Premier commit

2022-04-26 00:07:08 +02:00 · 2022-04-26 00:07:08 +02:00 · 322037af65
commit 322037af65
9 changed files with 197 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,33 @@
 # Role : docker_wikijs
 ## Services fournis
 - main.yml : Installation de wikijs sur un serveur docker_host
 - configure_reverse_proxy.yml : Configuration d'un reverse proxy préalablement installé par le role reverse_proxy
 ## Variables
 Fournir les variables suivantes. Par exemple :
 ```yaml
 docker_wikijs_fqdn: wiki.libretic.fr
 docker_wikijs_data_dir: /data1
 docker_wikijs_service_id: wikijs
 docker_wikijs_rp_cert: LE
 docker_wikijs_docker_host: machine.domaine.local
 ```
 | Option                       | Valeur par défaut | Description                                                                               |
 |------------------------------|-------------------|-------------------------------------------------------------------------------------------|
 | docker_wikijs_fqdn           |                   | Le nom de domaine pour lequel le service wikijs répond                                    |
 | docker_wikijs_data_dir       |                   | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service       |
 | docker_wikijs_service_id     |                   | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
 | docker_wikijs_rp_docker_host |                   | pour configure_reverse_proxy.yml: fqdn de la machine contenant le conteneur docker        |
 | docker_wikijs_rp_cert        | LE                | Type de certificat pour le reverse proxy (LE = letsencrypt)                               |
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1 @@
 docker_wikijs_rp_cert: LE
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,10 @@
 - name: docker-compose-up
  shell: |
    docker-compose up -d
  args:
    chdir: /opt/{{ docker_wikijs_service_id }}/
 - name: reverse-proxy-reload
  service:
    name: apache2
    state: reloaded
--- a/tasks/configure_reverse_proxy.yml
+++ b/tasks/configure_reverse_proxy.yml
@ -0,0 +1,10 @@
 - name: prepare reverse_proxy
  template:
    src: "{{ item }}"
    dest: /etc/apache2/vhosts.d/{{ docker_wikijs_fqdn }}/
  with_items:
    - 0_vhost.conf
    - 2_mds_exclusion.conf
  notify: reverse-proxy-reload
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,15 @@
 - name: docker directory
  file:
    path: /opt/{{ docker_wikijs_service_id }}/
    state: directory
 - name: prepare docker-compose.yml
  template:
    src: "{{ item }}"
    dest: /opt/{{ docker_wikijs_service_id }}/
  with_items:
    - docker-compose.yml
    - definition.yml
  notify: docker-compose-up
--- a/templates/0_vhost.conf
+++ b/templates/0_vhost.conf
@ -0,0 +1,2 @@
 # {{ ansible_managed }}
 Use vhost_HTTPS_Generic {{ docker_wikijs_fqdn }} {{ docker_wikijs_rp_cert }} http {{ docker_wikijs_rp_docker_host }} info OpenAccessPolicy AllowCrawlerIndexing On
--- a/templates/2_mds_exclusion.conf
+++ b/templates/2_mds_exclusion.conf
@ -0,0 +1,16 @@
 # {{ ansible_managed }}
 SecRuleRemoveById 200002
 SecRuleRemoveById 200004
 SecRuleRemoveById 921110
 SecRuleRemoveById 920220
 SecRuleRemoveById 921110
 SecRuleRemoveById 930120
 SecRuleRemoveById 932100
 SecRuleRemoveById 932105
 SecRuleRemoveById 932110
 SecRuleRemoveById 932115
 SecRuleRemoveById 932160
 SecRuleRemoveById 933210
 SecRuleRemoveById 942190
 SecRuleRemoveById 949110
 SecRuleRemoveById 980130
--- a/templates/definition.yml
+++ b/templates/definition.yml
@ -0,0 +1,55 @@
 key: oidc
 title: Generic OpenID Connect / OAuth2
 description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
 author: requarks.io
 logo: https://static.requarks.io/logo/oidc.svg
 color: blue-grey darken-2
 website: http://openid.net/connect/
 isAvailable: true
 useForm: false
 scopes:
  - profile
  - libreticMail
 props:
  clientId:
    type: String
    title: Client ID
    hint: Application Client ID
    order: 1
  clientSecret:
    type: String
    title: Client Secret
    hint: Application Client Secret
    order: 2
  authorizationURL:
    type: String
    title: Authorization Endpoint URL
    hint: Application Authorization Endpoint URL
    order: 3
  tokenURL:
    type: String
    title: Token Endpoint URL
    hint: Application Token Endpoint URL
    order: 4
  userInfoURL:
    type: String
    title: User Info Endpoint URL
    hint: User Info Endpoint URL
    order: 5
  issuer:
    type: String
    title: Issuer
    hint: Issuer URL
    order: 6
  emailClaim:
    type: String
    title: Email Claim
    hint: Field containing the email address
    default: email
    maxWidth: 500
    order: 7
  logoutURL:
    type: String
    title: Logout URL
    hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
    order: 8
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@ -0,0 +1,55 @@
 # {{ ansible_managed }}
 version: '3.1'
 services:
  db:
    image: postgres:13
    environment:
      POSTGRES_DB: {{ docker_wikijs_db_name }}
      POSTGRES_PASSWORD: {{ docker_wikijs_db_password }}
      POSTGRES_USER: {{ docker_wikijs_db_user }}
      TZ: Europe/Paris
    logging:
      driver: "none"
    restart: unless-stopped
    volumes:
      - /data1/{{ docker_wikijs_service_id }}/db_data:/var/lib/postgresql/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      - wikijs
  wiki:
    image: ghcr.io/requarks/wiki:2.5.277
    volumes:
      - ./definition.yml:/wiki/server/modules/authentication/oidc/definition.yml
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    depends_on:
      - db
    environment:
      DB_TYPE: postgres
      DB_HOST: db
      DB_PORT: 5432
      DB_USER: {{ docker_wikijs_db_user }}
      DB_PASS: {{ docker_wikijs_db_password }}
      DB_NAME: {{ docker_wikijs_db_name }}
      TZ: Europe/Paris
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.{{ docker_wikijs_service_id }}.entrypoints=web"
      - "traefik.http.routers.{{ docker_wikijs_service_id }}.rule=Host(`{{ docker_wikijs_fqdn }}`)"
      - "traefik.http.services.{{ docker_wikijs_service_id }}.loadbalancer.server.port=3000"
    networks:
      - traefik
      - wikijs
 networks:
  traefik:
    external: true
  wikijs:
    internal: true
		`@ -0,0 +1,2 @@`
							`# {{ ansible_managed }}`
							`Use vhost_HTTPS_Generic {{ docker_wikijs_fqdn }} {{ docker_wikijs_rp_cert }} http {{ docker_wikijs_rp_docker_host }} info OpenAccessPolicy AllowCrawlerIndexing On`