rename web

1/play.yml

@@ -1,7 +0,0 @@
- - hosts: localhost
-   become: true
-   roles: 
-    - nginx
-    - php
-    - mysql
-    - webapps

1/roles/nginx/files/sites-enabled/default_server.conf

@@ -1,17 +0,0 @@
-server {
-    listen 80 default_server;
-    listen 443 ssl default_server; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
-    access_log /var/log/nginx/ip_access.log verbose_llz;
-
-    root /var/www/default_server;
-    index index.html;
-    server_name _;
-    location / {
-        try_files $uri $uri/ =404;
-    }
-}

1/roles/nginx/files/sites-enabled/pma.conf

@@ -1,33 +0,0 @@
-server {
-    listen 80;
-    listen 443 ssl http2;
-
-    server_name pma.{{domain}};
-    ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
-
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-
-    root /var/www/pma;
-    
-    location ^~ / {
-        index index.php;
-        location ^~ /wiki/maintenance/ {
-            return 403;
-        }
-        location ~ .*.php$ {
-            include /etc/nginx/fastcgi.conf;
-            fastcgi_pass unix:/run/php/php-fpm.sock;
-            fastcgi_index index.php;
-        }
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
-            expires max;
-            log_not_found off;
-        }
-    }
-}

1/roles/nginx/files/sites-enabled/wiki.conf

@@ -1,38 +0,0 @@
-server {
-    listen 80;
-    listen 443 ssl http2;
-
-    server_name wiki.{{domain}};
-    ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
-
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-    add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-
-    root /var/www;
-
-    location / {
-        return 302 /wiki;
-    }
-
-    location ^~ /wiki {
-        index index.php;
-        location ^~ /wiki/maintenance/ {
-            return 403;
-        }
-        location ~ .*.php$ {
-            include /etc/nginx/fastcgi.conf;
-            fastcgi_pass unix:/run/php/php-fpm.sock;
-            fastcgi_index index.php;
-        }
-        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
-        #    try_files $uri /index.php;
-            expires max;
-            log_not_found off;
-        }
-    }
-}

1/roles/nginx/vars/main.yml

@@ -1,3 +0,0 @@
----
-domain: zz777.ru
-root: /var/www

1/roles/php/tasks/main.yml

@@ -1,5 +0,0 @@
----
-- name: Install php-fpm package and deps
-  apt:
-    name: ['php-fpm', 'php-imagick', 'php-memcached', 'php-zip', 'php-mysql', 'php-gd', 'php-mbstring']
-    state: present

README.md

@@ -1,5 +1,11 @@
 Мой Pet project 
 
+# base packages
+
+Устанавливает ПО для работы в консоли и копирует конфиги. Пакеты: mc, htop, vim
+
+# web 
+
 ПО:
  - [x] nginx
  - [x] php-fpm
@@ -12,12 +18,12 @@ Web:
  - [x] Тестовая (about) страница на домене xz777.ru
  - [x] default_server ведет на тестовую страницу
  
-Для mediawiki и nextcloud свои php-fpm pool'ы
+ - [x] Для mediawiki и nextcloud свои php-fpm pool'ы
 
  - [ ] Установить nextcloud
- - [ ] Установить mediawiki
+ - [x] Установить mediawiki
- - [ ] Установить phpmyadmin
+ - [x] Установить phpmyadmin
- - [ ] Разместить файлы about (root) сайта
+ - [x] Разместить файлы about (root) сайта
 
 Дополнительно 
  - [ ] Почтовый сервер на отправку писем локально

base_pkgs/playbook.yml

@@ -0,0 +1,5 @@
+ - hosts: containers
+   become: true
+   roles:
+      - packages
+      - configs

base_pkgs/roles/configs/files/htoprc

@@ -0,0 +1,26 @@
+# Beware! This file is rewritten by htop when settings are changed in the interface.
+# The parser is also very primitive, and not human-friendly.
+fields=0 48 17 18 38 39 40 2 46 47 49 1
+sort_key=46
+sort_direction=1
+hide_threads=1
+hide_kernel_threads=1
+hide_userland_threads=1
+shadow_other_users=0
+show_thread_names=0
+show_program_path=1
+highlight_base_name=0
+highlight_megabytes=1
+highlight_threads=1
+tree_view=1
+header_margin=1
+detailed_cpu_time=0
+cpu_count_from_zero=0
+update_process_names=0
+account_guest_in_cpu_meter=0
+color_scheme=0
+delay=15
+left_meters=AllCPUs Memory Swap
+left_meter_modes=1 1 1
+right_meters=Tasks LoadAverage Uptime
+right_meter_modes=2 2 2

