slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

php_app_separated_data #1

Merged
clement.veret merged 12 commits from php_app_separated_data into main 2025-03-09 16:56:37 +01:00
Conversation 0 Commits 12 Files Changed 35 +400 -137
35 changed files with 400 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
playbooks/webapps.yml
View File

@@ -4,13 +4,20 @@
hosts: web1.dmz.mateu.be hosts: web1.dmz.mateu.be
diff: true diff: true
roles: roles:
- koillection - role: bac
- bac tags: [never, bac]
- roundcube - role: shaarli
- shaarli tags: [never, shaarli]
- freshrss - role: roundcube
- nextcloud tags: [never, roundcube]
- firefly3 - role: freshrss
tags: [never, freshrss]
- role: firefly3
tags: [never, firefly3]
- role: koillection
tags: [never, koillection]
- role: nextcloud
tags: [never, nextcloud]
- name: Install dojo webapplications - name: Install dojo webapplications
hosts: web2.dmz.mateu.be hosts: web2.dmz.mateu.be

15
roles/bac/tasks/main.yml
View File

@@ -1,10 +1,23 @@
--- ---
- name: Remove BaC previous version
ansible.builtin.file:
state: absent
dest: "{{ bac_app_home }}"
- name: Create app home
ansible.builtin.file:
state: directory
path: "{{ bac_app_home }}"
owner: root
group: www-data
mode: "a-rwx,u+rwX,g+rX"
- name: Install BaC application - name: Install BaC application
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ bac_url }}" src: "{{ bac_url }}"
dest: "{{ bac_home }}" dest: "{{ bac_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"

2
roles/bac/vars/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
bac_url: "https://giteu.be/hylobates/BaC/releases/download/tamerelol/public.tar.gz" bac_url: "https://giteu.be/hylobates/BaC/releases/download/tamerelol/public.tar.gz"
bac_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'bac') | map(attribute='host') | first }}" bac_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'bac') | map(attribute='host') | first }}"
bac_home: "/srv/http/{{ bac_access_url }}" bac_app_home: "/var/www/{{ bac_access_url }}"

2
roles/firefly3/tasks/cron.yml
View File

@@ -6,4 +6,4 @@
name: firefly-iii-cron name: firefly-iii-cron
minute: 0 minute: 0
hour: 3 hour: 3
job: "/usr/bin/php {{ firefly3_home }}/artisan firefly-iii:cron > /dev/null" job: "/usr/bin/php {{ firefly3_app_home }}/artisan firefly-iii:cron > /dev/null"

56
roles/firefly3/tasks/firefly3.yml
View File

@@ -1,9 +1,15 @@
--- ---
- name: Create application directory ## Remove the previous app & install the new version
- name: Remove Firefly3 previous version
ansible.builtin.file:
state: absent
dest: "{{ firefly3_app_home }}"
- name: Create app home
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ firefly3_home }}" dest: "{{ firefly3_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "0o750" mode: "0o750"
@@ -12,17 +18,16 @@
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ firefly3_url }}" src: "{{ firefly3_url }}"
dest: "{{ firefly3_home }}" dest: "{{ firefly3_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
exclude: exclude: "{{ firefly3_userdata_app_dirs | map('regex_replace', '^', './') }}"
- ".env"
- name: Put config file - name: Put config file
ansible.builtin.template: ansible.builtin.template:
src: "env.j2" src: "env.j2"
dest: "{{ firefly3_home }}/.env" dest: "{{ firefly3_app_home }}/.env"
owner: root owner: root
group: www-data group: www-data
mode: "0o640" mode: "0o640"
@@ -30,11 +35,42 @@
- name: Check writable dirs - name: Check writable dirs
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ firefly3_home }}/{{ item }}" dest: "{{ firefly3_app_home }}/{{ item }}"
owner: root owner: root
group: www-data group: www-data
recurse: true recurse: true
mode: "g+w" mode: "g+w"
loop: loop: "{{ firefly3_writable_app_dirs }}"
- "bootstrap"
- "storage" ## Ensure the data dirs exists, populate them if not
- name: Create data home
ansible.builtin.file:
state: directory
path: "{{ firefly3_data_home }}"
owner: www-data
group: www-data
mode: "0o750"
# If the first data dir exists, others should exist too
- name: Get data dir
ansible.builtin.stat:
path: "{{ firefly3_data_home }}/{{ firefly3_userdata_app_dirs[0] }}"
register: _firefly3_userdata_dir_stat
- name: Install Firefly3 data dir
ansible.builtin.unarchive:
remote_src: true
src: "{{ firefly3_url }}"
dest: "{{ firefly3_data_home }}"
owner: www-data
group: www-data
mode: "a-rwx,u+rwX,g+rX"
include: "{{ firefly3_userdata_app_dirs | map('regex_replace', '^', './') }}"
when: not _firefly3_userdata_dir_stat.stat.exists
- name: Link Firefly3 userdata dirs
ansible.builtin.file:
state: link
src: "{{ firefly3_data_home }}/{{ item }}"
dest: "{{ firefly3_app_home }}/{{ item }}"
loop: "{{ firefly3_userdata_app_dirs }}"

