diff --git a/ansible/roles/authelia-for-dokuwiki/defaults/main.json b/ansible/roles/authelia-for-dokuwiki/defaults/main.json new file mode 100644 index 0000000..66adc78 --- /dev/null +++ b/ansible/roles/authelia-for-dokuwiki/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_authelia_for_dokuwiki_dokuwiki_url_base": "https://dokuwiki.example.org", + "var_authelia_for_dokuwiki_client_id": "dokuwiki", + "var_authelia_for_dokuwiki_client_secret": "REPLACE_ME" +} diff --git a/ansible/roles/authelia-for-dokuwiki/info.md b/ansible/roles/authelia-for-dokuwiki/info.md new file mode 100644 index 0000000..71fc4ff --- /dev/null +++ b/ansible/roles/authelia-for-dokuwiki/info.md @@ -0,0 +1,3 @@ +## Beschreibung + +Um [DokuWiki](../dokuwiki) gegen [Authelia](../authelia) authentifizieren zu lassen diff --git a/ansible/roles/authelia-for-dokuwiki/tasks/main.json b/ansible/roles/authelia-for-dokuwiki/tasks/main.json new file mode 100644 index 0000000..9bcb960 --- /dev/null +++ b/ansible/roles/authelia-for-dokuwiki/tasks/main.json @@ -0,0 +1,25 @@ +[ + { + "name": "configuration | emplace", + "become": true, + "ansible.builtin.template": { + "src": "authelia-client-conf.json.j2", + "dest": "/etc/authelia/conf.d/clients/dokuwiki.json" + } + }, + { + "name": "configuration | apply", + "become": true, + "ansible.builtin.command": { + "cmd": "/usr/bin/authelia-conf-compose" + } + }, + { + "name": "restart service", + "become": true, + "ansible.builtin.systemd_service": { + "state": "restarted", + "name": "authelia" + } + } +] diff --git a/ansible/roles/authelia-for-dokuwiki/templates/authelia-client-conf.json.j2 b/ansible/roles/authelia-for-dokuwiki/templates/authelia-client-conf.json.j2 new file mode 100644 index 0000000..2605a0f --- /dev/null +++ b/ansible/roles/authelia-for-dokuwiki/templates/authelia-client-conf.json.j2 @@ -0,0 +1,17 @@ +{ + "client_id": "{{var_authelia_for_dokuwiki_client_id}}", + "client_secret": "{{var_authelia_for_dokuwiki_client_secret}}", + "client_name": "DokuWiki", + "public": false, + "authorization_policy": "one_factor", + "redirect_uris": [ + "{{var_authelia_for_dokuwiki_dokuwiki_url_base}}/doku.php" + ], + "scopes": [ + "openid", + "email", + "profile", + "groups" + ], + "token_endpoint_auth_method": "client_secret_post" +} diff --git a/ansible/roles/dokuwiki-and-nginx/defaults/main.json b/ansible/roles/dokuwiki-and-nginx/defaults/main.json new file mode 100644 index 0000000..22367fe --- /dev/null +++ b/ansible/roles/dokuwiki-and-nginx/defaults/main.json @@ -0,0 +1,5 @@ +{ + "var_dokuwiki_and_nginx_directory": "/opt/dokuwiki", + "var_dokuwiki_and_nginx_domain": "dokuwiki.example.org", + "var_dokuwiki_and_nginx_tls_enable": true +} diff --git a/ansible/roles/dokuwiki-and-nginx/info.md b/ansible/roles/dokuwiki-and-nginx/info.md new file mode 100644 index 0000000..a0f970f --- /dev/null +++ b/ansible/roles/dokuwiki-and-nginx/info.md @@ -0,0 +1,8 @@ +## Beschreibung + +- zur Einrichtung von [nginx](../nginx) als Reverse-Proxy für [DokuWiki](../dokuwiki) + + +## Verweise + +- [DokuWiki-Dokumentation | nginx](https://www.dokuwiki.org/install:nginx) diff --git a/ansible/roles/dokuwiki-and-nginx/tasks/main.json b/ansible/roles/dokuwiki-and-nginx/tasks/main.json new file mode 100644 index 0000000..e0b7959 --- /dev/null +++ b/ansible/roles/dokuwiki-and-nginx/tasks/main.json @@ -0,0 +1,35 @@ +[ + { + "name": "deactivate default site", + "become": true, + "ansible.builtin.file": { + "state": "absent", + "dest": "/etc/nginx/sites-enabled/default" + } + }, + { + "name": "emplace configuration | data", + "become": true, + "ansible.builtin.template": { + "src": "conf.j2", + "dest": "/etc/nginx/sites-available/{{var_dokuwiki_and_nginx_domain}}" + } + }, + { + "name": "emplace configuration | link", + "become": true, + "ansible.builtin.file": { + "state": "link", + "src": "/etc/nginx/sites-available/{{var_dokuwiki_and_nginx_domain}}", + "dest": "/etc/nginx/sites-enabled/{{var_dokuwiki_and_nginx_domain}}" + } + }, + { + "name": "restart