From 33f27a5cf50e8228911e683d4c4136cc88c3b184 Mon Sep 17 00:00:00 2001 From: Hamatoma Date: Thu, 17 Apr 2025 06:56:52 +0200 Subject: [PATCH] Many extensions and improvements --- .vscode/settings.json | 3 + README.md | 40 +++++++- SetRights | 1 + inventory | 7 ++ playbooks.templates/i_10_basic.yaml | 63 +++++++++++++ playbooks.templates/i_15_server_packages.yaml | 15 +++ playbooks.templates/i_17_configuration.yaml | 28 ++++++ playbooks.templates/i_20_nginx.yaml | 61 ++++++++++++ playbooks.templates/i_30_mariadb.yaml | 14 +++ playbooks.templates/i_40_php8.2.yaml | 50 ++++++++++ playbooks.templates/i_50_git_server.yaml | 38 ++++++++ playbooks.templates/i_60_postfix.yaml | 90 ++++++++++++++++++ playbooks.templates/i_70_webapps.yaml | 18 ++++ playbooks.templates/i_99_test.yaml | 24 +++++ playbooks.templates/lets_create.yaml | 0 playbooks.templates/mysql_create_admin.yaml | 10 ++ .../mysql_create_db_and_user.yaml | 13 +++ playbooks.templates/nginx_create_site.yaml | 22 +++++ .../ssl_create_certificate.yaml | 14 +++ playbooks.templates/webapp_backup.yaml | 0 playbooks.templates/webapp_create.yaml | 19 ++++ playbooks.templates/webapp_export.yaml | 19 ++++ playbooks.templates/webapp_import.yaml | 21 +++++ playbooks/create_project.yaml | 92 +++++++++++++++++++ scripts.templates/AddPassword | 22 +++++ scripts.templates/CreatePlaybook | 14 +++ scripts.templates/CreateTask | 14 +++ scripts.templates/SetRights | 4 + tasks.templates/t_copy_wildcard.yaml | 13 +++ tasks.templates/t_lets_create.yaml | 13 +++ tasks.templates/t_link_wildcard.yaml | 16 ++++ tasks.templates/t_mysql_create_admin.yaml | 10 ++ .../t_mysql_create_db_and_user.yaml | 21 +++++ tasks.templates/t_nginx_create_site.yaml | 43 +++++++++ tasks.templates/t_ssl_create_certificate.yaml | 13 +++ tasks.templates/t_webapp_backup.yaml | 25 +++++ tasks.templates/t_webapp_create.yaml | 40 ++++++++ tasks.templates/t_webapp_export.yaml | 31 +++++++ tasks.templates/t_webapp_import.yaml | 30 ++++++ templates/nginx/hi1.txt | 1 + templates/nginx/hi2.txt | 1 + templates/nginx/http.conf | 9 ++ templates/nginx/index.html | 5 + templates/nginx/index.php | 2 + templates/nginx/letsencrypt.conf | 11 +++ templates/nginx/site.php | 56 +++++++++++ templates/nginx/test.site | 57 ++++++++++++ templates/postfix/virtual | 6 ++ templates/var/common.yaml | 7 ++ templates/var/db.yaml | 8 ++ templates/var/php.yaml | 44 +++++++++ templates/var/postfix.yaml | 29 ++++++ templates/var/ssl-certificate.yaml | 9 ++ templates/var/vault_db.yaml | 1 + templates/var/webapps.yaml | 6 ++ 55 files changed, 1220 insertions(+), 3 deletions(-) create mode 100644 .vscode/settings.json create mode 120000 SetRights create mode 100644 inventory create mode 100644 playbooks.templates/i_10_basic.yaml create mode 100644 playbooks.templates/i_15_server_packages.yaml create mode 100644 playbooks.templates/i_17_configuration.yaml create mode 100644 playbooks.templates/i_20_nginx.yaml create mode 100644 playbooks.templates/i_30_mariadb.yaml create mode 100644 playbooks.templates/i_40_php8.2.yaml create mode 100644 playbooks.templates/i_50_git_server.yaml create mode 100644 playbooks.templates/i_60_postfix.yaml create mode 100644 playbooks.templates/i_70_webapps.yaml create mode 100644 playbooks.templates/i_99_test.yaml create mode 100644 playbooks.templates/lets_create.yaml create mode 100644 playbooks.templates/mysql_create_admin.yaml create mode 100644 playbooks.templates/mysql_create_db_and_user.yaml create mode 100644 playbooks.templates/nginx_create_site.yaml create mode 100644 playbooks.templates/ssl_create_certificate.yaml create mode 100644 playbooks.templates/webapp_backup.yaml create mode 100644 playbooks.templates/webapp_create.yaml create mode 100644 playbooks.templates/webapp_export.yaml create mode 100644 playbooks.templates/webapp_import.yaml create mode 100644 playbooks/create_project.yaml create mode 100755 scripts.templates/AddPassword create mode 100755 scripts.templates/CreatePlaybook create mode 100755 scripts.templates/CreateTask create mode 100755 scripts.templates/SetRights create mode 100644 tasks.templates/t_copy_wildcard.yaml create mode 100644 tasks.templates/t_lets_create.yaml create mode 100644 tasks.templates/t_link_wildcard.yaml create mode 100644 tasks.templates/t_mysql_create_admin.yaml create mode 100644 tasks.templates/t_mysql_create_db_and_user.yaml create mode 100644 tasks.templates/t_nginx_create_site.yaml create mode 100644 tasks.templates/t_ssl_create_certificate.yaml create mode 100644 tasks.templates/t_webapp_backup.yaml create mode 100644 tasks.templates/t_webapp_create.yaml create mode 100644 tasks.templates/t_webapp_export.yaml create mode 100644 tasks.templates/t_webapp_import.yaml create mode 100644 templates/nginx/hi1.txt create mode 100644 templates/nginx/hi2.txt create mode 100644 templates/nginx/http.conf create mode 100644 templates/nginx/index.html create mode 100644 templates/nginx/index.php create mode 100644 templates/nginx/letsencrypt.conf create mode 100644 templates/nginx/site.php create mode 100644 templates/nginx/test.site create mode 100644 templates/postfix/virtual create mode 100644 templates/var/common.yaml create mode 100644 templates/var/db.yaml create mode 100644 templates/var/php.yaml create mode 100644 templates/var/postfix.yaml create mode 100644 templates/var/ssl-certificate.yaml create mode 100644 templates/var/vault_db.yaml create mode 100644 templates/var/webapps.yaml diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..3a9326b --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/usr/bin/python3" +} \ No newline at end of file diff --git a/README.md b/README.md index da54cbe..5a0fa64 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,37 @@ -# Project -## Description -Common files of all ansible projects. +Project ansknife + +# Description +A collection of predefined tasks, playbooks, scripts and other. + +With that project you can create a server definition project in a short time. + +# The Project Name +ansknife is the short form of Ansible swiss knive + +# Preconditions +- we support usage of NGINX, MARIADB, PHP, LetsEncrypt + +# Glossar +- webapp: A web application: a webserver application with PHP source in a directory tree, MariaDB database and Nginx configuration + +# Creation of a New Server Definition Project +The server name may be "colibri", we take the name also for the new project. +- go to the base directory, e.g. /home/workspace/ansible/ +- clone the ansknife project: /home/workspace/ansible/ansknife will be created +- start a playbook to create the project colibri: /home/workspace/ansible/colibri will be created +``` +BASE=/home/workspace/ansible +GIT_REP=ssh://myserver.com/git/repo +PROJ=colibri +cd $BASE +git clone $GIT_REP/ansknife.git +cd ansknife +ansible-playbook playbook/create_project -e project=$PROJ +cd ../$PROJ +./SetRights +``` +- edit all files in $BASE/colibri/var: configure your project by choosing valid/meaningful variable values +- edit $BASE/colibri/README.md, $BASE/colibri/CHANGELOG.md, inventory + + + diff --git a/SetRights b/SetRights new file mode 120000 index 0000000..c319c58 --- /dev/null +++ b/SetRights @@ -0,0 +1 @@ +scripts.templates/SetRights \ No newline at end of file diff --git a/inventory b/inventory new file mode 100644 index 0000000..583ace8 --- /dev/null +++ b/inventory @@ -0,0 +1,7 @@ +[hosts] +localhost +[hosts:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null +ansible_user=ansadm +ansible_become=yes \ No newline at end of file diff --git a/playbooks.templates/i_10_basic.yaml b/playbooks.templates/i_10_basic.yaml new file mode 100644 index 0000000..d806556 --- /dev/null +++ b/playbooks.templates/i_10_basic.yaml @@ -0,0 +1,63 @@ +--- + +- hosts: all + vars: + hostname: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+')}}" + tasks: + - name: Prepare /media/trg directory + file: path=/media/trg state=directory + - name: Prepare /media/tmp directory + file: path=/media/trg state=directory + - name: Prepare /media/fs.cave directory + file: path=/media/fs.cave state=directory + - name: Prepare /media/fs.sys directory + file: path=/media/fs.sys state=directory + - name: Prepare /usr/local/bin directory + file: path=/usr/local/bin state=directory + - name: Prepare /usr/local/bin/local directory + file: path=/usr/local/bin/local state=directory + - name: Prepare /usr/share/pyrshell directory + file: path=/usr/share/pyrshell state=directory + - name: Symbolic link to local directory + file: src=/usr/local/bin/local dest=/usr/local/bin/{{hostname}} state=link + - name: Unpack a tar into /usr/local/bin/local + unarchive: src=../resources/needed.tgz dest=/usr/local/bin + - name: Symbolic link to /p + file: src=/usr/local/bin/std.profile dest=/p state=link + - name: Unpack a tar into /usr/share/pyrshell + unarchive: src=../resources/rsh.tgz dest=/usr/share/pyrshell + - name: Create user bupsrv + user: name=bupsrv state=present uid=201 + - name: Create user bupsupply + user: name=bupsupply state=present uid=202 + - name: Create ssh directory for bupsupply + file: path=/home/bupsupply/.ssh state=directory group=bupsupply owner=bupsupply mode=0700 + - name: Create authorized_keys for bupsupply + file: path=/home/bupsupply/.ssh/authorized_keys state=touch group=bupsupply owner=bupsupply mode=0600 + - name: Create user bupwiki + user: name=bupwiki state=present uid=203 + - name: Create user buptmp + user: name=buptmp state=present uid=204 + - name: Create ssh directory for buptmp + file: path=/home/buptmp/.ssh state=directory group=buptmp owner=buptmp mode=0700 + - name: Create authorized_keys for buptmp + file: path=/home/buptmp/.ssh/authorized_keys state=touch group=buptmp owner=buptmp mode=0600 + - name: Create user extdata + user: name=extdata state=present uid=211 + - name: Create user extcloud + user: name=extcloud state=present uid=212 + - name: Create user extbup + user: name=extbup state=present uid=213 + - name: Create configuration directory + file: path=/etc/config state=directory mode=0700 + - name: Create webapp.d + file: path=/etc/config/webapps.d state=directory mode=0700 + - name: install standard packages + apt: + name: "{{ item }}" + state: present + update_cache: true + cache_valid_time: 3600 + with_items: [htop, rsync, sudo, curl, iotop, jnettop, ssl-cert, ca-certificates, zram-tools, nfs-kernel-server, tmux] + + \ No newline at end of file diff --git a/playbooks.templates/i_15_server_packages.yaml b/playbooks.templates/i_15_server_packages.yaml new file mode 100644 index 0000000..dfed68a --- /dev/null +++ b/playbooks.templates/i_15_server_packages.yaml @@ -0,0 +1,15 @@ +--- + +- hosts: all + vars: + hostname: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+')}}" + tasks: + - name: install server packages + apt: + name: "{{ item }}" + state: present + update_cache: true + cache_valid_time: 3600 + with_items: [certbot, git, unzip, 7zip, unrar-free] + + \ No newline at end of file diff --git a/playbooks.templates/i_17_configuration.yaml b/playbooks.templates/i_17_configuration.yaml new file mode 100644 index 0000000..f5c75d9 --- /dev/null +++ b/playbooks.templates/i_17_configuration.yaml @@ -0,0 +1,28 @@ +--- +# change some values in some configuration files +# needed facts (variables) from commandline: +# +- hosts: all + vars_files: + - ../var/common.yaml + tasks: + - name: limit the total size of journald logs + lineinfile: + dest: /etc/systemd/journald.conf + regexp: ^#?\s*SystemMaxUse= + line: SystemMaxUse={{ systemd_journal_system_max_use }} + notify: + - restart systemd-journald + + - name: limit the size of each journald log file + lineinfile: + dest: /etc/systemd/journald.conf + regexp: ^#\s*SystemMaxFileSize= + line: SystemMaxFileSize={{ systemd_journal_system_max_file_size }} + notify: + - restart systemd-journald + handlers: + - name: restart systemd-journald + ansible.builtin.systemd: + name: systemd-journald + state: restarted \ No newline at end of file diff --git a/playbooks.templates/i_20_nginx.yaml b/playbooks.templates/i_20_nginx.yaml new file mode 100644 index 0000000..188c31e --- /dev/null +++ b/playbooks.templates/i_20_nginx.yaml @@ -0,0 +1,61 @@ +--- +- name: Install and configure with letsencrypt + hosts: all + become: yes + + vars: + user: www-data + hostname: "{{ inventory_hostname }}" + log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" + vars_files: + - ../var/ssl-certificate.yaml + tasks: + - name: Install nginx + apt: + name: nginx + state: latest + update_cache: yes + - name: Prepare letsencrypt home directory + file: path=/home/www/letsencrypt/.well-known/acme-challenge state=directory + - name: Add test file1 + copy: src=../templates/nginx/hi1.txt dest=/home/www/letsencrypt/.well-known/ + - name: Add test file2 + copy: src=../templates/nginx/hi2.txt dest=/home/www/letsencrypt/.well-known/acme-challenge/hi2.txt + - name: Prepare letsencrypt + copy: + src: ../templates/nginx/letsencrypt.conf + dest: /etc/nginx/snippets + - name: add HTTP-variables + copy: + src: ../templates/nginx/http.conf + dest: /etc/nginx/snippets + - name: create a www directory + file: path=/home/www state=directory owner=root group=www-data + + - name: create the /srv/www link + file: src=/home/www dest=/srv/www state=link + - name: Ensure nginx is running + systemd: + name: nginx + state: started + enabled: yes + - name: create a test virtual hosts + template: + src: ../templates/nginx/test.site + dest: /etc/nginx/sites-available/{{hostname}} + - name: activate by link in sites-enabled + file: + src: /etc/nginx/sites-available/{{hostname}} + dest: /etc/nginx/sites-enabled/{{hostname}} + state: link + - name: create a ssh-certificate + command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/{{hostname}}.key -out /etc/ssl/certs/{{hostname}}.pem -subj "/C={{ssl_country}}/ST={{ssl_state}}/L={{ssl_locality}}/O={{ssl_organization}}/CN={{hostname}}" + args: + creates: /etc/ssl/private/{{hostname}}.key + - name: create a document root + file: dest=/srv/www/{{hostname}} state=directory owner=www-data group=www-data + - name: create a test index.html + template: src=../templates/nginx/index.html dest=/srv/www/{{hostname}}/index.html + - name: create a test index.php + copy: src=../templates/nginx/index.php dest=/srv/www/{{hostname}}/index.php + diff --git a/playbooks.templates/i_30_mariadb.yaml b/playbooks.templates/i_30_mariadb.yaml new file mode 100644 index 0000000..cc81299 --- /dev/null +++ b/playbooks.templates/i_30_mariadb.yaml @@ -0,0 +1,14 @@ +- hosts: all + tasks: + - name: Install mariadb + ansible.builtin.apt: + name: + - mariadb-server + - python3-mysqldb + state: latest + update_cache: yes + - name: Ensure mariadb is running + ansible.builtin.systemd: + name: mysqld + state: started + enabled: yes \ No newline at end of file diff --git a/playbooks.templates/i_40_php8.2.yaml b/playbooks.templates/i_40_php8.2.yaml new file mode 100644 index 0000000..0d95ebd --- /dev/null +++ b/playbooks.templates/i_40_php8.2.yaml @@ -0,0 +1,50 @@ +- hosts: all + vars: + - PHP_VERS: "8.2" + vars_files: + - ../var/php.yaml + pre_tasks: + - name: + apt: + name: gpg + state: present + update_cache: true + - name: add packages.sury.org (Debian case) + block: + - name: add gpg repo key + apt_key: + url: 'https://packages.sury.org/php/apt.gpg' + state: present + + - name: add apt repo + apt_repository: + repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release|lower }} main' + state: present + filename: php + when: ansible_distribution == 'Debian' + tasks: + - name: Install PHP {{PHP_VERS}} and common modules + ansible.builtin.apt: + name: "{{ item }}" + state: present + update_cache: true + cache_valid_time: 3600 + with_items: "{{ php_packages + php_additional_packages }}" + - name: Define PHP variables in php.ini + ansible.builtin.ini_file: + dest: /etc/php/{{PHP_VERS}}/fpm/php.ini + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + "{{ php_ini_settings }}" + - name: Ensure PHP-FPM is running + ansible.builtin.systemd: + name: php{{PHP_VERS}}-fpm + state: started + enabled: yes + - name: Ensure Redis is running + ansible.builtin.systemd: + name: redis-server + state: started + enabled: yes \ No newline at end of file diff --git a/playbooks.templates/i_50_git_server.yaml b/playbooks.templates/i_50_git_server.yaml new file mode 100644 index 0000000..3de68ef --- /dev/null +++ b/playbooks.templates/i_50_git_server.yaml @@ -0,0 +1,38 @@ +--- + +- hosts: all + vars: + git_user: git + tasks: + - name: install packages + apt: + name: git + state: present + - name: create git user + user: + name: "{{ git_user }}" + state: present + shell: /usr/bin/git-shell + home: /home/git + - name: Prepare SSH directory for git + file: + path: /home/git/.ssh + state: directory + group: "{{git_user}}" + owner: "{{git_user}}" + mode: "0700" + - name: Prepare authorized_keys + file: + path: /home/git/.ssh/authorized_keys + state: touch + group: "{{git_user}}" + owner: "{{git_user}}" + mode: "0600" + - name: Prepare repository directory + file: + path: /home/git/repo + state: directory + group: "{{git_user}}" + owner: "{{git_user}}" + + \ No newline at end of file diff --git a/playbooks.templates/i_60_postfix.yaml b/playbooks.templates/i_60_postfix.yaml new file mode 100644 index 0000000..32f997d --- /dev/null +++ b/playbooks.templates/i_60_postfix.yaml @@ -0,0 +1,90 @@ +--- +# Installs the postfix mail server +# Needed facts (variables): +# - +# Needed role installation: +# ansible-galaxy role install sys_fs.postfix +- hosts: all + vars: + postfix_domain: "{{ inventory_hostname }}" + vars_files: + - ../var/common.yaml + tasks: + - name: install the packages + ansible.builtin.package: + name: "{{ item }}" + state: present + with_items: + - postfix + - mailutils + - name: build the main.cf + copy: + src: "../resources/postfix/{{ item }}" + dest: "/etc/postfix/{{ item }}" + mode: 0640 + owner: root + group: root + with_items: + - main.cf + - master.cf + notify: + - restart postfix + - name: create alias + template: + src: "../resources/postfix/aliases" + dest: "/etc/aliases" + mode: 0640 + owner: root + group: root + notify: + - restart postfix + - name: create virtual alias + template: + src: "../resources/postfix/virtual" + dest: "/etc/postfix/virtual" + mode: 0640 + owner: root + group: root + notify: + - restart postfix + - name: create the mailname file + copy: + content: | + {{ postfix_domain }} + dest: "/etc/mailname" + mode: 0644 + owner: root + group: root + notify: + - restart postfix + - name: create a script to activate the virtual alias + copy: + content: | + #! /bin/bash + postmap virtual + dest: "/etc/postfix/Activate" + mode: 0700 + owner: root + group: root + notify: + - postalias + - name: Ensure postfix is running + ansible.builtin.systemd: + name: postfix + state: started + enabled: yes + handlers: + - name: restart postfix + ansible.builtin.service: + name: postfix + state: reloaded + - name: postalias + shell: postalias /etc/aliases + - name: postmap + shell: postalias /etc/postfix/virtual + + + + + + diff --git a/playbooks.templates/i_70_webapps.yaml