crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'moinsputnik' into 'newinfra' 

Moinsputnik

See merge request nounous/ansible!110
certbot_on_virtu
erdnaxe 2020-11-28 23:10:32 +01:00
parent 6412c7d687 13f9b9b15e
commit 3c3416648e
5 changed files with 38 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
host_vars/kiwi.adm.crans.org.yml
View File

@ -30,3 +30,6 @@ to_backup:
hosts_allow: ["soyouz.adm.crans.org", "10.231.136.108"], hosts_allow: ["soyouz.adm.crans.org", "10.231.136.108"],
read_only: "yes", read_only: "yes",
} }
moinmoin:
main: true

3
host_vars/sputnik.adm.crans.org.yml
View File

@ -22,3 +22,6 @@ to_backup:
secrets_file: "/etc/rsyncd.secrets", secrets_file: "/etc/rsyncd.secrets",
hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"], hosts_allow: ["zephir.adm.crans.org", "10.231.136.6", "172.31.0.1"],
} }
moinmoin:
main: false

10
roles/moinmoin/templates/cron.d/moinmoin.j2
View File

@ -1,13 +1,13 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
# Generate calendars
0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsBDE.py > /var/local/calendrier/bde.ics
0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/EventsCrans.py > /var/local/calendrier/crans.ics
0 * * * * /usr/bin/python /var/local/wiki/data/plugin/action/Sports.py > /var/local/calendrier/sports.ics
# Generate sitemap # Generate sitemap
5 5 * * * /usr/bin/wget "http://wiki.adm.crans.org/PageAccueil?action=sitemap" -O /var/local/moin_htdocs_crans/www-sitemap.xml 5 5 * * * /usr/bin/wget "http://wiki.adm.crans.org/PageAccueil?action=sitemap" -O /var/local/moin_htdocs_crans/www-sitemap.xml
# Cleanup # Cleanup
17 3 * * * www-data /usr/bin/find /var/local/wiki/data/cache/__session__ -mtime +30 -delete 17 3 * * * www-data /usr/bin/find /var/local/wiki/data/cache/__session__ -mtime +30 -delete
27 3 * * * www-data /usr/bin/find /var/local/wiki/tickets -mtime +30 -delete 27 3 * * * www-data /usr/bin/find /var/local/wiki/tickets -mtime +30 -delete
{% if not moinmoin.main %}
# Sync main wiki to backup
02 02 * * * root rsync -a4 --exclude "attachments" rsync://kiwi.adm.crans.org/wiki /var/local/wiki
{% endif %}

27
roles/moinmoin/templates/moin/mywiki.py.j2
View File

@ -48,10 +48,11 @@ class Config(FarmConfig):
# This is checked by some rather critical and potentially harmful actions, # This is checked by some rather critical and potentially harmful actions,
# like despam or PackageInstaller action: # like despam or PackageInstaller action:
superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe"] # WikiShirenn is a giant avocado https://youtu.be/UJeH8gcjuj0
superuser= [u"PeBecue", u"Wiki20-100", u"WikiB2moo", u"WikiBoudy", u"Benjamin", u"WikiPollion", u"Fardale", u"WikiErdnaxe", u"WikiShirenn"]
# Custom logo # Custom logo
logo_string = u'<img src="/wiki/logo.png" alt="Crans" height="60">' logo_string = u'<img src="/wiki/logo.svg" alt="Crans" height="60">'
# French by default # French by default
language_default = 'fr' language_default = 'fr'
@ -139,22 +140,42 @@ class Config(FarmConfig):
auth = [ auth = [
moin.MoinAuth(), moin.MoinAuth(),
{% if moinmoin.main %}
cas.CASAuth("https://cas.crans.org", cas.CASAuth("https://cas.crans.org",
fallback_url='https://wiki.crans.org/', fallback_url='https://wiki.crans.org/',
ticket_path='/var/local/wiki/tickets/', ticket_path='/var/local/wiki/tickets/',
assoc_path='/var/local/wiki/assowiki/', assoc_path='/var/local/wiki/assowiki/',
), ),
ip_range.IpRange( ip_range.IpRange(
local_nets=['185.230.76.0/22', '10.53.0.0/16', '10.54.0.0/16', '2a0c:700:0::/40'], local_nets=[
'185.230.76.0/22', # ENS
'185.230.79.0/23', # test pour zamok
'10.53.0.0/16',
'10.54.0.0/16',
'2a0c:700:0::/40',
'45.66.108.0/22', # IPv4 Aurore
'2a09:6840::/29' # IPv6 Aurore
],
actions=['newaccount'], actions=['newaccount'],
actions_msg={'newaccount':"La cr&eacute;ation de comptes n'est autoris&eacute;e que depuis le r&eacute;seau du Cr@ns ou sur zamok."}, actions_msg={'newaccount':"La cr&eacute;ation de comptes n'est autoris&eacute;e que depuis le r&eacute;seau du Cr@ns ou sur zamok."},
), ),
categorie_public.PublicCategories(pub_cats=[u'Cat\xe9goriePagePublique']), # Avec trusted à False, les acl de Known s'appliquent categorie_public.PublicCategories(pub_cats=[u'Cat\xe9goriePagePublique']), # Avec trusted à False, les acl de Known s'appliquent
{% endif %}
] ]
# Force text editor as CKEditor is broken # Force text editor as CKEditor is broken
editor_force = True editor_force = True
def ip_autorised_create_account(self,ip): def ip_autorised_create_account(self,ip):
{% if moinmoin.main %}
return ip.startswith('185.230.76.') or ip.startswith('185.230.77.') or ip.startswith('185.230.78.') or ip.startswith('185.230.79.') or ip.startswith('10.') or ip.startswith('2a0c:700:0:') return ip.startswith('185.230.76.') or ip.startswith('185.230.77.') or ip.startswith('185.230.78.') or ip.startswith('185.230.79.') or ip.startswith('10.') or ip.startswith('2a0c:700:0:')
{% else %}
return False
{% endif %}
{% if not moinmoin.main %}
# Stop new accounts being created
actions_excluded = config.multiconfig.DefaultConfig.actions_excluded + [
'newaccount', 'recoverpass'
]
{% endif %}

9
roles/moinmoin/templates/nginx/sites-available/wiki.j2
View File

@ -3,7 +3,7 @@
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name wiki.crans.org; server_name wiki.adm.crans.org;
access_log /var/log/nginx/wiki.log combined; access_log /var/log/nginx/wiki.log combined;
error_log /var/log/nginx/wiki.error.log; error_log /var/log/nginx/wiki.error.log;
@ -25,10 +25,7 @@ server {
include uwsgi_params; include uwsgi_params;
} }
set_real_ip_from 10.231.136.0/24; set_real_ip_from 172.16.10.0/24;
set_real_ip_from 2a0c:700:0::/48; set_real_ip_from fd00:0:0:10::/64;
set_real_ip_from 185.230.76.0/22; #filaire publique
set_real_ip_from 10.53.0.0/16; #nat des machines wifi crans
set_real_ip_from 10.54.0.0/16; #nat des machines filaires crans
real_ip_header X-Real-Ip; real_ip_header X-Real-Ip;
} }