base_pkgs/roles/configs/files/mcrc

@@ -0,0 +1,143 @@
+[Midnight-Commander]
+verbose=true
+shell_patterns=true
+auto_save_setup=true
+preallocate_space=false
+auto_menu=false
+use_internal_view=true
+use_internal_edit=false
+clear_before_exec=true
+confirm_delete=true
+confirm_overwrite=true
+confirm_execute=false
+confirm_history_cleanup=true
+confirm_exit=false
+confirm_directory_hotlist_delete=false
+confirm_view_dir=false
+safe_delete=false
+safe_overwrite=false
+use_8th_bit_as_meta=false
+mouse_move_pages_viewer=true
+mouse_close_dialog=false
+fast_refresh=false
+drop_menus=false
+wrap_mode=true
+old_esc_mode=true
+cd_symlinks=true
+show_all_if_ambiguous=false
+use_file_to_guess_type=true
+alternate_plus_minus=false
+only_leading_plus_minus=true
+show_output_starts_shell=false
+xtree_mode=false
+file_op_compute_totals=true
+classic_progressbar=true
+use_netrc=true
+ftpfs_always_use_proxy=false
+ftpfs_use_passive_connections=true
+ftpfs_use_passive_connections_over_proxy=false
+ftpfs_use_unix_list_options=true
+ftpfs_first_cd_then_ls=true
+ignore_ftp_chattr_errors=true
+editor_fill_tabs_with_spaces=false
+editor_return_does_auto_indent=false
+editor_backspace_through_tabs=false
+editor_fake_half_tabs=true
+editor_option_save_position=true
+editor_option_auto_para_formatting=false
+editor_option_typewriter_wrap=false
+editor_edit_confirm_save=true
+editor_syntax_highlighting=true
+editor_persistent_selections=true
+editor_drop_selection_on_copy=true
+editor_cursor_beyond_eol=false
+editor_cursor_after_inserted_block=false
+editor_visible_tabs=true
+editor_visible_spaces=true
+editor_line_state=false
+editor_simple_statusbar=false
+editor_check_new_line=false
+editor_show_right_margin=false
+editor_group_undo=true
+editor_state_full_filename=true
+editor_ask_filename_before_edit=false
+nice_rotating_dash=true
+mcview_remember_file_position=false
+auto_fill_mkdir_name=true
+copymove_persistent_attr=true
+pause_after_run=1
+mouse_repeat_rate=100
+double_click_speed=250
+old_esc_mode_timeout=1000000
+max_dirt_limit=10
+num_history_items_recorded=60
+vfs_timeout=60
+ftpfs_directory_timeout=900
+ftpfs_retry_seconds=30
+fish_directory_timeout=900
+editor_tab_spacing=8
+editor_word_wrap_line_length=72
+editor_option_save_mode=0
+editor_backup_extension=~
+editor_filesize_threshold=64M
+editor_stop_format_chars=-+*\\,.;:&>
+mcview_eof=
+skin=modarcon16root-defbg-thin
+
+[Layout]
+output_lines=0
+left_panel_size=118
+top_panel_size=0
+message_visible=true
+keybar_visible=true
+xterm_title=true
+command_prompt=true
+menubar_visible=true
+free_space=true
+horizontal_split=false
+vertical_equal=true
+horizontal_equal=true
+
+[Misc]
+timeformat_recent=%b %e %H:%M
+timeformat_old=%b %e  %Y
+ftp_proxy_host=gate
+ftpfs_password=anonymous@
+display_codepage=UTF-8
+source_codepage=Other_8_bit
+autodetect_codeset=
+spell_language=en
+clipboard_store=
+clipboard_paste=
+
+[Colors]
+base_color=
+xterm-256color=
+color_terminals=
+
+[Panels]
+show_mini_info=true
+kilobyte_si=false
+mix_all_files=false
+show_backups=true
+show_dot_files=true
+fast_reload=false
+fast_reload_msg_shown=false
+mark_moves_down=true
+reverse_files_only=true
+auto_save_setup_panels=false
+navigate_with_arrows=false
+panel_scroll_pages=true
+panel_scroll_center=false
+mouse_move_pages=true
+filetype_mode=true
+permission_mode=false
+torben_fj_mode=false
+quick_search_mode=2
+select_flags=6
+
+[Panelize]
+Find *.orig after patching=find . -name \\*.orig -print
+Find SUID and SGID programs=find . \\( \\( -perm -04000 -a -perm /011 \\) -o \\( -perm -02000 -a -perm /01 \\) \\) -print
+Find rejects after patching=find . -name \\*.rej -print
+Modified git files=git ls-files --modified

base_pkgs/roles/configs/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+ - name: Put htop config
+   template:
+     src: files/htoprc
+     dest: /etc/htoprc
+ - name: Put mc config
+   template:
+     src: files/mcrc
+     dest: /etc/mc/mc.ini

