Remove Ansible playbooks and roles

2021-02-10 21:23:24 +00:00 · 2021-02-10 21:23:24 +00:00 · f219d81d38
parent b9b09b5719
commit f219d81d38
17 changed files with 0 additions and 510 deletions
--- a/tools/ansible/ansible.cfg
+++ b/tools/ansible/ansible.cfg
@ -1,10 +0,0 @@
-[defaults]
-bin_ansible_callbacks = True
-inventory = hosts.yml
-nocows = True
-roles_path = .roles
-stdout_callback = yaml
-verbosity = 1
-
-[ssh_connection]
-pipelining = True
--- a/tools/ansible/deploy.yml
+++ b/tools/ansible/deploy.yml
@ -1,12 +0,0 @@
---
- hosts: web
-
-  vars_files:
-    - vars/vars.yml
-    - vars/provision_vault.yml
-    - vars/provision_vars.yml
-    - vars/deploy_vault.yml
-    - vars/deploy_vars.yml
-
-  roles:
-    - name: ansistrano.deploy
--- a/tools/ansible/deploy/after-update-code.yml
+++ b/tools/ansible/deploy/after-update-code.yml
@ -1,38 +0,0 @@
---
- name: Install Composer dependencies
-  composer:
-    command: install
-    optimize_autoloader: true
-    working_dir: '{{ ansistrano_release_path.stdout }}'
-
- name: Generate settings.php file
-  include_role:
-    name: opdavies.drupal_settings_files
-
- name: Fix file permissions
-  include_role:
-    name: drupal-permissions
-
- name: Clear Drush cache
-  command: >
-    {{ release_drush_path }}
-    cache-clear drush
-    chdir={{ release_web_path }}
-  changed_when: false
-
- name: Run database updates
-  command: >
-    {{ release_drush_path }}
-    updatedb -y
-    chdir={{ release_web_path }}
-  register: update_database_result
-  changed_when: "'No pending updates' not in update_database_result.stderr"
-
- name: Import configuration
-  command: >
-    {{ release_drush_path }} config-import -y
-    chdir={{ release_web_path }}
-  register: config_import_result
-  changed_when: "'There are no changes to import' not in config_import_result.stderr"
-
- include: ../includes/build-theme-assets.yml
--- a/tools/ansible/deploy/before-symlink.yml
+++ b/tools/ansible/deploy/before-symlink.yml
@ -1,6 +0,0 @@
---
- name: Rebuild Drupal cache
-  command: >
-    {{ release_drush_path }} cache-rebuild
-    chdir={{ release_web_path }}
-  changed_when: false
--- a/tools/ansible/hosts.yml
+++ b/tools/ansible/hosts.yml
@ -1,16 +0,0 @@
-all:
-  children:
-    db:
-      hosts:
-        178.79.147.197:
-      vars:
-        ansible_python_interpreter: /usr/bin/python3
-        ansible_port: 2849
-        ansible_user: root
-    web:
-      hosts:
-        178.79.147.197:
-      vars:
-        ansible_python_interpreter: /usr/bin/python3
-        ansible_port: 2849
-        ansible_user: root
--- a/tools/ansible/includes/build-theme-assets.yml
+++ b/tools/ansible/includes/build-theme-assets.yml
@ -1,26 +0,0 @@
---
- name: Export body values to include in theme purging
-  command: >
-    {{ release_drush_path }} opdavies:export-body-values-for-theme-purging
-    chdir={{ release_theme_path }}
-    creates={{ release_theme_path }}/body-field-values.txt
-
- name: Install theme dependencies
-  command: >
-    npm ci
-    chdir={{ release_theme_path }}
-    creates={{ release_theme_path }}/node_modules
-
- name: Generate front-end assets
-  command: >
-    npm run production
-    chdir={{ release_theme_path }}
-    creates={{ release_theme_path }}/dist
-
- name: Remove files that are no longer needed
-  file:
-    path: "{{ release_theme_path }}/{{ item }}"
-    state: absent
-  with_items:
-    - body-field-values.txt
-    - node_modules
--- a/tools/ansible/main.yml
+++ b/tools/ansible/main.yml
@ -1,3 +0,0 @@
---
