From f219d81d38cdcd60209f41ee09b628dca70e4b44 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Wed, 10 Feb 2021 21:23:24 +0000 Subject: [PATCH] Remove Ansible playbooks and roles --- tools/ansible/ansible.cfg | 10 -- tools/ansible/deploy.yml | 12 -- tools/ansible/deploy/after-update-code.yml | 38 ----- tools/ansible/deploy/before-symlink.yml | 6 - tools/ansible/hosts.yml | 16 -- tools/ansible/includes/build-theme-assets.yml | 26 --- tools/ansible/main.yml | 3 - tools/ansible/provision.yml | 80 ---------- tools/ansible/requirements.yml | 27 ---- .../roles/drupal-permissions/tasks/main.yml | 29 ---- tools/ansible/vars/deploy_vars.yml | 68 -------- tools/ansible/vars/deploy_vault.yml | 19 --- tools/ansible/vars/digitalocean_vars.yml | 3 - tools/ansible/vars/digitalocean_vault.yml | 10 -- tools/ansible/vars/provision_vars.yml | 151 ------------------ tools/ansible/vars/provision_vault.yml | 8 - tools/ansible/vars/vars.yml | 4 - 17 files changed, 510 deletions(-) delete mode 100644 tools/ansible/ansible.cfg delete mode 100644 tools/ansible/deploy.yml delete mode 100644 tools/ansible/deploy/after-update-code.yml delete mode 100644 tools/ansible/deploy/before-symlink.yml delete mode 100644 tools/ansible/hosts.yml delete mode 100644 tools/ansible/includes/build-theme-assets.yml delete mode 100644 tools/ansible/main.yml delete mode 100644 tools/ansible/provision.yml delete mode 100644 tools/ansible/requirements.yml delete mode 100644 tools/ansible/roles/drupal-permissions/tasks/main.yml delete mode 100644 tools/ansible/vars/deploy_vars.yml delete mode 100644 tools/ansible/vars/deploy_vault.yml delete mode 100644 tools/ansible/vars/digitalocean_vars.yml delete mode 100644 tools/ansible/vars/digitalocean_vault.yml delete mode 100644 tools/ansible/vars/provision_vars.yml delete mode 100644 tools/ansible/vars/provision_vault.yml delete mode 100644 tools/ansible/vars/vars.yml diff --git a/tools/ansible/ansible.cfg b/tools/ansible/ansible.cfg deleted file mode 100644 index ed8d947..0000000 --- a/tools/ansible/ansible.cfg +++ /dev/null @@ -1,10 +0,0 @@ -[defaults] -bin_ansible_callbacks = True -inventory = hosts.yml -nocows = True -roles_path = .roles -stdout_callback = yaml -verbosity = 1 - -[ssh_connection] -pipelining = True diff --git a/tools/ansible/deploy.yml b/tools/ansible/deploy.yml deleted file mode 100644 index ae16fd9..0000000 --- a/tools/ansible/deploy.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: web - - vars_files: - - vars/vars.yml - - vars/provision_vault.yml - - vars/provision_vars.yml - - vars/deploy_vault.yml - - vars/deploy_vars.yml - - roles: - - name: ansistrano.deploy diff --git a/tools/ansible/deploy/after-update-code.yml b/tools/ansible/deploy/after-update-code.yml deleted file mode 100644 index 4245e63..0000000 --- a/tools/ansible/deploy/after-update-code.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Install Composer dependencies - composer: - command: install - optimize_autoloader: true - working_dir: '{{ ansistrano_release_path.stdout }}' - -- name: Generate settings.php file - include_role: - name: opdavies.drupal_settings_files - -- name: Fix file permissions - include_role: - name: drupal-permissions - -- name: Clear Drush cache - command: > - {{ release_drush_path }} - cache-clear drush - chdir={{ release_web_path }} - changed_when: false - -- name: Run database updates - command: > - {{ release_drush_path }} - updatedb -y - chdir={{ release_web_path }} - register: update_database_result - changed_when: "'No pending updates' not in update_database_result.stderr" - -- name: Import configuration - command: > - {{ release_drush_path }} config-import -y - chdir={{ release_web_path }} - register: config_import_result - changed_when: "'There are no changes to import' not in config_import_result.stderr" - -- include: ../includes/build-theme-assets.yml diff --git a/tools/ansible/deploy/before-symlink.yml b/tools/ansible/deploy/before-symlink.yml deleted file mode 100644 index 48fbdc3..0000000 --- a/tools/ansible/deploy/before-symlink.