[hosts]
-nest
+nest1.gemeinwohl-gesellschaft.de
+#nest
[hosts:vars]
ansible_python_interpreter=/usr/bin/python3
ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
--- /dev/null
+---
+
+- hosts: all
+ vars:
+ hostname: "nest"
+ tasks:
+ - name: Prepare /media/trg directory
+ file: path=/media/trg state=directory
+ - name: Prepare /media/tmp directory
+ file: path=/media/trg state=directory
+ - name: Prepare /media/fs.cave directory
+ file: path=/media/fs.cave state=directory
+ - name: Prepare /media/fs.sys directory
+ file: path=/media/fs.sys state=directory
+ - name: Prepare /usr/local/bin directory
+ file: path=/usr/local/bin state=directory
+ - name: Prepare /usr/local/bin/local directory
+ file: path=/usr/local/bin/local state=directory
+ - name: Prepare /usr/share/pyrshell directory
+ file: path=/usr/share/pyrshell state=directory
+ - name: Symbolic link to local directory
+ file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link
+ - name: Unpack a tar into /usr/local/bin/local
+ unarchive: src=../resources/needed.tgz dest=/usr/local/bin
+ - name: Symbolic link to /p
+ file: src=/usr/local/bin/std.profile dest=/p state=link
+ - name: Unpack a tar into /usr/share/pyrshell
+ unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell
+ - name: Create user bupsrv
+ user: name=bupsrv state=present uid=201
+ - name: Create user bupsupply
+ user: name=bupsupply state=present uid=202
+ - name: Create user bupwiki
+ user: name=bupwiki state=present uid=203
+ - name: Create user buptmp
+ user: name=buptmp state=present uid=204
+ - name: Create user extdata
+ user: name=extdata state=present uid=211
+ - name: Create user extcloud
+ user: name=extcloud state=present uid=212
+ - name: Create user extbup
+ user: name=extbup state=present uid=213
+
\ No newline at end of file
+++ /dev/null
----
-
-- hosts: all
- vars:
- hostname: "nest"
- tasks:
- - name: Prepare /media/trg directory
- file: path=/media/trg state=directory
- - name: Prepare /media/tmp directory
- file: path=/media/trg state=directory
- - name: Prepare /media/fs.cave directory
- file: path=/media/fs.cave state=directory
- - name: Prepare /media/fs.sys directory
- file: path=/media/fs.sys state=directory
- - name: Prepare /usr/local/bin directory
- file: path=/usr/local/bin state=directory
- - name: Prepare /usr/local/bin/local directory
- file: path=/usr/local/bin/local state=directory
- - name: Prepare /usr/share/pyrshell directory
- file: path=/usr/share/pyrshell state=directory
- - name: Symbolic link to local directory
- file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link
- - name: Unpack a tar into /usr/local/bin/local
- unarchive: src=../resources/needed.tgz dest=/usr/local/bin
- - name: Symbolic link to /p
- file: src=/usr/local/bin/std.profile dest=/p state=link
- - name: Unpack a tar into /usr/share/pyrshell
- unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell
- - name: Create user bupsrv
- user: name=bupsrv state=present uid=201
- - name: Create user bupsupply
- user: name=bupsupply state=present uid=202
- - name: Create user bupwiki
- user: name=bupwiki state=present uid=203
- - name: Create user buptmp
- user: name=buptmp state=present uid=204
- - name: Create user extdata
- user: name=extdata state=present uid=211
- - name: Create user extcloud
- user: name=extcloud state=present uid=212
- - name: Create user extbup
- user: name=extbup state=present uid=213
-
\ No newline at end of file
--- /dev/null
+---
+- name: Install and configure with letsencrypt
+ hosts: all
+ become: yes
+
+ vars:
+ user: www-data
+ hostname: "{{ inventory_hostname }}"
+ log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}"
+ vars_files:
+ - var/ssl-certificate.yaml
+ tasks:
+ - name: Install nginx