10
roles/firefly3/vars/main.yml
View File

@@ -4,4 +4,12 @@ firefly3_version: "6.2.9"
firefly3_url: "https://github.com/firefly-iii/firefly-iii/releases/download/v{{ firefly3_version }}/FireflyIII-v{{ firefly3_version }}.tar.gz" firefly3_url: "https://github.com/firefly-iii/firefly-iii/releases/download/v{{ firefly3_version }}/FireflyIII-v{{ firefly3_version }}.tar.gz"
firefly3_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'firefly3') | map(attribute='host') | first }}" firefly3_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'firefly3') | map(attribute='host') | first }}"
firefly3_home: "/srv/http/{{ firefly3_access_url }}"
# Access path
firefly3_app_home: "/var/www/{{ firefly3_access_url }}"
firefly3_data_home: "/srv/www-data/{{ firefly3_access_url }}"
firefly3_writable_app_dirs:
- bootstrap
firefly3_userdata_app_dirs:
- storage

2
roles/freshrss/tasks/check.yml
View File

@@ -2,7 +2,7 @@
- name: Check freshrss version - name: Check freshrss version
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ freshrss_home }}/constants.php" path: "{{ freshrss_app_home }}/constants.php"
line: "const FRESHRSS_VERSION = '{{ freshrss_version }}';" line: "const FRESHRSS_VERSION = '{{ freshrss_version }}';"
state: present state: present
check_mode: true check_mode: true

