crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Retrait hardcode et mise à jour de la conf wiki, création du groupe dev

mise_a_niveau
korenstin 2024-12-27 19:31:50 +01:00
parent f51980f7b9
commit 6d6e32a7dc
10 changed files with 99 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/nginx.yml
View File

@ -1,6 +1,7 @@
---
glob_nginx:
contact: contact@crans.org
extra_params: []
who: "L'équipe technique du Cr@ns"
service_name: service
ssl:

46
group_vars/wiki.yml
View File

@ -1,8 +1,53 @@
---
glob_moinmoin:
data_dir: /var/local/wiki/data
front_page: PageAccueil
interwikiname: CransWiki
ip_autorised:
- ip.startswith('185.230.76.') # IPv4 Crans
- ip.startswith('185.230.77.')
- ip.startswith('185.230.78.')
- ip.startswith('185.230.79.')
- ip.startswith('172.16.') # IPv4 local
- ip.startswith('138.231.')
- ip.startswith('45.66.108.') # IPv4 Aurore
- ip.startswith('45.66.109.')
- ip.startswith('45.66.110.')
- ip.startswith('45.66.111.')
- ip.startswith('2a0c:700:') # IPv6 Crans
- ip.startswith('2a09:6840:') # IPv6 Aurore
mail:
from: Crans Wiki <wiki@crans.org>
server: smtp.adm.crans.org
main: false
new_account_ip:
- 45.66.108.0/22, # IPv4 Aurore
- 100.64.0.0/10, # IPv4 adherents
- 138.231.175.203/32, # IPv4 PC Kfet
- 172.16.0.0/16, # IPv4 local
- 185.230.76.0/22, # IPv4 Crans
- 2a0c:700::/32, # IPv6 Crans
- 2a09:6840::/32, # IPv6 Aurore
site_name: Crans Wiki
superuser:
- u"Benjamin"
- u"DsAc"
- u"PeBecue"
- u"SolalNathan"
- u"VanilleNiven"
- u"WikiAeltheos"
- u"WikiBleizi"
- u"WikiGabo"
- u"WikiKorenstin"
- u"WikiLzebulon"
- u"WikiPigeonMoelleux"
- u"WikiPollion"
- u"WikiShirenn"
- u"Wiki20-100"
loc_nginx:
extra_params:
- "limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;"
service_name: wiki
ssl: []
servers:
@ -33,6 +78,7 @@ loc_nginx:
- filter: "/"
params:
- "limit_req zone=mylimit burst=100 nodelay"
- "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
- "include uwsgi_params"

4
hosts
View File

@ -41,6 +41,10 @@ reverseproxy
virtu
vsftpd_mirror
# Catégorie des VM de test/dev
[dev]
re2o-dev.crans.org
[dhcp:children]
routeurs_vm

2
plays/borgbackup_client.yml
View File

@ -2,7 +2,7 @@
---
- import_playbook: ssh_known_hosts.yml
- hosts: server,!apprentis.adm.crans.org
- hosts: server,!dev,!apprentis.adm.crans.org
vars:
borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
roles:

2
plays/restic_client.yml
View File

@ -1,7 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: server
- hosts: server,!dev
vars:
restic: "{{ glob_restic | default({}) | combine(loc_restic | default({}), recursive=true) }}"
roles:

15
roles/moinmoin/README.md
View File

@ -4,4 +4,17 @@ Installe et configure le wiki (avec hardcode)
## Variables
moinmoin.main: booléen
```yaml
moinmoin:
data_dir: dossier contenant les données
front_page: nom de la page d'accueil
interwikiname: nom
ip_autorised: liste de conditions que l'ip doit vérifier
mail:
from: email du wiki
server: adresse du serveur
main: booléen
new_account_ip: liste de range ip
site_name: nom du site
superuser: liste des noms wiki des superusers
```

