equalitie · graphiclunarkid · Mar 14, 2016 · Aug 11, 2016 · Sep 8, 2016 · Sep 28, 2016
diff --git a/doc/role-doc/wordpress.md b/doc/role-doc/wordpress.md
@@ -44,19 +44,33 @@ Fill this information and click the "Install Wordpress" button.
 Wordpress will create its database tables and then let you sign in with the
 username and password you just entered.
 
+## Changing the location from which wordpress is served
+
+By default, Caislean serves wordpress from a subdirectory of the website for
+your server, which is installed by the `nginx` role. This can be changed using
+the optional parameters described below. The possibilities are:
+
+- `https://server_name.domain_name/wordpress/` <- default
+- `https://server_name.domain_name/wordpress_subdirectory/`
+- `https://server_name.domain_name/`
+- `https://wordpress_domain_name/wordpress`
+- `https://wordpress_domain_name/wordpress_subdirectory`
+- `https://wordpress_domain_name/`
+
+See the section on optional parameters for an explanation of the variables in
+the examples above and how they interrelate.
+
 ## Allowing LDAP users into Wordpress
 
-If you wish to allow the LDAP users to log into Wordpress, you can use the
-[wpDirAuth](https://wordpress.org/plugins/wpdirauth/) plugin. This requires the
-php5-ldap package to be installed, which you can specify by setting the
-optional `wordpress_ldap_auth` parameter. To configure Wordpress to use LDAP
-authentication:
-
-- move into the Plugin section and click "Add new"
-- search for _wpDirAuth_ and click "Install now"
-- once the plugin is installed, go to the "Directory Auth." submenu in the
-  Settings menu
-- configure the plugin as follows:
+If you wish to allow the LDAP users to log into Wordpress, you must install the
+php5-ldap package for the OS, and the
+[wpDirAuth](https://wordpress.org/plugins/wpdirauth/) plugin for wordpress. You
+can install both by setting the optional `wordpress_ldap_auth` parameter. To
+configure Wordpress to use LDAP authentication:
+
+- Move into the Plugin section and click "activate" for the wpDirAuth plugin.
+- Go to the "Directory Auth." submenu in the Settings menu
+- Configure the plugin as follows:
     - select "Yes" to "Enable Directory Authentication"
     - select "Yes" to "Automatically Register Authenticated Users"
     - input `localhost` in "Directory Servers"
@@ -98,9 +112,71 @@ Password for the `wordpress` MySQL user used by Wordpress.
 
 ## Optional parameters
 
+### `wordpress_subdirectory`
+
+Tells Caislean whether to configure wordpress for installation in the document
+root of its domain or as a subdirectory. This is the difference between the
+wordpress blog appearing at `https://server_name.domain_name` (document root)
+and `https://server_name.domain_name/wordpress/` (subdirectory = `wordpress`).
+
+Default value: `true`. Set to `false` to serve from the document root.
+
+### `wordpress_install_path`
+
+Tells Caislean where to install wordpress.
+
+Default value: `wordpress` (suitable for a subdirectory installation - see the
+`wordpress_subdirectory` parameter.
+
+With `wordpress_subdirectory = true`, set this optional parameter to some other
+string to have that be the subdirectory from which wordpress is served. For
+example setting `wordpress_install_path = blog` will cause wordpress to be
+served from `https://server_name.domain_name/blog`
+
+With `wordpress_subdirectory = false`, this parameter should be set to match
+the `wordpress_domain_name` parameter. This can be done with
+`wordpress_subdirectory = "{{ wordpress_domain_name }}"`.
+
+### `wordpress_domain_name`
+
+Tells Caislean the domain name from which wordpress will be served.
+
+Default value: `"{{ server_name }}.{{ domain_name }}"`.
+
+Changing this value will install a new nginx virtual server for the specified
+domain. You should ensure this domain name resolves to your server.  You should
+also adjust the `tls` role, and the `letsencrypt` role if in use, to include
+this domain in your TLS certificates.
+
 ### `wordpress_ldap_auth`
 
-Tells Caislean whether to install the php5-ldap package, which is required for
-Wordpress authentication against LDAP to work.
+Tells Caislean whether to install the php5-ldap package and wpDirAuth wordpress
+plugin, which ae required for Wordpress authentication against LDAP to work.
+LDAP authentication depends on the `ldap` role.
+
+Default value: `false`. Set to `true` to enable this option.
+
+### `wordpress_network`
+
+Tells Caislean to enable the installation of wordpress as a network.  See the
+[wordpress documentation](http://codex.wordpress.org/Create_A_Network) for more
+information. Specifically, enabling this option will complete step 2, "Allow
+Multisite". Further manual configuration must be completed by following the
+rest of the instructions on that page.
+
+Setting this option also installs the [wordpress domain-mapping
+plugin](https://wordpress.org/plugins/wordpress-mu-domain-mapping/), however
+this will not be available until the following line is added to the
+`wp-config.php` file, which can be found in the `wordpress_install_path`
+directory.
+
+`define( 'SUNRISE', 'on' );`
+
+This line must be added above the following comment in that file:
+
+`/* That's all, stop editing! Happy blogging. */`
+
+More information can be found in the [plugin installation
+instructions](https://wordpress.org/plugins/wordpress-mu-domain-mapping/installation/).
 
