oliverdavies.uk-drupal-old/tools/ansible/vars/provision_vars.yml

---
security_ssh_permit_root_login: 'yes'

php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
    - 'php{{ php_version }}-cli'
    - 'php{{ php_version }}-common'
    - 'php{{ php_version }}-fpm'
    - 'php{{ php_version }}-gd'
    - 'php{{ php_version }}-mbstring'
    - 'php{{ php_version }}-mysql'
    - 'php{{ php_version }}-pdo'
    - 'php{{ php_version }}-xml'

app_mysql_user: '{{ vault_app_mysql_user }}'
app_mysql_password: '{{ vault_app_mysql_password }}'

mysql_packages:
  - mariadb-client
  - mariadb-server
  - python-mysqldb

mysql_databases:
  - name: oliverdavies_uk

nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
  - listen: 80
    server_name: d8.oliverdavies.uk
    return: 301 https://d8.oliverdavies.uk$request_uri
    filename: d8.oliverdavies.uk.80.conf

  - listen: 443 ssl
    server_name: d8.oliverdavies.uk
    root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
    index: index.php
    extra_parameters: |
      rewrite /about / permanent;
      rewrite /blog/2010/04/05/style-drupal-6s-taxonomy-lists-php-css-and-jquery /blog/style-drupal-6s-taxonomy-lists-php-css-and-jquery permanent;
      rewrite /blog/2010/04/28/using-imagecache-and-imagecrop-my-portfolio /blog/using-imagecache-and-imagecrop-my-portfolio permanent;
      rewrite /blog/2010/05/06/conditional-email-addresses-webform /blog/conditional-email-addresses-webform permanent;
      rewrite /blog/2010/05/10/quickly-create-zen-subthemes-using-zenophile /blog/quickly-create-zen-subthemes-using-zenophile permanent;
      rewrite /blog/2010/05/25/create-slideshow-multiple-images-using-fancy-slide /blog/create-slideshow-multiple-images-using-fancy-slide permanent;
      rewrite /blog/2010/05/29/quickly-import-multiples-images-using-imagefieldimport-module /blog/quickly-import-multiples-images-using-imagefieldimport-module permanent;
      rewrite /blog/2010/06/02/improve-jpg-quality-imagecache-and-imageapi /blog/improve-jpg-quality-imagecache-and-imageapi permanent;
      rewrite /blog/2010/06/23/create-block-social-media-icons-using-cck-views-and-nodequeue /blog/create-block-social-media-icons-using-cck-views-and-nodequeue permanent;
      rewrite /blog/2010/06/25/10-useful-drupal-6-modules /blog/10-useful-drupal-6-modules permanent;
      rewrite /blog/2010/06/28/create-flickr-photo-gallery-using-feeds-cck-and-views /blog/create-flickr-photo-gallery-using-feeds-cck-and-views permanent;
      rewrite /blog/2010/07/01/change-content-type-multiple-nodes-using-sql /blog/change-content-type-multiple-nodes-using-sql permanent;
      rewrite /blog/2010/07/02/create-virtual-hosts-mac-os-x-using-virtualhostx /blog/create-virtual-hosts-mac-os-x-using-virtualhostx permanent;
      rewrite /blog/2010/07/07/add-taxonomy-term-multiple-nodes-using-sql /blog/add-taxonomy-term-multiple-nodes-using-sql permanent;
      rewrite /blog/2010/07/12/review-teleport-module /blog/review-teleport-module permanent;
      rewrite /blog/2010/08/10/review-adminhover-module /blog/review-adminhover-module permanent;
      rewrite /blog/2010/08/11/create-better-photo-gallery-drupal-part-1 /blog/create-better-photo-gallery-drupal-part-1 permanent;
      rewrite /blog/2010/08/17/create-better-photo-gallery-drupal-part-2 /blog/create-better-photo-gallery-drupal-part-2 permanent;
      rewrite /blog/2010/08/20/review-image-caption-module /blog/review-image-caption-module permanent;
      rewrite /blog/2010/09/26/south-wales-drupal-user-group /blog/south-wales-drupal-user-group permanent;
      rewrite /blog/2010/10/10/create-and-apply-patches /blog/create-and-apply-patches permanent;
