From 634369ad6276c5d8559c8c4c355cde1f9cf038ae Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Sun, 3 Jan 2021 23:54:41 +0100
Subject: [PATCH] [zamok] export apache2 + php custom configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 roles/zamok-tools/tasks/main.yml              | 46 +++++++++++++++++++
 .../templates/apache2/clubs-vhosts.map.j2     |  4 ++
 .../templates/apache2/ports.conf.j2           | 10 ++++
 .../sites-available/000-perso-vhosts.conf.j2  | 25 ++++++++++
 .../apache2/sites-available/001-perso.conf.j2 | 34 ++++++++++++++
 .../templates/apache2/suexec/www-data.j2      |  8 ++++
 6 files changed, 127 insertions(+)
 create mode 100644 roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
 create mode 100644 roles/zamok-tools/templates/apache2/ports.conf.j2
 create mode 100644 roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
 create mode 100644 roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2
 create mode 100644 roles/zamok-tools/templates/apache2/suexec/www-data.j2

diff --git a/roles/zamok-tools/tasks/main.yml b/roles/zamok-tools/tasks/main.yml
index 3be6c139..43da191c 100644
--- a/roles/zamok-tools/tasks/main.yml
+++ b/roles/zamok-tools/tasks/main.yml
@@ -3,6 +3,7 @@
   apt:
     update_cache: true
     name:
+      - apache2
       - bat # Rajouté par shirenn le 10/11/2021
       - bitlbee  # Demande du 06/09/2017 17:40 sur #crans
       - byobu
@@ -17,6 +18,7 @@
       - inotify-tools  # Demande du 24/10/2017 23:17 sur #crans
       - jed  # Demande du 04/08/2017 sur nounou@
       - joe
+      - libapache2-mod-fcgid
       - libapache2-mod-wsgi-py3
       - lua-cjson  # Demande du 01/09/2017 18:50 sur #crans
       - lynx  # Demande du 30/07/2017 sur nounou@
@@ -28,7 +30,15 @@
       - par
       - pdftk  # Demande mail nounou@ 16/10/2018 16h01
       - php
+      - php-bz2
+      - php-curl
+      - php-fpm
+      - php-gd
+      - php-mbstring
       - php-mysql
+      - php-sqlite
+      - php-xml
+      - php-zip
       - phpmyadmin
       - pkg-config  # Demande du 01/02/2018 15:00 sur #roots
       - poppler-utils
@@ -59,3 +69,39 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+
+- name: Install required apache modules
+  community.general.apache2_module:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - authz_groupfile
+    - proxy
+    - proxy_fcgi
+    - proxy_http
+    - rewrite
+    - socache_shmcb
+    - userdir
+
+- name: Copy apache configuration
+  template:
+    src: "apache2/{{ item }}.j2"
+    dest: "/etc/apache2/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+    - "club-vhosts.map"
+    - "ports.conf"
+    - "sites-available/000-perso-vhosts.conf"
+    - "sites-available/001-perso.conf"
+    - "suexec/www-data"
+
+- name: Enable apache sites
+  file:
+    src: "/etc/apache2/sites-available/{{ item }}"
+    dest: "/etc/apache2/sites-enabled/{{ item }}"
+    owner: root
+    group: root
+    state: link
+    force: true
diff --git a/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2 b/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
new file mode 100644
index 00000000..a3ca125d
--- /dev/null
+++ b/roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
@@ -0,0 +1,4 @@
+pot-vieux.crans.org club-vieux/www
+med.crans.org club-med/www
+www.scepinvaders.com waltsburger/www
+scepinvaders.com waltsburger/www
diff --git a/roles/zamok-tools/templates/apache2/ports.conf.j2 b/roles/zamok-tools/templates/apache2/ports.conf.j2
new file mode 100644
index 00000000..eba40f5f
--- /dev/null
+++ b/roles/zamok-tools/templates/apache2/ports.conf.j2
@@ -0,0 +1,10 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 127.0.0.1:80