55
roles/moinmoin/templates/moin/mywiki.py.j2
View File

@ -24,8 +24,8 @@ from MoinMoin import config
class Config(FarmConfig):
# basic options (you normally need to change these)
sitename = u'Crans Wiki'
interwikiname = 'CransWiki'
sitename = u'{{ moinmoin.site_name }}'
interwikiname = '{{ moinmoin.interwikiname }}'
# name of entry page / front page [Unicode], choose one of those:
@ -33,9 +33,9 @@ class Config(FarmConfig):
#page_front_page = u"MyStartingPage"
# b) if wiki content is maintained in many languages
page_front_page = u"PageAccueil"
page_front_page = u"{{ moinmoin.front_page }}"
data_dir = '/var/local/wiki/data'
data_dir = '{{ moinmoin.data_dir }}'
# From here every parameters was added by the Crans --
data_underlay_dir = '/var/local/wiki/underlay/'
@ -47,13 +47,13 @@ class Config(FarmConfig):
charset='utf-8'
# Mailing
mail_from = u"Crans Wiki <wiki@crans.org>"
mail_smarthost='smtp.adm.crans.org'
mail_from = u"{{ moinmoin.mail.from }}"
mail_smarthost='{{ moinmoin.mail.server }}'
# This is checked by some rather critical and potentially harmful actions,
# like despam or PackageInstaller action:
# WikiShirenn is a giant avocado https://youtu.be/UJeH8gcjuj0
superuser= [u"PeBecue", u"Wiki20-100", u"Benjamin", u"WikiPollion", u"WikiErdnaxe", u"WikiShirenn", u"WikiYnerant", u"DsAc", u"VanilleNiven", u"WikiAeltheos", u"WikiBleizi", u"SolalNathan"]
superuser= [{{ moinmoin.superuser | join(", ")}}]
# Custom logo
logo_string = u'<img src="/wiki/logo.svg" alt="Crans" height="60">'
@ -77,6 +77,12 @@ class Config(FarmConfig):
solenoid_userprefs = True
solenoid_theme_credit = False
page_credits = [
u'<a href="http://moinmo.in/" title="Ce site utilise le logiciel MoinMoin.">Propulsé par MoinMoin</a>',
u'<a href="/MentionsLégales" title="Voir les mentions légales.">Mentions légales</a>'
];
chart_options = {'width': 600, 'height': 300}
refresh = (0, 'external')
@ -99,9 +105,8 @@ class Config(FarmConfig):
# Barre de navigation
navi_bar = [
u"[[ModificationsRécentes|Modifications récentes]]",
u"[[RechercherUnePage|Rechercher]]",
u"[[RechercherUnePage|Recherche avancée]]",
u"[[SommaireDeL'Aide|Aide]]",
u"[[MentionsLégales|Mentions Légales]]"
]
# Lock
@ -134,7 +139,7 @@ class Config(FarmConfig):
# Import auth methods
import sys
sys.path.append('/var/local/wiki/data')
sys.path.append('{{ moinmoin.data_dir }}')
from plugin.auth import categorie_public, ip_range, cas, moin
# Si la methode d'authentification est trusted
@ -152,13 +157,9 @@ class Config(FarmConfig):
),
ip_range.IpRange(
local_nets=[
'185.230.76.0/22', # IPv4 Crans
'172.16.0.0/16', # IPv4 local
'100.64.0.0/10', # IPv4 adherents
'2a0c:700::/32', # IPv6 Crans
'45.66.108.0/22', # IPv4 Aurore
'2a09:6840::/32', # IPv6 Aurore
'138.231.175.203/32', # IPv4 PC Kfet
{% for ip_range in moinmoin.new_account_ip %}
'{{ ip_range }}',
{% endfor %}
],
actions=['newaccount'],
actions_msg={'newaccount':"La cr&eacute;ation de comptes n'est autoris&eacute;e que depuis le r&eacute;seau du Crans ou sur zamok."},
@ -172,19 +173,7 @@ class Config(FarmConfig):
def ip_autorised_create_account(self, ip):
{% if moinmoin.main %}
return ip.startswith('185.230.76.') \
or ip.startswith('185.230.77.') \
or ip.startswith('185.230.78.') \
or ip.startswith('185.230.79.') \
or ip.startswith('172.16.') \
or ip.startwith('138.231.') \
or ip.startwith('45.66.108.') \
or ip.startwith('45.66.109.') \
or ip.startwith('45.66.110.') \
or ip.startwith('45.66.111.') \
or ip.startswith('2a0c:700:') \
or ip.startswith('2a09:6840:') \
or ip.startswith("138.231.175.203")
return {{ moinmoin.ip_autorised | join(" \\\n or ")}}
{% else %}
return False
{% endif %}
@ -195,3 +184,9 @@ class Config(FarmConfig):
'newaccount', 'recoverpass'
]
{% endif %}
# up the cookie lifetime since we fixed ACL linked to cookies and people
# are gettings disconnected more often, default is (0,12), which means 12h
# for logged in users and disabled for anonymous.
cookie_lifetime = (0, 7*24)

3
roles/moinmoin/templates/uwsgi/apps-available/moinmoin.ini.j2
View File

@ -2,12 +2,13 @@
plugin = python
chdir = /usr/share/moin/server/
wsgi-file = /usr/share/moin/server/moin.wsgi
max-request = 50
max-request = 50
harakiri = 300
cheaper = 1
cheaper-initial = 1
die-on-term
workers = 5
processes = 5
reload-on-rss = 200M
evil-reload-on-rss = 300M
ksm = true

1
roles/nginx/tasks/main.yml
View File

@ -44,6 +44,7 @@
notify: Reload nginx
- name: Create log directories
when: reverseproxy is defined
file:
path: /var/log/nginx/{{ item.from }}
state: directory

4
roles/nginx/templates/nginx/sites-available/service.j2
View File

@ -7,6 +7,10 @@ map $http_upgrade $connection_upgrade {
'' close;
}
{% for param in nginx.extra_params %}
{{ param }}
{% endfor %}
{% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} {
# Path of the server