base_pkgs/roles/packages/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+ - name: Install mc
+   apt:
+     name: mc
+     state: present
+ - name: Install htop
+   apt:
+     name: htop
+     state: present
+ - name: Install vim
+   apt:
+     name: vim
+     state: present

web/play.yml

@@ -0,0 +1,11 @@
+- hosts: localhost
+  become: true
+  vars:
+    domain: zz777.ru
+    ssl: false
+  roles: 
+   - nginx
+   - php
+   - mysql
+   - webapps
+  

web/roles/nginx/files/sites-enabled/cloud.conf

@@ -1,19 +1,19 @@
 server {
     listen 80;
-    listen 443 ssl http2;
+    # listen 443 ssl http2;
     server_name cloud.{{domain}};
     index index.php;
-    ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
+    # ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
+    # ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
 
-    add_header X-Content-Type-Options nosniff;
+    # add_header X-Content-Type-Options nosniff;
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-    add_header X-XSS-Protection "1; mode=block";
+    # add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
+    # add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
+    # add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
+    # add_header X-Permitted-Cross-Domain-Policies none;
-    add_header Referrer-Policy no-referrer;
+    # add_header Referrer-Policy no-referrer;
-    add_header X-Frame-Options SAMEORIGIN;
+    # add_header X-Frame-Options SAMEORIGIN;
     access_log /var/log/nginx/access.nextcloud.log main;
 
     root /var/www/nextcloud/;
@@ -61,7 +61,7 @@ server {
         fastcgi_param front_controller_active true;
         fastcgi_send_timeout 1200;
         fastcgi_read_timeout 1200;
-        fastcgi_pass unix:/run/php/php-fpm.sock;
+        fastcgi_pass unix:/run/php/php-cloud.sock;
         fastcgi_intercept_errors on;
         fastcgi_request_buffering off;
     }

web/roles/nginx/files/sites-enabled/default_server.conf

@@ -0,0 +1,17 @@
+server {
+    listen 80 default_server;
+    # listen 443 ssl default_server; # managed by Certbot
+    # ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
+    # ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
+    # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    access_log /var/log/nginx/ip_access.log verbose_llz;
+
+    root /var/www/default_server;
+    index index.html;
+    server_name _;
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

web/roles/nginx/files/sites-enabled/pma.conf

@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    # listen 443 ssl http2;
+
+    server_name pma.{{domain}};
+    # ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
+    # ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
+
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    # add_header X-Content-Type-Options nosniff;
+    # add_header X-XSS-Protection "1; mode=block";
+    # add_header X-Robots-Tag none;
+    # add_header X-Download-Options noopen;
+    # add_header X-Permitted-Cross-Domain-Policies none;
+
+    root /var/www/pma;
+    
+    location ^~ / {
+        index index.php;
+        location ^~ /wiki/maintenance/ {
+            return 403;
+        }
+        location ~ .*.php$ {
+            include /etc/nginx/fastcgi.conf;
+            fastcgi_pass unix:/run/php/php-other.sock;
+            fastcgi_index index.php;
+        }
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+            expires max;
+            log_not_found off;
+        }
+    }
+}

web/roles/nginx/files/sites-enabled/root.conf

@@ -1,12 +1,12 @@
 server {
     listen 80;
-    listen 443 ssl http2;
+    # listen 443 ssl http2;
     server_name {{domain}};
-    ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
+    # ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
+    # ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
-    add_header X-Content-Type-Options nosniff;
+    # add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
+    # add_header X-XSS-Protection "1; mode=block";
 
     root /var/www/root;
     index index.html index.php;
@@ -33,7 +33,7 @@ server {
     location ^~ /.well-known/acme-challenge { }
     location ~ .*.php$ {
         include /etc/nginx/fastcgi.conf;
-        fastcgi_pass  unix:/run/php/php7.4-fpm.sock;
+        fastcgi_pass  unix:/run/php/php-other.sock;
         fastcgi_index index.php;
     }
     location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {

web/roles/nginx/files/sites-enabled/wiki.conf

@@ -0,0 +1,38 @@
+server {
+    listen 80;
+    # listen 443 ssl http2;
+
+    server_name wiki.{{domain}};
+    # ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
+    # ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
+
+    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+    # add_header X-Content-Type-Options nosniff;
+    # add_header X-XSS-Protection "1; mode=block";
+    # add_header X-Robots-Tag none;
+    # add_header X-Download-Options noopen;
+    # add_header X-Permitted-Cross-Domain-Policies none;
+
+    root /var/www;
+
+    location / {
+        return 302 /wiki;
+    }
+
+    location ^~ /wiki {
+        index index.php;
+        location ^~ /wiki/maintenance/ {
+            return 403;
+        }
+        location ~ .*.php$ {
+            include /etc/nginx/fastcgi.conf;
+            fastcgi_pass unix:/run/php/php-wiki.sock;
+            fastcgi_index index.php;
+        }
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+        #    try_files $uri /index.php;
+            expires max;
+            log_not_found off;
+        }
+    }
+}