+Listen 172.16.10.31:80
+Listen 185.230.79.1:80
+#Listen [2a0c:700:0:24:1e98:ecff:fe15:2c88]:80
+#Listen [2a0c:700:0:2:1e98:ecff:fe15:2c88]:80
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2 b/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
new file mode 100644
index 00000000..1105143f
--- /dev/null
+++ b/roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
@@ -0,0 +1,25 @@
+# Configuration des vhosts personnalises
+# Ce fichier doit etre le premier dans sites-enabled
+
+<VirtualHost *:80>
+    # Le nom du serveur est determine a partir de la requete HTTP
+    UseCanonicalName Off
+
+    # Logs
+    LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
+    CustomLog /var/log/apache2/perso-vhosts.log vcommon
+
+    # On charge le fichier mappant les vhosts clubs
+    # puis on rewrite si seulement s'il y a un match
+    RewriteEngine On
+    RewriteMap clubs-vhost txt:/etc/apache2/clubs-vhosts.map
+    RewriteCond ${clubs-vhost:%{SERVER_NAME}} ^(.+)$
+    RewriteRule ^/(.*)$ /home/%1/$1 [last]
+
+    # Override defaults in /etc/apache2/mods-enabled/userdir.conf
+    # to add Indexes control in .htaccess and README
+    <Directory /home/*/www>
+        AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
+        ReadmeName /mentionslegales.html
+    </Directory>
+</VirtualHost>
diff --git a/roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2 b/roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2
new file mode 100644
index 00000000..27774369
--- /dev/null
+++ b/roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2
@@ -0,0 +1,34 @@
+<VirtualHost *:80>
+    ServerName perso.crans.org
+    DocumentRoot /var/www/perso/
+
+    # Quelques redirections
+    RewriteEngine On
+    RewriteRule ^/phpmyadmin/?(.*)$ /usr/share/phpmyadmin/$1 [last]
+    RewriteRule ^/icons/(.*)$ /usr/share/apache2/icons/$1 [last]
+    RewriteRule ^/$ https://wiki.crans.org/PagesPerso [last,redirect]
+    RewriteRule ^/~(.*)$ https://perso.crans.org/$1 [last,redirect]
+
+    # On aime la magie noire ici.
+    # Plus sérieusement, on aime beaucoup mod_userdir, mais on ne veut
+    # pas insérer un '~' avant le pseudo. Donc on réécrit l'URL.
+    # Toute personne qui tente de réécrire mod_userdir à coup de RewriteRule
+    # s'aventure dans un monde chaotique, et PHP ne tournera plus en tant
+    # que chaque utilisateur menant à des fuites de données.
+    RewriteRule ^/users/(.*)$ /~$1 [last,passthrough]
+
+    # Si ça match un utilisateur, on sert sa page personnelle
+    RewriteRule ^/([^~/]+)/(.*)$ /home/$1/www/$2 [last]
+    RewriteRule ^/([^~/]+)$ /home/$1/www/ [last]
+
+    # Log à part
+    CustomLog /var/log/apache2/perso.log combined
+    ErrorLog /var/log/apache2/perso.error.log
+
+    # Override defaults in /etc/apache2/mods-enabled/userdir.conf
+    # to add Indexes control in .htaccess and README
+    <Directory /home/*/www>
+        AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
+        ReadmeName /mentionslegales.html
+    </Directory>
+</VirtualHost>
diff --git a/roles/zamok-tools/templates/apache2/suexec/www-data.j2 b/roles/zamok-tools/templates/apache2/suexec/www-data.j2
new file mode 100644
index 00000000..b27635ef
--- /dev/null
+++ b/roles/zamok-tools/templates/apache2/suexec/www-data.j2
@@ -0,0 +1,8 @@
+/var/www
+www
+# The first two lines contain the suexec document root and the suexec userdir
+# suffix. If one of them is disabled by prepending a # character, suexec will
+# refuse the corresponding type of request.
+# This config file is only used by the apache2-suexec-custom package. See the
+# suexec man page included in the package for more details.
+
-- 
GitLab