From 4299ca3ae727a1f30e382300d14d0634f5826779 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.uk>
Date: Fri, 7 Feb 2020 07:42:30 +0000
Subject: [PATCH] Add Ansible playbook for provisioning

---
 ansible.cfg                            |  2 +
 tools/ansible/hosts.yml                |  4 ++
 tools/ansible/provision.yml            | 21 +++++++++
 tools/ansible/requirements.yml         | 15 +++++++
 tools/ansible/vars/provision_vars.yml  | 60 ++++++++++++++++++++++++++
 tools/ansible/vars/provision_vault.yml |  8 ++++
 tools/ansible/vars/vars.yml            |  4 ++
 7 files changed, 114 insertions(+)
 create mode 100644 ansible.cfg
 create mode 100644 tools/ansible/hosts.yml
 create mode 100644 tools/ansible/provision.yml
 create mode 100644 tools/ansible/requirements.yml
 create mode 100644 tools/ansible/vars/provision_vars.yml
 create mode 100644 tools/ansible/vars/provision_vault.yml
 create mode 100644 tools/ansible/vars/vars.yml

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..53451da
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+inventory = tools/ansible/hosts.yml
diff --git a/tools/ansible/hosts.yml b/tools/ansible/hosts.yml
new file mode 100644
index 0000000..35e20e6
--- /dev/null
+++ b/tools/ansible/hosts.yml
@@ -0,0 +1,4 @@
+all:
+  hosts:
+    178.62.51.101:
+      ansible_ssh_user: root
diff --git a/tools/ansible/provision.yml b/tools/ansible/provision.yml
new file mode 100644
index 0000000..92e5283
--- /dev/null
+++ b/tools/ansible/provision.yml
@@ -0,0 +1,21 @@
+---
+- hosts: all
+
+  vars_files:
+    - vars/vars.yml
+    - vars/provision_vars.yml
+
+  roles:
+    - name: geerlingguy.firewall
+    - name: geerlingguy.security
+    - name: geerlingguy.mysql
+    - name: geerlingguy.nginx
+    - name: geerlingguy.php-versions
+    - name: geerlingguy.php
+    - name: geerlingguy.composer
+
+  tasks:
+    - name: Install packages
+      package:
+        name: [curl, zip]
+        state: present
diff --git a/tools/ansible/requirements.yml b/tools/ansible/requirements.yml
new file mode 100644
index 0000000..bffd45c
--- /dev/null
+++ b/tools/ansible/requirements.yml
@@ -0,0 +1,15 @@
+---
+- name: geerlingguy.composer
+  version: 1.7.3
+- name: geerlingguy.firewall
+  version: 2.4.3
+- name: geerlingguy.mysql
+  version: 2.9.4
+- name: geerlingguy.nginx
+  version: 2.7.0
+- name: geerlingguy.php
+  version: 3.7.0
+- name: geerlingguy.php-versions
+  version: 4.0.2
+- name: geerlingguy.security
+  version: 1.9.0
diff --git a/tools/ansible/vars/provision_vars.yml b/tools/ansible/vars/provision_vars.yml
new file mode 100644
index 0000000..8b42af2
--- /dev/null
+++ b/tools/ansible/vars/provision_vars.yml
@@ -0,0 +1,60 @@
+---
+security_ssh_permit_root_login: 'yes'
+
+php_default_version_debian: '{{ php_version }}'
+php_enable_php_fpm: true
+php_version: 7.4
+php_webserver_daemon: nginx
+php_packages:
+    - 'php{{ php_version }}-cli'
+    - 'php{{ php_version }}-common'
+    - 'php{{ php_version }}-fpm'
+    - 'php{{ php_version }}-gd'
+    - 'php{{ php_version }}-mbstring'
+    - 'php{{ php_version }}-mysql'
+    - 'php{{ php_version }}-pdo'
+    - 'php{{ php_version }}-xml'
+
+app_mysql_user: '{{ vault_app_mysql_user }}'
+app_mysql_password: '{{ vault_app_mysql_password }}'
+
+mysql_packages:
+  - mariadb-client
+  - mariadb-server
+  - python-mysqldb
+
+mysql_databases:
+  - name: oliverdavies_uk
+
+nginx_remove_default_vhost: true
+nginx_server_tokens: 'off'
+nginx_vhosts:
+  - listen: 80
+    server_name: d8.oliverdavies.uk
+    root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
+    index: index.php
+    extra_parameters: |
+      location / {
+        try_files $uri /index.php?$query_string;
+      }
+
+      location @rewrite {
+        rewrite ^/(.*)$ /index.php?q=$1;
+      }
+
+      # Don't allow direct access to PHP files in the vendor directory.
+      location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+      }
+
+      location ~ '\.php$|^/update.php' {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_intercept_errors on;
+        fastcgi_pass localhost:9000;
+      }
diff --git a/tools/ansible/vars/provision_vault.yml b/tools/ansible/vars/provision_vault.yml
new file mode 100644
index 0000000..04a10fe
--- /dev/null
+++ b/tools/ansible/vars/provision_vault.yml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+37323435316139613034653439366634303930666535356238643362336536373834323330333436
+3134306366616438356639643133616635643534333533380a633062313561316636333039636563
+38363362626333383232336362386361373131376537356239323063343966393833396537356634
+3733326435336263390a303461623761386330653836646231613231613438626330363030393435
+62323038326163343464363465373937336363363534623963643235623963626161666165656336
+32613564383833626639353430383833646438323633326665646437366364393163373564613437
+333564613838633963663231666133623332
diff --git a/tools/ansible/vars/vars.yml b/tools/ansible/vars/vars.yml
new file mode 100644
index 0000000..b900d33
--- /dev/null
+++ b/tools/ansible/vars/vars.yml
@@ -0,0 +1,4 @@
+---
+ansistrano_current_dir: current
+project_root_path: /app
+project_web_dir: web