 Default value: `false`. Set to `true` to enable this option.
diff --git a/roles/wordpress/defaults/main.yml b/roles/wordpress/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+
+wordpress_subdirectory: true
+wordpress_install_path: wordpress
+wordpress_domain_name: "{{ server_name }}.{{ domain_name }}"
+wordpress_network: false
+wordpress_ldap_auth: false
diff --git a/roles/wordpress/handlers/main.yml b/roles/wordpress/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart php5-fpm
+  service: name=php5-fpm state=restarted
+
+- name: restart nginx
+  service: name=nginx state=restarted
diff --git a/roles/wordpress/tasks/install-wordpress.yml b/roles/wordpress/tasks/install-wordpress.yml
@@ -0,0 +1,98 @@
+- name: Download Wordpress
+  get_url:
+    url: https://wordpress.org/wordpress-4.4.2.tar.gz
+    dest: /root/wordpress-4.4.2.tar.gz
+    sha256sum: c8a74c0f7cfc0d19989d235759e70cebd90f42aa0513bd9bc344230b0f79e08b
+  tags: wordpress
+
+- name: Extract Wordpress archive
+  unarchive:
+    copy: no
+    src: /root/wordpress-4.4.2.tar.gz
+    dest: /root/
+    creates: /root/wordpress
+    owner: wordpress
+    group: wordpress
+  tags: wordpress
+
+- name: Remove useless Wordpress files
+  file:
+    path: "/root/wordpress/{{item}}"
+    state: absent
+  with_items:
+    - readme.html
+    - license.txt
+  tags: wordpress
+
+- name: Install wp-keys.php
+  template:
+    src: wp-keys.php.j2
+    dest: /root/wordpress/wp-keys.php
+    owner: wordpress
+    group: wordpress
+    mode: 0640
+    force: no
+  tags: wordpress
+
+- name: Install wp-config.php
+  template:
+    src: wp-config.php.j2
+    dest: /root/wordpress/wp-config.php
+    owner: wordpress
+    group: wordpress
+    mode: 0640
+  tags: wordpress
+
+- name: Configure wordpress in network mode
+  include: wordpress-network.yml
+  when: "{{ wordpress_network }} == true"
+
+- name: Configure wordpress to use LDAP authentication
+  include: wordpress-ldap.yml
+  when: "{{ wordpress_ldap_auth }} == true"
+
+- name: Ensure correct ownership of Wordpress files
+  file:
+    path: /root/wordpress
+    state: directory
+    owner: wordpress
+    group: wordpress
+    recurse: yes
+  tags: wordpress
+
+- name: Ensure writeability of plugin and theme directories
+  file:
+    path: "/root/wordpress/wp-content"
+    state: directory
+    mode: 'u=rwX,g=rX,o=rX'
+    recurse: yes
+  tags: wordpress
+
+- name: Move wordpress to subdirectory of /var/www/
+  command: "mv /root/wordpress /var/www/{{ wordpress_install_path }}"
+  args:
+    creates: "/var/www/{{ wordpress_install_path }}"
+  when: "{{ wordpress_subdirectory }} == true"
+  tags: wordpress
+
+- block:
+
+  - name: Ensure document root exists & is owned by wordpress user
+    file:
+      path: "/var/www/{{ wordpress_domain_name }}"
+      state: directory
+      group: wordpress
+      owner: wordpress
+      mode: 0755
+      recurse: no
+
+  - name: Move wordpress files inside document root
+    shell: mv /root/wordpress/* /var/www/{{ wordpress_domain_name }} creates=/var/www/{{ wordpress_domain_name }}/wp-keys.php
+
+  - name: Remove wordpress 'build' directory
+    file:
+      path: /root/wordpress
+      state: absent
+
+  when: "{{ wordpress_subdirectory }} == false"
+  tags: wordpress
diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml
@@ -1,86 +1,73 @@
-- name: Install php5-ldap (for WP auth using openldap)
-  apt: pkg=php5-ldap state=installed
-  when: "{{ wordpress_ldap_auth | default(false) }} == true"
-  tags:
-    - wordpress
-
-- name: Download Wordpress
-  get_url: url=https://wordpress.org/wordpress-4.2.2.tar.gz dest=/root/wordpress-4.2.2.tar.gz sha256sum=3c4e2cc3af289366ff5352e35c3f80fca2dcaed3d56a79f33b25374c356c3f90
-  tags:
-    - wordpress
-
 - name: Create wordpress group
   group: name=wordpress state=present
-  tags:
-    - wordpress
+  tags: wordpress
 
