From b864f83c3ae882ebe0191114bfcdcda0dc1f9ab4 Mon Sep 17 00:00:00 2001
From: Sacha Chua <sacha@sachachua.com>
Date: Sat, 15 Oct 2022 19:34:53 -0400
Subject: Change docker SSH port

---
 docker-playbook.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-playbook.yml b/docker-playbook.yml
index dc29381..60f83cf 100644
--- a/docker-playbook.yml
+++ b/docker-playbook.yml
@@ -17,7 +17,7 @@
         volumes: "{{ ikiwiki_git_source }}:{{ ikiwiki_git_source_mount }}"
         published_ports:
           - "28080:80"
-          - "2022:22"
+          - "2222:22"
 - name: Create a pad container to be provisioned later
   tags: pad
   hosts: localhost
-- 
cgit v1.2.3


From 830f627d38a1476af3a96c554157ee95b03a2ba0 Mon Sep 17 00:00:00 2001
From: Sacha Chua <sacha@sachachua.com>
Date: Sat, 15 Oct 2022 19:35:13 -0400
Subject: Fix wiki task

---
 prod-playbook.yml              | 4 ++++
 wiki/tasks/docker.yml          | 6 +++++-
 wiki/tasks/main.yml            | 5 ++++-
 wiki/templates/htmlscrubber.pm | 2 +-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/prod-playbook.yml b/prod-playbook.yml
index 063015d..81b6911 100644
--- a/prod-playbook.yml
+++ b/prod-playbook.yml
@@ -4,6 +4,10 @@
   tasks:
     - include_vars:
         file: prod-vars.yml
+- name: Set up wiki for publishing
+  hosts: front
+  roles:
+    - wiki
 - name: Set up wiki for publishing
   hosts: publish
   roles:
diff --git a/wiki/tasks/docker.yml b/wiki/tasks/docker.yml
index a5d73e2..1a759a4 100644
--- a/wiki/tasks/docker.yml
+++ b/wiki/tasks/docker.yml
@@ -2,7 +2,7 @@
   apt:
     pkg:
       - lighttpd
-      - supervisor
+      - supervisord
 - name: Create the anon user
   user:
     name: anon
@@ -43,3 +43,7 @@
   service:
     name: lighttpd
     state: started
+- name: Start supervisord
+  service:
+    name: supervisor
+    state: restarted
diff --git a/wiki/tasks/main.yml b/wiki/tasks/main.yml
index 0fa2336..35c297d 100644
--- a/wiki/tasks/main.yml
+++ b/wiki/tasks/main.yml
@@ -35,9 +35,10 @@
     dest: "{{ ikiwiki_path }}/emacsconf.setup"
     owner: ikiwiki
 - name: Copy Ikiwiki plugins
+  tags: wiki-plugins
   template:
     src: "{{ item }}"
-    dest: "{{ ikiwiki_plugin_path }}"
+    dest: "{{ ikiwiki_plugin_path }}/{{ item }}"
   loop:
     - copyright.pm
     - htmlscrubber.pm
@@ -45,12 +46,14 @@
 - include: docker.yml
   when: docker is true
 - name: Chown all the files to ikiwiki
+  tags: wiki-plugins
   file:
     dest: "{{ ikiwiki_path }}"
     owner: ikiwiki
     group: ikiwiki
     recurse: true
 - name: Regenerate all the files
+  tags: wiki-regenerate, wiki-plugins
   shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
   register: output
 - debug:
diff --git a/wiki/templates/htmlscrubber.pm b/wiki/templates/htmlscrubber.pm
index 904a2dc..bd9ff90 100755
--- a/wiki/templates/htmlscrubber.pm
+++ b/wiki/templates/htmlscrubber.pm
@@ -91,7 +91,7 @@ sub scrubber {
 		}],
 		default => [undef, { (
                              map { $_ => 1 } qw{
-                                 version xmlns x y fill font-size stroke stroke-dasharray transform 
+                                 version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform 
           data-start data-end data-video data-target data-tracks
               kind label srclang default
 				abbr accept accept-charset accesskey
-- 
cgit v1.2.3