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Rebuild Drupal cache - command: > - {{ release_drush_path }} cache-rebuild - chdir={{ release_web_path }} - changed_when: false diff --git a/tools/ansible/hosts.yml b/tools/ansible/hosts.yml deleted file mode 100644 index ef0e8fd..0000000 --- a/tools/ansible/hosts.yml +++ /dev/null @@ -1,16 +0,0 @@ -all: - children: - db: - hosts: - 178.79.147.197: - vars: - ansible_python_interpreter: /usr/bin/python3 - ansible_port: 2849 - ansible_user: root - web: - hosts: - 178.79.147.197: - vars: - ansible_python_interpreter: /usr/bin/python3 - ansible_port: 2849 - ansible_user: root diff --git a/tools/ansible/includes/build-theme-assets.yml b/tools/ansible/includes/build-theme-assets.yml deleted file mode 100644 index 53fd9ed..0000000 --- a/tools/ansible/includes/build-theme-assets.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Export body values to include in theme purging - command: > - {{ release_drush_path }} opdavies:export-body-values-for-theme-purging - chdir={{ release_theme_path }} - creates={{ release_theme_path }}/body-field-values.txt - -- name: Install theme dependencies - command: > - npm ci - chdir={{ release_theme_path }} - creates={{ release_theme_path }}/node_modules - -- name: Generate front-end assets - command: > - npm run production - chdir={{ release_theme_path }} - creates={{ release_theme_path }}/dist - -- name: Remove files that are no longer needed - file: - path: "{{ release_theme_path }}/{{ item }}" - state: absent - with_items: - - body-field-values.txt - - node_modules diff --git a/tools/ansible/main.yml b/tools/ansible/main.yml deleted file mode 100644 index 139c08f..0000000 --- a/tools/ansible/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- import_playbook: provision.yml -- import_playbook: deploy.yml diff --git a/tools/ansible/provision.yml b/tools/ansible/provision.yml deleted file mode 100644 index a91ca67..0000000 --- a/tools/ansible/provision.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -- hosts: db - become: true - - vars_files: - - vars/vars.yml - - vars/provision_vault.yml - - vars/provision_vars.yml - - vars: - firewall_additional_rules: - - "iptables -A INPUT -p tcp --dport 3306 -s 10.131.0.2 -j ACCEPT" - firewall_allowed_tcp_ports: [2849] - mysql_bind_address: '10.131.0.3' - mysql_users: - - name: "{{ app_mysql_user }}" - password: "{{ app_mysql_password }}" - host: '10.131.0.2' - priv: "oliverdavies_uk.*:ALL" - mysql_databases: - - name: oliverdavies_uk - - pre_tasks: - - name: Update apt cache - apt: - update_cache: true - cache_valid_time: 3600 - - roles: - - name: geerlingguy.firewall - - name: geerlingguy.security - - name: geerlingguy.mysql - -- hosts: web - - vars_files: - - vars/vars.yml - - vars/provision_vault.yml - - vars/provision_vars.yml - - vars: - composer_version_branch: '--1' - firewall_allowed_tcp_ports: [80, 443, 2849] - mysql_packages: - - mariadb-client - mysql_users: [] - - roles: - - name: geerlingguy.firewall - - name: geerlingguy.security - - name: geerlingguy.certbot - - name: geerlingguy.nginx - - name: geerlingguy.mysql - - name: geerlingguy.php-versions - - name: geerlingguy.php - - name: geerlingguy.php-mysql - - name: geerlingguy.composer - - name: geerlingguy.nodejs - - pre_tasks: - - name: Update apt cache - apt: - update_cache: true - cache_valid_time: 3600 - - tasks: - - name: Install packages - package: - name: [curl, zip] - state: present - - - name: Add cron jobs - cron: - name: Drupal cron - oliverdavies.uk - minute: '*/5' - job: > - {{ project_root_path }}/{{ ansistrano_current_dir }}/bin/drush core-cron - --root={{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }} - --uri https://www.oliverdavies.uk - --quiet diff --git a/tools/ansible/requirements.yml b/tools/ansible/requirements.yml deleted file mode 100644 index f9afc29..0000000 --- a/tools/ansible/requirements.