Made refactoring for notes app (and other)

2017-11-26 10:46:04 +03:00
parent 8ec89712f2
commit a59737b826
25 changed files with 205 additions and 221 deletions
--- a/ansible/roles/notes/meta/main.yml
+++ b/ansible/roles/notes/meta/main.yml
@ -0,0 +1,34 @@
+---
+dependencies:
+  - role: geerlingguy.mysql
+    mysql_databases:
+      - name: '{{ notes_dbname }}'
+    mysql_users:
+      - name: '{{ notes_dbuser }}'
+        host: 127.0.0.1
+        password: '{{ notes_dbpassword }}'
+        priv: '{{ notes_dbname }}.*:ALL'
+
+  - role: blocks/owner
+    owner_name: '{{ notes_owner }}'
+    owner_group: '{{ notes_owner }}'
+    owner_ssh_keys: ['{{ lookup("file", "av_id_rsa.pub") }}']
+    owner_envs: '{{ notes_env }}'
+
+  - role: blocks/ssl-certificate
+    cert_type: letsencrypt
+    cert_name: '{{ notes_name }}'
+    cert_email: anwinged@ya.ru
+    cert_domains:
+      - '{{ notes_domain }}'
+
+  - role: blocks/php-app
+    php_app_name: '{{ notes_name }}'
+    php_app_user: '{{ notes_owner }}'
+    php_app_group: '{{ notes_owner }}'
+    php_app_directory: '{{ notes_dir }}'
+    php_app_web_root: '{{ notes_web_root }}'
+    php_app_nginx_config: nginx.conf.j2
+    php_app_php_version: '7.1'
+    php_app_fpm_listen: '{{ notes_php_connection }}'
+    php_app_envs: '{{ notes_env }}'
--- a/ansible/roles/notes/tasks/main.yml
+++ b/ansible/roles/notes/tasks/main.yml
@ -0,0 +1,2 @@
+---
+
--- a/ansible/roles/notes/templates/nginx.conf.j2
+++ b/ansible/roles/notes/templates/nginx.conf.j2
@ -0,0 +1,58 @@
+server {
+    server_name {{ notes_domain }};
+
+    listen 443 ssl http2;
+
+    ssl on;
+    ssl_certificate         {{ vars[notes_name + "_ssl_certificate"] }};
+    ssl_certificate_key     {{ vars[notes_name + "_ssl_key"] }};
+    ssl_trusted_certificate {{ vars[notes_name + "_ssl_certificate"] }};
+    
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 5m;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    
+    ssl_dhparam {{ vars[notes_name + "_ssl_dhparam"] }};
+    ssl_prefer_server_ciphers on;
+
+    root {{ notes_web_root }};
+
+    location / {
+        # try to serve file directly, fallback to app.php
+        try_files $uri /app.php$is_args$args;
+    }
+
+    location ~ ^/app\.php(/|$) {
+        fastcgi_pass {{ notes_php_connection }};
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        # When you are using symlinks to link the document root to the
+        # current version of your application, you should pass the real
+        # application path instead of the path to the symlink to PHP
+        # FPM.
+        # Otherwise, PHP's OPcache may not properly detect changes to
+        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
+        # for more information).
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        # Prevents URIs that include the front controller. This will 404:
+        # http://domain.tld/app.php/some-path
+        # Remove the internal directive to allow URIs like this
+        internal;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+        return 404;
+    }
+
+    error_log /var/log/nginx/{{ notes_name }}_error.log;
+    access_log /var/log/nginx/{{ notes_name }}_access.log;
+}
--- a/ansible/roles/notes/vars/main.yml
+++ b/ansible/roles/notes/vars/main.yml
@ -0,0 +1,27 @@
+---
+notes_name: notes
+notes_owner: notes_owner
+notes_dir: /var/www/notes
+notes_web_root: '{{ notes_dir }}/current/app'
+notes_domain: 'notes.anwinged.ru'
+notes_cert_type: 'letsencrypt'
+notes_dbname: notes_db
+notes_dbuser: notes_db
+notes_dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd
+notes_php_connection: '127.0.0.1:9010'
+
+notes_env:
+  NOTES_DEPLOY_DIR: '{{ notes_dir }}'
+  NOTES_WORK_DIR: '{{ notes_dir }}/current'
+  NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe
+  NOTES_DATABASE_HOST: 127.0.0.1
+  NOTES_DATABASE_PORT: 3306
+  NOTES_DATABASE_NAME: '{{ notes_dbname }}'
+  NOTES_DATABASE_USER: '{{ notes_dbuser }}'
+  NOTES_DATABASE_PASSWORD: '{{ notes_dbpassword }}'
+  NOTES_MAILER_HOST: smtp.timeweb.ru
+  NOTES_MAILER_PORT: 25
+  NOTES_MAILER_USER: noreply@anwinged.ru
+  NOTES_MAILER_PASSWORD: C5DkD5gs
+  NOTES_DROPBOX_TOKEN: jHFhAiEB1nAAAAAAAAAGjWXDoNrVLDWHo4aFZFoNtb-qV7Q5qsNjlMdKU-Y95lMw
+  SYMFONY_ENV: prod