17 files changed, 202 insertions, 82 deletions

diff --git a/README.org b/README.org
index 66d61ff..76c082f 100644
--- a/README.org
+++ b/README.org
@@ -13,15 +13,42 @@ Docker: needs docker-vars.yml, see docker-vars.yml.sample
 When you update htmlscrubber.pm in wiki/templates:
 
 ansible-playbook -i inventory.yml prod-playbook.yml --tags wiki-plugins
+ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki-plugins
 
 *** Docker
+Goal:
+- [X] Load the wiki at http://localhost:28080
+- [X] Add SSH key
+- [X] Add as remote
+- [X] Push to the wiki
+- [ ] Have the changes show up automatically
+- [X] Have ansible copy the SSH key
+  
+file:/docker:emacsconf-front:/home/ikiwiki/emacsconf.setup
+
 Creating:
 ansible-playbook -i docker-inventory.yml docker-playbook.yml --tags wiki
 
 Reusing:
 ansible-playbook -i docker-inventory.yml docker-reuse-playbook.yml --tags wiki
 
+Copying your SSH key:
+set the docker_ssh_key Ansible variable to the path of your public key
+or
+docker cp ~/.ssh/id_rsa.pub emacsconf-front:/home/ikiwiki/.ssh/authorized_keys2
+docker exec emacsconf-front chown ikiwiki:ikiwiki /home/ikiwiki/.ssh/authorized_keys2
+docker exec emacsconf-front chmod 600 /home/ikiwiki/.ssh/authorized_keys2
+
 http://localhost:28080/
+ssh localhost -p 2022
+
+docker exec -it emacsconf-front /bin/bash
+
+git remote add docker ssh://ikiwiki@127.0.0.1:2222/var/www/wiki.git
+
+Debugging
+ssh wiki 'cd /var/www/wiki.git; git update-ref refs/heads/master HEAD^' && git push docker 2022-pages
+
 ** Publishing
 *** Prod
 To run the playbook and publish the main schedule:
diff --git a/common-playbook.yml b/common-playbook.yml
new file mode 100644
index 0000000..06b8d08
--- /dev/null
+++ b/common-playbook.yml
@@ -0,0 +1,25 @@
+- name: Set up wiki
+  hosts: front
+  tags: wiki
+  roles:
+    - wiki
+- name: Set up wiki for publishing
+  hosts: front
+  tags: wiki-publish
+  roles:
+    - wiki-publish
+- name: Set up wiki for interactive editing
+  hosts: front
+  tags: wiki-edit
+  roles:
+    - wiki-edit
+- name: Set up pad
+  hosts: pad
+  tags: pad
+  roles:
+    - pad
+- name: Set up proxy
+  hosts: pad
+  tags: proxy
+  roles:
+    - pad-proxy
diff --git a/docker-inventory.yml b/docker-inventory.yml
index b1be91e..c88593f 100644
--- a/docker-inventory.yml
+++ b/docker-inventory.yml
@@ -1,11 +1,15 @@
-all:
+front:
   hosts:
     emacsconf-front:
       ansible_connection: docker
       ansible_python_interpreter: /usr/bin/python3
+pad:
+  hosts:
     emacsconf-pad:
       ansible_connection: docker
       ansible_python_interpreter: /usr/bin/python3
+all:
+  hosts:
     localhost:
       ansible_connection: local
- 
+  
diff --git a/docker-playbook.yml b/docker-playbook.yml
index 60f83cf..5fce9fb 100644
--- a/docker-playbook.yml
+++ b/docker-playbook.yml
@@ -38,14 +38,5 @@
     - include_vars:
         file: docker-vars.yml
         
