Made refactoring for notes app (and other)

Makefile

@@ -20,7 +20,6 @@ install-roles:
 test-rebuild:
 	vagrant destroy -f && vagrant up
 
-lint-configuration:
+lint:
 	ansible-lint "./ansible/configuration.yml" --exclude="./ansible/galaxy.roles/" -v || true
 	ansible-lint "./ansible/roles/ssl-certificate/tasks/main.yml" -v || true
-

ansible/configuration.yml

@@ -5,13 +5,6 @@
   vars:
     deploy_user: deployer
 
-    # Configuration for "Notes" application
-    notes_domain: 'notes.anwinged.ru'
-    notes_cert_type: 'letsencrypt'
-    notes_dbname: notes_db
-    notes_dbuser: notes_db
-    notes_dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd
-
     timezone: UTC
 
     # nginx settings
@@ -35,16 +28,6 @@
     php_enable_php_fpm: true
     php_date_timezone: '{{ timezone }}'
 
-    # mysql settings
-
-    mysql_databases:
-      - name: '{{ notes_dbname }}'
-    mysql_users:
-      - name: '{{ notes_dbuser }}'
-        host: '127.0.0.1'
-        password: '{{ notes_dbpassword }}'
-        priv: '{{ notes_dbname }}.*:ALL'
-
   pre_tasks:
     - name: Ensure that PHP PPA is added.
       apt_repository: repo=ppa:ondrej/php state=present
@@ -69,33 +52,10 @@
     - geerlingguy.nginx
     - geerlingguy.php-versions
     - geerlingguy.php
-    - geerlingguy.mysql
 
-    - role: homepage
+    - homepage
-    - role: s2photo
+    - s2photo
-
+    - notes
-    - role: symfony-app
-      app_name: notes
-      app_user: notes_owner
-      app_user_ssh_keys: ['{{ lookup("file", "av_id_rsa.pub") }}']
-      app_domains: ['{{ notes_domain }}']
-      app_cert: yes
-      app_cert_type: '{{ notes_cert_type }}'
-      app_cert_email: anwinged@ya.ru
-      app_php_connection: '127.0.0.1:9010'
-      app_envs:
-        NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe
-        NOTES_DATABASE_HOST: 127.0.0.1
-        NOTES_DATABASE_PORT: 3306
-        NOTES_DATABASE_NAME: '{{ notes_dbname }}'
-        NOTES_DATABASE_USER: '{{ notes_dbuser }}'
-        NOTES_DATABASE_PASSWORD: '{{ notes_dbpassword }}'
-        NOTES_MAILER_HOST: smtp.timeweb.ru
-        NOTES_MAILER_PORT: 25
-        NOTES_MAILER_USER: noreply@anwinged.ru
-        NOTES_MAILER_PASSWORD: C5DkD5gs
-        NOTES_DROPBOX_TOKEN: jHFhAiEB1nAAAAAAAAAGjWXDoNrVLDWHo4aFZFoNtb-qV7Q5qsNjlMdKU-Y95lMw
-        SYMFONY_ENV: prod
 
   tasks:
     - name: Fix php-mysql-package

ansible/roles/blocks/owner/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+owner_name: ''
+owner_group: '{{ owner_name }}'
+owner_ssh_keys: []
+owner_envs: {}

ansible/roles/blocks/owner/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: 'Check app requirements for {{ owner_name }}.'
+  fail:
+    msg: You must set owner name.
+  when: not owner_name
+
+- name: 'Create group "{{ owner_group }}".'
+  group:
+    name: '{{ owner_group }}'
+    state: present
+
+- name: 'Create user "{{ owner_name }}".'
+  user:
+    name: '{{ owner_name }}'
+    group: '{{ owner_group }}'
+    shell: /bin/bash
+
+- name: 'Set up user ssh keys for {{ owner_name }}.'
+  authorized_key:
+    user: '{{ owner_name }}'
+    key: '{{ item }}'
+    state: present
+  with_items: '{{ owner_ssh_keys }}'
+
+- name: 'Set up environment variables for {{ owner_name }}.'
+  lineinfile:
+    dest: '/home/{{ owner_name }}/.bashrc'
+    regexp: '^export {{ item.key }}='
+    line: 'export {{ item.key }}="{{ item.value }}"'
+  with_dict: '{{ owner_envs }}'

ansible/roles/blocks/php-app/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+php_app_name: ''
+php_app_user: ''
+php_app_group: ''
+php_app_directory: ''
+php_app_web_root: ''
+php_app_nginx_config: ''
+php_app_php_version: ''
+php_app_fpm_pool_name: '{{ php_app_name }}'
+php_app_fpm_listen: '127.0.0.1:9001'
+php_app_envs: {}