- import_playbook: provision.yml
- import_playbook: deploy.yml
--- a/tools/ansible/provision.yml
+++ b/tools/ansible/provision.yml
@ -1,80 +0,0 @@
---
- hosts: db
-  become: true
-
-  vars_files:
-    - vars/vars.yml
-    - vars/provision_vault.yml
-    - vars/provision_vars.yml
-
-  vars:
-    firewall_additional_rules:
-      - "iptables -A INPUT -p tcp --dport 3306 -s 10.131.0.2 -j ACCEPT"
-    firewall_allowed_tcp_ports: [2849]
-    mysql_bind_address: '10.131.0.3'
-    mysql_users:
-      - name: "{{ app_mysql_user }}"
-        password: "{{ app_mysql_password }}"
-        host: '10.131.0.2'
-        priv: "oliverdavies_uk.*:ALL"
-    mysql_databases:
-      - name: oliverdavies_uk
-
-  pre_tasks:
-    - name: Update apt cache
-      apt:
-        update_cache: true
-        cache_valid_time: 3600
-
-  roles:
-    - name: geerlingguy.firewall
-    - name: geerlingguy.security
-    - name: geerlingguy.mysql
-
- hosts: web 
-
-  vars_files:
-    - vars/vars.yml
-    - vars/provision_vault.yml
-    - vars/provision_vars.yml
-
-  vars:
-    composer_version_branch: '--1'
-    firewall_allowed_tcp_ports: [80, 443, 2849]
-    mysql_packages:
-      - mariadb-client
-    mysql_users: []
-  
-  roles:
-    - name: geerlingguy.firewall
-    - name: geerlingguy.security
-    - name: geerlingguy.certbot
-    - name: geerlingguy.nginx
-    - name: geerlingguy.mysql
-    - name: geerlingguy.php-versions
-    - name: geerlingguy.php
-    - name: geerlingguy.php-mysql
-    - name: geerlingguy.composer
-    - name: geerlingguy.nodejs
-
-  pre_tasks:
-    - name: Update apt cache
-      apt:
-        update_cache: true
-        cache_valid_time: 3600
-
-  tasks:
-    - name: Install packages
-      package:
-        name: [curl, zip]
-        state: present
-
-    - name: Add cron jobs
-      cron:
-        name: Drupal cron - oliverdavies.uk
-        minute: '*/5'
-        job: >
-          {{ project_root_path }}/{{ ansistrano_current_dir }}/bin/drush core-cron
-          --root={{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}
-          --uri https://www.oliverdavies.uk
-          --quiet
--- a/tools/ansible/requirements.yml
+++ b/tools/ansible/requirements.yml
@ -1,27 +0,0 @@
---
- name: ansistrano.deploy
-  version: 3.4.0
- name: ansistrano.rollback
-  version: 3.0.0
- name: geerlingguy.certbot
-  version: 3.0.3
- name: geerlingguy.composer
-  version: 1.9.0
- name: geerlingguy.firewall
-  version: 2.5.0
- name: geerlingguy.mysql
-  version: 3.3.0
- name: geerlingguy.nginx
-  version: 2.7.0
- name: geerlingguy.nodejs
-  version: 5.1.1
- name: geerlingguy.php
-  version: 3.7.0
- name: geerlingguy.php-mysql
-  version: 2.1.0
- name: geerlingguy.php-versions
-  version: 4.0.2
- name: geerlingguy.security
-  version: 2.0.1
- name: opdavies.drupal_settings_files
-  version: 0.1.0
--- a/tools/ansible/roles/drupal-permissions/tasks/main.yml
+++ b/tools/ansible/roles/drupal-permissions/tasks/main.yml
@ -1,29 +0,0 @@
---
- name: Set the permissions for each Drupal root directory.
-  file:
-    group: www-data
-    mode: ug=rX,o=
-    owner: "{{ drupal_permissions.user }}"
-    path: "{{ item.root }}"
-    recurse: true
-    state: directory
-  with_items: "{{ drupal_permissions.sites }}"
-
- name: Set permissions for the defined settings files.
-  file:
-    mode: a-X
-    path: "{{ item.0.root }}/{{ item.1 }}"
-    state: file
-  with_subelements:
-    - "{{ drupal_permissions.sites }}"
-    - settings_files
-
- name: Set permissions for the defined files directories.