-- name: Provision the emacsconf-front container created above
-  tags: wiki
-  hosts: emacsconf-front
-  roles:
-    - wiki
-
-- name: Provision the pad container created above
-  tags: pad
-  hosts: emacsconf-pad
-  roles:
-    - pad
+- name: Run common tasks
+  import_playbook: common-playbook.yml
diff --git a/docker-reuse-playbook.yml b/docker-reuse-playbook.yml
index fd6eea2..bfcfbd1 100644
--- a/docker-reuse-playbook.yml
+++ b/docker-reuse-playbook.yml
@@ -5,23 +5,5 @@
   tasks:
     - include_vars:
         file: docker-vars.yml
-- name: Load talks
-  hosts: localhost
-  tags: create-pads
-  tasks:
-    - include_vars:
-        file: talks.json
-        name: talks
-    
-- name: Set up the emacsconf-front wiki
-  hosts: emacsconf-front
-  tags: wiki
-  roles:
-    - wiki
-
-- name: Set up the emacsconf-pad
-  hosts: emacsconf-pad
-  tags: pad
-  roles:
-    - pad
-
+- name: Run common tasks
+  import_playbook: common-playbook.yml
diff --git a/inventory.yml b/inventory.yml
index 2c52301..3124fb5 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -18,3 +18,7 @@ prod:
       ansible_ssh_user: orga
       ansible_python_interpreter: /usr/bin/python3
       ansible_become: true
+all:
+  hosts:
+    localhost:
+      ansible_connection: local
diff --git a/local-playbook.yml b/local-playbook.yml
new file mode 100644
index 0000000..37cd294
--- /dev/null
+++ b/local-playbook.yml
@@ -0,0 +1,16 @@
+- name: Load vars
+  hosts: localhost
+  tags: always
+  tasks:
+    - include_vars:
+        file: prod-vars.yml
+- name: Load local vars
+  hosts: localhost
+  tags: always
+  tasks:
+    - include_vars:
+        file: local-vars.yml
+- name: Set up Emacs
+  hosts: localhost
+  roles:
+    - wiki-publish
diff --git a/prod-playbook.yml b/prod-playbook.yml
index ac2f8bb..0fc22c2 100644
--- a/prod-playbook.yml
+++ b/prod-playbook.yml
@@ -4,27 +4,5 @@
   tasks:
     - include_vars:
         file: prod-vars.yml
-- name: Set up wiki
-  hosts: front
-  roles:
-    - wiki
-- name: Set up wiki for publishing
-  hosts: front
-  tags: wiki-publish
-  roles:
-    - wiki-publish
-- name: Set up wiki for interactive editing
-  hosts: front
-  tags: wiki-edit
-  roles:
-    - wiki-edit
-- name: Set up pad
-  hosts: pad
-  tags: pad
-  roles:
-    - pad
-- name: Set up proxy
-  hosts: pad
-  tags: proxy
-  roles:
-    - pad-proxy
+- name: Run common tasks
+  import_playbook: common-playbook.yml
diff --git a/roles/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml
index c6ca568..863003f 100644
--- a/roles/wiki-publish/defaults/main.yml
+++ b/roles/wiki-publish/defaults/main.yml
@@ -5,3 +5,4 @@ emacsconf_el_dir: ~/emacsconf-el
 emacsconf_edit_wiki_dir: ~/emacsconf-wiki
 emacsconf_private_dir: ~/emacsconf-2022-private
 emacs_config_dir: ~/.emacs.d
+emacs_package: emacs-snapshot-nox
diff --git a/roles/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml
index 897cecc..960aa01 100644
--- a/roles/wiki-publish/tasks/main.yml
+++ b/roles/wiki-publish/tasks/main.yml
@@ -1,17 +1,18 @@