nginx", + "become": true, + "ansible.builtin.systemd_service": { + "state": "restarted", + "name": "nginx" + } + } +] diff --git a/ansible/roles/dokuwiki-and-nginx/templates/conf.j2 b/ansible/roles/dokuwiki-and-nginx/templates/conf.j2 new file mode 100644 index 0000000..cd9c68d --- /dev/null +++ b/ansible/roles/dokuwiki-and-nginx/templates/conf.j2 @@ -0,0 +1,62 @@ +server { + listen 80; + listen [::]:80; + server_name {{var_dokuwiki_and_nginx_domain}}; + return 301 https://$server_name$request_uri; +} + +server { + listen [::]:443 ssl; + listen 443 ssl; + + server_name {{var_dokuwiki_and_nginx_domain}}; + +{% if var_dokuwiki_and_nginx_tls_enable %} + ssl_certificate /etc/ssl/fullchains/{{var_dokuwiki_and_nginx_domain}}.pem; + ssl_certificate_key /etc/ssl/private/{{var_dokuwiki_and_nginx_domain}}.pem; + ssl_session_timeout 5m; + ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; +{% endif %} + + # Maximum file upload size is 4MB - change accordingly if needed + client_max_body_size 4M; + client_body_buffer_size 128k; + + root {{var_dokuwiki_and_nginx_directory}}; + index doku.php; + + #Remember to comment the below out when you're installing, and uncomment it when done. + location ~ /(conf/|bin/|inc/|vendor/|install.php) { + deny all; + } + + #Support for X-Accel-Redirect + location ~ ^/data/ { + internal; + } + + location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { + expires 365d; + } + + location / { + try_files $uri $uri/ @dokuwiki; + } + + location @dokuwiki { + # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + try_files $uri $uri/ /doku.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + # fastcgi_pass unix:/var/run/php5-fpm.sock; #old php version + } +} diff --git a/ansible/roles/dokuwiki/defaults/main.json b/ansible/roles/dokuwiki/defaults/main.json new file mode 100644 index 0000000..686905f --- /dev/null +++ b/ansible/roles/dokuwiki/defaults/main.json @@ -0,0 +1,22 @@ +{ + "var_dokuwiki_directory": "/opt/dokuwiki", + "var_dokuwiki_title": "DokuWiki", + "var_dokuwiki_language": "en", + "var_dokuwiki_licence": "cc-by-sa", + "var_dokuwiki_authentication_kind": "internal", + "var_dokuwiki_authentication_data_generic_auth_url": "https://auth.example.org/api/oidc/authorize", + "var_dokuwiki_authentication_data_generic_token_url": "https://auth.example.org/api/oidc/token", + "var_dokuwiki_authentication_data_generic_user_url": "https://auth.example.org/api/oidc/userinfo", + "var_dokuwiki_authentication_data_generic_client_id": "dokuwiki", + "var_dokuwiki_authentication_data_generic_client_secret": "REPLACE_ME", + "var_dokuwiki_authentication_data_generic_title": "external auth", + "var_dokuwiki_authentication_data_authelia_url_base": "https://authelia.example.org", + "var_dokuwiki_authentication_data_authelia_client_id": "dokuwiki", + "var_dokuwiki_authentication_data_authelia_client_secret": "REPLACE_ME", + "var_dokuwiki_authentication_data_authelia_label": "Authelia", + "var_dokuwiki_admin_user_define": true, + "var_dokuwiki_admin_user_name": "admin", + "var_dokuwiki_admin_user_password": "REPLACE_ME", + "var_dokuwiki_admin_user_label": "Admin", + "var_dokuwiki_admin_user_email_address": "dokuwiki-admin@example.org" +} diff --git a/ansible/roles/dokuwiki/info.md b/ansible/roles/dokuwiki/info.md new file mode 100644 index 0000000..25eac97 --- /dev/null +++ b/ansible/roles/dokuwiki/info.md @@ -0,0 +1,11 @@ +## Beschreibung + +Für das leicht-gewichtige Wiki-System [DokuWiki](https://www.dokuwiki.org/dokuwiki) + + +## Verweise + +- [Dokumentation | Installation](https://www.dokuwiki.org/install) +- [Dokumentation | Ansible](https://www.dokuwiki.org/install:ansible) +- [Plugin: oAuth](https://www.dokuwiki.org/plugin:oauth) +- [Plugin: oAuthGeneric](https://www.dokuwiki.org/plugin:oauthgeneric) diff --git a/ansible/roles/dokuwiki/tasks/main.json