Premier commit

This commit is contained in:
Navas 2022-04-26 00:07:08 +02:00
commit 322037af65
9 changed files with 197 additions and 0 deletions

33
README.md Normal file
View file

@ -0,0 +1,33 @@
# Role : docker_wikijs
## Services fournis
- main.yml : Installation de wikijs sur un serveur docker_host
- configure_reverse_proxy.yml : Configuration d'un reverse proxy préalablement installé par le role reverse_proxy
## Variables
Fournir les variables suivantes. Par exemple :
```yaml
docker_wikijs_fqdn: wiki.libretic.fr
docker_wikijs_data_dir: /data1
docker_wikijs_service_id: wikijs
docker_wikijs_rp_cert: LE
docker_wikijs_docker_host: machine.domaine.local
```
| Option | Valeur par défaut | Description |
|------------------------------|-------------------|-------------------------------------------------------------------------------------------|
| docker_wikijs_fqdn | | Le nom de domaine pour lequel le service wikijs répond |
| docker_wikijs_data_dir | | L'emplacement dans lequel se trouvent les volumes de donnees docker pour le service |
| docker_wikijs_service_id | | Le nom de service souhaité : conditionne le nommage des volumes et le routage par traefik |
| docker_wikijs_rp_docker_host | | pour configure_reverse_proxy.yml: fqdn de la machine contenant le conteneur docker |
| docker_wikijs_rp_cert | LE | Type de certificat pour le reverse proxy (LE = letsencrypt) |

1
defaults/main.yml Normal file
View file

@ -0,0 +1 @@
docker_wikijs_rp_cert: LE

10
handlers/main.yml Normal file
View file

@ -0,0 +1,10 @@
- name: docker-compose-up
shell: |
docker-compose up -d
args:
chdir: /opt/{{ docker_wikijs_service_id }}/
- name: reverse-proxy-reload
service:
name: apache2
state: reloaded

View file

@ -0,0 +1,10 @@
- name: prepare reverse_proxy
template:
src: "{{ item }}"
dest: /etc/apache2/vhosts.d/{{ docker_wikijs_fqdn }}/
with_items:
- 0_vhost.conf
- 2_mds_exclusion.conf
notify: reverse-proxy-reload

15
tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
- name: docker directory
file:
path: /opt/{{ docker_wikijs_service_id }}/
state: directory
- name: prepare docker-compose.yml
template:
src: "{{ item }}"
dest: /opt/{{ docker_wikijs_service_id }}/
with_items:
- docker-compose.yml
- definition.yml
notify: docker-compose-up

2
templates/0_vhost.conf Normal file
View file

@ -0,0 +1,2 @@
# {{ ansible_managed }}
Use vhost_HTTPS_Generic {{ docker_wikijs_fqdn }} {{ docker_wikijs_rp_cert }} http {{ docker_wikijs_rp_docker_host }} info OpenAccessPolicy AllowCrawlerIndexing On

View file

@ -0,0 +1,16 @@
# {{ ansible_managed }}
SecRuleRemoveById 200002
SecRuleRemoveById 200004
SecRuleRemoveById 921110
SecRuleRemoveById 920220
SecRuleRemoveById 921110
SecRuleRemoveById 930120
SecRuleRemoveById 932100
SecRuleRemoveById 932105
SecRuleRemoveById 932110
SecRuleRemoveById 932115
SecRuleRemoveById 932160
SecRuleRemoveById 933210
SecRuleRemoveById 942190
SecRuleRemoveById 949110
SecRuleRemoveById 980130

55
templates/definition.yml Normal file
View file

@ -0,0 +1,55 @@
key: oidc
title: Generic OpenID Connect / OAuth2
description: OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.
author: requarks.io
logo: https://static.requarks.io/logo/oidc.svg
color: blue-grey darken-2
website: http://openid.net/connect/
isAvailable: true
useForm: false
scopes:
- profile
- libreticMail
props:
clientId:
type: String
title: Client ID
hint: Application Client ID
order: 1
clientSecret:
type: String
title: Client Secret
hint: Application Client Secret
order: 2
authorizationURL:
type: String
title: Authorization Endpoint URL
hint: Application Authorization Endpoint URL
order: 3
tokenURL:
type: String
title: Token Endpoint URL
hint: Application Token Endpoint URL
order: 4
userInfoURL:
type: String
title: User Info Endpoint URL
hint: User Info Endpoint URL
order: 5
issuer:
type: String
title: Issuer
hint: Issuer URL
order: 6
emailClaim:
type: String
title: Email Claim
hint: Field containing the email address
default: email
maxWidth: 500
order: 7
logoutURL:
type: String
title: Logout URL
hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
order: 8

View file

@ -0,0 +1,55 @@
# {{ ansible_managed }}
version: '3.1'
services:
db:
image: postgres:13
environment:
POSTGRES_DB: {{ docker_wikijs_db_name }}
POSTGRES_PASSWORD: {{ docker_wikijs_db_password }}
POSTGRES_USER: {{ docker_wikijs_db_user }}
TZ: Europe/Paris
logging:
driver: "none"
restart: unless-stopped
volumes:
- /data1/{{ docker_wikijs_service_id }}/db_data:/var/lib/postgresql/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- wikijs
wiki:
image: ghcr.io/requarks/wiki:2.5.277
volumes:
- ./definition.yml:/wiki/server/modules/authentication/oidc/definition.yml
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- db
environment:
DB_TYPE: postgres
DB_HOST: db
DB_PORT: 5432
DB_USER: {{ docker_wikijs_db_user }}
DB_PASS: {{ docker_wikijs_db_password }}
DB_NAME: {{ docker_wikijs_db_name }}
TZ: Europe/Paris
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.{{ docker_wikijs_service_id }}.entrypoints=web"
- "traefik.http.routers.{{ docker_wikijs_service_id }}.rule=Host(`{{ docker_wikijs_fqdn }}`)"
- "traefik.http.services.{{ docker_wikijs_service_id }}.loadbalancer.server.port=3000"
networks:
- traefik
- wikijs
networks:
traefik:
external: true
wikijs:
internal: true