+ apt:
+ name: nginx
+ state: latest
+ update_cache: yes
+ - name: Prepare letsencrypt home directory
+ file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory
+ - name: Add test file1
+ copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/
+ - name: Add test file2
+ copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt
+ - name: Prepare letsencrypt
+ copy:
+ src: ../templates/nginx/letsencrypt.conf
+ dest: /etc/nginx/snippets
+ - name: add HTTP-variables
+ copy:
+ src: ../templates/nginx/http.conf
+ dest: /etc/nginx/snippets
+ - name: create a www directory
+ file: path=/home/www state=directory owner=root group=www-data
+
+ - name: create the /srv/www link
+ file: src=/home/www dest=/srv/www state=link
+ - name: Ensure nginx is running
+ systemd:
+ name: nginx
+ state: started
+ enabled: yes
+ - name: create a test virtual hosts
+ template:
+ src: ../templates/nginx/test.site
+ dest: /etc/nginx/sites-available/{{hostname}}
+ - name: activate by link in sites-enabled
+ file:
+ src: /etc/nginx/sites-available/{{hostname}}
+ dest: /etc/nginx/sites-enabled/{{hostname}}
+ state: link
+ - name: create a ssh-certificate
+ command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/{{hostname}}.key -out /etc/ssl/certs/{{hostname}}.pem -subj "/C={{SSL_COUNTRY}}/ST={{SSL_STATE}}/L={{SSL_LOCALITY}}/O={{SSL_ORGANIZATION}}/CN={{hostname}}"
+ args:
+ creates: /etc/ssl/private/{{hostname}}.key
+ - name: create a document root
+ file: dest=/srv/www/{{hostname}} state=directory owner=www-data group=www-data
+ - name: create a test index.html
+ template: src=../templates/nginx/index.html dest=/srv/www/{{hostname}}/index.html
+ - name: create a test index.php
+ copy: src=../templates/nginx/index.php dest=/srv/www/{{hostname}}/index.php
+
+++ /dev/null
----
-- name: Install and configure with letsencrypt
- hosts: all
- become: yes
-
- vars:
- user: www-data
-
- tasks:
- - name: Install nginx
- apt:
- name: nginx
- state: latest
- update_cache: yes
- - name: Prepare letsencrypt home directory
- file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory
- - name: Add test file1
- copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/
- - name: Add test file2
- copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt
- - name: Prepare letsencrypt
- copy:
- src: ../templates/nginx/letsencrypt.conf
- dest: /etc/nginx/snippets
- - name: add HTTP-variables
- copy:
- src: ../templates/nginx/http.conf
- dest: /etc/nginx/snippets
- - name: create a www directory
- file: path=/home/www state=directory owner=root group=www-data
-
- - name: create the /srv/www link
- file: src=/home/www dest=/srv/www state=link
- - name: Ensure nginx is running
- systemd:
- name: nginx
- state: started
- enabled: yes
-
--- /dev/null
+- hosts: all
+ vars:
+ - PHP_VERS: "8.3"
+
+ tasks:
+ - name: Install mariadb
+ ansible.builtin.apt:
+ name:
+ - mariadb-server
+ state: latest
+ update_cache: yes
+ - name: Ensure mariadb is running
+ ansible.builtin.systemd:
+ name: mysqld
+ state: started
+ enabled: yes
\ No newline at end of file
+++ /dev/null
-- hosts: all
- vars:
- - PHP_VERS: "8.3"
-
- tasks:
- - name: Install mariadb
- ansible.builtin.apt:
- name:
- - mariadb-server
- state: latest
- update_cache: yes
- - name: Ensure mariadb is running
- ansible.builtin.systemd:
- name: mysqld
- state: started
- enabled: yes
\ No newline at end of file
--- /dev/null
+- hosts: all
+ vars:
+ - PHP_VERS: "8.2"
+ vars_files:
+ - var/php.yaml
+ pre_tasks:
+ - name:
+ apt:
+ name: gpg
+ state: present
+ update_cache: true
+ - name: add packages.sury.org (Debian case)
+ block:
+ - name: add gpg repo key
+ apt_key:
+ url: 'https://packages.sury.org/php/apt.gpg'
+ state: present
+
+ - name: add apt repo
+ apt_repository:
+ repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main'
+ state: present
+ filename: php
+ when: ansible_distribution == 'Debian'
+ tasks:
+ - name: Install PHP {{PHP_VERS}} and common modules
+ ansible.builtin.apt:
+ name: "{{ item }}"
+ state: present
+ update_cache: true
+ cache_valid_time: 3600
+ with_items: "{{ php_packages + php_additional_packages }}"
+ - name: Define PHP variables in php.ini
+ ansible.builtin.ini_file:
+ dest: /etc/php/{{PHP_VERS}}/fpm/php.ini
+ section: "{{ item.section }}"
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ with_items:
+ "{{ php_ini_settings }}"
+ - name: Ensure PHP-FPM is running
+ ansible.builtin.systemd:
+ name: php{{PHP_VERS}}-fpm
+ state: started
+ enabled: yes
+ - name: Ensure Redis is running
+ ansible.builtin.systemd:
+ name: redis-server
+ state: started
+ enabled: yes
\ No newline at end of file
+++ /dev/null
-- hosts: all
- vars:
- - PHP_VERS: "8.3"
-
- pre_tasks:
- - name: add packages.sury.org (Debian case)
- block:
- - name: add gpg repo key
- apt_key:
- url: 'https://packages.sury.org/php/apt.gpg'
- state: present
-
- - name: add apt repo
- apt_repository:
- repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main'
- state: present
- filename: php
- when: ansible_distribution == 'Debian'
- tasks:
- - name: Install PHP 8.3 and common modules
- ansible.builtin.apt:
- name:
- - php{{PHP_VERS}}
- - php{{PHP_VERS}}-cli
- - php{{PHP_VERS}}-common
- - php{{PHP_VERS}}-curl
- - php{{PHP_VERS}}-fpm
- - php{{PHP_VERS}}-gd
- - php{{PHP_VERS}}-igbinary
- - php{{PHP_VERS}}-imagick
- - php{{PHP_VERS}}-imap
- - php{{PHP_VERS}}-intl
- - php{{PHP_VERS}}-mbstring
- - php{{PHP_VERS}}-memcached
- - php{{PHP_VERS}}-msgpack
- - php{{PHP_VERS}}-mysql
- - php{{PHP_VERS}}-opcache
- - php{{PHP_VERS}}-phpdbg
- - php{{PHP_VERS}}-readline
- - php{{PHP_VERS}}-redis
- - php{{PHP_VERS}}-xdebug
- - php{{PHP_VERS}}-xml
- - php{{PHP_VERS}}-zip
- - redis-server
- - imagemagick
- state: present
- update_cache: yes
- - name: Define PHP variables in php.ini
- ansible.builtin.ini_file:
- dest: /etc/php/{{PHP_VERS}}/fpm/php.ini
- section: "{{ item.section }}"
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- with_items:
- - { section: "DEFAULT", option: "memory_limit", value: 512M }
- - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" }
- - { section: "DEFAULT", option: "max_file_uploads", value: 100 }
- - { section: "DEFAULT", option: "post_max_size", value: "512M" }
- - { section: "DEFAULT", option: "max_execution_time", value: 600 }
- - { section: "DEFAULT", option: "max_input_time", value: 600 }
- - { section: "DEFAULT", option: "default_socket_timeout", value: 600 }
- - { section: "Session", option: "session.save_handler", value: "redis" }
- - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" }
- - { section: "opcache", option: "opcache.enable", value: 1 }
- - { section: "opcache", option: "opcache.memory_consumption", value: 1024 }
- - { section: "opcache", option: "opcache.interned_strings_buffer", value: 512 }
- - name: Ensure PHP-FPM is running
- ansible.builtin.systemd:
- name: php{{PHP_VERS}}-fpm
- state: started
- enabled: yes
- - name: Ensure Redis is running
- ansible.builtin.systemd:
- name: redis-server
- state: started
- enabled: yes
\ No newline at end of file
--- /dev/null
+---
+- name: Install and configure with letsencrypt
+ hosts: all
+ become: yes
+
+ vars:
+ user: www-data
+ hostname: "{{ inventory_hostname }}"
+ log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}"
+ vars_files:
+ - var/ssl-certificate.yaml
+ tasks:
+ - name: Install nginx
+ debug:
+ msg: "hostname: {{hostname}} log_name: {{log_name}}"
\ No newline at end of file
--- /dev/null
+---
+# php.yaml:
+# Defines variables for the PHP role.
+# This file is used to set up the PHP environment and configuration.
+# needed variables: PHP_VERS
+
+php_packages:
+ - php{{PHP_VERS}}-common
+ - php{{PHP_VERS}}-curl
+ - php{{PHP_VERS}}-fpm
+ - php{{PHP_VERS}}-gd
+ - php{{PHP_VERS}}-igbinary
+ - php{{PHP_VERS}}-imagick
+ - php{{PHP_VERS}}-imap
+ - php{{PHP_VERS}}-intl
+ - php{{PHP_VERS}}-mbstring
+ - php{{PHP_VERS}}-memcached
+ - php{{PHP_VERS}}-msgpack
+ - php{{PHP_VERS}}-mysql
+ - php{{PHP_VERS}}-opcache
+ - php{{PHP_VERS}}-phpdbg
+ - php{{PHP_VERS}}-readline
+ - php{{PHP_VERS}}-redis
+ - php{{PHP_VERS}}-xdebug
+ - php{{PHP_VERS}}-xml
+ - php{{PHP_VERS}}-zip
+php_additional_packages:
+ - redis-server
+ - imagemagick
+
+php_ini_settings:
+ - { section: "DEFAULT", option: "memory_limit", value: "512M" }
+ - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" }
+ - { section: "DEFAULT", option: "max_file_uploads", value: 100 }
+ - { section: "DEFAULT", option: "post_max_size", value: "512M" }
+ - { section: "DEFAULT", option: "max_execution_time", value: 600 }
+ - { section: "DEFAULT", option: "max_input_time", value: 600 }
+ - { section: "DEFAULT", option: "default_socket_timeout", value: 600 }
+ - { section: "Session", option: "session.save_handler", value: "redis" }
+ - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" }
+ - { section: "opcache", option: "opcache.enable", value: 1 }
+ - { section: "opcache", option: "opcache.memory_consumption", value: 512 }
+ - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 }
+
--- /dev/null
+---
+# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}"
+SSL_COUNTRY: DE
+SSL_STATE: Bavaria
+SSL_LOCALITY: Kempten
+SSL_ORGANIZATION: IT
+
--- /dev/null
+<html>
+<body>
+<h1>Welcome to {{hostname}}!</h1>
+</body
+</html>
\ No newline at end of file
--- /dev/null
+<?php
+phpinfo();
\ No newline at end of file
--- /dev/null
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{hostname}} hamatoma.de;
+ include snippets/letsencrypt.conf;
+ server_name {{hostname}};
+ root /srv/www/{{hostname}};
+ location / {
+ return 301 https://{{hostname}}$request_uri; # enforce https
+ }
+ }
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name {{hostname}};
+ access_log /var/log/nginx/a_{{log_name}}.log;
+ error_log /var/log/nginx/e_{{log_name}}.log;
+
+ #ssl_certificate /etc/letsencrypt/live/latest/fullchain.pem;
+ #ssl_certificate_key /etc/letsencrypt/live/latest/privkey.pem;
+ ssl_certificate /etc/ssl/certs/{{hostname}}.pem;
+ ssl_certificate_key /etc/ssl/private/{{hostname}}.key;
+
+ # Path to the root of your installation
+ root /home/www/{{hostname}};
+ autoindex off;
+ client_max_body_size 1m; # set max upload size
+ fastcgi_buffers 64 4K;
+
+ index index.html;
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+ location / {
+ allow all;
+ }
+ # Optional: set long EXPIRES header on static assets
+ location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
+ expires 30d;
+ # Optional: Don't log access to assets
+ access_log off;
+ }
+ location ~ ^(.+?\.php)(/.*)?$ {
+ try_files $1 = 404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$1;
+ fastcgi_param PATH_INFO $2;
+ fastcgi_param HTTPS on;
+ fastcgi_pass unix:/run/php/php8.3-fpm.sock;
+ }
+}
+
\ No newline at end of file
projects / nest_ansible.git / commitdiff