b/ansible/roles/dokuwiki/tasks/main.json new file mode 100644 index 0000000..f404c5b --- /dev/null +++ b/ansible/roles/dokuwiki/tasks/main.json @@ -0,0 +1,210 @@ +[ + { + "name": "packages", + "become": true, + "ansible.builtin.apt": { + "pkg": [ + "unzip", + "php8.2-fpm", + "php8.2-xml" + ] + } + }, + { + "name": "core | preparation", + "ansible.builtin.file": { + "state": "directory", + "path": "/tmp/dokuwiki-core" + } + }, + { + "name": "core | acquisition", + "ansible.builtin.get_url": { + "url": "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz", + "dest": "/tmp/dokuwiki.tgz" + } + }, + { + "name": "core | extraction", + "ansible.builtin.unarchive": { + "remote_src": true, + "src": "/tmp/dokuwiki.tgz", + "dest": "/tmp/dokuwiki-core" + } + }, + { + "name": "core | version retrieval", + "ansible.builtin.command": { + "cmd": "ls /tmp/dokuwiki-core" + }, + "register": "temp_core_version_output" + }, + { + "name": "core | directory", + "become": true, + "ansible.builtin.file": { + "state": "directory", + "path": "{{var_dokuwiki_directory}}", + "owner": "www-data" + } + }, + { + "name": "core | emplacement", + "become": true, + "ansible.builtin.copy": { + "remote_src": true, + "src": "/tmp/dokuwiki-core/{{temp_core_version_output.stdout}}/", + "dest": "{{var_dokuwiki_directory}}", + "owner": "www-data" + } + }, + { + "name": "plugin 'oauth' | preparation", + "ansible.builtin.file": { + "state": "directory", + "path": "/tmp/dokuwiki-plugin-oauth" + } + }, + { + "name": "plugin 'oauth' | acquisition", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.get_url": { + "url": "https://github.com/cosmocode/dokuwiki-plugin-oauth/zipball/master", + "dest": "/tmp/dokuwiki-plugin-oauth-base.zip" + } + }, + { + "name": "plugin 'oauth' | extraction", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.unarchive": { + "remote_src": true, + "src": "/tmp/dokuwiki-plugin-oauth-base.zip", + "dest": "/tmp/dokuwiki-plugin-oauth" + } + }, + { + "name": "plugin 'oauth' | version retrieval", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.command": { + "cmd": "ls -1 /tmp/dokuwiki-plugin-oauth" + }, + "register": "temp_plugin_oauth_base_version_output" + }, + { + "name": "plugin 'oauth' | directory", + "when": "var_dokuwiki_oauth2_enable", + "become": true, + "ansible.builtin.file": { + "state": "directory", + "dest": "{{var_dokuwiki_directory}}/lib/plugins/oauth", + "owner": "www-data" + } + }, + { + "name": "plugin 'oauth' | emplacement", + "when": "var_dokuwiki_oauth2_enable", + "become": true, + "ansible.builtin.copy": { + "remote_src": true, + "src": "/tmp/dokuwiki-plugin-oauth/{{temp_plugin_oauth_base_version_output.stdout}}/", + "dest": "{{var_dokuwiki_directory}}/lib/plugins/oauth", + "owner": "www-data" + } + }, + { + "name": "plugin 'oauthgeneric' | preparation", + "ansible.builtin.file": { + "state": "directory", + "path": "/tmp/dokuwiki-plugin-oauthgeneric" + } + }, + { + "name": "plugin 'oauthgeneric' | acquisition", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.get_url": { + "url": "https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric/zipball/master", + "dest": "/tmp/dokuwiki-plugin-oauth-generic.zip" + } + }, + { + "name": "plugin 'oauthgeneric' | extraction", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.unarchive": { + "remote_src": true, + "src": "/tmp/dokuwiki-plugin-oauth-generic.zip", + "dest": "/tmp/dokuwiki-plugin-oauthgeneric" + } + }, + { + "name": "plugin 'oauthgeneric' | version retrieval", + "when": "var_dokuwiki_oauth2_enable", + "ansible.builtin.command": { + "cmd": "ls -1 /tmp/dokuwiki-plugin-oauthgeneric" + }, + "register": "temp_plugin_oauth_generic_version_output" + }, + { + "name": "plugin 'oauthgeneric' | directory", + "when": "var_dokuwiki_oauth2_enable", + "become": true, + "ansible.builtin.file": { + "state": "directory", + "dest": "{{var_dokuwiki_directory}}/lib/plugins/oauthgeneric", + "owner": "www-data" + } + }, + { + "name": "plugin 