b/playbooks.templates/i_70_webapps.yaml new file mode 100644 index 0000000..6b345ae --- /dev/null +++ b/playbooks.templates/i_70_webapps.yaml @@ -0,0 +1,18 @@ +- hosts: all + vars_files: + - ../var/common.yaml + - ../var/ssl-certificate.yaml + - ../var/vault_webapps.yaml + tasks: + - name: Prepare state.infeos.net + ansible.builtin.set_fact: + webapp_name: "state.infeos.net" + domain: "{{ webapp_name }}" + shortname: state_infeos + db_name: swstateinfeos + db_user: swstateinfeos + db_password: "{{ vault_state_infeos_net_db_password }}" + php_version: "8.3" + - debug: + - name: create web application for {{ webapp_name }} + include_tasks: ../tasks/t_webapp_create.yaml diff --git a/playbooks.templates/i_99_test.yaml b/playbooks.templates/i_99_test.yaml new file mode 100644 index 0000000..ec4552f --- /dev/null +++ b/playbooks.templates/i_99_test.yaml @@ -0,0 +1,24 @@ +--- +- name: Install and configure with letsencrypt + hosts: all + become: yes + + vars: + user: www-data + hostname: "{{ inventory_hostname }}" + log_name: "{{ inventory_hostname | regex_search('[0-9a-zA-Z_]+') }}" + webapp_name: myapp5.example.com + vars_files: + - ../var/webapps.yaml + tasks: + - name: Test Dateiänderung + copy: + content: | + Line 1 + Line 2 + Line 3 added + dest: /tmp/wk.yaml + - set_fact: + target_file: "/home/tmp/xxx.yyy" + - debug: + msg: "{{ '/tmp/' + (target_file | basename) }}" \ No newline at end of file diff --git a/playbooks.templates/lets_create.yaml b/playbooks.templates/lets_create.yaml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks.templates/mysql_create_admin.yaml b/playbooks.templates/mysql_create_admin.yaml new file mode 100644 index 0000000..057c9da --- /dev/null +++ b/playbooks.templates/mysql_create_admin.yaml @@ -0,0 +1,10 @@ +--- +# Creates the MySQL administrator +# needed facts (variables): None +- hosts: all + vars_files: + - ../var/vault_db.yaml + - ../var/db.yaml + tasks: + - name: Create the database adminstrator {{dba_name}} + import_tasks : ../tasks/t_mysql_create_admin.yaml diff --git a/playbooks.templates/mysql_create_db_and_user.yaml b/playbooks.templates/mysql_create_db_and_user.yaml new file mode 100644 index 0000000..f4dbd56 --- /dev/null +++ b/playbooks.templates/mysql_create_db_and_user.yaml @@ -0,0 +1,13 @@ +--- +# Creates a MySQL database and user +# needed facts (variables) from commandline (e.g. -e db_name=webapp): +# db_name: name of the database +# db_user: name of the database user +# db_password: password of the database user +- hosts: all + vars_files: + - ../var/vault_db.yaml + - ../var/db.yaml + tasks: + - name: Create the database adminstrator {{dba_name}} + import_tasks : ../tasks/t_mysql_db_and_user.yaml diff --git a/playbooks.templates/nginx_create_site.yaml b/playbooks.templates/nginx_create_site.yaml new file mode 100644 index 0000000..c293640 --- /dev/null +++ b/playbooks.templates/nginx_create_site.yaml @@ -0,0 +1,22 @@ +--- +# Creates the NGINX configuration file for a PHP site +# needed facts (variables) from commandline (e.g. -e domain=example.com -e force=true): +# domain: the site domain name +# optional facts: +# document_root: the document root of the site without path, e.g. example.com. Default: domain +# shortname: the short name of the site. Used for log file names +# php_version: the PHP version to use. Default: 8.3 +# force: if true, the site will be created even if it already exists. Default: false +- hosts: all + vars_files: + - ../var/common.yaml + - ../var/ssl-certificate.yaml + tasks: + - name: Check pre-requisites + fail: msg="The variable 'domain' must be defined and not empty." + when: domain is not defined or domain == "" + - name: create certificate for {{ domain }} + import_tasks: ../tasks/t_ssl_create_certificate.yaml + - name: Create the NGINX configuration for {{domain}} + import_tasks: ../tasks/t_nginx_create_site.yaml + diff --git a/playbooks.templates/ssl_create_certificate.yaml b/playbooks.templates/ssl_create_certificate.yaml new file mode 100644 index 0000000..d6017ab --- /dev/null +++ b/playbooks.templates/ssl_create_certificate.yaml @@ -0,0 +1,14 @@ +--- +# Creates a X509 certificate for a domain, needed for a letsencrypt certificate. +# needed facts (variables) from the commandline: (e.g. ansible-playbook -e "domain=example.com") +# - domain: the domain name for the certificate +- hosts: all + vars_files: + - ../var/common.yaml + - ../var/ssl-certificate.yaml + tasks: + - name: test pre-requisites + fail: msg="missing fact! domain. Use -e domain=..." + when: domain is not defined + - name: Creates a X509 certificate for {{domain}} + import_tasks : ../tasks/t_ssl_create_certificate.yaml diff --git a/playbooks.templates/webapp_backup.yaml b/playbooks.templates/webapp_backup.yaml new file mode 100644 index 0000000..e69de29 diff --git a/playbooks.templates/webapp_create.yaml b/playbooks.templates/webapp_create.yaml new file mode 100644 index 0000000..b37352c --- /dev/null +++ b/playbooks.templates/webapp_create.yaml @@ -0,0 +1,19 @@ +--- +# Creates a database, a database user of a web application. +# Stores the data in configuration files (remote and local) +# needed facts (variables) from the command line: (e.g. -e webapp_name=webapp): +# - webapp_name: name of the web application +# - db_name: name of the database +# - db_user: name of the databasded user +# - db_password: password of the database user +- hosts: all + vars_files: + - ../var/common.yaml + - ../var/vault_db.yaml + - ../var/db.yaml + tasks: + - name: test pre-requisites + fail: msg="missing facts! webapp_name, db_name, db_user, db_password. Use -e webapp_name=..." + when: webapp_name is not defined or db_name is not defined or db_user is not defined or db_password is not defined + - name: create the web application + import_tasks : ../tasks/t_webapp_create.yaml diff --git a/playbooks.templates/webapp_export.yaml b/playbooks.templates/webapp_export.yaml new file mode 100644 index 0000000..05a8155 --- /dev/null +++ b/playbooks.templates/webapp_export.yaml @@ -0,0 +1,19 @@ +--- +# Dumps a database of a web application. +# needed facts (variables) from the command line: +# - webapp_name: name of the web application +# - target_file: name of the file where the database will be exported to. May be *.sql or *.sql.gz +- hosts: all + vars: + fetch: false + vars_files: + - ../var/common.yaml + - ../var/vault_db.yaml + - ../var/db.yaml + - ../var/webapps.yaml + tasks: + - name: test pre-requisites + fail: msg="missing facts! webapp_name, target_file. Use -e webapp_name=..." + when: webapp_name is not defined or target_file is not defined + - name: create the web application + import_tasks : ../tasks/t_webapp_export.yaml diff --git a/playbooks.templates/webapp_import.yaml b/playbooks.templates/webapp_import.yaml new file mode 100644 index 0000000..fbfbdb6 --- /dev/null +++ b/playbooks.templates/webapp_import.yaml @@ -0,0 +1,21 @@ +--- +# Loads a database dump into the database of a web application. +# needed facts (variables) from the command line: (e.g. -e webapp_name=webapp) +# - webapp_name: name of the web application +# - target_file: name of the file where the database will be exported to. May be *.sql or *.sql.gz +# - webapps_list: the list defined in ../var/webapps.yaml +- hosts: all + vars: + backup: true + backup_file: "/tmp/{{ webapp_name }}.{{ now(fmt='%s') }}.sql.gz" + vars_files: + - ../var/common.yaml + - ../var/vault_db.yaml + - ../var/db.yaml + - ../var/webapps.yaml + tasks: + - name: test pre-requisites + fail: msg="missing facts! webapp_name, source_file. Use -e webapp_name=..." + when: webapp_name is not defined or source_file is not defined + - name: create the web application + import_tasks : ../tasks/t_webapp_import.yaml diff --git a/playbooks/create_project.yaml b/playbooks/create_project.yaml new file mode 100644 index 0000000..3ac29f8 --- /dev/null +++ b/playbooks/create_project.yaml @@ -0,0 +1,92 @@ +--- +- hosts: localhost + become: yes + tasks: + - name: Check if project variable is defined + fail: + msg: "The 'project' variable is not defined. -e project=your_project_name" + when: project is not defined + - name: Prepare base directory for {{ project }} + file: path=../../{{ project }} state=directory + - name: create sub directories for {{ project }} + file: path=../../{{ project }}/{{ item }} state=directory + with_items: [playbooks, tasks, var, scripts, templates, resources, roles] + - name: create the links into the resources directory + file: + src: "../../ansknife/resources/{{ item }}" + dest: "../resources/{{ item }}" + state: link + with_items: [needed.tgz, rsh.tgz] + - name: create the nginx link into the templates directory + file: + src: "../../ansknife/templates/nginx" + dest: "../templates/nginx" + state: link + - name: create the postfix link into the templates directory + file: + src: "../../ansknife/templates/postfix" + dest: "../templates/postfix" + state: link + - name: Prepare task facts + set_fact: + src_dir: '../templates/var' + dest_dir: "../../{{ project }}/var" + pattern: "*.yaml" + - name: Copy var.templates + import_tasks: ../tasks.templates/t_copy_wildcard.yaml + - name: Prepare facts for links in playbooks + set_fact: + src_dir: '../playbooks.templates' + src_relative: '../../ansknife/playbooks.templates' + dest_dir: "../../{{ project }}/playbooks" + pattern: "*.yaml" + - name: Create links in playbooks + import_tasks: ../tasks.templates/t_link_wildcard.yaml + - name: Prepare facts for links in tasks + set_fact: + src_dir: '../tasks.templates' + src_relative: '../../ansknife/tasks.templates' + dest_dir: "../../{{ project }}/tasks" + pattern: "*.yaml" + - name: Create links in tasks + import_tasks: ../tasks.templates/t_link_wildcard.yaml + - name: Prepare facts for links in scripts + set_fact: + src_dir: "../scripts.templates" + src_relative: '../../ansknife/scripts.templates' + dest_dir: "../../{{ project }}/scripts" + pattern: "*" + - name: Create links in scripts + import_tasks: ../tasks.templates/t_link_wildcard.yaml + - name: create a README file + copy: + dest: ../../{{ project }}/README.md + content: | + Project {{ project }} + This is the README file for the {{ project }} project. + # Description + This project defines the software of the server + - name: create a CHANGELOG file + copy: + dest: ../../{{ project }}/CHANGELOG.md + content: | + # V0.1.0 + - Initial version + - name: create a the inventory (host definition) + copy: + dest: ../../{{ project }}/inventory + content: | + [hosts] + {{ project }}.example.com + [hosts:vars] + ansible_python_interpreter=/usr/bin/python3 + ansible_ssh_common_args=-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null + ansible_user=ansadm + ansible_become=yes + - name: create a the ansible configuration file + copy: + dest: ../../{{ project }}/ansible.cfg + content: | + [defaults] + inventory = ./inventory + diff --git a/scripts.templates/AddPassword b/scripts.templates/AddPassword new file mode 100755 index 0000000..801b1a0 --- /dev/null +++ b/scripts.templates/AddPassword @@ -0,0 +1,22 @@ +#! /bin/bash + +NAME=$1 +VALUE=$2 +PW_SAFE=resources/vaults.yaml +function usage() { + echo "Usage: $0 NAME VALUE" + echo "Add a password to the keyring" + echo " NAME: The name of the password" + echo " VALUE: The value of the password" + echo "Example: $0 dba_password mysecret" + echo "+++ $*" +} +if [ -z "$VALUE" ]; then + Usage "missing VALUE" +else + if [ ! -f "$PW_SAFE" ]; then + echo "= creating a password safe: $PW_SAFE" + ansible-vault create $PW_SAFE + fi + ansible-vault encrypt_string >$PW_SAFE "$VALUE" --name "$NAME" +fi diff --git a/scripts.templates/CreatePlaybook b/scripts.templates/CreatePlaybook new file mode 100755 index 0000000..c5db41d --- /dev/null +++ b/scripts.templates/CreatePlaybook @@ -0,0 +1,14 @@ +#! /bin/bash +NAME=$1 +DIR_KNIFE=../ansknife/playbooks.templates +if [ -z "$NAME" ]; then + echo "Usage: CreatePlaybook NAME" + echo "Example: CreateTask db_create" + echo "+++ missing NAME" +else + touch $DIR_KNIFE/$NAME.yaml + cd playbooks + ln -s ../$DIR_KNIFE/$NAME.yaml . + cd .. + ls -ld $DIR_KNIFE/$NAME.yaml +fi diff --git a/scripts.templates/CreateTask b/scripts.templates/CreateTask new file mode 100755 index 0000000..e1ac429 --- /dev/null +++ b/scripts.templates/CreateTask @@ -0,0 +1,14 @@ +#! /bin/bash +NAME=$1 +DIR_KNIFE=../ansknife/tasks.templates +if [ -z "$NAME" ]; then + echo "Usage: CreateTask NAME" + echo "Example: CreateTask db_create" + echo "+++ missing NAME" +else + touch $DIR_KNIFE/$NAME.yaml + cd tasks + ln -s ../$DIR_KNIFE/$NAME.yaml . + cd .. + ls -ld $DIR_KNIFE/$NAME.yaml +fi diff --git a/scripts.templates/SetRights b/scripts.templates/SetRights new file mode 100755 index 