web/roles/nginx/tasks/certbot.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Install certbot package
+  apt:
+    name: ['certbot', 'python3-certbot-nginx']
+    state: present
+
+- name: Get certs using certbot
+  shell: certbot run --test-cert --register-unsafely-without-email --agree-tos -n -d {{item}}{{domain}} --nginx
+  loop: 
+    - cloud.
+    - wiki.
+    - pma.
+    - 
+
+- name: restart nginx 
+  service:
+    name: nginx
+    state: restarted

web/roles/nginx/tasks/configure.yml

@@ -1,13 +1,4 @@
 ---
-- name: Install nginx package
-  apt:
-    name: nginx
-    state: present
-
-- name: Install certbot package
-  apt:
-    name: ['certbot', 'python3-certbot-nginx']
-    state: present
 
 - name: install nginx config
   template: 
@@ -35,15 +26,7 @@
     owner: www-data
   loop: ['pma','cloud','wiki','default','root']
 
-- name: stop nginx 
+- name: reload nginx
   service: 
     name: nginx
-    state: stopped
+    state: reloaded
-
-- name: Get certs using certbot
-  shell: echo "cock"
-
-- name: start nginx 
-  service:
-    name: nginx
-    state: started

web/roles/nginx/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Install nginx package
+  apt:
+    name: nginx
+    state: present
+
+- name: configure nginx
+  include_tasks: configure.yml
+
+- name: install ssl
+  include_tasks: certbot.yml
+  when: ssl

web/roles/nginx/vars/main.yml

@@ -0,0 +1,3 @@
+---
+# domain: zz777.ru
+root: /var/www

web/roles/php/files/pool.d/www.conf

@@ -0,0 +1,11 @@
+[{{item}}]
+user = www-data
+group = www-data
+listen = /run/php/php-{{item}}.sock
+listen.owner = www-data
+listen.group = www-data
+
+pm = static
+pm.max_children = 4
+php_admin_value[error_log] = /var/log/fpm-err.log
+;php_value[max_execution_time] = 600

web/roles/php/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+- name: Install php-fpm package and deps
+  apt:
+    name: ['php-fpm', 'php-imagick', 'php-memcached', 'php-zip', 'php-mysql', 'php-gd', 'php-mbstring', 'php-xml']
+    state: present
+
+- name: Configure php-fpm pools
+  template:
+    src: files/pool.d/www.conf
+    dest: /etc/php/7.4/fpm/pool.d/{{ item }}.conf
+  loop: 
+    - cloud
+    - wiki
+    - other
+
+- name: restart php-fpm
+  service: 
+    name: php7.4-fpm.service
+    state: restarted

web/roles/php/vars/main.yml

@@ -0,0 +1 @@
+---

web/roles/webapps/files/root/index.html

@@ -0,0 +1,14 @@
+<html>
+<head>
+<title>
+Hello
+</title>
+</head>
+<body>
+<center>
+    <h1>
+        test page
+    </h1>
+</center>
+</body>
+</html>

web/roles/webapps/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: install unzip
+  apt:
+    name: unzip
+    state: latest
+
+- name: install PMA
+  include_tasks: pma.yml
+  
+- name: install Mediawiki
+  include_tasks: wiki.yml  
+
+- name: install root
+  include_tasks: root.yml

web/roles/webapps/tasks/pma.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Download and unpack phpmyadmin
+  ansible.builtin.unarchive:
+    src: https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.zip
+    dest: /var/www/pma
+    remote_src: yes
+    owner: www-data
+
+- name: move pma to pma dir
+  copy: 
+    src: /var/www/pma/phpMyAdmin-5.1.0-all-languages/ 
+    dest: /var/www/pma/
+    remote_src: True
+
+- name: chown pma dir
+  file:
+    path: /var/www/pma
+    owner: www-data
+    group: www-data
+    recurse: yes

web/roles/webapps/tasks/root.yml

@@ -0,0 +1,5 @@
+---
+- name: copy html file
+  copy: 
+    src: files/index.html
+    dest: /var/www/root/

web/roles/webapps/tasks/wiki.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Download & unpack Mediawiki
+  ansible.builtin.unarchive:
+    src: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.zip
+    dest: /var/www/wiki
+    remote_src: yes
+    owner: www-data
+
+- name: rename mediawiki dir
+  copy: 
+    src: /var/www/wiki/mediawiki-1.35.1/
+    dest: /var/www/wiki/
+    remote_src: True
+
+- name: chown wiki dir
+  file:
+    path: /var/www/wiki
+    owner: www-data
+    group: www-data
+    recurse: yes