-  file:
-    mode: ug=rwX,o=
-    path: "{{ item.0.root }}/{{ item.1 }}"
-    recurse: true
-    state: directory
-  with_subelements:
-    - "{{ drupal_permissions.sites }}"
-    - files_directories
--- a/tools/ansible/vars/deploy_vars.yml
+++ b/tools/ansible/vars/deploy_vars.yml
@ -1,68 +0,0 @@
---
-ansistrano_allow_anonymous_stats: false
-ansistrano_deploy_via: git
-ansistrano_deploy_to: '{{ project_root_path }}'
-ansistrano_git_repo: git@github.com:opdavies/oliverdavies-uk.git
-ansistrano_git_branch: production
-ansistrano_keep_releases: 5
-ansistrano_shared_paths:
-  - '{{ project_web_dir }}/sites/default/files'
-
-# Hooks
-ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml'
-# ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
-
-app_hash_salt: '{{ vault_app_hash_salt }}'
-
-integromat_webhook_url: '{{ vault_integromat_webhook_url }}'
-post_tweet_webhook_url: '{{ vault_post_tweet_webhook_url }}'
-
-release_drush_path: '{{ ansistrano_release_path.stdout }}/bin/drush'
-release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}'
-release_theme_path: '{{ release_web_path }}/themes/custom/opdavies'
-
-drupal_permissions:
-  sites:
-    - root: "{{ release_web_path }}"
-      files_directories:
-        - sites/default/files
-      settings_files:
-        - sites/default/settings.php
-        - sites/default/settings.local.php
-  user: root
-
-drupal_settings:
-  - drupal_root: '{{ release_web_path }}'
-    sites:
-      - name: default
-        filename: settings.local.php
-        settings:
-          hash_salt: '{{ app_hash_salt }}'
-          databases:
-            default:
-              default:
-                driver: mysql
-                host: '127.0.0.1'
-                database: oliverdavies_uk
-                username: '{{ app_mysql_user }}'
-                password: '{{ app_mysql_password }}'
-          trusted_hosts:
-            - '^www\.oliverdavies\.uk$'
-          extra_parameters: |
-            $settings['deployment_identifier'] = '{{ ansistrano_release_version }}';
-
-            $settings['config_exclude_modules'] = [
-              'devel',
-              'stage_file_proxy',
-            ];
-
-            $config['config_split.config_split.live']['status'] = TRUE;
-
-            // Configure Cloudflare.
-            $settings['reverse_proxy'] = TRUE;
-            $settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']];
-            $settings['reverse_proxy_header'] = 'CF-Connecting-IP';
-            $settings['omit_vary_cookie'] = TRUE;
-
-            $config['opdavies_blog.settings']['integromat_webhook_url'] = '{{ integromat_webhook_url }}';
-            $config['opdavies_blog.settings']['post_tweet_webhook_url'] = '{{ post_tweet_webhook_url }}';
--- a/tools/ansible/vars/deploy_vault.yml
+++ b/tools/ansible/vars/deploy_vault.yml
@ -1,19 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-30653362663533616334373532653633363838333932666137633662313431303763646433366238
-3464333531326134626361396661306130373461633536630a653637366565366462313335623561
-63653563653533306436663335623961343539366566633730306638323833373261363063363538
-3163326166353836300a373466646366663333353165323035613533636138383162663562343231
-38353362316136316434373362633839323135666536326662643666303838393635626333373339
-63313035633161626534323862346230386461363766666263323964666261636238333631393862
-30383638613964313165623732383866333064366136663131396166363737653961646166663664
-32346461396537663639303665646639636265646164373066633638396661323463343165633064
-66653734356463656462346364336262643761323935646331363864623865316631623239616136
-33616262663134323434316533303234643336616434393638393436396439346266353035343931
-61336366396237653235653834396237366664303737373766323230336162303763623761633836
-63326264643737333064363163353762326636646462363466343334353266303936616163326238
-65313235643866323730386363656233333132633837613235643237623130383334646439303839
-33383633653334643865623231333836383262303933303032653538636465663938623562336661
-63643435373161666331663861646431613236646564316238623736353762303533653835383230
-65306231303330376432306664623938386563646434633039313237643239316136656262346562
-63313462316338656137613634343034393534646162363464373830623335353564376338623636
-6630623238373438363732333834646432633435366165363066
--- a/tools/ansible/vars/digitalocean_vars.yml
+++ b/tools/ansible/vars/digitalocean_vars.yml
@ -1,3 +0,0 @@
---
-digitalocean_api_key: '{{ vault_digitalocean_api_key }}'
-    
--- a/tools/ansible/vars/digitalocean_vault.yml
+++ b/tools/ansible/vars/digitalocean_vault.yml
@ -1,10 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36643735336232646262626537363631353061356565346664643261663565633364323932653232
-6639396262393839643437626338343930316439623633330a616566646533343063333166383136
-39353532316166623361626133326135383833643030663634376464663838353064663538343162
-3536373232623235620a303465306339653663306564383335643166323934393264633532616437
-33313231343432643030366565313135653163363434323632613361623339643137343361643135
-65666364346566356136383830366334326133633766313130653639626362366138663032653962
-39386364613838646133656230356564663564633537376435336438346434633161646436623137
-30666239343832663764303830616264643538346665353963383734373265663233303934666363
-6461
--- a/tools/ansible/vars/provision_vars.yml
+++ b/tools/ansible/vars/provision_vars.yml
@ -1,151 +0,0 @@
---
-security_ssh_permit_root_login: 'yes'
-security_ssh_port: 2849
-
-php_default_version_debian: '{{ php_version }}'
-php_enable_php_fpm: true
-php_version: 7.4
-php_webserver_daemon: nginx
-php_packages:
-    - 'php{{ php_version }}-cli'
-    - 'php{{ php_version }}-common'
-    - 'php{{ php_version }}-fpm'
-    - 'php{{ php_version }}-gd'
-    - 'php{{ php_version }}-mbstring'
-    - 'php{{ php_version }}-mysql'
-    - 'php{{ php_version }}-pdo'
-    - 'php{{ php_version }}-xml'
-
-app_mysql_user: '{{ vault_app_mysql_user }}'
-app_mysql_password: '{{ vault_app_mysql_password }}'
-
-mysql_packages:
-  - mariadb-client
-  - mariadb-server
-  - python3-mysqldb
-
-
-nginx_remove_default_vhost: true
-nginx_server_tokens: 'off'
-nginx_vhosts:
-  - listen: 80 default_server
-    server_name: oliverdavies.uk www.oliverdavies.uk
-    return: 301 https://www.oliverdavies.uk$request_uri
-    filename: www.oliverdavies.uk.80.conf
-
-  - listen: 443 ssl
-    server_name: oliverdavies.uk
-    return: 301 https://www.oliverdavies.uk$request_uri
-    filename: oliverdavies.uk.443.conf
-    extra_parameters: |
-      ssl_certificate     /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
-      ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
-
-  - listen: 443 ssl default_server
-    server_name: www.oliverdavies.uk
-    root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
-    index: index.php index.html
-    extra_parameters: |
-      ssl_certificate     /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
-      ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
-
-      location ~ ^/images/(.*) {
-         return 301 /sites/default/files/images/$1;
-      }
-
-      location = /favicon.ico {
-          log_not_found off;
-          access_log off;
-      }
-
-      location = /robots.txt {
-          allow all;
-          log_not_found off;
-          access_log off;
-      }
-
-      # Very rarely should these ever be accessed outside of your lan
-      location ~* \.(txt|log)$ {
-          allow 192.168.0.0/16;
-          deny all;
-      }
-
-      location ~ \..*/.*\.php$ {
-          return 403;
-      }
-
-      location ~ ^/sites/.*/private/ {
-          return 403;
-      }
-
-      # Block access to scripts in site files directory
-      location ~ ^/sites/[^/]+/files/.*\.php$ {
-          deny all;
-      }
-
-      # Allow "Well-Known URIs" as per RFC 5785
-      location ~* ^/.well-known/ {
-          allow all;
-      }
-
-      # Block access to "hidden" files and directories whose names begin with a
-      # period. This includes directories used by version control systems such
-      # as Subversion or Git to store control files.
-      location ~ (^|/)\. {
-          return 403;
-      }
-
-      location / {
-          try_files $uri /index.php?$query_string; # For Drupal >= 7
-      }
-
-      location @rewrite {
-          rewrite ^/(.*)$ /index.php?q=$1;
-      }
-
-      # Don't allow direct access to PHP files in the vendor directory.
-      location ~ /vendor/.*\.php$ {
-          deny all;
-          return 404;
-      }
-
-      location ~ '\.php$|^/update.php' {
-          try_files $uri =404;
-          fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-          include fastcgi_params;
-          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-          fastcgi_param PATH_INFO $fastcgi_path_info;
-          fastcgi_param QUERY_STRING $query_string;
-          fastcgi_intercept_errors on;
-          fastcgi_pass localhost:9000;
-      }
-
-      # Fighting with Styles? This little gem is amazing.
-      # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
-      location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
-          try_files $uri @rewrite;
-      }
-
-      # Handle private files through Drupal.
-      location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
-          try_files $uri /index.php?$query_string;
-      }
-
-      location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
-          try_files $uri @rewrite;
-          expires max;
-          log_not_found off;
-      }
-
-      # Enforce clean URLs
-      if ($request_uri ~* "^(.*/)index\.php(.*)") {
-          return 307 $1$2;
-      }
-
-certbot_create_if_missing: true
-certbot_create_method: standalone
-certbot_admin_email: oliver+certbot@oliverdavies.uk
-certbot_certs:
-  - domains:
-    - oliverdavies.uk
-    - www.oliverdavies.uk
--- a/tools/ansible/vars/provision_vault.yml
+++ b/tools/ansible/vars/provision_vault.yml
@ -1,8 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-36356435393662666564623838386330353664316261396361313737643836373861333939353532
-3739663861643162313633383662333531346537633364300a306633383236343331623638316233
-37666263356433666263343337363633316664376230323335316165303462316236613264323333
-6137353437376362310a316537666564363665336166366236333039356533316236383732636436
-39333766306663346461633463336337663033366461383533376230386665643934653766326135
-31623831306137653331326664623432346661633833323435613562376164376632316261333239
-643633396466643464663439353935666466
--- a/tools/ansible/vars/vars.yml
+++ b/tools/ansible/vars/vars.yml
@ -1,4 +0,0 @@
---
-ansistrano_current_dir: current
-project_root_path: /srv/oliverdavies-uk
-project_web_dir: web