0000000..b532e93 --- /dev/null +++ b/scripts.templates/SetRights @@ -0,0 +1,4 @@ +#! /bin/bash +chown -R ansadm:ansadm * +chmod -R g+rw * + diff --git a/tasks.templates/t_copy_wildcard.yaml b/tasks.templates/t_copy_wildcard.yaml new file mode 100644 index 0000000..0fd64c7 --- /dev/null +++ b/tasks.templates/t_copy_wildcard.yaml @@ -0,0 +1,13 @@ +--- +# Copys files specified by a wildcard pattern from the source directory to the destination directory. +# needed facts (variables): +# - src_dir: source directory +# - dest_dir: destination directory +# - pattern: wildcard pattern +- name: Copy files matching {{ pattern }} from {{ src_dir }} to {{dest_dir}} + copy: + src: "{{ item }}" + dest: "{{ dest_dir }}" + with_fileglob: + - "{{ src_dir }}/{{ pattern }}" + diff --git a/tasks.templates/t_lets_create.yaml b/tasks.templates/t_lets_create.yaml new file mode 100644 index 0000000..9aedf1a --- /dev/null +++ b/tasks.templates/t_lets_create.yaml @@ -0,0 +1,13 @@ +--- +# Creates a letsencrypt certificate for the given domain +# needed facts (variables): +# - domain: the domain to create the certificate for +# - webmaster_email: the email address to use for the certificate +- name: Check pre-requisites + fail: msg="The variable 'domain' must be defined and not empty." + when: domain is not defined or domain == "" +- name: create a letsencrypt certificate for {{ domain }} + shell: + cmd: "certbot certonly -a webroot --webroot-path=/srv/www/letsencrypt -d {{ domain }} --email {{ webmaster_email }} --agree-tos --non-interactive" + args: + creates: "/etc/letsencrypt/live/{{ domain }}" \ No newline at end of file diff --git a/tasks.templates/t_link_wildcard.yaml b/tasks.templates/t_link_wildcard.yaml new file mode 100644 index 0000000..d9e455a --- /dev/null +++ b/tasks.templates/t_link_wildcard.yaml @@ -0,0 +1,16 @@ +--- +# Copys files specified by a wildcard pattern from the source directory to the destination directory. +# needed facts (variables): +# - src_dir: source directory +# - src_relative: source directory relative link target +# - dest_dir: destination directory +# - pattern: wildcard pattern +- name: Link files matching {{ pattern }} from {{ src_dir }} to {{dest_dir}} + #command: ln -s {{ src_relative }}/{{ item | basename}} {{ dest_dir }}/{{ item | basename }} + file: + src: "{{ src_relative }}/{{ item | basename }}" + dest: "{{ dest_dir }}/{{ item | basename }}" + state: link + with_fileglob: + - "{{ src_dir }}/{{ pattern }}" + diff --git a/tasks.templates/t_mysql_create_admin.yaml b/tasks.templates/t_mysql_create_admin.yaml new file mode 100644 index 0000000..83d9cda --- /dev/null +++ b/tasks.templates/t_mysql_create_admin.yaml @@ -0,0 +1,10 @@ +# needed facts (variables): +# dba_name: name of the database user with all privileges +# dba_password: password of the database user with all privileges + +- name: Create the database adminstrator {{dba_name}} + community.mysql.mysql_user: + name: "{{ dba_name }}" + password: "{{ dba_password }}" + priv: "*.*:ALL,GRANT" + state: present diff --git a/tasks.templates/t_mysql_create_db_and_user.yaml b/tasks.templates/t_mysql_create_db_and_user.yaml new file mode 100644 index 0000000..4129e01 --- /dev/null +++ b/tasks.templates/t_mysql_create_db_and_user.yaml @@ -0,0 +1,21 @@ +# needed facts: +# db_name: name of the database +# db_user: name of the database user +# db_password: password of the database user +# webapp_name: name of the web application +# dba_name: name of the database user with all privileges +# dba_password: password of the database user with all privileges +- name: Create the database {{db_name}} + community.mysql.mysql_db: + name: "{{ db_name }}" + login_user: "{{ dba_name }}" + login_password: "{{ dba_password }}" + state: present +- name: Create the database user {{db_user}} + community.mysql.mysql_user: + name: "{{ db_user }}" + password: "{{ db_password }}" + login_user: "{{ dba_name }}" + login_password: "{{ dba_password }}" + priv: "{{ db_name }}.*:ALL,GRANT" + state: present diff --git a/tasks.templates/t_nginx_create_site.yaml b/tasks.templates/t_nginx_create_site.yaml new file mode 100644 index 0000000..47efe7d --- /dev/null +++ b/tasks.templates/t_nginx_create_site.yaml @@ -0,0 +1,43 @@ +--- +# Creates the nginx site configuration file (sites-available) +# needed facts (variables): +# domain: the site domain name +# document_root: the document root of the site without path, e.g. example.com. Default: domain +# shortname: the short name of the site. Used for log file names +# force: if true, the site will be created even if it already exists. Default: false +- name: Set default values for document_root + ansible.builtin.set_fact: + document_root: "{{ domain }}" + when: document_root is not defined +- name: Set default values for shortname + ansible.builtin.set_fact: + shortname: "{{ domain }}" + when: name is not defined +- name: Set default values for php_version + ansible.builtin.set_fact: + php_version: "8.3" + when: php_version is not defined +- name: Set default values for force + ansible.builtin.set_fact: + force: + when: force is not defined +- name: check if configuration already exists + ansible.builtin.stat: + path: /etc/nginx/sites-available/{{ domain }} + register: site_config +- name: abort if configuration already exists + ansible.builtin.fail: + msg: "The nginx site configuration file /etc/nginx/sites-available/{{ domain }} already exists. Please remove it first." + when: not force and site_config.stat.exists +- name: Create nginx site configuration of {{ domain }} + ansible.builtin.template: + src: ../templates/nginx/site.php + dest: /etc/nginx/sites-available/{{ domain }} + owner: root + group: root + mode: '0644' +- name: Create symlink to sites-enabled + ansible.builtin.file: + src: /etc/nginx/sites-available/{{ domain }} + dest: /etc/nginx/sites-enabled/{{ domain }} + state: link diff --git a/tasks.templates/t_ssl_create_certificate.yaml b/tasks.templates/t_ssl_create_certificate.yaml new file mode 100644 index 0000000..da6eaa0 --- /dev/null +++ b/tasks.templates/t_ssl_create_certificate.yaml @@ -0,0 +1,13 @@ +# Creates a X509 certificate for a domain, needed for a letsencrypt certificate. +# needed facts (variables): +# - domain: the domain name for the certificate +# - ssl_country: the country code for the certificate +# - ssl_state: the state