      rewrite /blog/2010/10/13/create-better-photo-gallery-drupal-part-3 /blog/create-better-photo-gallery-drupal-part-3 permanent;
      rewrite /blog/2010/10/22/create-better-photo-gallery-drupal-part-21 /blog/create-better-photo-gallery-drupal-part-21 permanent;
      rewrite /blog/2010/11/04/use-regular-expressions-search-and-replace-coda-or-textmate /blog/use-regular-expressions-search-and-replace-coda-or-textmate permanent;
      rewrite /blog/2011/02/14/easily-embed-typekit-fonts-your-drupal-website /blog/easily-embed-typekit-fonts-your-drupal-website permanent;
      rewrite /blog/2011/03/15/display-number-facebook-fans-php /blog/display-number-facebook-fans-php permanent;
      rewrite /blog/2011/03/31/proctor-stevenson /blog/proctor-stevenson permanent;
      rewrite /blog/2011/05/20/proctors-hosting-next-drupal-meetup /blog/proctors-hosting-next-drupal-meetup permanent;
      rewrite /blog/2011/05/23/imagefield-import-archive /blog/imagefield-import-archive permanent;
      rewrite /blog/2011/08/28/create-multigroups-drupal-7-using-field-collections /blog/create-multigroups-drupal-7-using-field-collections permanent;
      rewrite /blog/2011/10/19/install-and-configure-subversion-svn-server-ubuntu /blog/install-and-configure-subversion-svn-server-ubuntu permanent;
      rewrite /blog/2012/01/04/site-upgraded-drupal-7 /blog/site-upgraded-drupal-7 permanent;
      rewrite /blog/2012/02/01/use-authorized-keys-create-passwordless-ssh-connection /blog/use-authorized-keys-create-passwordless-ssh-connection permanent;
      rewrite /blog/2012/04/16/create-omega-subtheme-less-css-preprocessor-using-omega-tools-and-drush /blog/create-omega-subtheme-less-css-preprocessor-using-omega-tools-and-drush permanent;
      rewrite /blog/2012/04/17/installing-nagios-centos /blog/installing-nagios-centos permanent;
      rewrite /blog/2012/04/19/adding-custom-theme-templates-drupal-7 /blog/adding-custom-theme-templates-drupal-7 permanent;
      rewrite /blog/2012/05/23/add-date-popup-calendar-custom-form /blog/add-date-popup-calendar-custom-form permanent;
      rewrite /blog/2012/05/23/checkout-specific-revision-svn-command-line /blog/checkout-specific-revision-svn-command-line permanent;
      rewrite /blog/2012/05/23/forward-one-domain-another-using-mod-rewrite-and-htaccess /blog/forward-one-domain-another-using-mod-rewrite-and-htaccess permanent;
      rewrite /blog/2012/05/23/prevent-apache-displaying-text-files-within-web-browser /blog/prevent-apache-displaying-text-files-within-web-browser permanent;
      rewrite /blog/2012/05/23/writing-info-file-drupal-7-theme /blog/writing-info-file-drupal-7-theme permanent;
      rewrite /blog/2012/05/24/dividing-drupals-process-and-preprocess-functions-separate-files /blog/dividing-drupals-process-and-preprocess-functions-separate-files permanent;
      rewrite /blog/2012/07/12/my-new-drupal-modules /blog/my-new-drupal-modules permanent;
      rewrite /blog/2012/07/14/install-nomensa-media-player-drupal /blog/install-nomensa-media-player-drupal permanent;
      rewrite /blog/2012/07/27/writing-article-linux-journal /blog/writing-article-linux-journal permanent;
      rewrite /blog/2012/08/18/display-custom-menu-drupal-7-theme-template-file /blog/display-custom-menu-drupal-7-theme-template-file permanent;
      rewrite /blog/2012/09/06/reflections-speaking-unifieddiff /blog/reflections-speaking-unifieddiff permanent;
      rewrite /blog/2012/10/25/my-sublime-text-2-settings /blog/my-sublime-text-2-settings permanent;
      rewrite /blog/2012/11/15/accessible-bristol-site-launched /blog/accessible-bristol-site-launched permanent;
      rewrite /blog/2012/11/17/open-sublime-text-2-mac-os-x-command-line /blog/open-sublime-text-2-mac-os-x-command-line permanent;
      rewrite /blog/2012/12/06/use-sass-and-compass-drupal-7-using-sassy /blog/use-sass-and-compass-drupal-7-using-sassy permanent;
      rewrite /blog/2013/01/09/checking-if-user-logged-drupal-right-way /blog/checking-if-user-logged-drupal-right-way permanent;
      rewrite /blog/2013/02/16/creating-and-using-custom-tokens-drupal-7 /blog/creating-and-using-custom-tokens-drupal-7 permanent;
      rewrite /blog/2013/03/02/quickest-way-install-sublime-text-2-ubuntu /blog/quickest-way-install-sublime-text-2-ubuntu permanent;
      rewrite /blog/2013/04/20/leaving-nomensa-joining-precedent /blog/leaving-nomensa-joining-precedent permanent;
      rewrite /blog/2013/04/27/display-git-branch-or-tag-names-your-bash-prompt /blog/display-git-branch-or-tag-names-your-bash-prompt permanent;
      rewrite /blog/2013/06/13/some-useful-links-using-simpletest-drupal /blog/some-useful-links-using-simpletest-drupal permanent;
      rewrite /blog/2013/07/17/creating-local-and-staging-sites-drupals-domain-module-enabled /blog/creating-local-and-staging-sites-drupals-domain-module-enabled permanent;
      rewrite /blog/2013/07/26/going-drupalcon /blog/going-drupalcon permanent;
      rewrite /blog/2013/09/06/create-a-zen-sub-theme-using-drush /blog/create-a-zen-sub-theme-using-drush permanent;
      rewrite /blog/2013/11/19/dont-bootstrap-drupal-use-drush /blog/dont-bootstrap-drupal-use-drush permanent;
      rewrite /blog/2013/11/27/useful-vagrant-commands /blog/useful-vagrant-commands permanent;
      rewrite /blog/2013/12/24/quickly-apply-patches-using-git-and-curl-or-wget /blog/quickly-apply-patches-using-git-and-curl-or-wget permanent;
      rewrite /blog/2013/12/31/download-different-versions-drupal-drush /blog/download-different-versions-drupal-drush permanent;
      rewrite /blog/2014/01/15/some-useful-git-aliases /blog/some-useful-git-aliases permanent;
      rewrite /blog/2014/02/09/drupalcamp-london-2014 /blog/drupalcamp-london-2014 permanent;
      rewrite /blog/2014/03/03/what-git-flow /blog/what-git-flow permanent;
      rewrite /blog/2014/05/03/drupal-association /blog/drupal-association permanent;
      rewrite /blog/2014/05/06/thanks /blog/thanks permanent;
      rewrite /blog/2014/05/21/git-format-patch /blog/git-format-patch permanent;
      rewrite /blog/2014/07/02/drush-make-drupalbristol /blog/drush-make-drupalbristol permanent;
      rewrite /blog/2014/10/06/fix-vagrant-loading-wrong-virtual-machine /blog/fix-vagrant-loading-wrong-virtual-machine permanent;
      rewrite /blog/2014/10/21/updating-features-and-adding-components-using-drush /blog/updating-features-and-adding-components-using-drush permanent;
      rewrite /blog/2014/11/18/include-css-fonts-using-sass-each-loop /blog/include-css-fonts-using-sass-each-loop permanent;
      rewrite /blog/2014/11/20/using-remote-files-when-developing-locally-with-stage-file-proxy-module /blog/using-remote-files-when-developing-locally-with-stage-file-proxy-module permanent;
      rewrite /blog/2014/11/27/pantheon-settings-files /blog/pantheon-settings-files permanent;
      rewrite /blog/2014/12/20/include-local-drupal-settings-file-environment-configuration-and-overrides /blog/include-local-drupal-settings-file-environment-configuration-and-overrides permanent;
      rewrite /blog/2015/04/03/how-to-define-a-minimum-drupal-core-version /blog/how-to-define-a-minimum-drupal-core-version permanent;
      rewrite /blog/2015/06/18/updating-forked-repositories-on-github /blog/updating-forked-repositories-on-github permanent;
      rewrite /blog/2015/07/19/sculpin-twig-resources /blog/sculpin-twig-resources permanent;
      rewrite /blog/2015/07/21/automating-sculpin-jenkins /blog/automating-sculpin-jenkins permanent;
      rewrite /blog/2015/12/22/programmatically-load-an-entityform-in-drupal-7 /blog/programmatically-load-an-entityform-in-drupal-7 permanent;
      rewrite /blog/2016/02/15/announcing-the-drupal-vm-generator /blog/announcing-the-drupal-vm-generator permanent;
      rewrite /blog/2016/05/03/simplifying-drupal-migrations-with-xautoload /blog/simplifying-drupal-migrations-with-xautoload permanent;
      rewrite /blog/2016/07/15/building-gmail-filters-with-php /blog/building-gmail-filters-with-php permanent;
      rewrite /blog/2016/12/30/drupal-vm-generator-291-released /blog/drupal-vm-generator-291-released permanent;
      rewrite /blog/2017/01/07/easier-sculpin-commands-with-composer-and-npm-scripts /blog/easier-sculpin-commands-with-composer-and-npm-scripts permanent;
      rewrite /blog/2017/01/31/nginx-redirects-with-query-string-arguments /blog/nginx-redirects-with-query-string-arguments permanent;
      rewrite /blog/2017/05/05/fixing-drupal-simpletest-docker /blog/2017/05/05/fixing-drupal-simpletest-issues-inside-docker-containers permanent;
      rewrite /blog/2017/05/05/fixing-drupal-simpletest-issues-inside-docker-containers /blog/fixing-drupal-simpletest-issues-inside-docker-containers permanent;
      rewrite /blog/2017/06/09/introducing-the-drupal-meetups-twitterbot /blog/introducing-the-drupal-meetups-twitterbot permanent;
      rewrite /blog/2017/11/07/tdd-test-driven-drupal /blog/tdd-test-driven-drupal permanent;
      rewrite /blog/2017/11/07/writing-drupal-module-test-driven-development-tdd /blog/2017/11/07/tdd-test-driven-drupal permanent;
      rewrite /blog/2018/01/30/drupalcamp-bristol-2018 /blog/drupalcamp-bristol-2018 permanent;
      rewrite /blog/2018/02/05/using-tailwind-css-in-your-drupal-theme /blog/using-tailwind-css-in-your-drupal-theme permanent;
      rewrite /blog/2018/02/27/looking-forward-to-drupalcamp-london /blog/looking-forward-to-drupalcamp-london permanent;
      rewrite /blog/2018/02/27/queuing-private-messages-in-drupal-8 /blog/queuing-private-messages-in-drupal-8 permanent;
      rewrite /blog/2018/02/28/building-the-new-phpsw-website /blog/building-the-new-phpsw-website permanent;
      rewrite /blog/2018/03/02/yay-the-mediacurrent-contrib-half-hour-is-back /blog/yay-the-mediacurrent-contrib-half-hour-is-back permanent;
      rewrite /blog/2018/03/04/tweets-from-drupalcamp-london /blog/tweets-from-drupalcamp-london permanent;
      rewrite /blog/2018/05/06/creating-a-custom-phpunit-command-for-docksal /blog/creating-a-custom-phpunit-command-for-docksal permanent;
      rewrite /blog/announcing-the-drupal-vm-config-generator /blog/announcing-the-drupal-vm-generator permanent;
      rewrite /blog/drush-make-drupalbristol /talks/drush-make-drupalbristol permanent;
      rewrite /blog/system-users-null-users /blog/null-users-and-system-users-in-drupal permanent;
      rewrite /blog/tweets-from-drupalcamp-london /blog/tweets-drupalcamp-london permanent;
      rewrite /blog /articles permanent;
      rewrite /blog.xml /feed permanent;
      rewrite /blog/* /blog/:splat permanent;
      rewrite /book /test-driven-drupal permanent;
      rewrite /consulting / permanent;
      rewrite /cv https://cv.oliverdavies.uk permanent;
      rewrite /drupal https://www.drupal.org/u/opdavies permanent;
      rewrite /drupalgive https://www.drupal.org/u/opdavies permanent;
      rewrite /experience https://cv.oliverdavies.uk permanent;
      rewrite /git-flow /talks/git-flow permanent;
      rewrite /github https://github.com/opdavies permanent;
      rewrite /joindin https://joind.in/user/opdavies permanent;
      rewrite /linkedin https://www.linkedin.com/in/opdavies permanent;
      rewrite /packagist https://packagist.org/packages/opdavies permanent;
      rewrite /services /experience permanent;
      rewrite /slides/bristol-dug/drupal-vm-generator http://opdavies.github.io/slides-drupal-vm-generator permanent;
      rewrite /slides/phpsw/building-static-websites-with-sculpin https://opdavies.github.io/slides-phpsw-sculpin permanent;
      rewrite /speakerdeck https://speakerdeck.com/opdavies permanent;
      rewrite /speaking /talks permanent;
      rewrite /talks/2012/09/05/what-is-this-drupal-thing-unified-diff /talks/what-is-this-drupal-thing permanent;
      rewrite /talks/2013/07/10/drupal-ldap-swdug /talks/drupal-ldap permanent;
      rewrite /talks/2014/03/01/git-flow-drupalcamp-london-2014 /talks/git-flow permanent;
      rewrite /talks/2014/07/02/drush-make-drupalbristol-drupal-bristol /talks/drush-make-drupalbristol permanent;
      rewrite /talks/2014/08/19/drupal-association-swdug /talks/drupal-association permanent;
      rewrite /talks/2015/01/18/drupalorg-2015-drupalcamp-brighton-2015 /talks/drupalorg-in-2015-whats-coming-next permanent;
      rewrite /talks/2015/02/28/drupalorg-2015-drupalcamp-london-2015 /talks/drupalorg-in-2015-whats-coming-next permanent;
      rewrite /talks/2015/04/08/drupal-8-phpsw /talks/drupal-8 permanent;
      rewrite /talks/2015/07/25/test-drive-twig-with-sculpin-drupalcamp-north-2015 /talks/test-drive-twig-with-sculpin permanent;
      rewrite /talks/2015/08/25/dancing-for-drupal-umbristol /talks/dancing-for-drupal permanent;
      rewrite /talks/2015/10/14/sculpin-phpsw /talks/sculpin permanent;
      rewrite /talks/2016/03/05/drupal-8-module-development-drupalcamp-london-2016 /talks/getting-started-with-drupal-8-module-development permanent;
      rewrite /talks/2016/03/09/drupal-vm-generator-nwdug /talks/drupal-vm-generator permanent;
      rewrite /talks/2016/04/02/drupal-vm-generator-drupal-bristol /talks/drupal-vm-generator permanent;
      rewrite /talks/2016/06/11/drupal-8-rejoining-the-herd-php-south-coast-2016 /talks/drupal-8-rejoining-the-herd permanent;
      rewrite /talks/2016/07/23/drupal-vm-meet-symfony-console-drupalcamp-bristol-2016 /talks/drupal-vm-meet-symfony-console permanent;
      rewrite /talks/2016/11/09/drupal-development-with-composer-phpsw /talks/drupal-development-with-composer permanent;
      rewrite /talks/2016/11/17/goodbye-drush-make-hello-composer-drupal-bristol /talks/goodbye-drush-make-hello-composer permanent;
      rewrite /talks/2017/01/18/getting-your-data-into-drupal-8-drupal-bristol /talks/getting-your-data-into-drupal-8 permanent;
      rewrite /talks/2017/03/04/getting-your-data-into-drupal-8-drupalcamp-london-2017 /talks/getting-your-data-into-drupal-8 permanent;
      rewrite /talks/archive /talks permanent;
      rewrite /talks/deploying-php-applications-with-fabric /talks/deploying-php-fabric permanent;
      rewrite /talks/drupal-vm-generator-2 /talks/drupal-vm-generator permanent;
      rewrite /talks/drupalorg-2015-2 /talks/drupalorg-2015 permanent;
      rewrite /talks/drupalorg-in-2015-whats-coming-next /talks/drupalorg-2015 permanent;
      rewrite /talks/getting-started-with-drupal-8-module-development /drupal-8-module-development permanent;
      rewrite /talks/sculpin /talks/building-static-websites-sculpin permanent;
      rewrite /talks/using-laravel-collections-outside-laravel /talks/using-illuminate-collections-outside-laravel permanent;
      rewrite /terms-and-conditions /terms permanent;
      rewrite /twitter https://twitter.com/opdavies permanent;
      rewrite /work /experience permanent;
      rewrite /youtube https://www.youtube.com/channel/UCkeK0qF9HHUPQH_fvn4ghqQ permanent;

