Compare commits
17 Commits
cb73a2e76f
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| ceba4626c8 | |||
| 7c78252bfe | |||
|
bdde411f9e | ||
|
|
3881cfc63c | ||
|
|
ce01a4f2ea | ||
|
|
79fae0dba8 | ||
|
|
5a72109f5b | ||
|
|
de79bd84c1 | ||
|
|
e731e8a865 | ||
|
|
dd939856e3 | ||
|
|
e86592a768 | ||
|
|
9eaf3ecda9 | ||
|
|
70b01d503e | ||
|
|
8dda3242c2 | ||
|
|
3e7d207e2d | ||
|
|
b34327bd2c | ||
|
|
ca222e999d |
@@ -1,7 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: true
|
||||
roles:
|
||||
- nginx
|
||||
- php
|
||||
- mysql
|
||||
- webapps
|
||||
@@ -1,17 +0,0 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen 443 ssl default_server; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
access_log /var/log/nginx/ip_access.log verbose_llz;
|
||||
|
||||
root /var/www/default_server;
|
||||
index index.html;
|
||||
server_name _;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
|
||||
server_name pma.{{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www/pma;
|
||||
|
||||
location ^~ / {
|
||||
index index.php;
|
||||
location ^~ /wiki/maintenance/ {
|
||||
return 403;
|
||||
}
|
||||
location ~ .*.php$ {
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
|
||||
server_name wiki.{{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www;
|
||||
|
||||
location / {
|
||||
return 302 /wiki;
|
||||
}
|
||||
|
||||
location ^~ /wiki {
|
||||
index index.php;
|
||||
location ^~ /wiki/maintenance/ {
|
||||
return 403;
|
||||
}
|
||||
location ~ .*.php$ {
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
# try_files $uri /index.php;
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,3 +0,0 @@
|
||||
---
|
||||
domain: zz777.ru
|
||||
root: /var/www
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
- name: Install php-fpm package and deps
|
||||
apt:
|
||||
name: ['php-fpm', 'php-imagick', 'php-memcached', 'php-zip', 'php-mysql', 'php-gd', 'php-mbstring']
|
||||
state: present
|
||||
16
README.md
16
README.md
@@ -1,5 +1,11 @@
|
||||
Мой Pet project
|
||||
|
||||
# base packages
|
||||
|
||||
Устанавливает ПО для работы в консоли и копирует конфиги. Пакеты: mc, htop, vim
|
||||
|
||||
# web
|
||||
|
||||
ПО:
|
||||
- [x] nginx
|
||||
- [x] php-fpm
|
||||
@@ -12,14 +18,14 @@ Web:
|
||||
- [x] Тестовая (about) страница на домене xz777.ru
|
||||
- [x] default_server ведет на тестовую страницу
|
||||
|
||||
Для mediawiki и nextcloud свои php-fpm pool'ы
|
||||
- [x] Для mediawiki и nextcloud свои php-fpm pool'ы
|
||||
|
||||
- [ ] Установить nextcloud
|
||||
- [ ] Установить mediawiki
|
||||
- [ ] Установить phpmyadmin
|
||||
- [ ] Разместить файлы about (root) сайта
|
||||
- [x] Установить mediawiki
|
||||
- [x] Установить phpmyadmin
|
||||
- [x] Разместить файлы about (root) сайта
|
||||
|
||||
Дополнительно
|
||||
- [ ] Почтовый сервер на отправку писем локально
|
||||
- [ ] Почтовый сервер для получения писем (Postfix) и их хранения (Dovecot).
|
||||
Будет использоваться LMTP для авторизации и доставки писем в Dovecot
|
||||
Будет использоваться LMTP для авторизации и доставки писем в Dovecot
|
||||
|
||||
5
base_pkgs/playbook.yml
Normal file
5
base_pkgs/playbook.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
- hosts: containers
|
||||
become: true
|
||||
roles:
|
||||
- packages
|
||||
- configs
|
||||
26
base_pkgs/roles/configs/files/htoprc
Normal file
26
base_pkgs/roles/configs/files/htoprc
Normal file
@@ -0,0 +1,26 @@
|
||||
# Beware! This file is rewritten by htop when settings are changed in the interface.
|
||||
# The parser is also very primitive, and not human-friendly.
|
||||
fields=0 48 17 18 38 39 40 2 46 47 49 1
|
||||
sort_key=46
|
||||
sort_direction=1
|
||||
hide_threads=1
|
||||
hide_kernel_threads=1
|
||||
hide_userland_threads=1
|
||||
shadow_other_users=0
|
||||
show_thread_names=0
|
||||
show_program_path=1
|
||||
highlight_base_name=0
|
||||
highlight_megabytes=1
|
||||
highlight_threads=1
|
||||
tree_view=1
|
||||
header_margin=1
|
||||
detailed_cpu_time=0
|
||||
cpu_count_from_zero=0
|
||||
update_process_names=0
|
||||
account_guest_in_cpu_meter=0
|
||||
color_scheme=0
|
||||
delay=15
|
||||
left_meters=AllCPUs Memory Swap
|
||||
left_meter_modes=1 1 1
|
||||
right_meters=Tasks LoadAverage Uptime
|
||||
right_meter_modes=2 2 2
|
||||
143
base_pkgs/roles/configs/files/mcrc
Normal file
143
base_pkgs/roles/configs/files/mcrc
Normal file
@@ -0,0 +1,143 @@
|
||||
[Midnight-Commander]
|
||||
verbose=true
|
||||
shell_patterns=true
|
||||
auto_save_setup=true
|
||||
preallocate_space=false
|
||||
auto_menu=false
|
||||
use_internal_view=true
|
||||
use_internal_edit=false
|
||||
clear_before_exec=true
|
||||
confirm_delete=true
|
||||
confirm_overwrite=true
|
||||
confirm_execute=false
|
||||
confirm_history_cleanup=true
|
||||
confirm_exit=false
|
||||
confirm_directory_hotlist_delete=false
|
||||
confirm_view_dir=false
|
||||
safe_delete=false
|
||||
safe_overwrite=false
|
||||
use_8th_bit_as_meta=false
|
||||
mouse_move_pages_viewer=true
|
||||
mouse_close_dialog=false
|
||||
fast_refresh=false
|
||||
drop_menus=false
|
||||
wrap_mode=true
|
||||
old_esc_mode=true
|
||||
cd_symlinks=true
|
||||
show_all_if_ambiguous=false
|
||||
use_file_to_guess_type=true
|
||||
alternate_plus_minus=false
|
||||
only_leading_plus_minus=true
|
||||
show_output_starts_shell=false
|
||||
xtree_mode=false
|
||||
file_op_compute_totals=true
|
||||
classic_progressbar=true
|
||||
use_netrc=true
|
||||
ftpfs_always_use_proxy=false
|
||||
ftpfs_use_passive_connections=true
|
||||
ftpfs_use_passive_connections_over_proxy=false
|
||||
ftpfs_use_unix_list_options=true
|
||||
ftpfs_first_cd_then_ls=true
|
||||
ignore_ftp_chattr_errors=true
|
||||
editor_fill_tabs_with_spaces=false
|
||||
editor_return_does_auto_indent=false
|
||||
editor_backspace_through_tabs=false
|
||||
editor_fake_half_tabs=true
|
||||
editor_option_save_position=true
|
||||
editor_option_auto_para_formatting=false
|
||||
editor_option_typewriter_wrap=false
|
||||
editor_edit_confirm_save=true
|
||||
editor_syntax_highlighting=true
|
||||
editor_persistent_selections=true
|
||||
editor_drop_selection_on_copy=true
|
||||
editor_cursor_beyond_eol=false
|
||||
editor_cursor_after_inserted_block=false
|
||||
editor_visible_tabs=true
|
||||
editor_visible_spaces=true
|
||||
editor_line_state=false
|
||||
editor_simple_statusbar=false
|
||||
editor_check_new_line=false
|
||||
editor_show_right_margin=false
|
||||
editor_group_undo=true
|
||||
editor_state_full_filename=true
|
||||
editor_ask_filename_before_edit=false
|
||||
nice_rotating_dash=true
|
||||
mcview_remember_file_position=false
|
||||
auto_fill_mkdir_name=true
|
||||
copymove_persistent_attr=true
|
||||
pause_after_run=1
|
||||
mouse_repeat_rate=100
|
||||
double_click_speed=250
|
||||
old_esc_mode_timeout=1000000
|
||||
max_dirt_limit=10
|
||||
num_history_items_recorded=60
|
||||
vfs_timeout=60
|
||||
ftpfs_directory_timeout=900
|
||||
ftpfs_retry_seconds=30
|
||||
fish_directory_timeout=900
|
||||
editor_tab_spacing=8
|
||||
editor_word_wrap_line_length=72