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: ansistrano.deploy - version: 3.4.0 -- name: ansistrano.rollback - version: 3.0.0 -- name: geerlingguy.certbot - version: 3.0.3 -- name: geerlingguy.composer - version: 1.9.0 -- name: geerlingguy.firewall - version: 2.5.0 -- name: geerlingguy.mysql - version: 3.3.0 -- name: geerlingguy.nginx - version: 2.7.0 -- name: geerlingguy.nodejs - version: 5.1.1 -- name: geerlingguy.php - version: 3.7.0 -- name: geerlingguy.php-mysql - version: 2.1.0 -- name: geerlingguy.php-versions - version: 4.0.2 -- name: geerlingguy.security - version: 2.0.1 -- name: opdavies.drupal_settings_files - version: 0.1.0 diff --git a/tools/ansible/roles/drupal-permissions/tasks/main.yml b/tools/ansible/roles/drupal-permissions/tasks/main.yml deleted file mode 100644 index 021a8f5..0000000 --- a/tools/ansible/roles/drupal-permissions/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Set the permissions for each Drupal root directory. - file: - group: www-data - mode: ug=rX,o= - owner: "{{ drupal_permissions.user }}" - path: "{{ item.root }}" - recurse: true - state: directory - with_items: "{{ drupal_permissions.sites }}" - -- name: Set permissions for the defined settings files. - file: - mode: a-X - path: "{{ item.0.root }}/{{ item.1 }}" - state: file - with_subelements: - - "{{ drupal_permissions.sites }}" - - settings_files - -- name: Set permissions for the defined files directories. - file: - mode: ug=rwX,o= - path: "{{ item.0.root }}/{{ item.1 }}" - recurse: true - state: directory - with_subelements: - - "{{ drupal_permissions.sites }}" - - files_directories diff --git a/tools/ansible/vars/deploy_vars.yml b/tools/ansible/vars/deploy_vars.yml deleted file mode 100644 index 83b7d0b..0000000 --- a/tools/ansible/vars/deploy_vars.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -ansistrano_allow_anonymous_stats: false -ansistrano_deploy_via: git -ansistrano_deploy_to: '{{ project_root_path }}' -ansistrano_git_repo: git@github.com:opdavies/oliverdavies-uk.git -ansistrano_git_branch: production -ansistrano_keep_releases: 5 -ansistrano_shared_paths: - - '{{ project_web_dir }}/sites/default/files' - -# Hooks -ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml' -# ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml' - -app_hash_salt: '{{ vault_app_hash_salt }}' - -integromat_webhook_url: '{{ vault_integromat_webhook_url }}' -post_tweet_webhook_url: '{{ vault_post_tweet_webhook_url }}' - -release_drush_path: '{{ ansistrano_release_path.stdout }}/bin/drush' -release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}' -release_theme_path: '{{ release_web_path }}/themes/custom/opdavies' - -drupal_permissions: - sites: - - root: "{{ release_web_path }}" - files_directories: - - sites/default/files - settings_files: - - sites/default/settings.php - - sites/default/settings.local.php - user: root - -drupal_settings: - - drupal_root: '{{ release_web_path }}' - sites: - - name: default - filename: settings.local.php - settings: - hash_salt: '{{ app_hash_salt }}' - databases: - default: - default: - driver: mysql - host: '127.0.0.1' - database: oliverdavies_uk - username: '{{ app_mysql_user }}' - password: '{{ app_mysql_password }}' - trusted_hosts: - - '^www\.oliverdavies\.uk$' - extra_parameters: | - $settings['deployment_identifier'] = '{{ ansistrano_release_version }}'; - - $settings['config_exclude_modules'] = [ - 'devel', - 