Commit 0a28c8b1 authored by Bartłomiej Piotrowski's avatar Bartłomiej Piotrowski Committed by Jelle van der Waa
Browse files

fluxbb: Initial commit

parent fd2b6c6a
---
fluxbb_domain: bbs.archlinux.org
fluxbb_dir: /srv/http/fluxbb
fluxbb_cookie_name: flux_cookie_eezohm0o
fluxbb_cookie_seed: huathe3ooZuwieba
fluxbb_funnyquestion_hash: aixuGahCh4eng3bu
---
- name: restart php-fpm@fluxbb
systemd: name=php-fpm@fluxbb.service state=restarted
---
dependencies:
- { role: nginx, tags: ['nginx'] }
- { role: mariadb, tags: ['mariadb'] }
- { role: php-fpm, tags: ['php-fpm'] }
---
- name: create user
user: >
name=php-fluxbb home="{{ fluxbb_dir }}"
shell=/bin/false system=yes createhome=no
- name: clone fluxbb
git:
repo: https://git.archlinux.org/vhosts/bbs.archlinux.org.git/
dest: {{ fluxbb_dir }}
- name: fix home permissions
file: >
state=directory owner=php-fluxbb group=php-fluxbb recurse=yes
path="{{ fluxbb_dir }}"
changed_when: False
- name: create mariadb database
mysql_db: name=forum state=present
- name: create mariadb user
mysql_user: >
user=forum host=localhost password={{ mariadb_users.fluxbb }}
priv='fluxbb.*:ALL'
- name: create nginx log directory
file: path=/var/log/nginx/forum owner=root group=root mode=0644
- name: configure nginx
template: >
src=nginx.conf.j2 dest=/etc/nginx/nginx.d/fluxbb.conf
owner=root group=root mode=0644
notify: restart nginx
- name: install python2-passlib
pacman: name=python2-passlib
- name: create auth file
htpasswd: >
path=/etc/nginx/auth/forum
name={{ fluxbb_htpasswd.username }}
password={{ fluxbb_htpasswd.password }}
owner=root group=http mode=0640
- name: install forum config
template: >
src=config.php.j2 dest={{ fluxbb_dir }}/config.php
owner=php-fluxbb group=php-fluxbb mode=400
- name: configure php-fpm
template: >
src=php-fpm.conf.j2 dest=/etc/php/php-fpm.d/fluxbb.conf
owner=root group=root mode=0644
notify: restart php-fpm@fluxbb
- name: start and enable systemd socket
service: name=php-fpm@fluxbb.socket state=running enabled=true
<?php
$db_type = 'mysqli';
$db_host = 'localhost';
$db_name = 'fluxbb';
$db_username = 'fluxbb';
$db_password = '{{ mariadb_users.forum }}';
$db_prefix = '';
$p_connect = false;
$cookie_name = '{{ fluxbb_cookie_name }}';
$cookie_domain = '';
$cookie_path = '/';
$cookie_secure = 0;
$cookie_seed = '{{ fluxbb_cookie_seed }}';
$arch_home ='http://www.archlinux.org/';
$arch_navbar = array('Home' => 'http://www.archlinux.org/',
'Packages' => 'http://www.archlinux.org/packages/',
'Forums' => 'https://bbs.archlinux.org/',
'Wiki' => 'https://wiki.archlinux.org/',
'Bugs' => 'https://bugs.archlinux.org/',
'AUR' => 'https://aur.archlinux.org/',
'Download' => 'http://www.archlinux.org/download/');
$arch_navbar_selected = 'Forums';
$funnyquestion_hash = '{{ fluxbb_funnyquestion_hash }}';
foreach (array(1, 224, 256, 384, 512) as $hash) {
$funny_questions['What is the output of "date -u +%V$(uname)|sha'.$hash.'sum|sed \'s/\W//g\'"?'] = hash('sha'.$hash, gmdate('W').php_uname('s')."\n");
}
define('PUN', 1);
server {
server_name {{ fluxbb_domain }};
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log;
error_log /var/log/nginx/{{ fluxbb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://{{ fluxbb_domain }}$1 permanent;
}
}
server {
listen 443 ssl http2;
server_name {{ fluxbb_domain }};
root {{ fluxbb_dir }};
index index.php;
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log;
error_log /var/log/nginx/{{ fluxbb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fluxbb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/chain.pem;
location ~ ^/(?:config|header|footer)\.php {
log_not_found off;
deny all;
return 403;
}
location ~ /(cache|include|lang|plugins) {
log_not_found off;
deny all;
return 403;
}
location ^~ /style/ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ^~ /img/ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ~ ^/(?:db_update|install)\.php {
auth_basic "Administration";
auth_basic_user_file auth/{{ fluxbb_domain }};
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ ^/[^/]+\.php$ {
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
[global]
error_log = syslog
daemonize = no
[phpinfo]
listen = /run/php-fpm/fluxbb.socket
listen.owner = php-fluxbb
listen.group = http
listen.mode = 0660
pm = dynamic
pm.max_children = 2
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
php_admin_value[open_basedir] = {{ fluxbb_dir }}
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.interned_strings_buffer] = 8
php_admin_value[opcache.max_accelerated_files] = 200
php_admin_value[opcache.revalidate_freq] = 60
php_admin_value[opcache.fast_shutdown] = 1
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment