opdavies/oliverdavies.uk-drupal-old
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add Ansible playbook for provisioning

Browse source
This commit is contained in:
Oliver Davies 2020-02-07 07:42:30 +00:00
parent af382725a5
commit 4299ca3ae7
7 changed files with 114 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible.cfg Normal file
View file

@ -0,0 +1,2 @@
[defaults]
inventory = tools/ansible/hosts.yml

4
tools/ansible/hosts.yml Normal file
View file

@ -0,0 +1,4 @@
all:
hosts:
178.62.51.101:
ansible_ssh_user: root

21
tools/ansible/provision.yml Normal file
View file

@ -0,0 +1,21 @@
---
- hosts: all
vars_files:
- vars/vars.yml
- vars/provision_vars.yml
roles:
- name: geerlingguy.firewall
- name: geerlingguy.security
- name: geerlingguy.mysql
- name: geerlingguy.nginx
- name: geerlingguy.php-versions
- name: geerlingguy.php
- name: geerlingguy.composer
tasks:
- name: Install packages
package:
name: [curl, zip]
state: present

15
tools/ansible/requirements.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: geerlingguy.composer
version: 1.7.3
- name: geerlingguy.firewall
version: 2.4.3
- name: geerlingguy.mysql
version: 2.9.4
- name: geerlingguy.nginx
version: 2.7.0
- name: geerlingguy.php
version: 3.7.0
- name: geerlingguy.php-versions
version: 4.0.2
- name: geerlingguy.security
version: 1.9.0

60
tools/ansible/vars/provision_vars.yml Normal file
View file

@ -0,0 +1,60 @@
---
security_ssh_permit_root_login: 'yes'
php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
- 'php{{ php_version }}-cli'
- 'php{{ php_version }}-common'
- 'php{{ php_version }}-fpm'
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-mysql'
- 'php{{ php_version }}-pdo'
- 'php{{ php_version }}-xml'
app_mysql_user: '{{ vault_app_mysql_user }}'
app_mysql_password: '{{ vault_app_mysql_password }}'
mysql_packages:
- mariadb-client
- mariadb-server
- python-mysqldb
mysql_databases:
- name: oliverdavies_uk
nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
- listen: 80
server_name: d8.oliverdavies.uk
root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
index: index.php
extra_parameters: |
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass localhost:9000;
}

8
tools/ansible/vars/provision_vault.yml Normal file
View file

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
37323435316139613034653439366634303930666535356238643362336536373834323330333436
3134306366616438356639643133616635643534333533380a633062313561316636333039636563
38363362626333383232336362386361373131376537356239323063343966393833396537356634
3733326435336263390a303461623761386330653836646231613231613438626330363030393435
62323038326163343464363465373937336363363534623963643235623963626161666165656336
32613564383833626639353430383833646438323633326665646437366364393163373564613437
333564613838633963663231666133623332

4
tools/ansible/vars/vars.yml Normal file
View file

@ -0,0 +1,4 @@
---
ansistrano_current_dir: current
project_root_path: /app
project_web_dir: web