fluxbb: Initial commit

roles/fluxbb/defaults/main.yml

+---
+fluxbb_domain: bbs.archlinux.org
+fluxbb_dir: /srv/http/fluxbb
+
+fluxbb_cookie_name: flux_cookie_eezohm0o
+fluxbb_cookie_seed: huathe3ooZuwieba
+fluxbb_funnyquestion_hash: aixuGahCh4eng3bu

roles/fluxbb/handlers/main.yml

+---
+- name: restart php-fpm@fluxbb
+  systemd: name=php-fpm@fluxbb.service state=restarted

roles/fluxbb/meta/main.yml

+---
+dependencies:
+  - { role: nginx, tags: ['nginx'] }
+  - { role: mariadb, tags: ['mariadb'] }
+  - { role: php-fpm, tags: ['php-fpm'] }

roles/fluxbb/tasks/main.yml

+---
+- name: create user
+  user: >
+    name=php-fluxbb home="{{ fluxbb_dir }}"
+    shell=/bin/false system=yes createhome=no
+
+- name: clone fluxbb
+  git:
+    repo: https://git.archlinux.org/vhosts/bbs.archlinux.org.git/
+    dest: {{ fluxbb_dir }}
+
+- name: fix home permissions
+  file: >
+    state=directory owner=php-fluxbb group=php-fluxbb recurse=yes
+    path="{{ fluxbb_dir }}"
+  changed_when: False
+
+- name: create mariadb database
+  mysql_db: name=forum state=present
+
+- name: create mariadb user
+  mysql_user: >
+    user=forum host=localhost password={{ mariadb_users.fluxbb }}
+    priv='fluxbb.*:ALL'
+
+- name: create nginx log directory
+  file: path=/var/log/nginx/forum owner=root group=root mode=0644
+
+- name: configure nginx
+  template: >
+    src=nginx.conf.j2 dest=/etc/nginx/nginx.d/fluxbb.conf
+    owner=root group=root mode=0644
+  notify: restart nginx
+
+- name: install python2-passlib
+  pacman: name=python2-passlib
+
+- name: create auth file
+  htpasswd: >
+    path=/etc/nginx/auth/forum
+    name={{ fluxbb_htpasswd.username }}
+    password={{ fluxbb_htpasswd.password }}
+    owner=root group=http mode=0640
+
+- name: install forum config
+  template: >
+    src=config.php.j2 dest={{ fluxbb_dir }}/config.php
+    owner=php-fluxbb group=php-fluxbb mode=400
+
+- name: configure php-fpm
+  template: >
+    src=php-fpm.conf.j2 dest=/etc/php/php-fpm.d/fluxbb.conf
+    owner=root group=root mode=0644
+  notify: restart php-fpm@fluxbb
+
+- name: start and enable systemd socket
+  service: name=php-fpm@fluxbb.socket state=running enabled=true

roles/fluxbb/templates/config.php.j2

+<?php
+
+$db_type = 'mysqli';
+$db_host = 'localhost';
+$db_name = 'fluxbb';
+$db_username = 'fluxbb';
+$db_password = '{{ mariadb_users.forum }}';
+$db_prefix = '';
+$p_connect = false;
+
+$cookie_name = '{{ fluxbb_cookie_name }}';
+$cookie_domain = '';
+$cookie_path = '/';
+$cookie_secure = 0;
+$cookie_seed = '{{ fluxbb_cookie_seed }}';
+
+$arch_home ='http://www.archlinux.org/';
+$arch_navbar = array('Home' => 'http://www.archlinux.org/',
+                      'Packages' => 'http://www.archlinux.org/packages/',
+                      'Forums' => 'https://bbs.archlinux.org/',
+                      'Wiki' => 'https://wiki.archlinux.org/',
+                      'Bugs' => 'https://bugs.archlinux.org/',
+                      'AUR' => 'https://aur.archlinux.org/',
+                      'Download' => 'http://www.archlinux.org/download/');
+$arch_navbar_selected = 'Forums';
+
+$funnyquestion_hash = '{{ fluxbb_funnyquestion_hash }}';
+foreach (array(1, 224, 256, 384, 512) as $hash) {
+        $funny_questions['What is the output of "date -u +%V$(uname)|sha'.$hash.'sum|sed \'s/\W//g\'"?'] = hash('sha'.$hash, gmdate('W').php_uname('s')."\n");
+}
+
+define('PUN', 1);

roles/fluxbb/templates/nginx.conf.j2

+server {
+    server_name  {{ fluxbb_domain }};
+
+    access_log   /var/log/nginx/{{ fluxbb_domain }}/access.log;
+    error_log    /var/log/nginx/{{ fluxbb_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://{{ fluxbb_domain }}$1 permanent;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name {{ fluxbb_domain }};
+    root {{ fluxbb_dir }};
+    index index.php;
+
+    access_log /var/log/nginx/{{ fluxbb_domain }}/access.log;
+    error_log /var/log/nginx/{{ fluxbb_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ fluxbb_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ fluxbb_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/chain.pem;
+
+    location ~ ^/(?:config|header|footer)\.php {
+        log_not_found off;
+        deny all;
+        return 403;
+    }
+
+    location ~ /(cache|include|lang|plugins) {
+        log_not_found off;
+        deny all;
+        return 403;
+    }
+
+    location ^~ /style/ {
+        expires 7d;
+        add_header Pragma public;
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    location ^~ /img/ {
+        expires 7d;
+        add_header Pragma public;
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    location ~ ^/(?:db_update|install)\.php {
+        auth_basic "Administration";
+        auth_basic_user_file auth/{{ fluxbb_domain }};
+        fastcgi_pass   unix:/run/php-fpm/fluxbb.socket;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        fastcgi_param  HTTPS            on;
+        include        fastcgi_params;
+    }
+
+    location ~ ^/[^/]+\.php$ {
+        fastcgi_pass   unix:/run/php-fpm/fluxbb.socket;
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        fastcgi_param  HTTPS            on;
+        include        fastcgi_params;
+    }
+}

roles/fluxbb/templates/php-fpm.conf.j2

+[global]
+error_log = syslog
+daemonize = no
+
+[phpinfo]
+listen = /run/php-fpm/fluxbb.socket
+listen.owner = php-fluxbb
+listen.group = http
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 2
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 2
+
+php_admin_value[open_basedir] = {{ fluxbb_dir }}
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 200
+php_admin_value[opcache.revalidate_freq] = 60
+php_admin_value[opcache.fast_shutdown] = 1