67
roles/freshrss/tasks/freshrss.yml
View File

@@ -1,40 +1,69 @@
--- ---
- name: Create application directory ## Remove the previous app & install the new version
- name: Remove freshrss previous version
ansible.builtin.file:
state: absent
dest: "{{ freshrss_app_home }}"
- name: Create app home
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ freshrss_home }}" dest: "{{ freshrss_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "0o750"
- name: Install freshrss application - name: Install freshrss application
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ freshrss_url }}" src: "{{ freshrss_url }}"
dest: "{{ freshrss_home }}" dest: "{{ freshrss_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1'] extra_opts: ['--strip-components=1']
exclude: exclude: "{{ freshrss_userdata_app_dirs | map('regex_replace', '^', 'FreshRSS-' ~ freshrss_version ~ '/') }}"
- "config/config.php"
## Ensure the data dirs exist, populate them if not
- name: Create data home
ansible.builtin.file:
state: directory
path: "{{ freshrss_data_home }}"
owner: www-data
group: www-data
mode: "a-rwx,u+rwX,g+rX"
# If the first data dir exists, other should exist too
- name: Get data dir
ansible.builtin.stat:
path: "{{ freshrss_data_home }}/{{ freshrss_userdata_app_dirs[0] }}"
register: _freshrss_userdata_dir_stat
- name: Install freshrss data dir
ansible.builtin.unarchive:
remote_src: true
src: "{{ freshrss_url }}"
dest: "{{ freshrss_data_home }}"
owner: www-data
group: www-data
mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1']
include: "{{ freshrss_userdata_app_dirs | map('regex_replace', '^', 'FreshRSS-' ~ freshrss_version ~ '/') }}"
when: not _freshrss_userdata_dir_stat.stat.exists
- name: Link FreshRSS userdata dirs
ansible.builtin.file:
state: link
src: "{{ freshrss_data_home }}/{{ item }}"
dest: "{{ freshrss_app_home }}/{{ item }}"
loop: "{{ freshrss_userdata_app_dirs }}"
# Config file is inside `data/`, so we must put it last
- name: Put freshrss configuration file - name: Put freshrss configuration file
ansible.builtin.template: ansible.builtin.template:
src: config.php.j2 src: config.php.j2
dest: "{{ freshrss_config_path }}" dest: "{{ freshrss_config_path }}"
owner: root owner: www-data
group: www-data group: www-data
mode: "0o660" mode: "0o640"
- name: Check writable dirs
ansible.builtin.file:
state: directory
dest: "{{ freshrss_home }}/{{ item }}"
owner: root
group: www-data
mode: "g+w"
recurse: true
loop:
- "data"

2
roles/freshrss/templates/freshrss.service.j2
View File

@@ -5,4 +5,4 @@ Wants=freshrss.timer
[Service] [Service]
User=www-data User=www-data
Type=simple Type=simple
ExecStart=/usr/bin/php {{ freshrss_home }}/app/actualize_script.php ExecStart=/usr/bin/php {{ freshrss_app_home }}/app/actualize_script.php

11
roles/freshrss/vars/main.yml
View File

@@ -4,5 +4,12 @@ freshrss_version: "1.26.0"
freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz" freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz"
freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}" freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}"
freshrss_home: "/srv/http/{{ freshrss_access_url }}"
freshrss_config_path: "{{ freshrss_home }}/data/config.php" # Access path
freshrss_app_home: "/var/www/{{ freshrss_access_url }}"
freshrss_data_home: "/srv/www-data/{{ freshrss_access_url }}"
freshrss_config_path: "{{ freshrss_app_home }}/data/config.php"
# App dirs
freshrss_userdata_app_dirs:
- data

23
roles/koillection/tasks/api.yml Normal file
View File

@@ -0,0 +1,23 @@
---
- name: Create API config dir
ansible.builtin.file:
state: directory
dest: "{{ koillection_data_home }}/config/jwt"
owner: www-data
group: www-data
mode: "0o750"
- name: Link JWT config dir
ansible.builtin.file:
state: link
src: "{{ koillection_data_home }}/config/jwt"
dest: "{{ koillection_app_home }}/config/jwt"
- name: Run lexik jwt
become: true
become_user: www-data
ansible.builtin.command:
cmd: "php bin/console lexik:jwt:generate-keypair"
chdir: "{{ koillection_app_home }}"
creates: "{{ koillection_app_home }}/config/jwt/private.pem"

