diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/wiki-publish/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/wiki-publish/tasks/main.yml | 22 | ||||
| -rw-r--r-- | roles/wiki/defaults/main.yml | 3 | ||||
| -rw-r--r-- | roles/wiki/tasks/docker.yml | 66 | ||||
| -rw-r--r-- | roles/wiki/tasks/main.yml | 19 | ||||
| -rw-r--r-- | roles/wiki/templates/emacsconf.setup | 2 | ||||
| -rwxr-xr-x | roles/wiki/templates/htmlscrubber.pm | 4 | ||||
| -rwxr-xr-x | roles/wiki/templates/post-update | 20 | ||||
| -rwxr-xr-x | roles/wiki/templates/post-update.h00-ikiwiki-wrapper | 6 |
9 files changed, 118 insertions, 25 deletions
diff --git a/roles/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml index c6ca568..863003f 100644 --- a/roles/wiki-publish/defaults/main.yml +++ b/roles/wiki-publish/defaults/main.yml @@ -5,3 +5,4 @@ emacsconf_el_dir: ~/emacsconf-el emacsconf_edit_wiki_dir: ~/emacsconf-wiki emacsconf_private_dir: ~/emacsconf-2022-private emacs_config_dir: ~/.emacs.d +emacs_package: emacs-snapshot-nox diff --git a/roles/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml index 897cecc..960aa01 100644 --- a/roles/wiki-publish/tasks/main.yml +++ b/roles/wiki-publish/tasks/main.yml @@ -1,17 +1,18 @@ --- - name: Set up SSH directory ansible.builtin.file: - path: /home/ikiwiki/.ssh + path: "/home/{{ emacsconf_publish_user }}/.ssh" state: directory mode: '0700' - name: Install SSH key for EmacsConf wiki ansible.builtin.get_url: url: https://emacsconf.org/id_rsa_anon_git_emacsconf - dest: /home/ikiwiki/.ssh/id_rsa_anon_git_emacsconf + dest: "/home/{{ emacsconf_publish_user }}/.ssh/id_rsa_anon_git_emacsconf" mode: '0600' - owner: 'ikiwiki' + owner: "{{ emacsconf_publish_user }}" - name: Set up packages become: yes + when: emacs_package and emacs_package != "emacs" block: # This repository is currently not working # - name: Add snapshot repository @@ -23,7 +24,7 @@ state: absent - name: Install Emacs snapshot ansible.builtin.apt: - name: emacs-snapshot-nox + name: "{{ emacs_package }}" state: present - name: Set up Emacs configuration for non-interactive publishing become: true @@ -47,16 +48,29 @@ ansible.builtin.git: repo: git://git.emacsconf.org/emacsconf-wiki dest: "{{ emacsconf_edit_wiki_dir }}" + register: wiki_clone + failed_when: + - wiki_clone.failed + - not 'Local modifications exist in repository' in wiki_clone.msg + - not 'Failed to checkout branch' in wiki_clone.msg - name: Check out emacsconf-el ansible.builtin.git: repo: git@git.emacsconf.org:pub/emacsconf-el dest: "{{ emacsconf_el_dir }}" register: elisp + failed_when: + - elisp.failed + - not 'Local modifications exist in repository' in elisp.msg + - not 'Failed to checkout branch' in elisp.msg - name: Check out emacsconf-2022-private ansible.builtin.git: repo: git@git.emacsconf.org:emacsconf-2022-private dest: "{{ emacsconf_private_dir }}" register: private + failed_when: + - private.failed + - not 'Local modifications exist in repository' in private.msg + - not 'Failed to checkout branch' in private.msg - name: Publish tags: publish block: diff --git a/roles/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml index 421427c..3b890b0 100644 --- a/roles/wiki/defaults/main.yml +++ b/roles/wiki/defaults/main.yml @@ -2,7 +2,7 @@ ikiwiki_git_branch: master ikiwiki_path: /home/ikiwiki ikiwiki_src_dir: "{{ ikiwiki_path }}/emacsconf" -ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/IkiWiki/Plugin +ikiwiki_plugin_path: /home/ikiwiki/.ikiwiki/ ikiwiki_admin: bandali@gnu.org ikiwiki_dest: /var/www/emacsconf.org ikiwiki_url: https://emacsconf.org @@ -18,4 +18,5 @@ ikiwiki_cookie_jar: "{{ ikiwiki_path }}/.ikiwiki/cookies" ikiwiki_git_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf" ikiwiki_git_test_receive_wrapper: "{{ ikiwiki_path }}/hooks/emacsconf-pre" ikiwiki_git_base_url: //git.emacsconf.org/emacsconf-wiki +ikiwiki_cgi_wrapper: "{{ ikiwiki_path }}/ikiwiki.cgi" diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml index 1a759a4..be6591c 100644 --- a/roles/wiki/tasks/docker.yml +++ b/roles/wiki/tasks/docker.yml @@ -2,10 +2,13 @@ apt: pkg: - lighttpd - - supervisord + - supervisor + - sudo - name: Create the anon user user: name: anon + state: present + when: docker - name: Set up Ikiwiki setup template: src: emacsconf.setup @@ -14,27 +17,52 @@ group: www-data - name: Set up the ikiwiki directories file: - dest: /var/www/html + dest: "{{ ikiwiki_dest }}" state: directory - owner: www-data + owner: ikiwiki group: www-data + recurse: true - name: Clone the bare git repo git: bare: true repo: "{{ ikiwiki_git_source_mount }}" dest: "{{ ikiwiki_bare_git_dir }}" version: "{{ ikiwiki_git_branch }}" +- name: Set up post-update hook + tags: wip + template: + src: post-update + dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update" + mode: 0755 +- name: Remove sample + tags: wip + file: + path: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.sample" + state: absent +- name: Set up ikiwiki post-update hook + tags: wip + template: + src: post-update.h00-ikiwiki-wrapper + dest: "{{ ikiwiki_bare_git_dir }}/hooks/post-update.h00-ikiwiki-wrapper" + mode: 0755 - name: Change owner + tags: wip file: dest: "{{ ikiwiki_bare_git_dir }}" recurse: true - owner: www-data + owner: ikiwiki group: www-data - name: Clone the working git repo git: repo: "{{ ikiwiki_bare_git_dir }}" dest: "{{ ikiwiki_src_dir }}" version: "{{ ikiwiki_git_branch }}" +- name: Chown all the files to ikiwiki + file: + dest: "{{ ikiwiki_src_dir }}" + owner: ikiwiki + group: ikiwiki + recurse: true - name: Copy supervisor config template: src: supervisord.conf @@ -43,7 +71,31 @@ service: name: lighttpd state: started -- name: Start supervisord +- name: Start ssh + tags: ssh service: - name: supervisor - state: restarted + name: ssh + state: started +- name: Set up SSH directory + tags: ssh + file: + path: /home/ikiwiki/.ssh + owner: ikiwiki + group: ikiwiki + state: directory + mode: 0700 +- name: Set up SSH authentication + tags: ssh + block: + - name: Copy key + template: + src: "{{ docker_ssh_key }}" + dest: "/home/ikiwiki/.ssh/authorized_keys2" + mode: 0600 + - name: Change ownership + file: + path: "/home/ikiwiki/.ssh" + owner: ikiwiki + group: ikiwiki + recurse: true + when: docker_ssh_key is defined diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 35c297d..cd7cbdc 100644 --- a/roles/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml @@ -22,29 +22,26 @@ name: ikiwiki group: ikiwiki state: present -- debug: - var: docker -- name: Set up or update repositories - ansible.builtin.git: - repo: git://git.emacsconf.org/emacsconf-wiki - dest: "{{ ikiwiki_src_dir }}" - when: not docker|d(false) - name: Template the config ansible.builtin.template: src: emacsconf.setup dest: "{{ ikiwiki_path }}/emacsconf.setup" owner: ikiwiki +- name: Create the plugin directory + file: + path: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin" + state: directory - name: Copy Ikiwiki plugins tags: wiki-plugins template: src: "{{ item }}" - dest: "{{ ikiwiki_plugin_path }}/{{ item }}" + dest: "{{ ikiwiki_plugin_path }}/IkiWiki/Plugin/{{ item }}" loop: - copyright.pm - htmlscrubber.pm - license.pm - include: docker.yml - when: docker is true + when: docker - name: Chown all the files to ikiwiki tags: wiki-plugins file: @@ -54,7 +51,9 @@ recurse: true - name: Regenerate all the files tags: wiki-regenerate, wiki-plugins - shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers + become: true + become_user: ikiwiki + shell: cd ~ikiwiki; ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers register: output - debug: var: output diff --git a/roles/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup index ea9c4c8..81b089b 100644 --- a/roles/wiki/templates/emacsconf.setup +++ b/roles/wiki/templates/emacsconf.setup @@ -30,7 +30,7 @@ url: {{ ikiwiki_url }} reverse_proxy: 0 # filename of cgi wrapper to generate #cgi_wrapper: /home/ikiwiki/public_html/emacsconf/ikiwiki.cgi -cgi_wrapper: {{ ikiwiki_path }}/ikiwiki.cgi +cgi_wrapper: {{ ikiwiki_cgi_wrapper }} # mode for cgi_wrapper (can safely be made suid) cgi_wrappermode: 06755 # number of seconds to delay CGI requests when overloaded diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm index 1ce95b2..caf78a1 100755 --- a/roles/wiki/templates/htmlscrubber.pm +++ b/roles/wiki/templates/htmlscrubber.pm @@ -93,8 +93,8 @@ sub scrubber { }], default => [undef, { ( map { $_ => 1 } qw{ - version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform - data-start data-end data-video data-target data-tracks data-track + version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform opacity + data-start data-end data-video data-target data-tracks data-track kind label srclang default abbr accept accept-charset accesskey align alt axis border cellpadding cellspacing diff --git a/roles/wiki/templates/post-update b/roles/wiki/templates/post-update new file mode 100755 index 0000000..523b8de --- /dev/null +++ b/roles/wiki/templates/post-update @@ -0,0 +1,20 @@ +#!/bin/sh + +# Determine what input the hook needs +# post-update takes args, pre/post-receive take stdin +type=args +stdin='' +[ $0 != hooks/post-update ] && { + type=stdin + stdin=`cat` +} + +for h in $0.*; do + [ -x $h ] || continue + if [ $type = args ] + then + $h $@ || { [ $0 = hooks/pre-receive ] && exit 1; } + else + echo "$stdin" | $h || { [ $0 = hooks/pre-receive ] && exit 1; } + fi +done diff --git a/roles/wiki/templates/post-update.h00-ikiwiki-wrapper b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper new file mode 100755 index 0000000..684ac28 --- /dev/null +++ b/roles/wiki/templates/post-update.h00-ikiwiki-wrapper @@ -0,0 +1,6 @@ +#!/bin/sh + +# bring the mirror up to date with this repo +cd "{{ ikiwiki_src_dir }}" +git fetch --prune +exec {{ ikiwiki_path }}/hooks/emacsconf |