 ---
 - name: Set up SSH directory
   ansible.builtin.file:
-    path: /home/ikiwiki/.ssh
+    path: "/home/{{ emacsconf_publish_user }}/.ssh"
     state: directory
     mode: '0700'
 - name: Install SSH key for EmacsConf wiki
   ansible.builtin.get_url:
     url: https://emacsconf.org/id_rsa_anon_git_emacsconf
-    dest: /home/ikiwiki/.ssh/id_rsa_anon_git_emacsconf
+    dest: "/home/{{ emacsconf_publish_user }}/.ssh/id_rsa_anon_git_emacsconf"
     mode: '0600'
-    owner: 'ikiwiki'
+    owner: "{{ emacsconf_publish_user }}"
 - name: Set up packages
   become: yes
+  when: emacs_package and emacs_package != "emacs"
   block:
     # This repository is currently not working
     # - name: Add snapshot repository
@@ -23,7 +24,7 @@
         state: absent
     - name: Install Emacs snapshot
       ansible.builtin.apt:
-        name: emacs-snapshot-nox
+        name: "{{ emacs_package }}"
         state: present
 - name: Set up Emacs configuration for non-interactive publishing
   become: true
@@ -47,16 +48,29 @@
       ansible.builtin.git:
         repo: git://git.emacsconf.org/emacsconf-wiki
         dest: "{{ emacsconf_edit_wiki_dir }}"
+      register: wiki_clone
+      failed_when:
+        - wiki_clone.failed
+        - not 'Local modifications exist in repository' in wiki_clone.msg
+        - not 'Failed to checkout branch' in wiki_clone.msg
     - name: Check out emacsconf-el
       ansible.builtin.git:
         repo: git@git.emacsconf.org:pub/emacsconf-el
         dest: "{{ emacsconf_el_dir }}"
       register: elisp
+      failed_when:
+        - elisp.failed
+        - not 'Local modifications exist in repository' in elisp.msg
+        - not 'Failed to checkout branch' in elisp.msg
     - name: Check out emacsconf-2022-private
       ansible.builtin.git:
         repo: git@git.emacsconf.org:emacsconf-2022-private
         dest: "{{ emacsconf_private_dir }}"
       register: private
+      failed_when:
+        - private.failed
+        - not 'Local modifications exist in repository' in private.msg
+        - not 'Failed to checkout branch' in private.msg
 - name: Publish
   tags: publish
   block:
diff --git a/roles/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml
index 421427c..3b890b0 100644
--- a/roles/wiki/defaults/main.yml
+++ b/roles/wiki/defaults/main.yml
@@ -2,7 +2,7 @@
 ikiwiki_git_branch: master
 ikiwiki_path: /home/ikiwiki
 ikiwiki_src_dir: "{{ ikiwiki_path }}/emacsconf"
-ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/IkiWiki/Plugin
+ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/
 ikiwiki_admin: bandali@gnu.org
 ikiwiki_dest: /var/www/emacsconf.org
 ikiwiki_url: https://emacsconf.org
@@ -18,4 +18,5 @@ ikiwiki_cookie_jar: "{{ ikiwiki_path }}/.ikiwiki/cookies"
 ikiwiki_git_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf"
 ikiwiki_git_test_receive_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf-pre"
 ikiwiki_git_base_url: //git.emacsconf.org/emacsconf-wiki
+ikiwiki_cgi_wrapper: "{{ ikiwiki_path }}/ikiwiki.cgi"
 
diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index 1a759a4..be6591c 100644
--- a/roles/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
@@ -2,10 +2,13 @@
   apt:
     pkg:
       - lighttpd
-      - supervisord
+      - supervisor
+      - sudo
 - name: Create the anon user
   user:
     name: anon
+    state: present
+  when: docker
 - name: Set up Ikiwiki setup
   template:
     src: emacsconf.setup
@@ -14,27 +17,52 @@
     group: www-data
 - name: Set up the ikiwiki directories
   file:
-    dest: /var/www/html
+    dest: "{{ ikiwiki_dest }}"
     state: directory
-    owner: www-data
+    owner: ikiwiki
     group: www-data
+    recurse: true
 - name: Clone the bare git repo
   git:
     bare: true
     repo: "{{ ikiwiki_git_source_mount }}"
     dest: "{{ ikiwiki_bare_git_dir }}"
     version: "{{ ikiwiki_git_branch }}"
+- name: Set up post-update hook
+  tags: wip
+  template:
+    src: post-update
+    dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update"
+    mode: 0755
+- name: Remove sample
+  tags: wip
+  file:
+    path: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.sample"
+    state: absent
+- name: Set up ikiwiki post-update hook
+  tags: wip
+  template:
+    src: post-update.h00-ikiwiki-wrapper
+    dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.h00-ikiwiki-wrapper"
+    mode: 0755  
 - name: Change owner
+  tags: wip
   file:
     dest: "{{ ikiwiki_bare_git_dir }}"
     recurse: true
-    owner: www-data
+    owner: ikiwiki
     group: www-data
 - name: Clone the working git repo
   git:
     repo: "{{ ikiwiki_bare_git_dir }}"
     dest: "{{ ikiwiki_src_dir }}"
     version: "{{ ikiwiki_git_branch }}"
+- name: Chown all the files to ikiwiki
+  file:
+    dest: "{{ ikiwiki_src_dir }}"
+    owner: ikiwiki
+    group: ikiwiki
+    recurse: true
 - name: Copy supervisor config
   template:
     src: supervisord.conf
@@ -43,7 +71,31 @@
   service:
     name: lighttpd
     state: started
-- name: Start supervisord
+- name: Start ssh
+  tags: ssh
   service:
-    name: supervisor
-    state: restarted
+    name: ssh
+    state: started
+- name: Set up SSH directory
+  tags: ssh
+  file:
+    path: /home/ikiwiki/.ssh
+    owner: ikiwiki
+    group: ikiwiki
+    state: directory
+    mode: 0700
+- name: Set up SSH authentication
+  tags: ssh
+  block:
+    - name: Copy key
+      template:
+        src: "{{ docker_ssh_key }}"
+        dest: "/home/ikiwiki/.ssh/authorized_keys2"
+        mode: 0600
+    - name: Change ownership
+      file:
+        path: "/home/ikiwiki/.ssh"
+        owner: ikiwiki
+        group: ikiwiki
+        recurse: true
+  when: docker_ssh_key is defined
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 35c297d..cd7cbdc 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -22,29 +22,26 @@
     name: ikiwiki
     group: ikiwiki
     state: present
-- debug:
-    var: docker
-- name: Set up or update repositories
-  ansible.builtin.git:
-    repo: git://git.emacsconf.org/emacsconf-wiki
-    dest: "{{ ikiwiki_src_dir }}"
-  when: not docker|d(false)
 - name: Template the config
   ansible.builtin.template:
     src: emacsconf.setup
     dest: "{{ ikiwiki_path }}/emacsconf.setup"
     owner: ikiwiki
+- name: Create the plugin directory
+  file:
+    path: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin"
+    state: directory
 - name: Copy Ikiwiki plugins
   tags: wiki-plugins
   template:
     src: "{{ item }}"
-    dest: "{{ ikiwiki_plugin_path }}/{{ item }}"
+    dest: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin/{{ item }}"
   loop:
     - copyright.pm
     - htmlscrubber.pm
     - license.pm
 - include: docker.yml
-  when: docker is true
+  when: docker
 - name: Chown all the files to ikiwiki
   tags: wiki-plugins
   file:
@@ -54,7 +51,9 @@
     recurse: true
 - name: Regenerate all the files
   tags: wiki-regenerate, wiki-plugins
-  shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
+  become: true
+  become_user: ikiwiki
+  shell: cd ~ikiwiki; ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
   register: output
 - debug:
     var: output
diff --git a/roles/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup
index ea9c4c8..81b089b 100644
--- a/roles/wiki/templates/emacsconf.setup
+++ b/roles/wiki/templates/emacsconf.setup
@@ -30,7 +30,7 @@ url: {{ ikiwiki_url }}
 reverse_proxy: 0
 # filename of cgi wrapper to generate
 #cgi_wrapper: /home/ikiwiki/public_html/emacsconf/ikiwiki.cgi
-cgi_wrapper: {{ ikiwiki_path }}/ikiwiki.cgi
+cgi_wrapper: {{ ikiwiki_cgi_wrapper }}
 # mode for cgi_wrapper (can safely be made suid)
 cgi_wrappermode: 06755
 # number of seconds to delay CGI requests when overloaded
diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 1ce95b2..caf78a1 100755
--- a/roles/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
@@ -93,8 +93,8 @@ sub scrubber {
 		}],
 		default => [undef, { (
                              map { $_ => 1 } qw{
-                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform 
-          data-start data-end data-video data-target data-tracks data-track
+                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity
+          data-start data-end data-video data-target data-tracks data-track 
               kind label srclang default
 				abbr accept accept-charset accesskey
 				align alt axis border cellpadding cellspacing
diff --git a/roles/wiki/templates/post-update b/roles/wiki/templates/post-update
new file mode 100755
index 0000000..523b8de
--- /dev/null
+++ b/roles/wiki/templates/post-update
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Determine what input the hook needs
+# post-update takes args, pre/post-receive take stdin
+type=args
+stdin=''
+[ $0 != hooks/post-update ] && {
+    type=stdin
+    stdin=`cat`
+}
+
+for h in $0.*; do
+    [ -x $h ] || continue
+    if [ $type = args ]
+    then
+        $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; }
+    else
+        echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; }
+    fi
+done
diff --git a/roles/wiki/templates/post-update.h00-ikiwiki-wrapper b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
new file mode 100755
index 0000000..684ac28
--- /dev/null
+++ b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# bring the mirror up to date with this repo
+cd "{{ ikiwiki_src_dir }}"
+git fetch --prune
+exec {{ ikiwiki_path }}/hooks/emacsconf