diff --git a/host_vars/kiwi.adm.crans.org.yml b/host_vars/kiwi.adm.crans.org.yml
index 54ee53858d267323bfb04407b27ed98b33e6e057..fb1eb81f5427dc7f13d305f06347b129a30e2cb0 100644
--- a/host_vars/kiwi.adm.crans.org.yml
+++ b/host_vars/kiwi.adm.crans.org.yml
@@ -30,3 +30,6 @@ to_backup:
hosts_allow: ["soyouz.adm.crans.org", "10.231.136.108"],
read_only: "yes",
}
+
+moinmoin:
+ main: true
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index 4e53d5513abfa18b1c8cef1068626adda7f3e981..6b2473f11c2035e2b83290955e8c50a82fe70d6c 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -22,3 +22,6 @@ to_backup:
secrets_file: "/etc/rsyncd.secrets",
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
}
+
+moinmoin:
+ main: false
diff --git a/roles/moinmoin/templates/cron.d/moinmoin.j2 b/roles/moinmoin/templates/cron.d/moinmoin.j2
index 6c58ebd457ab9daff72dc1e4b222f1826a4b5fab..b9be386126ffc4253a086239ff48b652dfeb92cf 100644
--- a/roles/moinmoin/templates/cron.d/moinmoin.j2
+++ b/roles/moinmoin/templates/cron.d/moinmoin.j2
@@ -1,13 +1,13 @@
{{ ansible_header | comment }}
-# Generate calendars
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsBDE.py > /var/local/calendrier/bde.ics
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsCrans.py > /var/local/calendrier/crans.ics
-0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/Sports.py > /var/local/calendrier/sports.ics
-
# Generate sitemap
5 5 * * * /usr/bin/wget "http://wiki.adm.crans.org/PageAccueil?action=sitemap" -O /var/local/moin_htdocs_crans/www-sitemap.xml
# Cleanup
17 3 * * * www-data /usr/bin/find /var/local/wiki/data/cache/__session__ -mtime +30 -delete
27 3 * * * www-data /usr/bin/find /var/local/wiki/tickets -mtime +30 -delete
+{% if not moinmoin.main %}
+
+# Sync main wiki to backup
+02 02 * * * root rsync -a4 --exclude "attachments" rsync://kiwi.adm.crans.org/wiki /var/local/wiki
+{% endif %}
diff --git a/roles/moinmoin/templates/moin/mywiki.py.j2 b/roles/moinmoin/templates/moin/mywiki.py.j2
index a71d97dfcec4c99021d292630fa4034566661e10..f21a1d7fa0a6958a5c16340250f82c09c4db404b 100644
--- a/roles/moinmoin/templates/moin/mywiki.py.j2
+++ b/roles/moinmoin/templates/moin/mywiki.py.j2
@@ -48,10 +48,11 @@ class Config(FarmConfig):
# This is checked by some rather critical and potentially harmful actions,
# like despam or PackageInstaller action:
- superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe"]
+ # WikiShirenn is a giant avocado https://youtu.be/UJeH8gcjuj0
+ superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe", u"WikiShirenn"]
# Custom logo
- logo_string = u'<img src="/wiki/logo.png" alt="Crans" height="60">'
+ logo_string = u'<img src="/wiki/logo.svg" alt="Crans" height="60">'
# French by default
language_default = 'fr'
@@ -139,22 +140,42 @@ class Config(FarmConfig):
auth = [
moin.MoinAuth(),
+{% if moinmoin.main %}
cas.CASAuth("https://cas.crans.org",
fallback_url='https://wiki.crans.org/',
ticket_path='/var/local/wiki/tickets/',
assoc_path='/var/local/wiki/assowiki/',
),
ip_range.IpRange(
- local_nets=['185.230.76.0/22', '10.53.0.0/16', '10.54.0.0/16', '2a0c:700:0::/40'],
+ local_nets=[
+ '185.230.76.0/22', # ENS
+ '185.230.79.0/23', # test pour zamok
+ '10.53.0.0/16',
+ '10.54.0.0/16',
+ '2a0c:700:0::/40',
+ '45.66.108.0/22', # IPv4 Aurore
+ '2a09:6840::/29' # IPv6 Aurore
+ ],
actions=['newaccount'],
actions_msg={'newaccount':"La création de comptes n'est autorisée que depuis le réseau du Cr@ns ou sur zamok."},
),
categorie_public.PublicCategories(pub_cats=[u'Cat\xe9goriePagePublique']), # Avec trusted à False, les acl de Known s'appliquent
+{% endif %}
]
# Force text editor as CKEditor is broken
editor_force = True
def ip_autorised_create_account(self,ip):
+{% if moinmoin.main %}
return ip.startswith('185.230.76.') or ip.startswith('185.230.77.') or ip.startswith('185.230.78.') or ip.startswith('185.230.79.') or ip.startswith('10.') or ip.startswith('2a0c:700:0:')
-
+{% else %}
+ return False
+{% endif %}
+
+{% if not moinmoin.main %}
+ # Stop new accounts being created
+ actions_excluded = config.multiconfig.DefaultConfig.actions_excluded + [
+ 'newaccount', 'recoverpass'
+ ]
+{% endif %}
diff --git a/roles/moinmoin/templates/nginx/sites-available/wiki.j2 b/roles/moinmoin/templates/nginx/sites-available/wiki.j2
index 40e68cbc5e1199768eda6235b6c2d3acdb1ec578..4c7482f094d71b7dbb05793526257b12007fe60a 100644
--- a/roles/moinmoin/templates/nginx/sites-available/wiki.j2
+++ b/roles/moinmoin/templates/nginx/sites-available/wiki.j2
@@ -3,7 +3,7 @@
server {
listen 80;
listen [::]:80;
- server_name wiki.crans.org;
+ server_name wiki.adm.crans.org;
access_log /var/log/nginx/wiki.log combined;
error_log /var/log/nginx/wiki.error.log;
@@ -25,10 +25,7 @@ server {
include uwsgi_params;
}
- set_real_ip_from 10.231.136.0/24;
- set_real_ip_from 2a0c:700:0::/48;
- set_real_ip_from 185.230.76.0/22; #filaire publique
- set_real_ip_from 10.53.0.0/16; #nat des machines wifi crans
- set_real_ip_from 10.54.0.0/16; #nat des machines filaires crans
+ set_real_ip_from 172.16.10.0/24;
+ set_real_ip_from fd00:0:0:10::/64;
real_ip_header X-Real-Ip;
}