|
||||
editor_option_save_mode=0
|
||||
editor_backup_extension=~
|
||||
editor_filesize_threshold=64M
|
||||
editor_stop_format_chars=-+*\\,.;:&>
|
||||
mcview_eof=
|
||||
skin=modarcon16root-defbg-thin
|
||||
|
||||
[Layout]
|
||||
output_lines=0
|
||||
left_panel_size=118
|
||||
top_panel_size=0
|
||||
message_visible=true
|
||||
keybar_visible=true
|
||||
xterm_title=true
|
||||
command_prompt=true
|
||||
menubar_visible=true
|
||||
free_space=true
|
||||
horizontal_split=false
|
||||
vertical_equal=true
|
||||
horizontal_equal=true
|
||||
|
||||
[Misc]
|
||||
timeformat_recent=%b %e %H:%M
|
||||
timeformat_old=%b %e %Y
|
||||
ftp_proxy_host=gate
|
||||
ftpfs_password=anonymous@
|
||||
display_codepage=UTF-8
|
||||
source_codepage=Other_8_bit
|
||||
autodetect_codeset=
|
||||
spell_language=en
|
||||
clipboard_store=
|
||||
clipboard_paste=
|
||||
|
||||
[Colors]
|
||||
base_color=
|
||||
xterm-256color=
|
||||
color_terminals=
|
||||
|
||||
[Panels]
|
||||
show_mini_info=true
|
||||
kilobyte_si=false
|
||||
mix_all_files=false
|
||||
show_backups=true
|
||||
show_dot_files=true
|
||||
fast_reload=false
|
||||
fast_reload_msg_shown=false
|
||||
mark_moves_down=true
|
||||
reverse_files_only=true
|
||||
auto_save_setup_panels=false
|
||||
navigate_with_arrows=false
|
||||
panel_scroll_pages=true
|
||||
panel_scroll_center=false
|
||||
mouse_move_pages=true
|
||||
filetype_mode=true
|
||||
permission_mode=false
|
||||
torben_fj_mode=false
|
||||
quick_search_mode=2
|
||||
select_flags=6
|
||||
|
||||
[Panelize]
|
||||
Find *.orig after patching=find . -name \\*.orig -print
|
||||
Find SUID and SGID programs=find . \\( \\( -perm -04000 -a -perm /011 \\) -o \\( -perm -02000 -a -perm /01 \\) \\) -print
|
||||
Find rejects after patching=find . -name \\*.rej -print
|
||||
Modified git files=git ls-files --modified
|
||||
10
base_pkgs/roles/configs/tasks/main.yml
Normal file
10
base_pkgs/roles/configs/tasks/main.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
|
||||
- name: Put htop config
|
||||
template:
|
||||
src: files/htoprc
|
||||
dest: /etc/htoprc
|
||||
- name: Put mc config
|
||||
template:
|
||||
src: files/mcrc
|
||||
dest: /etc/mc/mc.ini
|
||||
13
base_pkgs/roles/packages/tasks/main.yml
Normal file
13
base_pkgs/roles/packages/tasks/main.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Install mc
|
||||
apt:
|
||||
name: mc
|
||||
state: present
|
||||
- name: Install htop
|
||||
apt:
|
||||
name: htop
|
||||
state: present
|
||||
- name: Install vim
|
||||
apt:
|
||||
name: vim
|
||||
state: present
|
||||
11
web/play.yml
Normal file
11
web/play.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
- hosts: localhost
|
||||
become: true
|
||||
vars:
|
||||
domain: zz777.ru
|
||||
ssl: false
|
||||
roles:
|
||||
- nginx
|
||||
- php
|
||||
- mysql
|
||||
- webapps
|
||||
|
||||
@@ -1,19 +1,19 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
server_name cloud.{{domain}};
|
||||
index index.php;
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# add_header Referrer-Policy no-referrer;
|
||||
# add_header X-Frame-Options SAMEORIGIN;
|
||||
access_log /var/log/nginx/access.nextcloud.log main;
|
||||
|
||||
root /var/www/nextcloud/;
|
||||
@@ -61,7 +61,7 @@ server {
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_send_timeout 1200;
|
||||
fastcgi_read_timeout 1200;
|
||||
fastcgi_pass unix:/run/php/php-fpm.sock;
|
||||
fastcgi_pass unix:/run/php/php-cloud.sock;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
}
|
||||
17
web/roles/nginx/files/sites-enabled/default_server.conf
Executable file
17
web/roles/nginx/files/sites-enabled/default_server.conf
Executable file
@@ -0,0 +1,17 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