ansible/roles/blocks/php-app/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: 'Check app requirements for {{ php_app_name }}.'
+  fail:
+    msg: You must set app name.
+  when: not php_app_name
+
+- name: 'Create web directory for {{ php_app_name }}.'
+  file:
+    state: directory
+    path: '{{ php_app_directory }}'
+    owner: '{{ php_app_user }}'
+    group: '{{ php_app_group }}'
+    recurse: yes
+  notify: restart nginx
+
+- name: 'Create nginx config for {{ php_app_name }}.'
+  template:
+    src: '{{ php_app_nginx_config }}'
+    dest: '/etc/nginx/sites-enabled/{{ php_app_name }}.conf'
+  notify: restart nginx
+
+- name: 'Creates php-fpm pool config for {{ php_app_name }}.'
+  template:
+    src: fpm-pool.conf.j2
+    dest: '/etc/php/{{ php_app_php_version }}/fpm/pool.d/{{ php_app_name }}.conf'
+  notify: restart php-fpm

ansible/roles/blocks/php-app/templates/fpm-pool.conf.j2

@@ -1,11 +1,11 @@
-[{{ app_fpool_name }}]
+[{{ php_app_fpm_pool_name }}]
 
-listen = {{ app_fpool_listen }}
+listen = {{ php_app_fpm_listen }}
 listen.allowed_clients = 127.0.0.1
 listen.backlog = -1
 
-user = {{ app_user }}
+user = {{ php_app_user }}
-group = {{ app_group }}
+group = {{ php_app_group }}
 
 ; request_slowlog_timeout = 5s
 ; slowlog = /var/log/php-fpm/slowlog-blog.log
@@ -23,6 +23,6 @@ rlimit_files = 131072
 rlimit_core = unlimited
 catch_workers_output = yes
 
-{% for name, value in app_envs.iteritems() %}
+{% for name, value in php_app_envs.iteritems() %}
 env[{{ name }}]={{ value }}
 {% endfor %}

ansible/roles/homepage/meta/main.yml

@@ -1,6 +1,6 @@
 ---
 dependencies:
-  - role: ssl-certificate
+  - role: blocks/ssl-certificate
     cert_type: letsencrypt
     cert_name: '{{ homepage_name }}'
     cert_email: anwinged@ya.ru
@@ -8,7 +8,7 @@ dependencies:
       - '{{ homepage_domain }}'
       - 'www.{{ homepage_domain }}'
 
-  - role: static-site
+  - role: blocks/static-site
     static_site_name: '{{ homepage_name }}'
     static_site_domain: '{{ homepage_domain }}'
     static_site_dir: '{{ homepage_dir }}'

ansible/roles/notes/meta/main.yml

@@ -0,0 +1,34 @@
+---
+dependencies:
+  - role: geerlingguy.mysql
+    mysql_databases:
+      - name: '{{ notes_dbname }}'
+    mysql_users:
+      - name: '{{ notes_dbuser }}'
+        host: 127.0.0.1
+        password: '{{ notes_dbpassword }}'
+        priv: '{{ notes_dbname }}.*:ALL'
+
+  - role: blocks/owner
+    owner_name: '{{ notes_owner }}'
+    owner_group: '{{ notes_owner }}'
+    owner_ssh_keys: ['{{ lookup("file", "av_id_rsa.pub") }}']
+    owner_envs: '{{ notes_env }}'
+
+  - role: blocks/ssl-certificate
+    cert_type: letsencrypt
+    cert_name: '{{ notes_name }}'
+    cert_email: anwinged@ya.ru
+    cert_domains:
+      - '{{ notes_domain }}'
+
+  - role: blocks/php-app
+    php_app_name: '{{ notes_name }}'
+    php_app_user: '{{ notes_owner }}'
+    php_app_group: '{{ notes_owner }}'
+    php_app_directory: '{{ notes_dir }}'
+    php_app_web_root: '{{ notes_web_root }}'
+    php_app_nginx_config: nginx.conf.j2
+    php_app_php_version: '7.1'
+    php_app_fpm_listen: '{{ notes_php_connection }}'
+    php_app_envs: '{{ notes_env }}'