'oauthgeneric' | emplacement", + "when": "var_dokuwiki_oauth2_enable", + "become": true, + "ansible.builtin.copy": { + "remote_src": true, + "src": "/tmp/dokuwiki-plugin-oauthgeneric/{{temp_plugin_oauth_generic_version_output.stdout}}/", + "dest": "{{var_dokuwiki_directory}}/lib/plugins/oauthgeneric", + "owner": "www-data" + } + }, + { + "name": "admin user password", + "when": "var_dokuwiki_admin_user_define", + "ansible.builtin.set_fact": { + "temp_password_hash": "{{var_dokuwiki_admin_user_password | ansible.builtin.password_hash(hashtype='sha512')}}" + } + }, + { + "name": "configuration | local", + "become": true, + "ansible.builtin.template": { + "src": "conf-local.php.j2", + "dest": "{{var_dokuwiki_directory}}/conf/local.php", + "owner": "www-data" + } + }, + { + "name": "configuration | plugins", + "become": true, + "ansible.builtin.template": { + "src": "conf-plugins.local.php.j2", + "dest": "{{var_dokuwiki_directory}}/conf/plugins.local.php", + "owner": "www-data" + } + }, + { + "name": "configuration | acl", + "become": true, + "ansible.builtin.template": { + "src": "conf-acl.auth.php.j2", + "dest": "{{var_dokuwiki_directory}}/conf/acl.auth.php", + "owner": "www-data" + } + }, + { + "name": "configuration | users", + "become": true, + "ansible.builtin.template": { + "src": "conf-users.auth.php.j2", + "dest": "{{var_dokuwiki_directory}}/conf/users.auth.php", + "owner": "www-data" + } + } +] diff --git a/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2 b/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2 new file mode 100644 index 0000000..63d73db --- /dev/null +++ b/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2 @@ -0,0 +1,7 @@ +# acl.auth.php +# +# Don't modify the lines above +# +# Access Control Lists +* @ALL 0 +* @user 8 diff --git a/ansible/roles/dokuwiki/templates/conf-local.php.j2 b/ansible/roles/dokuwiki/templates/conf-local.php.j2 new file mode 100644 index 0000000..b3bed42 --- /dev/null +++ b/ansible/roles/dokuwiki/templates/conf-local.php.j2 @@ -0,0 +1,51 @@ + +# Don't modify the lines above +# +# Userfile + +{% if var_dokuwiki_admin_user_define %} +{{var_dokuwiki_admin_user_name}}:{{temp_password_hash}}:{{var_dokuwiki_admin_user_label}}:{{var_dokuwiki_admin_user_email_address}}:admin,user +{% endif %} diff --git a/ansible/roles/dokuwiki/vardef.json b/ansible/roles/dokuwiki/vardef.json new file mode 100644 index 0000000..4035f77 --- /dev/null +++ b/ansible/roles/dokuwiki/vardef.json @@ -0,0 +1,87 @@ +{ + "directory": { + "type": "string", + "mandatory": false + }, + "title": { + "type": "string", + "mandatory": false + }, + "language": { + "type": "string", + "mandatory": false + }, + "licence": { + "type": "string", + "mandatory": false + }, + "authentication_kind": { + "type": "string", + "options": [ + "internal", + "generic", + "authelia" + ], + "mandatory": false + }, + "authentication_data_generic_auth_url": { + "type": "string", + "mandatory": false + }, + "authentication_data_generic_token_url": { + "type": "string", + "mandatory": false + }, + "authentication_data_generic_user_url": { + "type": "string", + "mandatory": false + }, + "authentication_data_generic_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_generic_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_generic_title": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_url_base": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_authelia_label": { + "type": "string", + "mandatory": false + }, + "admin_user_define": { + "type": "boolean", + "mandatory": false + }, + "admin_user_name": { + "type": "string", + "mandatory": false + }, + "admin_user_password": { + "type": "string", + "mandatory": false + }, + "admin_user_label": { + "type": "string", + "mandatory": false + }, + "admin_user_email_address": { + "type": "string", + "mandatory": false + } +}