'stage_file_proxy', - ]; - - $config['config_split.config_split.live']['status'] = TRUE; - - // Configure Cloudflare. - $settings['reverse_proxy'] = TRUE; - $settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']]; - $settings['reverse_proxy_header'] = 'CF-Connecting-IP'; - $settings['omit_vary_cookie'] = TRUE; - - $config['opdavies_blog.settings']['integromat_webhook_url'] = '{{ integromat_webhook_url }}'; - $config['opdavies_blog.settings']['post_tweet_webhook_url'] = '{{ post_tweet_webhook_url }}'; diff --git a/tools/ansible/vars/deploy_vault.yml b/tools/ansible/vars/deploy_vault.yml deleted file mode 100644 index 272a2ff..0000000 --- a/tools/ansible/vars/deploy_vault.yml +++ /dev/null @@ -1,19 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -30653362663533616334373532653633363838333932666137633662313431303763646433366238 -3464333531326134626361396661306130373461633536630a653637366565366462313335623561 -63653563653533306436663335623961343539366566633730306638323833373261363063363538 -3163326166353836300a373466646366663333353165323035613533636138383162663562343231 -38353362316136316434373362633839323135666536326662643666303838393635626333373339 -63313035633161626534323862346230386461363766666263323964666261636238333631393862 -30383638613964313165623732383866333064366136663131396166363737653961646166663664 -32346461396537663639303665646639636265646164373066633638396661323463343165633064 -66653734356463656462346364336262643761323935646331363864623865316631623239616136 -33616262663134323434316533303234643336616434393638393436396439346266353035343931 -61336366396237653235653834396237366664303737373766323230336162303763623761633836 -63326264643737333064363163353762326636646462363466343334353266303936616163326238 -65313235643866323730386363656233333132633837613235643237623130383334646439303839 -33383633653334643865623231333836383262303933303032653538636465663938623562336661 -63643435373161666331663861646431613236646564316238623736353762303533653835383230 -65306231303330376432306664623938386563646434633039313237643239316136656262346562 -63313462316338656137613634343034393534646162363464373830623335353564376338623636 -6630623238373438363732333834646432633435366165363066 diff --git a/tools/ansible/vars/digitalocean_vars.yml b/tools/ansible/vars/digitalocean_vars.yml deleted file mode 100644 index b04e5f3..0000000 --- a/tools/ansible/vars/digitalocean_vars.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -digitalocean_api_key: '{{ vault_digitalocean_api_key }}' - \ No newline at end of file diff --git a/tools/ansible/vars/digitalocean_vault.yml b/tools/ansible/vars/digitalocean_vault.yml deleted file mode 100644 index c5f4e08..0000000 --- a/tools/ansible/vars/digitalocean_vault.yml +++ /dev/null @@ -1,10 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36643735336232646262626537363631353061356565346664643261663565633364323932653232 -6639396262393839643437626338343930316439623633330a616566646533343063333166383136 -39353532316166623361626133326135383833643030663634376464663838353064663538343162 -3536373232623235620a303465306339653663306564383335643166323934393264633532616437 -33313231343432643030366565313135653163363434323632613361623339643137343361643135 -65666364346566356136383830366334326133633766313130653639626362366138663032653962 -39386364613838646133656230356564663564633537376435336438346434633161646436623137 -30666239343832663764303830616264643538346665353963383734373265663233303934666363 -6461 diff --git a/tools/ansible/vars/provision_vars.yml b/tools/ansible/vars/provision_vars.yml deleted file mode 100644 index 1a32ceb..0000000 --- a/tools/ansible/vars/provision_vars.yml +++ /dev/null @@ -1,151 +0,0 @@ ---- -security_ssh_permit_root_login: 'yes' -security_ssh_port: 2849 - -php_default_version_debian: '{{ php_version }}' -php_enable_php_fpm: true -php_version: 7.4 -php_webserver_daemon: nginx -php_packages: - - 'php{{ php_version }}-cli' - - 'php{{ php_version }}-common' - - 'php{{ php_version }}-fpm' - - 'php{{ php_version }}-gd' - - 'php{{ php_version }}-mbstring' - - 'php{{ php_version }}-mysql' - - 'php{{ php_version }}-pdo' - - 'php{{ php_version }}-xml' - -app_mysql_user: '{{ vault_app_mysql_user }}' -app_mysql_password: '{{ vault_app_mysql_password }}' - -mysql_packages: - - mariadb-client - - mariadb-server - - python3-mysqldb - - -nginx_remove_default_vhost: true -nginx_server_tokens: 'off' -nginx_vhosts: - - listen: 80 default_server - server_name: oliverdavies.uk www.oliverdavies.uk - return: 301 https://www.oliverdavies.uk$request_uri - filename: www.oliverdavies.uk.80.conf - - - listen: 443 ssl - server_name: oliverdavies.uk - return: 301 https://www.oliverdavies.uk$request_uri - filename: oliverdavies.uk.443.conf - extra_parameters: | - ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem; - - - listen: 443 ssl default_server - server_name: www.oliverdavies.uk - root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}' - index: index.php index.html - extra_parameters: | - ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem; - - location ~ ^/images/(.*) { - return 301 /sites/default/files/images/$1; - } - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to scripts in site files directory - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - # Allow "Well-Known URIs" as per RFC 5785 - location ~* ^/.well-known/ { - allow all; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - try_files $uri /index.php?$query_string; # For Drupal >= 7 - } - - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - # Don't allow direct access to PHP files in the vendor directory. - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~ '\.php$|^/update.php' { - try_files $uri =404; - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $query_string; - fastcgi_intercept_errors on; - fastcgi_pass localhost:9000; - } - - # Fighting with Styles? This little gem is amazing. - # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 - location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7 - try_files $uri @rewrite; - } - - # Handle private files through Drupal. - location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7 - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - # Enforce clean URLs - if ($request_uri ~* "^(.*/)index\.php(.*)") { - return 307 $1$2; - } - -certbot_create_if_missing: true -certbot_create_method: standalone -certbot_admin_email: oliver+certbot@oliverdavies.uk -certbot_certs: - - domains: - - oliverdavies.uk - - www.oliverdavies.uk diff --git a/tools/ansible/vars/provision_vault.yml b/tools/ansible/vars/provision_vault.yml deleted file mode 100644 index ceb80f6..0000000 --- a/tools/ansible/vars/provision_vault.yml +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36356435393662666564623838386330353664316261396361313737643836373861333939353532 -3739663861643162313633383662333531346537633364300a306633383236343331623638316233 -37666263356433666263343337363633316664376230323335316165303462316236613264323333 -6137353437376362310a316537666564363665336166366236333039356533316236383732636436 -39333766306663346461633463336337663033366461383533376230386665643934653766326135 -31623831306137653331326664623432346661633833323435613562376164376632316261333239 -643633396466643464663439353935666466 diff --git a/tools/ansible/vars/vars.yml b/tools/ansible/vars/vars.yml deleted file mode 100644 index 99ac466..0000000 --- a/tools/ansible/vars/vars.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -ansistrano_current_dir: current -project_root_path: /srv/oliverdavies-uk -project_web_dir: web