68
roles/koillection/tasks/main.yml
View File

@@ -3,10 +3,16 @@
- name: Init db - name: Init db
ansible.builtin.include_tasks: db.yml ansible.builtin.include_tasks: db.yml
- name: Create application directory ## Remove the previous app & install the new version
- name: Remove Koillection previous version
ansible.builtin.file:
state: absent
dest: "{{ koillection_app_home }}"
- name: Create app home
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ koillection_home }}" dest: "{{ koillection_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "0o750" mode: "0o750"
@@ -15,19 +21,17 @@
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ koillection_url }}" src: "{{ koillection_url }}"
dest: "{{ koillection_home }}" dest: "{{ koillection_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1'] extra_opts: ['--strip-components=1']
exclude: exclude: "{{ koillection_userdata_app_dirs | map('regex_replace', '^', 'public/') }}"
- .env
- config/jwt
- name: Put config file - name: Put config file
ansible.builtin.template: ansible.builtin.template:
src: "env.j2" src: "env.j2"
dest: "{{ koillection_home }}/.env" dest: "{{ koillection_app_home }}/.env"
owner: root owner: root
group: www-data group: www-data
mode: "0o640" mode: "0o640"
@@ -35,21 +39,45 @@
- name: Check writable dirs - name: Check writable dirs
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ koillection_home }}/{{ item }}" dest: "{{ koillection_app_home }}/{{ item }}"
owner: root owner: root
group: www-data group: www-data
mode: "g+w" mode: "g+w"
recurse: true recurse: true
loop: loop: "{{ koillection_writable_app_dirs }}"
- "var"
- "config/jwt"
- "public/uploads"
- "public/tmp"
- name: Run lexik jwt ## Ensure the data dirs exist, populate them if not
become: true - name: Create data home
become_user: www-data ansible.builtin.file:
ansible.builtin.command: state: directory
cmd: "php bin/console lexik:jwt:generate-keypair" path: "{{ koillection_data_home }}"
chdir: "{{ koillection_home }}" owner: www-data
creates: "{{ koillection_home }}/config/jwt/private.pem" group: www-data
mode: "0o750"
- name: Get data dir
ansible.builtin.stat:
path: "{{ koillection_data_home }}/{{ koillection_userdata_app_dirs[0] }}"
register: _koillection_userdata_dir_stat
- name: Install Koillection data dir
ansible.builtin.unarchive:
remote_src: true
src: "{{ koillection_url }}"
dest: "{{ koillection_data_home }}"
owner: www-data
group: www-data
mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1']
include: "{{ koillection_userdata_app_dirs | map('regex_replace', '^', 'public/') }}"
when: not _koillection_userdata_dir_stat.stat.exists
- name: Link Koillection userdata dirs
ansible.builtin.file:
state: link
src: "{{ koillection_data_home }}/{{ item }}"
dest: "{{ koillection_app_home }}/{{ item }}"
loop: "{{ koillection_userdata_app_dirs }}"
- name: Include API activation task
ansible.builtin.include_tasks: api.yml

11
roles/koillection/vars/main.yml
View File

@@ -5,4 +5,13 @@ koillection_url: "https://giteu.be/koillection/koillection/releases/download/{{
koillection_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'koillection') | map(attribute='host') | first }}" koillection_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'koillection') | map(attribute='host') | first }}"
koillection_home: "/srv/http/{{ koillection_access_url }}" # Access path
koillection_app_home: "/var/www/{{ koillection_access_url }}"
koillection_data_home: "/srv/www-data/{{ koillection_access_url }}"
# App dirs
koillection_writable_app_dirs:
- var
- public/tmp
koillection_userdata_app_dirs:
- public/uploads

4
roles/nextcloud/tasks/main.yml
View File

@@ -6,5 +6,9 @@
- name: Install nextcloud - name: Install nextcloud
ansible.builtin.include_tasks: nextcloud.yml ansible.builtin.include_tasks: nextcloud.yml
- name: Install nextcloud modules
ansible.builtin.include_tasks: nextcloud_modules.yml
loop: "{{ nextcloud_modules }}"
- name: Check nextcloud version - name: Check nextcloud version
ansible.builtin.include_tasks: check.yml ansible.builtin.include_tasks: check.yml

