Retrait hardcode et mise à jour de la conf wiki, création du groupe dev

2024-12-27 19:31:50 +01:00 · 2024-12-27 19:31:50 +01:00 · 6d6e32a7dc
parent f51980f7b9
commit 6d6e32a7dc
10 changed files with 99 additions and 34 deletions
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@ -1,6 +1,7 @@
 ---
 glob_nginx:
  contact: contact@crans.org
  extra_params: []
  who: "L'équipe technique du Cr@ns"
  service_name: service
  ssl:
--- a/group_vars/wiki.yml
+++ b/group_vars/wiki.yml
@ -1,8 +1,53 @@
 ---
 glob_moinmoin:
  data_dir: /var/local/wiki/data
  front_page: PageAccueil
  interwikiname: CransWiki
  ip_autorised:
    - ip.startswith('185.230.76.') # IPv4 Crans
    - ip.startswith('185.230.77.')
    - ip.startswith('185.230.78.')
    - ip.startswith('185.230.79.')
    - ip.startswith('172.16.')     # IPv4 local
    - ip.startswith('138.231.')
    - ip.startswith('45.66.108.')  # IPv4 Aurore
    - ip.startswith('45.66.109.')
    - ip.startswith('45.66.110.')
    - ip.startswith('45.66.111.')
    - ip.startswith('2a0c:700:')   # IPv6 Crans
    - ip.startswith('2a09:6840:')  # IPv6 Aurore
  mail:
    from: Crans Wiki <wiki@crans.org>
    server: smtp.adm.crans.org
  main: false
  new_account_ip:
    - 45.66.108.0/22,     # IPv4 Aurore
    - 100.64.0.0/10,      # IPv4 adherents
    - 138.231.175.203/32, # IPv4 PC Kfet
    - 172.16.0.0/16,      # IPv4 local
    - 185.230.76.0/22,    # IPv4 Crans
    - 2a0c:700::/32,      # IPv6 Crans
    - 2a09:6840::/32,     # IPv6 Aurore
  site_name: Crans Wiki
  superuser:
    - u"Benjamin"
    - u"DsAc"
    - u"PeBecue"
    - u"SolalNathan"
    - u"VanilleNiven"
    - u"WikiAeltheos"
    - u"WikiBleizi"
    - u"WikiGabo"
    - u"WikiKorenstin"
    - u"WikiLzebulon"
    - u"WikiPigeonMoelleux"
    - u"WikiPollion"
    - u"WikiShirenn"
    - u"Wiki20-100"
 loc_nginx:
  extra_params:
    - "limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;"
  service_name: wiki
  ssl: []
  servers:
@ -33,6 +78,7 @@ loc_nginx:
        - filter: "/"
          params:
            - "limit_req zone=mylimit burst=100 nodelay"
            - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket"
            - "include uwsgi_params"
--- a/4
+++ b/4
@ -41,6 +41,10 @@ reverseproxy
 virtu
 vsftpd_mirror
 # Catégorie des VM de test/dev
 [dev]
 re2o-dev.crans.org
 [dhcp:children]
 routeurs_vm
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@ -2,7 +2,7 @@
 ---
 - import_playbook: ssh_known_hosts.yml
- hosts: server,!apprentis.adm.crans.org
+- hosts: server,!dev,!apprentis.adm.crans.org
  vars:
    borg: "{{ glob_borg | default({}) | combine(loc_borg | default({})) }}"
  roles:
--- a/plays/restic_client.yml
+++ b/plays/restic_client.yml
@ -1,7 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
- hosts: server
+- hosts: server,!dev
  vars:
    restic: "{{ glob_restic | default({}) | combine(loc_restic | default({}), recursive=true) }}"
  roles:
--- a/roles/moinmoin/README.md
+++ b/roles/moinmoin/README.md
@ -4,4 +4,17 @@ Installe et configure le wiki (avec hardcode)
 ## Variables
-moinmoin.main: booléen
+```yaml
 moinmoin:
  data_dir: dossier contenant les données
  front_page: nom de la page d'accueil
  interwikiname: nom
  ip_autorised: liste de conditions que l'ip doit vérifier
  mail:
    from: email du wiki
    server: adresse du serveur
  main: booléen
  new_account_ip: liste de range ip
  site_name: nom du site
  superuser: liste des noms wiki des superusers
 ```
--- a/roles/moinmoin/templates/moin/mywiki.py.j2
+++ b/roles/moinmoin/templates/moin/mywiki.py.j2
@ -24,8 +24,8 @@ from MoinMoin import config
 class Config(FarmConfig):
    # basic options (you normally need to change these)
-    sitename = u'Crans Wiki'
+    sitename = u'{{ moinmoin.site_name }}'
-    interwikiname = 'CransWiki'
+    interwikiname = '{{ moinmoin.interwikiname }}'
    # name of entry page / front page [Unicode], choose one of those:
@ -33,9 +33,9 @@ class Config(FarmConfig):
    #page_front_page = u"MyStartingPage"
    # b) if wiki content is maintained in many languages
-    page_front_page = u"PageAccueil"
+    page_front_page = u"{{ moinmoin.front_page }}"
-    data_dir = '/var/local/wiki/data'
+    data_dir = '{{ moinmoin.data_dir }}'
    # From here every parameters was added by the Crans --
    data_underlay_dir = '/var/local/wiki/underlay/'
@ -47,13 +47,13 @@ class Config(FarmConfig):
    charset='utf-8'
    # Mailing
-    mail_from = u"Crans Wiki <wiki@crans.org>"
+    mail_from = u"{{ moinmoin.mail.from }}"
-    mail_smarthost='smtp.adm.crans.org'
+    mail_smarthost='{{ moinmoin.mail.server }}'
    # This is checked by some rather critical and potentially harmful actions,
    # like despam or PackageInstaller action:
    # WikiShirenn is a giant avocado https://youtu.be/UJeH8gcjuj0
-    superuser= [u"PeBecue", u"Wiki20-100", u"Benjamin", u"WikiPollion", u"WikiErdnaxe", u"WikiShirenn", u"WikiYnerant", u"DsAc", u"VanilleNiven", u"WikiAeltheos", u"WikiBleizi", u"SolalNathan"]
+    superuser= [{{ moinmoin.superuser | join(", ")}}]
    # Custom logo
    logo_string = u'<img src="/wiki/logo.svg" alt="Crans" height="60">'
@ -77,6 +77,12 @@ class Config(FarmConfig):
    solenoid_userprefs = True
    solenoid_theme_credit = False
    page_credits = [
      u'<a href="http://moinmo.in/" title="Ce site utilise le logiciel MoinMoin.">Propulsé par MoinMoin</a>',
      u'<a href="/MentionsLégales" title="Voir les mentions légales.">Mentions légales</a>'
    ];
    chart_options = {'width': 600, 'height': 300}
    refresh = (0, 'external')
@ -99,9 +105,8 @@ class Config(FarmConfig):
    # Barre de navigation
    navi_bar = [
        u"[[ModificationsRécentes|Modifications récentes]]",
-        u"[[RechercherUnePage|Rechercher]]",
+        u"[[RechercherUnePage|Recherche avancée]]",
        u"[[SommaireDeL'Aide|Aide]]",
        u"[[MentionsLégales|Mentions Légales]]"
    ]
    # Lock
@ -134,7 +139,7 @@ class Config(FarmConfig):
    # Import auth methods
    import sys
-    sys.path.append('/var/local/wiki/data')
+    sys.path.append('{{ moinmoin.data_dir }}')
    from plugin.auth import categorie_public, ip_range, cas, moin
    # Si la methode d'authentification est trusted
@ -152,13 +157,9 @@ class Config(FarmConfig):
        ),
        ip_range.IpRange(
            local_nets=[
-                '185.230.76.0/22', # IPv4 Crans
+{% for ip_range in moinmoin.new_account_ip %}
-                '172.16.0.0/16',   # IPv4 local
+                '{{ ip_range }}',
-                '100.64.0.0/10',   # IPv4 adherents
+{% endfor %}
                '2a0c:700::/32',   # IPv6 Crans
                '45.66.108.0/22',  # IPv4 Aurore
                '2a09:6840::/32',  # IPv6 Aurore
                '138.231.175.203/32', # IPv4 PC Kfet
            ],
            actions=['newaccount'],
            actions_msg={'newaccount':"La cr&eacute;ation de comptes n'est autoris&eacute;e que depuis le r&eacute;seau du Crans ou sur zamok."},
@ -172,19 +173,7 @@ class Config(FarmConfig):
    def ip_autorised_create_account(self, ip):
 {% if moinmoin.main %}
-        return ip.startswith('185.230.76.') \
+        return {{ moinmoin.ip_autorised | join(" \\\n                or ")}}
                or ip.startswith('185.230.77.') \
                or ip.startswith('185.230.78.') \
                or ip.startswith('185.230.79.') \
                or ip.startswith('172.16.') \
                or ip.startwith('138.231.') \
                or ip.startwith('45.66.108.') \
                or ip.startwith('45.66.109.') \
                or ip.startwith('45.66.110.') \
                or ip.startwith('45.66.111.') \
                or ip.startswith('2a0c:700:') \
                or ip.startswith('2a09:6840:') \
                or ip.startswith("138.231.175.203")
 {% else %}
        return False
 {% endif %}
@ -195,3 +184,9 @@ class Config(FarmConfig):
        'newaccount', 'recoverpass'
    ]
 {% endif %}
    # up the cookie lifetime since we fixed ACL linked to cookies and people
    # are gettings disconnected more often, default is (0,12), which means 12h
    # for logged in users and disabled for anonymous.
    cookie_lifetime = (0, 7*24)
--- a/roles/moinmoin/templates/uwsgi/apps-available/moinmoin.ini.j2
+++ b/roles/moinmoin/templates/uwsgi/apps-available/moinmoin.ini.j2
@ -2,12 +2,13 @@
 plugin = python
 chdir = /usr/share/moin/server/
 wsgi-file = /usr/share/moin/server/moin.wsgi
-max-request = 50 
+max-request = 50
 harakiri = 300
 cheaper = 1
 cheaper-initial = 1
 die-on-term
 workers = 5
 processes = 5
 reload-on-rss = 200M
 evil-reload-on-rss = 300M
 ksm = true
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -44,6 +44,7 @@
  notify: Reload nginx
 - name: Create log directories
  when: reverseproxy is defined
  file:
    path: /var/log/nginx/{{ item.from }}
    state: directory
--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@ -7,6 +7,10 @@ map $http_upgrade $connection_upgrade {
    ''      close;
 }
 {% for param in nginx.extra_params %}
 {{ param }}
 {% endfor %}
 {% for upstream in nginx.upstreams -%}
 upstream {{ upstream.name }} {
    # Path of the server