# listen 443 ssl default_server; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
|
||||
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
access_log /var/log/nginx/ip_access.log verbose_llz;
|
||||
|
||||
root /var/www/default_server;
|
||||
index index.html;
|
||||
server_name _;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
33
web/roles/nginx/files/sites-enabled/pma.conf
Normal file
33
web/roles/nginx/files/sites-enabled/pma.conf
Normal file
@@ -0,0 +1,33 @@
|
||||
server {
|
||||
listen 80;
|
||||
# listen 443 ssl http2;
|
||||
|
||||
server_name pma.{{domain}};
|
||||
# ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www/pma;
|
||||
|
||||
location ^~ / {
|
||||
index index.php;
|
||||
location ^~ /wiki/maintenance/ {
|
||||
return 403;
|
||||
}
|
||||
location ~ .*.php$ {
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php-other.sock;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,12 +1,12 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
server_name {{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
# ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
root /var/www/root;
|
||||
index index.html index.php;
|
||||
@@ -33,7 +33,7 @@ server {
|
||||
location ^~ /.well-known/acme-challenge { }
|
||||
location ~ .*.php$ {
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
|
||||
fastcgi_pass unix:/run/php/php-other.sock;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
38
web/roles/nginx/files/sites-enabled/wiki.conf
Normal file
38
web/roles/nginx/files/sites-enabled/wiki.conf
Normal file
@@ -0,0 +1,38 @@
|
||||
server {
|
||||
listen 80;
|
||||
# listen 443 ssl http2;
|
||||
|
||||
server_name wiki.{{domain}};
|
||||
# ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www;
|
||||
|
||||
location / {
|
||||
return 302 /wiki;
|
||||
}
|
||||
|
||||
location ^~ /wiki {
|
||||
index index.php;
|
||||
location ^~ /wiki/maintenance/ {
|
||||
return 403;
|
||||
}
|
||||
location ~ .*.php$ {
|
||||
include /etc/nginx/fastcgi.conf;
|
||||
fastcgi_pass unix:/run/php/php-wiki.sock;
|
||||
fastcgi_index index.php;
|
||||
}
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
# try_files $uri /index.php;
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
}
|
||||
19
web/roles/nginx/tasks/certbot.yml
Normal file
19
web/roles/nginx/tasks/certbot.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
|
||||
- name: Install certbot package
|
||||
apt:
|
||||
name: ['certbot', 'python3-certbot-nginx']
|
||||
state: present
|
||||
|
||||
- name: Get certs using certbot
|
||||
shell: certbot run --test-cert --register-unsafely-without-email --agree-tos -n -d {{item}}{{domain}} --nginx
|
||||
loop:
|
||||
- cloud.
|
||||
- wiki.
|
||||
- pma.
|
||||
-
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
@@ -1,13 +1,4 @@
|
||||
---
|
||||
- name: Install nginx package
|
||||
apt:
|
||||
name: nginx
|
||||
state: present
|
||||
|
||||
- name: Install certbot package
|
||||
apt:
|
||||
name: ['certbot', 'python3-certbot-nginx']
|
||||
state: present
|
||||
|
||||
- name: install nginx config
|
||||
template:
|
||||
@@ -35,15 +26,7 @@
|
||||
owner: www-data
|
||||
loop: ['pma','cloud','wiki','default','root']
|
||||
|
||||
- name: stop nginx
|
||||
service:
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: stopped
|
||||
|
||||
- name: Get certs using certbot
|
||||
shell: echo "cock"
|
||||
|
||||
- name: start nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
state: reloaded
|
||||
12
web/roles/nginx/tasks/main.yml
Normal file
12
web/roles/nginx/tasks/main.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Install nginx package
|
||||
apt:
|
||||
name: nginx
|
||||
state: present
|
||||
|
||||
- name: configure nginx
|
||||
include_tasks: configure.yml
|
||||
|
||||
- name: install ssl
|
||||
include_tasks: certbot.yml
|
||||
when: ssl
|
||||
3
web/roles/nginx/vars/main.yml
Normal file
3
web/roles/nginx/vars/main.yml
Normal file
@@ -0,0 +1,3 @@
|
||||
---
|
||||
# domain: zz777.ru
|
||||
root: /var/www
|
||||
11
web/roles/php/files/pool.d/www.conf
Normal file
11
web/roles/php/files/pool.d/www.conf
Normal file
@@ -0,0 +1,11 @@
|
||||
[{{item}}]
|
||||
user = www-data
|
||||
group = www-data
|
||||
listen = /run/php/php-{{item}}.sock
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
|
||||
pm = static
|
||||
pm.max_children = 4
|
||||
php_admin_value[error_log] = /var/log/fpm-err.log
|
||||
;php_value[max_execution_time] = 600
|
||||
19
web/roles/php/tasks/main.yml
Normal file
19
web/roles/php/tasks/main.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
- name: Install php-fpm package and deps
|
||||
apt:
|
||||
name: ['php-fpm', 'php-imagick', 'php-memcached', 'php-zip', 'php-mysql', 'php-gd', 'php-mbstring', 'php-xml']
|
||||
state: present
|
||||
|
||||
- name: Configure php-fpm pools
|
||||
template:
|
||||
src: files/pool.d/www.conf
|
||||
dest: /etc/php/7.4/fpm/pool.d/{{ item }}.conf
|
||||
loop:
|
||||
- cloud
|
||||
- wiki
|
||||
- other
|
||||
|
||||
- name: restart php-fpm
|
||||
service:
|
||||
name: php7.4-fpm.service
|
||||
state: restarted
|
||||
1
web/roles/php/vars/main.yml
Normal file
1
web/roles/php/vars/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
---
|
||||
14
web/roles/webapps/files/root/index.html
Normal file
14
web/roles/webapps/files/root/index.html
Normal file
@@ -0,0 +1,14 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>
|
||||
Hello
|
||||
</title>
|
||||
</head>
|
||||
<body>
|
||||
<center>
|
||||
<h1>
|
||||
test page
|
||||
</h1>
|
||||
</center>
|
||||
</body>
|
||||
</html>
|
||||
14
web/roles/webapps/tasks/main.yml
Normal file
14
web/roles/webapps/tasks/main.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: install unzip
|
||||
apt:
|
||||
name: unzip
|
||||
state: latest
|
||||
|
||||
- name: install PMA
|
||||
include_tasks: pma.yml
|
||||
|
||||
- name: install Mediawiki
|
||||
include_tasks: wiki.yml
|
||||
|
||||
- name: install root
|
||||
include_tasks: root.yml
|
||||
21
web/roles/webapps/tasks/pma.yml
Normal file
21
web/roles/webapps/tasks/pma.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
|
||||
- name: Download and unpack phpmyadmin
|
||||
ansible.builtin.unarchive:
|
||||
src: https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.zip
|
||||
dest: /var/www/pma
|
||||
remote_src: yes
|
||||
owner: www-data
|
||||
|
||||
- name: move pma to pma dir
|
||||
copy:
|
||||
src: /var/www/pma/phpMyAdmin-5.1.0-all-languages/
|
||||
dest: /var/www/pma/
|
||||
remote_src: True
|
||||
|
||||
- name: chown pma dir
|
||||
file:
|
||||
path: /var/www/pma
|
||||
owner: www-data
|
||||
group: www-data
|
||||
recurse: yes
|
||||
5
web/roles/webapps/tasks/root.yml
Normal file
5
web/roles/webapps/tasks/root.yml
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: copy html file
|
||||
copy:
|
||||
src: files/index.html
|
||||
dest: /var/www/root/
|
||||
21
web/roles/webapps/tasks/wiki.yml
Normal file
21
web/roles/webapps/tasks/wiki.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
---
|
||||
|
||||
- name: Download & unpack Mediawiki
|
||||
ansible.builtin.unarchive:
|
||||
src: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.zip
|
||||
dest: /var/www/wiki
|
||||
remote_src: yes
|
||||
owner: www-data
|
||||
|
||||
- name: rename mediawiki dir
|
||||
copy:
|
||||
src: /var/www/wiki/mediawiki-1.35.1/
|
||||
dest: /var/www/wiki/
|
||||
remote_src: True
|
||||
|
||||
- name: chown wiki dir
|
||||
file:
|
||||
path: /var/www/wiki
|
||||
owner: www-data
|
||||
group: www-data
|
||||
recurse: yes
|
||||
Reference in New Issue
Block a user