configuration template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-dokuwiki_{{ dokuwiki_id }}.conf notify: reload httpd + tags: dokuwiki - name: Deploy php configuration template: src=php.conf.j2 dest={{ httpd_php_versions[dokuwiki_php_version].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf notify: restart php-fpm + tags: dokuwiki - name: Remove PHP config from other versions file: path={{ httpd_php_versions[item].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf state=absent with_items: "{{ httpd_php_versions.keys() | list | difference([ dokuwiki_php_version ]) }}" notify: restart php-fpm + tags: dokuwiki - name: Remove PHP config (using a custom pool) file: path={{ httpd_php_versions[item].conf_path }}/php-fpm.d/dokuwiki_{{ dokuwiki_id }}.conf state=absent with_items: "{{ httpd_php_versions.keys() | list }}" when: dokuwiki_php_fpm_pool is defined notify: restart php-fpm + tags: dokuwiki - name: Deploy dokuwiki configuration template: src={{ item }}.j2 dest={{ dokuwiki_root_dir }}/web/conf/{{ item }} owner=root group={{ dokuwiki_php_user }} mode=660 with_items: - local.protected.php - plugins.protected.php + tags: dokuwiki - name: Check if local.php exists stat: path={{ dokuwiki_root_dir }}/web/conf/local.php register: dokuwiki_local_php + tags: dokuwiki - name: Set default values template: src=local.php.j2 dest={{ dokuwiki_root_dir }}/web/conf/local.php when: not dokuwiki_local_php.stat.exists + tags: dokuwiki - name: Deploy htaccess template: src=htaccess.j2 dest={{ dokuwiki_root_dir }}/web/.htaccess + tags: dokuwiki - name: Set correct SElinux context sefcontext: @@ -335,10 +381,12 @@ setype: httpd_sys_content_t state: present when: ansible_selinux.status == 'enabled' + tags: dokuwiki - name: Set optimal permissions command: "{{ dokuwiki_root_dir }}/perms.sh" changed_when: False + tags: dokuwiki - include: filebeat.yml ... diff --git a/roles/dokuwiki/templates/local.protected.php.j2 b/roles/dokuwiki/templates/local.protected.php.j2 index 57d736c..b449cc6 100644 --- a/roles/dokuwiki/templates/local.protected.php.j2 +++ b/roles/dokuwiki/templates/local.protected.php.j2 @@ -13,10 +13,6 @@ $conf['plugin']['{{ dokuwiki_auth }}']['grouptree'] = '{{ dokuwiki_ldap_group_ba $conf['plugin']['{{ dokuwiki_auth }}']['userfilter'] = '{{ dokuwiki_ldap_user_filter }}'; $conf['plugin']['{{ dokuwiki_auth }}']['groupfilter'] = '{{ dokuwiki_ldap_group_filter }}'; $conf['plugin']['{{ dokuwiki_auth }}']['groupkey'] = '{{ dokuwiki_ldap_group_key }}'; -{% if dokuwiki_ldap_ad %} -$conf['plugin']['authhttpldap']['referrals'] = 0; -$conf['plugin']['authhttpldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i'); -{% endif %} {% if dokuwiki_ldap_bind_dn is defined and dokuwiki_ldap_bind_pass is defined %} $conf['plugin']['{{ dokuwiki_auth }}']['binddn'] = '{{ dokuwiki_ldap_bind_dn }}'; $conf['plugin']['{{ dokuwiki_auth }}']['bindpw'] = '{{ dokuwiki_ldap_bind_pass }}'; diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml index c748348..9de1c99 100644 --- a/roles/matrix_synapse/defaults/main.yml +++ b/roles/matrix_synapse/defaults/main.yml @@ -61,9 +61,6 @@ synapse_enable_registration: False synapse_allow_guest_access: False # If set, allow registration if you know this key. Even if registration is otherwise disabled # synapse_registration_shared_secret: -# Set both public and private key to enable reCaptcha on registration -# synapse_recaptcha_public_key: -# synapse_recaptcha_private_key: # URL Preview synapse_url_preview: True @@ -83,20 +80,9 @@ synapse_max_spider_size: 10M # - turns:turn.example.com?transport=tcp # synapse_turn_shared_secret: # Set this to true if you want guests to do VoIP/Video calls too -synapse_turn_allow_guests: False - -# Third party ID servers -synapse_trusted_third_party_id_servers: - - matrix.org - - vector.im - - riot.im - -synapse_email_notifs: False -synapse_smtp_server: localhost -synapse_smtp_port: 25 -# synapse_smtp_user: -# synapse_smtp_pass: -synapse_smtp_tls: False +synapse_turn_allow_guests: True + +synapse_email_notifs: True synapse_smtp_from: "Your Friendly %(app)s Home Server " synapse_app_name: Matrix #synapse_riot_base_url: https://messenger.example.com diff --git a/roles/matrix_synapse/templates/homeserver.yaml.j2 b/roles/matrix_synapse/templates/homeserver.yaml.j2 index 720bd4b..8d26cf2 100644 --- a/roles/matrix_synapse/templates/homeserver.yaml.j2 +++ b/roles/matrix_synapse/templates/homeserver.yaml.j2 @@ -74,31 +74,6 @@ federation_ip_range_blacklist: [] media_store_path: "{{ synapse_root_dir }}/media_store" uploads_path: "{{ synapse_root_dir }}/uploads" max_upload_size: "{{ synapse_upload_max_size }}" -max_image_pixels: "32M" -dynamic_thumbnails: False -thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 320 - height: 240 - method: scale - - width: 640 - height: 480 - method: scale - - width: 800 - height: 600 - method: scale - -{% if synapse_recaptcha_public_key is defined and synapse_recaptcha_private_key is defined %} -recaptcha_public_key: "{{ synapse_recaptcha_public_key }}" -recaptcha_private_key: "{{ synapse_recaptcha_private_key }}" -enable_registration_captcha: True -recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" -{% endif %} {% if synapse_turn_uris is defined and synapse_turn_uris | length > 0 %} turn_uris: @@ -120,20 +95,7 @@ allow_guest_access: {{ synapse_allow_guest_access | ternary('True', 'False') }} enable_metrics: False report_stats: False -{% if synapse_trusted_third_party_id_servers is defined and synapse_trusted_third_party_id_servers | length > 0 %} -trusted_third_party_id_servers: -{% for server in synapse_trusted_third_party_id_servers %} - - {{ server }} -{% endfor %} -{% endif %} - -room_invite_state_types: - - "m.room.join_rules" - - "m.room.canonical_alias" - - "m.room.avatar" - - "m.room.name" - -app_service_config_files: [] +default_identity_server: {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }} macaroon_secret_key: "{{ synapse_macaroon_key }}" @@ -159,14 +121,10 @@ max_spider_size: {{ synapse_max_spider_size }} form_secret: "{{ synapse_form_secret }}" signing_key_path: "{{ synapse_root_dir }}/etc/{{ synapse_server_name }}.signing.key" -key_refresh_interval: "1d" - -perspectives: - servers: - "matrix.org": - verify_keys: - "ed25519:auto": - key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" + +trusted_key_servers: + - server_name: "matrix.org" +suppress_key_server_warning: True {% if synapse_email_notifs %} email: