diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 774fa0e1669d090c00471fd3dc672c6cc8533067..e28685411e2d5cab3d65718b2e4f3e04e32c9ae1 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -28,5 +28,5 @@ glob_nginx:
default_ssl_domain: crans.org
real_ip_from:
- "172.16.0.0/16"
- - "2a0c:700:0:2::/64"
+ - "fd00:0:0:10::/64"
deploy_robots_file: false
diff --git a/group_vars/wiki.yml b/group_vars/wiki.yml
new file mode 100644
index 0000000000000000000000000000000000000000..310fe0492090e6ddf16a8c62529518db976b1045
--- /dev/null
+++ b/group_vars/wiki.yml
@@ -0,0 +1,37 @@
+---
+glob_moinmoin:
+ main: false
+
+loc_nginx:
+ service_name: wiki
+ ssl: []
+ servers:
+ - server_name: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipwrap + [ansible_hostname, ansible_hostname + '.adm.crans.org'] }}"
+ default: true
+ access_log: "/var/log/nginx/wiki.log combined"
+ error_log: "/var/log/nginx/wiki.error.log"
+ additional_params:
+ - "rewrite ^/$ $scheme://wiki.crans.org/PageAccueil"
+ - "client_max_body_size 15M"
+
+ locations:
+ - filter: "/wiki"
+ params:
+ - "alias /var/local/wiki/htdocs/"
+
+ - filter: "/robots.txt"
+ params:
+ - "alias /var/local/wiki/robots.txt"
+
+ - filter: "/favicon.ico"
+ params:
+ - "/var/local/wiki/favicon.ico"
+
+ - filter: "/www-sitemap.xml"
+ params:
+ - "alias /var/local/wiki/www-sitemap.xml"
+
+ - filter: "/"
+ params:
+ - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
+ - "include uwsgi_params"
diff --git a/host_vars/kiwi.adm.crans.org.yml b/host_vars/kiwi.adm.crans.org.yml
index 162f19448fa5423c41fe5ae04aa910bb07cd0c3f..5ed645966c4b1338786bb376e9a9df161e32da20 100644
--- a/host_vars/kiwi.adm.crans.org.yml
+++ b/host_vars/kiwi.adm.crans.org.yml
@@ -31,5 +31,5 @@ to_backup:
read_only: "yes",
}
-moinmoin:
+loc_moinmoin:
main: true
diff --git a/host_vars/sputnik.adm.crans.org b/host_vars/sputnik.adm.crans.org
deleted file mode 100644
index 2878a5780c0ce3ee4cdb26aea6b7cec14a69a7ec..0000000000000000000000000000000000000000
--- a/host_vars/sputnik.adm.crans.org
+++ /dev/null
@@ -1,5 +0,0 @@
----
-loc_slapd:
- ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
- replica: true
- replica_rid: 4
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index 6b2473f11c2035e2b83290955e8c50a82fe70d6c..c0aa02b811dddb551d1ebf8c79967f7d8d5fd580 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -23,5 +23,67 @@ to_backup:
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
}
-moinmoin:
+loc_slapd:
+ ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
+ replica: true
+ replica_rid: 4
+
+loc_moinmoin:
main: false
+
+loc_certbot:
+ - dns_rfc2136_server: '172.16.10.147'
+ dns_rfc2136_name: certbot_adm_challenge.
+ dns_rfc2136_secret: "{{ vault.certbot_adm_dns_secret }}"
+ mail: root@crans.org
+ certname: adm.crans.org
+ domains: "*.adm.crans.org"
+ - dns_rfc2136_server: '172.16.10.147'
+ dns_rfc2136_name: certbot_challenge.
+ dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
+ mail: root@crans.org
+ certname: crans.org
+ domains: "git2.crans.org, status.crans.org, wiki.crans.org"
+
+loc_nginx:
+ service_name: wiki
+ ssl:
+ - name: adm.crans.org
+ cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
+ - name: crans.org
+ cert: /etc/letsencrypt/live/crans.org/fullchain.pem
+ cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
+ trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+ servers:
+ - server_name:
+ - "wiki2.crans.org"
+ ssl : "crans.org"
+ access_log: "/var/log/nginx/wiki.log combined"
+ error_log: "/var/log/nginx/wiki.error.log"
+ additional_params:
+ - "rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil"
+ - "client_max_body_size 15M"
+
+ locations:
+ - filter: "/wiki"
+ params:
+ - "alias /var/local/wiki/htdocs/"
+
+ - filter: "/robots.txt"
+ params:
+ - "alias /var/local/wiki/robots.txt"
+
+ - filter: "/favicon.ico"
+ params:
+ - "/var/local/wiki/favicon.ico"
+
+ - filter: "/www-sitemap.xml"
+ params:
+ - "alias /var/local/wiki/www-sitemap.xml"
+
+ - filter: "/"
+ params:
+ - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
+ - "include uwsgi_params"
diff --git a/hosts b/hosts
index a42cb4f7c28958926b640eda71d93898b5b07f92..59945c46dd3741427ec433a2aa1aebef8746179a 100644
--- a/hosts
+++ b/hosts
@@ -20,6 +20,9 @@ tealc.adm.crans.org
[belenios]
belenios.adm.crans.org
+[certbot]
+sputnik.adm.crans.org
+
[certbot:children]
dovecot
git
@@ -93,6 +96,7 @@ mailman
reverseproxy
roundcube
thelounge
+wiki
[ntp_server]
charybde.adm.crans.org
@@ -136,6 +140,10 @@ daniel.adm.crans.org
jack.adm.crans.org
sam.adm.crans.org
+[wiki]
+kiwi.adm.crans.org
+sputnik.adm.crans.org
+
[crans_routeurs:children]
# dhcp TODO: Really needed ?
# keepalived
diff --git a/plays/moinmoin.yml b/plays/moinmoin.yml
index b9c63047eda6f6184692dcb947ec76d51fecead0..35207855f2aa8048a14445b27a68c26e3d595130 100755
--- a/plays/moinmoin.yml
+++ b/plays/moinmoin.yml
@@ -1,6 +1,16 @@
#!/usr/bin/env ansible-playbook
---
+- hosts: certbot:&wiki
+ vars:
+ certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+ roles:
+ - certbot
+
# Deploy MoinMoin Wiki
-- hosts: kiwi.adm.crans.org,soyouz.adm.crans.org,sputnik.adm.crans.org
+- hosts: wiki
+ vars:
+ moinmoin: '{{ glob_moinmoin | default({}) | combine(loc_moinmoin | default({})) }}'
+ nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
roles:
- moinmoin
+ - nginx
diff --git a/roles/moinmoin/handlers/main.yml b/roles/moinmoin/handlers/main.yml
index ea116cb886562e67848a82f6512d06191fdbf9ca..ba46876d693c3d932eae4d3350bb74d9a0651d86 100644
--- a/roles/moinmoin/handlers/main.yml
+++ b/roles/moinmoin/handlers/main.yml
@@ -3,8 +3,3 @@
service:
name: uwsgi
state: restarted
-
-- name: Restart nginx
- service:
- name: nginx
- state: restarted
diff --git a/roles/moinmoin/tasks/main.yml b/roles/moinmoin/tasks/main.yml
index 50049b0338bb0d5a8bd69af0660d3c80d788f24e..bef5dc5155c020e9f3de423e40c25a0719f17670 100644
--- a/roles/moinmoin/tasks/main.yml
+++ b/roles/moinmoin/tasks/main.yml
@@ -40,19 +40,6 @@
enabled: true
state: started
-- name: Configure nginx
- template:
- src: nginx/sites-available/wiki.j2
- dest: /etc/nginx/sites-available/wiki
- notify: Restart nginx
-
-- name: Activate nginx site
- file:
- src: /etc/nginx/sites-available/wiki
- dest: /etc/nginx/sites-enabled/wiki
- state: link
- notify: Restart nginx
-
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
diff --git a/roles/moinmoin/templates/nginx/sites-available/wiki.j2 b/roles/moinmoin/templates/nginx/sites-available/wiki.j2
deleted file mode 100644
index 4c7482f094d71b7dbb05793526257b12007fe60a..0000000000000000000000000000000000000000
--- a/roles/moinmoin/templates/nginx/sites-available/wiki.j2
+++ /dev/null
@@ -1,31 +0,0 @@
-{{ ansible_header | comment }}
-
-server {
- listen 80;
- listen [::]:80;
- server_name wiki.adm.crans.org;
-
- access_log /var/log/nginx/wiki.log combined;
- error_log /var/log/nginx/wiki.error.log;
-
- # Redirect to home page
- rewrite ^/$ $scheme://wiki.crans.org/PageAccueil;
-
- # Limit uploads
- client_max_body_size 15M;
-
- # MoinMoin paths
- location /wiki/ { alias /var/local/wiki/htdocs/; }
- location /robots.txt { alias /var/local/wiki/robots.txt; }
- location /favicon.ico { alias /var/local/wiki/favicon.ico; }
- location /www-sitemap.xml { alias /var/local/wiki/www-sitemap.xml; }
-
- location / {
- uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket;
- include uwsgi_params;
- }
-
- set_real_ip_from 172.16.10.0/24;
- set_real_ip_from fd00:0:0:10::/64;
- real_ip_header X-Real-Ip;
-}