for the certificate +# - ssl_locality: the locality for the certificate +# - ssl_organization: the organization for the certificate +# - ssl_lifetime: the lifetime of the certificate in days +# - ssl_rsa_key_size: the size of the RSA key for the certificate +- name: create a ssh-certificate + command: openssl req -x509 -nodes -days {{ssl_lifetime}} -newkey rsa:{{ssl_rsa_key_size}} -keyout /etc/ssl/private/{{domain}}.key -out /etc/ssl/certs/{{domain}}.pem -subj "/C={{ssl_country}}/ST={{ssl_state}}/L={{ssl_locality}}/O={{ssl_organization}}/CN={{domain}}" + args: + creates: /etc/ssl/private/{{domain}}.key diff --git a/tasks.templates/t_webapp_backup.yaml b/tasks.templates/t_webapp_backup.yaml new file mode 100644 index 0000000..2760339 --- /dev/null +++ b/tasks.templates/t_webapp_backup.yaml @@ -0,0 +1,25 @@ +# Create a backup of a web application: +# - Dumps a database of a web application +# - Syncronizes the directory with the web application with an local directory +# needed facts: +# webapp_name: name of the web application +# webapp_backup_directory: a local directory which will be syncronized with the web application +# webapps_list: the list defined in ../var/webapps.yaml +# fetch: true: the file will be fetched to the local machine +- set_fact: + db_name: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_name') | first }}" + db_user: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_user') | first }}" + db_password: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_password') | first }}" + document_root: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='directory') | first }}" + target_file: "{{ document_root }}/db/{{ webapp_name }}.sql.gz" +- name: Dump the database {{ db_name }} into {{ document_root }} + import_tasks: t_webapp_export.yaml +- name: Synchronize the web application {{ webapp_name }} with {{ webapp_backup_directory }} + ansible.posix.synchronize: + mode: push + src: "{{ document_root }}" + dest: "{{ webapp_backup_directory }}/{{ webapp_name }}" + rsync_opts: + - "--delete" + - "--exclude=.git" + \ No newline at end of file diff --git a/tasks.templates/t_webapp_create.yaml b/tasks.templates/t_webapp_create.yaml new file mode 100644 index 0000000..a76a6b4 --- /dev/null +++ b/tasks.templates/t_webapp_create.yaml @@ -0,0 +1,40 @@ +# Create a web application: database, db user, db password, configuration file (remote and local) +# needed facts: +# db_name: name of the database +# db_user: name of the database user +# db_password: password of the database user +# webapp_name: name of the web application +# dba_name: name of the database user with all privileges +# dba_password: password of the database user with all privileges +# remote_webapps_directory: the access data will be stored there, e.g. /etc/ansknife/webapp.d +# local_webapps_directory: the access data will be stored there, e.g. ../webapp.d +- name: 'check if the webapp is already defined' + stat: + path: "{{remote_webapps_directory}}/{{ webapp_name }}.yaml" + register: webapp +- name: 'stop if the webapp already defined' + fail: msg="webapp {{ webapp_name }} is already defined" + when: webapp.stat.exists +- name: 'stop on missing facts' + fail: msg="missing facts! webapp_name, db_name, db_user, db_password. Use -e webapp_name=..., -e db_name=..., -e db_user=..., -e db_password=..." + when: webapp_name is not defined or db_name is not defined or db_user is not defined or db_password is not defined +- name: Create the database {{db_name}} and db user {{db_user}} + import_tasks: ../tasks/t_mysql_create_db_and_user.yaml +- name: Store data in remote configuration file + copy: + content: | + db_name={{ db_name }} + db_user={{ db_user }} + db_password={{ db_password }} + directory=/srv/www/{{ webapp_name }} + exclude_dirs= + dest: "{{remote_webapps_directory}}/{{ webapp_name }}.conf" + mode: 0600 + owner: root + group: root +- name: append it to the webapps list + ansible.builtin.lineinfile: + path: ../var/webapps.yaml + line: " - webapp_name: '{{ webapp_name }}'\n db_name: '{{ db_name }}'\n db_user: '{{ db_user }}'\n db_password: '{{ db_password }}'\n directory: '/srv/www/{{ webapp_name }}'" + create: yes + delegate_to: localhost diff --git a/tasks.templates/t_webapp_export.yaml b/tasks.templates/t_webapp_export.yaml new file mode 100644 index 0000000..0f18699 --- /dev/null +++ b/tasks.templates/t_webapp_export.yaml @@ -0,0 +1,31 @@ +# Dumps a database of a web application into a file +# needed facts: +# webapp_name: name of the web application +# target_file: the file where the database will be exported to. May be *.sql or *.sql.gz +# webapps_list: the list defined in ../var/webapps.yaml +# fetch: true: the file will be fetched to the local machine +- set_fact: + db_name: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_name') | first }}" + db_user: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_user') | first }}" + db_password: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_password') | first }}" + compressed: "{{ target_file is regex('\\.sql\\.') }}" + remote_file: "{{ target_file }}" +- set_fact: + remote_file: "{{ '/tmp/' + (target_file | basename) }}" + when: fetch | bool +- name: Dump the database {{db_name}} to {{ target_file }} + community.mysql.mysql_db: + state: dump + name: "{{ db_name }}" + login_user: "{{ db_user }}" + login_password: "{{ db_password }}" + target: "{{ remote_file }}" + single_transaction: true + pipefail: "{{ compressed }}" +- name: Fetch the database dump {{ target_file }} to local machine + fetch: + src: "{{ remote_file }}" + dest: "{{ target_file }}" + flat: true + when: fetch | bool + diff --git a/tasks.templates/t_webapp_import.yaml b/tasks.templates/t_webapp_import.yaml new file mode 100644 index 0000000..d3affff --- /dev/null +++ b/tasks.templates/t_webapp_import.yaml @@ -0,0 +1,30 @@ +# Imports a database dump into the database of a web application +# needed facts: +# webapp_name: name of the web application +# source_file: the database dump file. May be *.sql or *.sql.gz +# backup: if true, the database will be dumped before importing +# backup_file: the name of the backup file +# webapps_list: the list defined in ../var/webapps.yaml +- set_fact: + db_name: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_name') | first }}" + db_user: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_user') | first }}" + db_password: "{{ webapps_list | selectattr('webapp_name', 'equalto', webapp_name) | map(attribute='db_password') | first }}" + compressed: "{{ source_file is regex('\\.sql\\.$') }}" +- name: Backup the current database {{db_name}} to {{ backup_file }} + community.mysql.mysql_db: + state: dump + name: "{{ db_name }}" + login_user: "{{ db_user }}" + login_password: "{{ db_password }}" + target: "{{ backup_file }}" + single_transaction: true + pipefail: "{{ compressed }}" + when: backup | bool +- name: Import {{ source_file }} into {{db_name}} + community.mysql.mysql_db: + state: import + name: "{{ db_name }}" + login_user: "{{ db_user }}" + login_password: "{{ db_password }}" + target: "{{ source_file }}" + diff --git a/templates/nginx/hi1.txt b/templates/nginx/hi1.txt new file mode 100644 index 0000000..877acc4 --- /dev/null +++ b/templates/nginx/hi1.txt @@ -0,0 +1 @@ +Hi 1! diff --git a/templates/nginx/hi2.txt b/templates/nginx/hi2.txt new file mode 100644 index 0000000..e42aa2a --- /dev/null +++ b/templates/nginx/hi2.txt @@ -0,0 +1 @@ +Hi 2! diff --git a/templates/nginx/http.conf b/templates/nginx/http.conf new file mode 100644 index 0000000..0eed601 --- /dev/null +++ b/templates/nginx/http.conf @@ -0,0 +1,9 @@ +client_max_body_size 512M; +## Detect when HTTPS is used +map $scheme $fastcgi_https { + default off; + https on; +} +fastcgi_read_timeout 3600s; +fastcgi_request_buffering off; +error_log /var/log/nginx/error.log; diff --git a/templates/nginx/index.html b/templates/nginx/index.html new file mode 100644 index 0000000..0e0cbca --- /dev/null +++ b/templates/nginx/index.html @@ -0,0 +1,5 @@ + + +

Welcome to {{hostname}}!

+ \ No newline at end of file diff --git a/templates/nginx/index.php b/templates/nginx/index.php new file mode 100644 index 0000000..bfd863b --- /dev/null +++ b/templates/nginx/index.php @@ -0,0 +1,2 @@ + resources/.vaults +# Creation of the encrypted vault file: +# ansible-vault encrypt_string --vault-password-file resources/.vault --name 'vault_dba_password' --stdin-name 'vault_dba_password' | tee var/vault_db.yaml +# Find the password file: ANSIBLE_VAULT_PASSWORD_FILE=resources/.vault +dba_name: dba +dba_password: "{{ vault_dba_password }}" \ No newline at end of file diff --git a/templates/var/php.yaml b/templates/var/php.yaml new file mode 100644 index 0000000..5bc552c --- /dev/null +++ b/templates/var/php.yaml @@ -0,0 +1,44 @@ +--- +# php.yaml: +# Defines variables for the PHP role. +# This file is used to set up the PHP environment and configuration. +# needed variables: PHP_VERS + +php_packages: + - php{{PHP_VERS}}-common + - php{{PHP_VERS}}-curl + - php{{PHP_VERS}}-fpm + - php{{PHP_VERS}}-gd + - php{{PHP_VERS}}-igbinary + - php{{PHP_VERS}}-imagick + - php{{PHP_VERS}}-imap + - php{{PHP_VERS}}-intl + - php{{PHP_VERS}}-mbstring + - php{{PHP_VERS}}-memcached + - php{{PHP_VERS}}-msgpack + - php{{PHP_VERS}}-mysql + - php{{PHP_VERS}}-opcache + - php{{PHP_VERS}}-phpdbg + - php{{PHP_VERS}}-readline + - php{{PHP_VERS}}-redis + - php{{PHP_VERS}}-xdebug + - php{{PHP_VERS}}-xml + - php{{PHP_VERS}}-zip +php_additional_packages: + - redis-server + - imagemagick + +php_ini_settings: + - { section: "DEFAULT", option: "memory_limit", value: "512M" } + - { section: "DEFAULT", option: "upload_max_filesize", value: "512M" } + - { section: "DEFAULT", option: "max_file_uploads", value: 100 } + - { section: "DEFAULT", option: "post_max_size", value: "512M" } + - { section: "DEFAULT", option: "max_execution_time", value: 600 } + - { section: "DEFAULT", option: "max_input_time", value: 600 } + - { section: "DEFAULT", option: "default_socket_timeout", value: 600 } + - { section: "Session", option: "session.save_handler", value: "redis" } + - { section: "Session", option: "session.save_path", value: "tcp://127.0.0.1:6379" } + - { section: "opcache", option: "opcache.enable", value: 1 } + - { section: "opcache", option: "opcache.memory_consumption", value: 512 } + - { section: "opcache", option: "opcache.interned_strings_buffer", value: 256 } + diff --git a/templates/var/postfix.yaml b/templates/var/postfix.yaml new file mode 100644 index 0000000..a06f19c --- /dev/null +++ b/templates/var/postfix.yaml @@ -0,0 +1,29 @@ +# postfix.yaml: +# Defines variables for the postfix configuration. +# Needed facts (variables): +# - postfix_domain: The full qualified name of the postfix server. +postfix_configuration: + - alias_database: "hash:/etc/aliases" + - alias_maps: "hash:/etc/aliases" + - append_dot_mydomain: no + - biff: no + - compatibility_level: 2 + - inet_interfaces: all + - inet_protocols: all + - mailbox_size_limit: 0 + - mydestination: $myhostname, {{ postfix_domain }}, ,localhost + - myhostname: "{{ postfix_domain }}" + - mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 + - myorigin: /etc/mailname + - readme_directory: no + - recipient_delimiter: + + - relayhost: "" + - smtpd_banner: $myhostname ESMTP $mail_name (Debian/GNU) + - smtpd_relay_restrictions: permit_mynetworks permit_sasl_authenticated defer_unauth_destination + - smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem + - smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key + - smtpd_tls_security_level: may + - smtp_tls_CApath: /etc/ssl/certs + - smtp_tls_security_level: may + - smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache +postfix_recipient_email: jonny@example.com diff --git a/templates/var/ssl-certificate.yaml b/templates/var/ssl-certificate.yaml new file mode 100644 index 0000000..cdef775 --- /dev/null +++ b/templates/var/ssl-certificate.yaml @@ -0,0 +1,9 @@ +--- +# "/C=DE/ST=NRW/L=Bochum/O=IT/CN={{hostname}}" +ssl_country: DE +ssl_state: Bavaria +ssl_locality: Kempten +ssl_organization: 'Gemeinwohl-Gesellschaft e.V.' +ssl_lifetime: 365 +ssl_rsa_key_size: 2048 + diff --git a/templates/var/vault_db.yaml b/templates/var/vault_db.yaml new file mode 100644 index 0000000..5241a79 --- /dev/null +++ b/templates/var/vault_db.yaml @@ -0,0 +1 @@ +vault_dba_password: TopSecret \ No newline at end of file diff --git a/templates/var/webapps.yaml b/templates/var/webapps.yaml new file mode 100644 index 0000000..4825c48 --- /dev/null +++ b/templates/var/webapps.yaml @@ -0,0 +1,6 @@ +webapps_list: + - dummy + db_name: dbdummy5 + db_user: dummy5 + db_password: NeverKnown5 + directory: /srv/www/myapp5.example.com -- 2.39.5