From 8024842def28dd151759ee46cd160c7794463aef Mon Sep 17 00:00:00 2001
From: Sacha Chua <sacha@sachachua.com>
Date: Sat, 15 Oct 2022 22:16:28 -0400
Subject: Improve pad proxy with templated config, support SSL on
 pad.emacsconf.org

---
 README.org                              |  4 ++++
 pad-proxy/defaults/main.yml             |  1 +
 pad-proxy/tasks/main.yml                | 16 +++++-----------
 pad-proxy/templates/etherpad.nginx.conf | 34 ++++++++++++++++++++++++++++++++-
 4 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/README.org b/README.org
index 643817f..551496e 100644
--- a/README.org
+++ b/README.org
@@ -87,4 +87,8 @@ curl http://localhost:9001/api/1/createPad?apikey=b7a15dc34cc7f6917cca6cd9a2b4b9
 ** Useful
 https://github.com/systemli/ansible-role-etherpad
 https://gist.github.com/aaronpk/7307172
+* Pad proxy
 
+ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": false}'
+
+ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": true}'
diff --git a/pad-proxy/defaults/main.yml b/pad-proxy/defaults/main.yml
index c548560..cec03da 100644
--- a/pad-proxy/defaults/main.yml
+++ b/pad-proxy/defaults/main.yml
@@ -1 +1,2 @@
 etherpad_server_name: pad.emacsconf.org
+etherpad_tls: /etc/nginx/tls/emacsconf.org.conf
diff --git a/pad-proxy/tasks/main.yml b/pad-proxy/tasks/main.yml
index d47573a..8de72df 100644
--- a/pad-proxy/tasks/main.yml
+++ b/pad-proxy/tasks/main.yml
@@ -9,19 +9,13 @@
   - name: Add proxy configuration
     template:
       src: etherpad.nginx.conf
-      dest: /etc/nginx/sites-available/etherpad.conf
-    when: not use_wikimedia
-  - name: Add rewrite configuration
-    template:
-      src: wikimedia.etherpad.nginx.conf
-      dest: /etc/nginx/sites-available/etherpad.conf
-    when: use_wikimedia
+      dest: /etc/nginx/sites-available/pad.emacsconf.org
   - name: Enable site
     file:
-      src: /etc/nginx/sites-available/etherpad.conf
-      dest: /etc/nginx/sites-enabled/etherpad.conf
+      src: /etc/nginx/sites-available/pad.emacsconf.org
+      dest: /etc/nginx/sites-enabled/pad.emacsconf.org
       state: link
-  - name: Restart nginx
+  - name: Reload nginx
     service:
       name: nginx
-      state: restarted
+      state: reloaded
diff --git a/pad-proxy/templates/etherpad.nginx.conf b/pad-proxy/templates/etherpad.nginx.conf
index 92ba974..90a7c1c 100644
--- a/pad-proxy/templates/etherpad.nginx.conf
+++ b/pad-proxy/templates/etherpad.nginx.conf
@@ -5,6 +5,19 @@ upstream etherpad_upstream {
 server {
   listen 80;
   server_name {{ etherpad_server_name }};
+  {% if etherpad_tls %}
+  include snippets/well-known-acme-challenge.conf;
+  location / {
+    return 302 https://$server_name$request_uri;
+    }
+    }
+  server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ etherpad_server_name }};
+    include {{ etherpad_tls }};
+
+  {% endif %}
   access_log  /var/log/nginx/{{ etherpad_server_name }}.access.log;
   location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
     proxy_buffering off;
@@ -12,7 +25,24 @@ server {
     }
   location /p/ {
     rewrite ^/p/(.*) /$1 redirect;
+    }
+  location /direct/ {
+    rewrite /direct/(.*) /$1 break;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
   }
+
+  {% if use_wikimedia %} 
+  location ~ ^/$ {
+    return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+  }
+  location / {
+    rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+  }
+  {% else %}
   location ~ ^/$ {
     proxy_buffering off;
     proxy_pass http://etherpad_upstream;
@@ -29,5 +59,7 @@ server {
     proxy_pass http://etherpad_upstream/p/;
     proxy_redirect / /p/;
     proxy_read_timeout  90;
-  }
+    }
+  {% endif %}
 }
+
-- 
cgit v1.2.3