Made the wiki work....

roles/service-wiki/defaults/main.yml

@@ -5,4 +5,7 @@ gitit_data_dir: /srv/gitit
 gitit_user: gitit
 gitit_group: gitit
 gitit_wiki_title: Freifunk-Dortmund-Wiki
-gitit_wiki_repo: ""
+gitit_wiki_repo: "gogs@git.ffdo.de:ffdo/wiki.git"
+gitit_port: 55001
+
+wiki_domain: wiki.ffdo.de

roles/service-wiki/tasks/main.yml

@@ -11,6 +11,22 @@
     home: "{{gitit_data_dir}}"
     group: "{{gitit_group}}"
 
+- name: Ensure gitit ssh dir exists
+  file:
+    dest: "{{ gitit_data_dir }}/.ssh"
+    state: directory
+    mode: 0700
+    owner: "{{ gitit_user }}"
+    group: "{{ gitit_group }}"
+
+- name: Ensure gitit ssh key is up to date
+  copy:
+    content: "{{ wiki_git_private_key }}"
+    dest: "{{ gitit_data_dir }}/.ssh/id_rsa"
+    mode: 0600
+    owner: "{{ gitit_user }}"
+    group: "{{ gitit_group }}"
+
 - name: Ensure prerequisites for gitit are instaled
   apt: name={{item}} state=present update_cache=yes cache_valid_time=3600
   with_items:
@@ -58,13 +74,20 @@
     state: directory
     owner: "{{gitit_user}}"
 
-#- name: Clone wiki repo
-#  git:
-#    src: "{{gitit_wiki_repo}}"
-#    dest: "{{gitit_data_dir}}/wikidata"
+- name: Clone wiki repo
+  git:
+    repo: "{{gitit_wiki_repo}}"
+    dest: "{{gitit_data_dir}}/wikidata"
+    key_file: "{{ gitit_data_dir }}/.ssh/id_rsa"
+    accept_hostkey: yes
 
 # TODO restore user data
 
+- name: Let acmetool generate a key and a certificate
+  become: yes
+  shell: /usr/bin/acmetool want --batch {{ wiki_domain }}
+  notify: Restart nginx
+
 - name: Install nginx configs
   template:
     src: "nginx.j2"

roles/service-wiki/templates/nginx.j2

@@ -1,29 +1,24 @@
 server {
-  listen 80;
-  listen [::]:80;
+  listen          443 ssl http2;
+  listen          [::]:443 ssl http2;
+  server_name     {{ wiki_domain }};
 
+  include /etc/nginx/ssl.conf;
 
-  # ssl
-  listen 443 ssl;
-        listen [::]:443 ssl;
-  ssl_certificate {{mapserver_ssl_cert_path}};
-  ssl_certificate_key {{mapserver_ssl_key_path}};
-  ssl_dhparam /etc/nginx/dhparams.pem;
+  ssl_certificate /var/lib/acme/live/{{ wiki_domain }}/fullchain;
+  ssl_certificate_key /var/lib/acme/live/{{ wiki_domain }}/privkey;
 
-  server_name wiki.ffdo.de;
-  root /var/www;
-  index index.html;
+  access_log off;
 
-  if ($scheme = http){
-                rewrite ^ https://wiki.ffdo.de$request_uri? permanent;
-        }
   location / {
-    proxy_pass        http://127.0.0.1:55001/;
-          proxy_set_header  X-Real-IP  $remote_addr;
-          proxy_redirect off;
-  }
-  location /_NOWIKI {
-    deny all;
+    proxy_http_version      1.1;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+
+    proxy_pass              http://localhost:{{ gitit_port }};
+    proxy_redirect          off;
   }
 
 }

roles/service-wiki/templates/systemd.j2

@@ -5,6 +5,7 @@ Description=gitit
 Environment=LANG=de_DE.UTF-8
 Environment=LC_ALL=de_DE.UTF-8
 Environment=LC_LANG=de_DE.UTF-8
+WorkingDirectory={{ gitit_data_dir }}
 ExecStart=/usr/bin/gitit -f {{gitit_data_dir}}/gitit.conf -l 127.0.0.1
 Restart=on-failure
 User={{gitit_user}}