mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
block-uptime-robots
infrastructure/roles/archwiki/tasks/main.yml
Christian Heusel 048167d6be
archwiki: Switch captcha to time-based method 
Up until now the captcha has depended on the exact output of the pacman
version command which could lead to multiple problematic scenarios:

    a) User uses testing repos (user pacman newer)
    b) Server is not instantly updated (user pacman newer)
    c) User system is not updated (user pacman older)

Circumvent this problem by switching to a time based captcha instead.

Signed-off-by: Christian Heusel <christian@heusel.eu>
2024-03-06 23:33:01 +01:00

132 lines
4.8 KiB
YAML
Raw Permalink Blame History

- name: Run maintenance mode
include_role:
name: maintenance
vars:
service_name: "wiki"
service_domain: "{{ archwiki_domain }}"
service_alternate_domains: []
service_nginx_conf: "{{ archwiki_nginx_conf }}"
when: maintenance is defined
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ archwiki_domain }}"]
when: 'archwiki_domain is defined'
- name: Install packages
pacman: name=git,php-intl state=present
- name: Make archwiki user
user: name="{{ archwiki_user }}" shell=/bin/false home="{{ archwiki_dir }}" createhome=no
register: user_created
- name: Fix home permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0751 path="{{ archwiki_dir }}"
- name: Fix cache permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/cache"
- name: Fix sessions permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/sessions"
- name: Fix uploads permissions
file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
notify:
- Reload nginx
when: maintenance is not defined
tags: ['nginx']
- name: Configure robots.txt
copy: src=robots.txt dest="{{ archwiki_dir }}/robots.txt" owner=root group=root mode=0644
- name: Make nginx log dir
file: path=/var/log/nginx/{{ archwiki_domain }} state=directory owner=root group=root mode=0755
- name: Make debug log dir
file: path=/var/log/archwiki state=directory owner={{ archwiki_user }} group=root mode=0700
- name: Clone archwiki repo
git: repo={{ archwiki_repository }} dest="{{ archwiki_dir }}/public" version={{ archwiki_version }}
become: true
become_user: "{{ archwiki_user }}"
notify:
- Run wiki updatescript
# archwiki updates often break magic words in mails, leaving them
# unexpanded until the archwiki-runjobs-wait service is restarted
- Restart archwiki-runjobs-wait
# purge the nginx cache and MediaWiki file cache to make sure clients get updated assets
# as well as freshly rendered pages using the new assets
- Purge nginx cache
- Invalidate MediaWiki file cache
- name: Configure archwiki
template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
register: config
no_log: true
- name: Create archwiki db
mysql_db: name="{{ archwiki_db }}" login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
register: db_created
- name: Create archwiki db user
mysql_user: name={{ archwiki_db_user }} password={{ vault_archwiki_db_password }}
login_host="{{ archwiki_db_host }}" login_password="{{ vault_mariadb_users.root }}"
priv="{{ archwiki_db }}.*:ALL"
no_log: true
- name: Configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ archwiki_user }}.conf"
owner=root group=root mode=0644
notify:
- Restart php-fpm@{{ archwiki_user }}
- name: Start and enable systemd socket
service: name=php-fpm@{{ archwiki_user }}.socket state=started enabled=true
- name: Create memcached.service.d drop-in directory
file: path=/etc/systemd/system/memcached@archwiki.service.d state=directory owner=root group=root mode=0755
- name: Install memcached.service drop-in
template: src="memcached.service.d-archwiki.conf.j2" dest="/etc/systemd/system/memcached@archwiki.service.d/archwiki.conf" owner=root group=root mode=0644
- name: Start and enable memcached service
systemd: name=memcached@archwiki.service state=started enabled=true daemon_reload=true
- name: Install systemd services/timers
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
loop:
- archwiki-runjobs.service
- archwiki-runjobs-wait.service
- archwiki-runjobs.timer
- archwiki-prune-cache.service
- archwiki-prune-cache.timer
- archwiki-question-updater.service
- archwiki-question-updater.timer
- name: Start and enable archwiki timers and services
systemd:
name: "{{ item }}"
enabled: true
state: started
daemon_reload: true
with_items:
- archwiki-runjobs.timer
- archwiki-prune-cache.timer
- archwiki-runjobs-wait.service
- archwiki-question-updater.timer
- name: Create question answer file
systemd:
name: archwiki-question-updater.service
state: started
daemon_reload: true
- name: Ensure question answer file exists and set permissions
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
View Git Blame Copy Permalink