      ssl_certificate     /etc/letsencrypt/live/d8.oliverdavies.uk/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/d8.oliverdavies.uk/privkey.pem;      
 
      location = /favicon.ico {
          log_not_found off;
          access_log off;
      }

      location = /robots.txt {
          allow all;
          log_not_found off;
          access_log off;
      }

      # Very rarely should these ever be accessed outside of your lan
      location ~* \.(txt|log)$ {
          allow 192.168.0.0/16;
          deny all;
      }

      location ~ \..*/.*\.php$ {
          return 403;
      }

      location ~ ^/sites/.*/private/ {
          return 403;
      }

      # Block access to scripts in site files directory
      location ~ ^/sites/[^/]+/files/.*\.php$ {
          deny all;
      }

      # Allow "Well-Known URIs" as per RFC 5785
      location ~* ^/.well-known/ {
          allow all;
      }

      # Block access to "hidden" files and directories whose names begin with a
      # period. This includes directories used by version control systems such
      # as Subversion or Git to store control files.
      location ~ (^|/)\. {
          return 403;
      }

      location / {
          try_files $uri /index.php?$query_string; # For Drupal >= 7
      }

      location @rewrite {
          rewrite ^/(.*)$ /index.php?q=$1;
      }

      # Don't allow direct access to PHP files in the vendor directory.
      location ~ /vendor/.*\.php$ {
          deny all;
          return 404;
      }

      location ~ '\.php$|^/update.php' {
          try_files $uri =404;
          fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_param QUERY_STRING $query_string;
          fastcgi_intercept_errors on;
          fastcgi_pass localhost:9000;
      }

      # Fighting with Styles? This little gem is amazing.
      # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
      location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
          try_files $uri @rewrite;
      }

      # Handle private files through Drupal.
      location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
          try_files $uri /index.php?$query_string;
      }

      location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
          try_files $uri @rewrite;
          expires max;
          log_not_found off;
      }

      # Enforce clean URLs
      if ($request_uri ~* "^(.*/)index\.php(.*)") {
          return 307 $1$2;
      }

certbot_create_if_missing: true
certbot_create_method: standalone
certbot_admin_email: oliver+certbot@oliverdavies.uk
certbot_certs:
  - domains: [d8.oliverdavies.uk]