63
roles/nextcloud/tasks/nextcloud.yml
View File

@@ -1,9 +1,15 @@
--- ---
- name: Create application directory ## Remove the previous app & install the new version
- name: Remove Nextcloud previous version
ansible.builtin.file:
state: absent
dest: "{{ nextcloud_app_home }}"
- name: Create app home
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ nextcloud_home }}" dest: "{{ nextcloud_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "0o750" mode: "0o750"
@@ -12,47 +18,50 @@
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ nextcloud_url }}" src: "{{ nextcloud_url }}"
dest: "{{ nextcloud_home }}" dest: "{{ nextcloud_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1'] extra_opts: ['--strip-components=1']
exclude:
- "data"
- "config/config.php"
- name: Put config file
ansible.builtin.template:
src: "config.php.j2"
dest: "{{ nextcloud_home }}/config/config.php"
owner: www-data
group: www-data
mode: "0o640"
- name: Set config dir permissions
ansible.builtin.file:
state: directory
dest: "{{ nextcloud_home }}/config"
owner: www-data
group: www-data
mode: "0o750"
- name: Check writable dirs - name: Check writable dirs
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ nextcloud_home }}/{{ item }}" dest: "{{ nextcloud_app_home }}/{{ item }}"
owner: root owner: root
group: www-data group: www-data
mode: "g+w" mode: "g+w"
recurse: true recurse: true
loop: loop: "{{ nextcloud_writable_app_dirs }}"
- "apps"
- "data" - name: Put config file
ansible.builtin.template:
src: "config.php.j2"
dest: "{{ nextcloud_app_home }}/config/config.php"
owner: www-data
group: www-data
mode: "0o640"
# Nextcloud `data/` does not exist in the archive, so create it everytime
- name: Create data home
ansible.builtin.file:
state: directory
path: "{{ nextcloud_data_home }}/data"
owner: www-data
group: www-data
mode: "0o750"
- name: Link Nextcloud userdata dirs
ansible.builtin.file:
state: link
src: "{{ nextcloud_data_home }}/{{ item }}"
dest: "{{ nextcloud_app_home }}/{{ item }}"
loop: "{{ nextcloud_userdata_app_dirs }}"
- name: Run occ upgrade - name: Run occ upgrade
become: true become: true
become_user: www-data become_user: www-data
ansible.builtin.command: ansible.builtin.command:
cmd: "php occ upgrade" cmd: "php occ upgrade"
chdir: "{{ nextcloud_home }}" chdir: "{{ nextcloud_app_home }}"
changed_when: false changed_when: false

10
roles/nextcloud/tasks/nextcloud_modules.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: "Install {{ item.name }} module"
become: true
become_user: www-data
ansible.builtin.command:
cmd: "php occ app:install {{ item.force | default(false) | ternary('--force', '') }} {{ item.name }}"
chdir: "{{ nextcloud_app_home }}"
creates: "{{ nextcloud_app_home }}/apps/{{ item.name }}"
changed_when: false

18
roles/nextcloud/vars/main.yml
View File

@@ -5,4 +5,20 @@ nextcloud_url: "https://download.nextcloud.com/server/releases/nextcloud-{{ next
nextcloud_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}" nextcloud_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}"
nextcloud_home: "/srv/http/{{ nextcloud_access_url }}" # Access path
nextcloud_app_home: "/var/www/{{ nextcloud_access_url }}"
nextcloud_data_home: "/srv/www-data/{{ nextcloud_access_url }}"
# App dirs
nextcloud_writable_app_dirs:
- apps
- config
nextcloud_userdata_app_dirs:
- data
# Supplementary modules
nextcloud_modules:
- name: calendar
- name: tasks
- name: user_external
force: true

10
roles/nginx/tasks/main.yml
View File

@@ -33,17 +33,9 @@
- {src: proxy_params.j2, dest: /etc/nginx/proxy_params} - {src: proxy_params.j2, dest: /etc/nginx/proxy_params}
- {src: default.j2, dest: /etc/nginx/sites-available/default} - {src: default.j2, dest: /etc/nginx/sites-available/default}
- name: Create base dir
ansible.builtin.file:
path: /srv/http
owner: root
group: www-data
mode: 'u+rwx,g+rs,o-rwx'
state: directory
- name: Create letsencrypt dir - name: Create letsencrypt dir
ansible.builtin.file: ansible.builtin.file:
path: /srv/http/common/letsencrypt path: "{{ nginx_letsencrypt_dir }}"
owner: root owner: root
group: www-data group: www-data
mode: 'u+rwx,g+rs,o-rwx' mode: 'u+rwx,g+rs,o-rwx'

2
roles/nginx/templates/default.j2
View File

@@ -16,7 +16,7 @@ server {
listen [::]:80 default_server; listen [::]:80 default_server;
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
root /srv/http/common/letsencrypt/; root {{ nginx_letsencrypt_dir }};
} }
location / { location / {

2
roles/nginx/templates/vhosts/blog.libertus.eu.conf.j2
View File

@@ -1,6 +1,6 @@
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/blog.libertus.eu/; root /var/www/blog.libertus.eu/;
index index.html index.htm index.php; index index.html index.htm index.php;
## Optimisation des images ## Optimisation des images

4
roles/nginx/templates/vhosts/fav.libertus.eu.conf.j2
View File

@@ -1,10 +1,10 @@
## Shaarli ## Shaarli
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/fav.libertus.eu/; root /var/www/fav.libertus.eu/;
index index.html index.htm index.php; index index.html index.htm index.php;
location ^/(cache|data)/ { location ~* ^/(cache|data)/.* {
deny all; deny all;
} }

2
roles/nginx/templates/vhosts/ff.libertus.eu.conf.j2
View File

@@ -1,7 +1,7 @@
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/ff.libertus.eu/public; root /var/www/ff.libertus.eu/public;
index index.html index.htm index.php; index index.html index.htm index.php;

2
roles/nginx/templates/vhosts/koi.libertus.eu.conf.j2
View File

@@ -1,7 +1,7 @@
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/koi.libertus.eu/public; root /var/www/koi.libertus.eu/public;
index index.html index.htm index.php; index index.html index.htm index.php;

2
roles/nginx/templates/vhosts/mail.libertus.eu.conf.j2
View File

@@ -1,6 +1,6 @@
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/mail.libertus.eu/; root /var/www/mail.libertus.eu/;
index index.html index.htm index.php; index index.html index.htm index.php;
client_max_body_size 512M; client_max_body_size 512M;

2
roles/nginx/templates/vhosts/o.libertus.eu.conf.j2
View File

@@ -11,7 +11,7 @@ map $arg_v $asset_immutable {
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
# Path to the root of your installation # Path to the root of your installation
root /srv/http/o.libertus.eu; root /var/www/o.libertus.eu;
# Prevent nginx HTTP Server Detection # Prevent nginx HTTP Server Detection
server_tokens off; server_tokens off;

2
roles/nginx/templates/vhosts/r.mateu.be.conf.j2
View File

@@ -10,7 +10,7 @@ server {
ssl_certificate /etc/x509/r.mateu.be/fullchain.cer; ssl_certificate /etc/x509/r.mateu.be/fullchain.cer;
ssl_certificate_key /etc/x509/r.mateu.be/r.mateu.be.key; ssl_certificate_key /etc/x509/r.mateu.be/r.mateu.be.key;
root /srv/http/r.mateu.be/; root /srv/www-data/r.mateu.be/;
location / { location / {
autoindex on; autoindex on;

2
roles/nginx/templates/vhosts/rss.libertus.eu.conf.j2
View File

@@ -1,6 +1,6 @@
server { server {
{% include './templates/header.conf.j2' %} {% include './templates/header.conf.j2' %}
root /srv/http/rss.libertus.eu/p; root /var/www/rss.libertus.eu/p;
index index.html index.htm index.php; index index.html index.htm index.php;
location ~ \.(js|css|png|jpg|jpeg|gif|svg|svgz)$ { location ~ \.(js|css|png|jpg|jpeg|gif|svg|svgz)$ {

2
roles/nginx/vars/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
nginx_letsencrypt_dir: /var/www/common/letsencrypt

8
roles/php/tasks/main.yml
View File

@@ -25,3 +25,11 @@
loop: "{{ php_modules }}" loop: "{{ php_modules }}"
notify: notify:
- Restart php-fpm - Restart php-fpm
- name: Create standard php app data dir
ansible.builtin.file:
state: directory
dest: "{{ php_data_dir }}"
owner: www-data
group: www-data
mode: "0o750"

3
roles/php/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
php_data_dir: /srv/www-data

17
roles/roundcube/tasks/roundcube.yml
View File

@@ -1,9 +1,14 @@
--- ---
## Remove previous app & install new version
- name: Remove roundcube previous version
ansible.builtin.file:
state: absent
dest: "{{ roundcube_app_home }}"
- name: Create application directory - name: Create application directory
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ roundcube_home }}" dest: "{{ roundcube_app_home }}"
owner: "root" owner: "root"
group: "www-data" group: "www-data"
mode: "0o750" mode: "0o750"
@@ -12,13 +17,11 @@
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ roundcube_url }}" src: "{{ roundcube_url }}"
dest: "{{ roundcube_home }}" dest: "{{ roundcube_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1'] extra_opts: ['--strip-components=1']
exclude:
- "{{ roundcube_config_path }}"
- name: Put roundcube configuration - name: Put roundcube configuration
ansible.builtin.template: ansible.builtin.template:
@@ -32,10 +35,8 @@
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
recurse: true recurse: true
dest: "{{ roundcube_home }}/{{ item }}" dest: "{{ roundcube_app_home }}/{{ item }}"
owner: root owner: root
group: www-data group: www-data
mode: "g+w" mode: "g+w"
loop: loop: "{{ roundcube_writable_app_dirs }}"
- "logs"
- "temp"

9
roles/roundcube/tasks/roundcube_carddav.yml
View File

@@ -1,10 +1,15 @@
--- ---
- name: Remove carddav plugin
ansible.builtin.file:
state: absent
dest: "{{ roundcube_app_home }}/plugins/carddav"
- name: Unzip carddav plugin - name: Unzip carddav plugin
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ roundcube_carddav_url }}" src: "{{ roundcube_carddav_url }}"
dest: "{{ roundcube_home }}/plugins" dest: "{{ roundcube_app_home }}/plugins"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
@@ -12,7 +17,7 @@
- name: Put carddav config file - name: Put carddav config file
ansible.builtin.template: ansible.builtin.template:
src: "carddav.config.inc.php.j2" src: "carddav.config.inc.php.j2"
dest: "{{ roundcube_home }}/plugins/carddav/config.inc.php" dest: "{{ roundcube_app_home }}/plugins/carddav/config.inc.php"
owner: root owner: root
group: www-data group: www-data
mode: "0o640" mode: "0o640"

10
roles/roundcube/vars/main.yml
View File

@@ -7,9 +7,15 @@ roundcube_url: "https://github.com/roundcube/roundcubemail/releases/download/{{
# only the first occurence is supported # only the first occurence is supported
roundcube_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'roundcube') | map(attribute='host') | first }}" roundcube_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'roundcube') | map(attribute='host') | first }}"
roundcube_home: "/srv/http/{{ roundcube_access_url }}" roundcube_app_home: "/var/www/{{ roundcube_access_url }}"
roundcube_config_path: "{{ roundcube_home }}/config/config.inc.php" roundcube_config_path: "{{ roundcube_app_home }}/config/config.inc.php"
# App dirs
roundcube_writable_app_dirs:
- logs
- temp
# CardDAV extension
roundcube_carddav_version: "5.1.0" roundcube_carddav_version: "5.1.0"
roundcube_carddav_url: "https://github.com/mstilkerich/rcmcarddav/releases/download/v{{ roundcube_carddav_version }}/carddav-v{{ roundcube_carddav_version }}.tar.gz" roundcube_carddav_url: "https://github.com/mstilkerich/rcmcarddav/releases/download/v{{ roundcube_carddav_version }}/carddav-v{{ roundcube_carddav_version }}.tar.gz"
roundcube_carddav_discovery_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}" roundcube_carddav_discovery_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}"

60
roles/shaarli/tasks/main.yml
View File

@@ -1,34 +1,70 @@
--- ---
- name: Create application directory ## Remove the previous app & install the new version
- name: Remove Shaarli previous version
ansible.builtin.file:
state: absent
dest: "{{ shaarli_app_home }}"
- name: Create app home
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
path: "{{ shaarli_home }}" path: "{{ shaarli_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "0o750"
- name: Install Shaarli - name: Install Shaarli app
ansible.builtin.unarchive: ansible.builtin.unarchive:
remote_src: true remote_src: true
src: "{{ shaarli_url }}" src: "{{ shaarli_url }}"
dest: "{{ shaarli_home }}" dest: "{{ shaarli_app_home }}"
owner: root owner: root
group: www-data group: www-data
mode: "a-rwx,u+rwX,g+rX" mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1'] extra_opts: ['--strip-components=1']
exclude: exclude: "{{ shaarli_userdata_app_dirs | map('regex_replace', '^', 'Shaarli/') }}"
- "data"
- name: Check writable dirs - name: Check writable dirs
ansible.builtin.file: ansible.builtin.file:
state: directory state: directory
dest: "{{ shaarli_home }}/{{ item }}" dest: "{{ shaarli_app_home }}/{{ item }}"
owner: root owner: root
group: www-data group: www-data
recurse: true recurse: true
mode: "g+w" mode: "g+w"
loop: loop: "{{ shaarli_writable_app_dirs }}"
- "data"
- "tmp" ## Ensure the data dirs exists, populate them if not
- "pagecache" - name: Create data home
ansible.builtin.file:
state: directory
path: "{{ shaarli_data_home }}"
owner: www-data
group: www-data
mode: "0o750"
# If the first data dir exists, others should exist too
- name: Get data dir
ansible.builtin.stat:
path: "{{ shaarli_data_home }}/{{ shaarli_userdata_app_dirs[0] }}"
register: _shaarli_userdata_dir_stat
- name: Install Shaarli data dir
ansible.builtin.unarchive:
remote_src: true
src: "{{ shaarli_url }}"
dest: "{{ shaarli_data_home }}"
owner: www-data
group: www-data
mode: "a-rwx,u+rwX,g+rX"
extra_opts: ['--strip-components=1']
include: "{{ shaarli_userdata_app_dirs | map('regex_replace', '^', 'Shaarli/') }}"
when: not _shaarli_userdata_dir_stat.stat.exists
- name: Link Shaarli userdata dirs
ansible.builtin.file:
state: link
src: "{{ shaarli_data_home }}/{{ item }}"
dest: "{{ shaarli_app_home }}/{{ item }}"
loop: "{{ shaarli_userdata_app_dirs }}"

13
roles/shaarli/vars/main.yml
View File

@@ -3,5 +3,16 @@
shaarli_version: "0.14.0" shaarli_version: "0.14.0"
shaarli_url: "https://github.com/shaarli/Shaarli/releases/download/v{{ shaarli_version }}/shaarli-v{{ shaarli_version }}-full.tar.gz" shaarli_url: "https://github.com/shaarli/Shaarli/releases/download/v{{ shaarli_version }}/shaarli-v{{ shaarli_version }}-full.tar.gz"
# Access URL
shaarli_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'shaarli') | map(attribute='host') | first }}" shaarli_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'shaarli') | map(attribute='host') | first }}"
shaarli_home: "/srv/http/{{ shaarli_access_url }}"
# Access path
shaarli_app_home: "/var/www/{{ shaarli_access_url }}"
shaarli_data_home: "/srv/www-data/{{ shaarli_access_url }}"
# App dirs
shaarli_writable_app_dirs:
- pagecache
- tmp
shaarli_userdata_app_dirs:
- data