 - name: Create wordpress user
-  user: name=wordpress group=wordpress state=present shell="/bin/false" home=/var/www/wordpress createhome=no
-  tags:
-    - wordpress
-
-- name: Extract Wordpress archive
-  unarchive: copy=no src=/root/wordpress-4.2.2.tar.gz dest=/var/www/ creates=/var/www/wordpress owner=wordpress group=wordpress
-  tags:
-    - wordpress
-
-- name: Remove useless files in /var/www/wordpress
-  file: path=/var/www/wordpress/{{item}} state=absent
-  with_items:
-    - readme.html
-    - license.txt
-  tags:
-    - wordpress
+  user:
+    name: wordpress
+    group: wordpress
+    state: present
+    shell: "/bin/false"
+    home: /var/www/wordpress
+    createhome: no
+  tags: wordpress
 
-- name: Ensure correct ownership in /var/www/wordpress
-  file: path=/var/www/wordpress state=directory owner=wordpress group=wordpress recurse=yes
-  tags:
-    - wordpress 
-
-- name: Ensure writability of some Wordpress subdirectories
-  file: path=/var/www/wordpress/{{item}} state=directory owner=wordpress group=wordpress mode=0775
-  with_items:
-    - wp-content
-    - wp-content/themes
-  tags:
-    - wordpress
+- name: Install wordpress
+  include: install-wordpress.yml
+  tags: wordpress
 
 - name: Create wordpress database
-  mysql_db: login_user=root login_password={{ mysql_root_password }} name=wordpress state=present
-  tags:
-    - wordpress
+  mysql_db:
+    login_user: root
+    login_password: "{{ mysql_root_password }}"
+    name: wordpress
+    state: present
+  tags: wordpress
 
 - name: Create wordpress MySQL user and grant access to database
-  mysql_user: login_user=root login_password={{ mysql_root_password }} name=wordpress state=present password={{ wordpress_mysql_password }} priv=wordpress.*:ALL
-  tags:
-    - wordpress
-
-- name: Install wp-keys.php
-  template: src=wp-keys.php.j2 dest=/var/www/wordpress/wp-keys.php owner=wordpress group=wordpress mode=0640 force=no
-  tags:
-    - wordpress
-
-- name: Install wp-config.php
-  template: src=wp-config.php.j2 dest=/var/www/wordpress/wp-config.php owner=wordpress group=wordpress mode=0640
-  tags:
-    - wordpress
+  mysql_user:
+    login_user: root
+    login_password: "{{ mysql_root_password }}"
+    name: wordpress
+    state: present
+    password: "{{ wordpress_mysql_password }}"
+    priv: wordpress.*:ALL
+  tags: wordpress
 
 - name: Install php-fpm Wordpress configuration file
-  copy: src=etc/php5/fpm/pool.d/wordpress.conf dest=/etc/php5/fpm/pool.d/wordpress.conf owner=root group=root mode=0644
+  template:
+    src: php5-fpm-wordpress.conf.j2
+    dest: /etc/php5/fpm/pool.d/wordpress.conf
+    owner: root
+    group: root
+    mode: 0644
+  tags: wordpress
   notify:
     - restart php5-fpm
-  tags:
-    - wordpress
 
 - name: Create PHP session directory for wordpress
-  file: path=/var/lib/phpsession/wordpress state=directory owner=wordpress group=wordpress mode=0700 recurse=no
-  tags:
-    - wordpress
+  file:
+    path: /var/lib/phpsession/wordpress
+    state: directory
+    owner: wordpress
+    group: wordpress
+    mode: 0700
+    recurse: no
+  tags: wordpress
 
-- name: Install nginx configuration part for wordpress
-  template: src=nginx-wordpress.inc.j2 dest=/etc/nginx/includes/{{ server_name }}.{{ domain_name}}/wordpress owner=root group=root mode=0644
+- name: Install nginx config part for wordpress installed in a subdirectory
+  template:
+    src: nginx-wordpress-subdirectory.inc.j2
+    dest: "/etc/nginx/includes/{{ wordpress_domain_name }}/wordpress"
+    owner: root
+    group: root
+    mode: 0644
+  when: "{{ wordpress_subdirectory }} == true"
+  tags: wordpress
   notify:
     - restart nginx
-  tags:
-    - wordpress
 
+- name: Install nginx config for wordpress installed in the document root
+  include: wordpress-in-document-root.yml
+  when: "{{ wordpress_subdirectory }} == false"
+  tags: wordpress