ansible/roles/notes/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+

ansible/roles/notes/templates/nginx.conf.j2

@@ -0,0 +1,58 @@
+server {
+    server_name {{ notes_domain }};
+
+    listen 443 ssl http2;
+
+    ssl on;
+    ssl_certificate         {{ vars[notes_name + "_ssl_certificate"] }};
+    ssl_certificate_key     {{ vars[notes_name + "_ssl_key"] }};
+    ssl_trusted_certificate {{ vars[notes_name + "_ssl_certificate"] }};
+    
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_timeout 5m;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    
+    ssl_dhparam {{ vars[notes_name + "_ssl_dhparam"] }};
+    ssl_prefer_server_ciphers on;
+
+    root {{ notes_web_root }};
+
+    location / {
+        # try to serve file directly, fallback to app.php
+        try_files $uri /app.php$is_args$args;
+    }
+
+    location ~ ^/app\.php(/|$) {
+        fastcgi_pass {{ notes_php_connection }};
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        # When you are using symlinks to link the document root to the
+        # current version of your application, you should pass the real
+        # application path instead of the path to the symlink to PHP
+        # FPM.
+        # Otherwise, PHP's OPcache may not properly detect changes to
+        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
+        # for more information).
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        # Prevents URIs that include the front controller. This will 404:
+        # http://domain.tld/app.php/some-path
+        # Remove the internal directive to allow URIs like this
+        internal;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+        return 404;
+    }
+
+    error_log /var/log/nginx/{{ notes_name }}_error.log;
+    access_log /var/log/nginx/{{ notes_name }}_access.log;
+}

ansible/roles/notes/vars/main.yml

@@ -0,0 +1,27 @@
+---
+notes_name: notes
+notes_owner: notes_owner
+notes_dir: /var/www/notes
+notes_web_root: '{{ notes_dir }}/current/app'
+notes_domain: 'notes.anwinged.ru'
+notes_cert_type: 'letsencrypt'
+notes_dbname: notes_db
+notes_dbuser: notes_db
+notes_dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd
+notes_php_connection: '127.0.0.1:9010'
+
+notes_env:
+  NOTES_DEPLOY_DIR: '{{ notes_dir }}'
+  NOTES_WORK_DIR: '{{ notes_dir }}/current'
+  NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe
+  NOTES_DATABASE_HOST: 127.0.0.1
+  NOTES_DATABASE_PORT: 3306
+  NOTES_DATABASE_NAME: '{{ notes_dbname }}'
+  NOTES_DATABASE_USER: '{{ notes_dbuser }}'
+  NOTES_DATABASE_PASSWORD: '{{ notes_dbpassword }}'
+  NOTES_MAILER_HOST: smtp.timeweb.ru
+  NOTES_MAILER_PORT: 25
+  NOTES_MAILER_USER: noreply@anwinged.ru
+  NOTES_MAILER_PASSWORD: C5DkD5gs
+  NOTES_DROPBOX_TOKEN: jHFhAiEB1nAAAAAAAAAGjWXDoNrVLDWHo4aFZFoNtb-qV7Q5qsNjlMdKU-Y95lMw
+  SYMFONY_ENV: prod

ansible/roles/s2photo/meta/main.yml

@@ -1,5 +1,5 @@
 ---
 dependencies:
-  - role: static-site
+  - role: blocks/static-site
     static_site_name: s2photo
     static_site_domain: s2photo.ru

ansible/roles/symfony-app/defaults/main.yml

@@ -1,40 +0,0 @@
----
-app_name: ''
-
-
-# ПОЛЬЗОАВТЕЛЬ
-
-app_user: '{{ app_name }}'
-app_group: '{{ app_user }}'
-app_user_ssh_keys: []
-
-
-# ОКРУЖЕНИЕ
-
-# Переменные окружения приложения.
-# Необходимо указывать в виде пар ключ-значение,
-# где ключ - имя переменной (обычно в верхнем регистре).
-app_envs: {}
-
-
-# ВЕБ-СЕРВЕР
-
-app_directory: '/var/www/{{ app_name }}'
-app_domains: ['{{ app_name }}.loc']
-app_web_root: '/var/www/{{ app_name }}/current/web'
-app_php_connection: '127.0.0.1:9001'
-
-
-# СЕРТИФИКАТ
-
-app_cert: no
-app_cert_type: 'self-signed'
-app_cert_email: 'name@example.com'
-
-
-# PHP-FPM
-
-app_php_version: '{{ php_version | default("7.0") }}'
-app_fpool_name: '{{ app_name }}'
-app_fpool_listen: '{{ app_php_connection }}'
-app_fpool_slowlog: '/var/www/{{ app_name }}/shared/logs/'

ansible/roles/symfony-app/tasks/main.yml

@@ -1,63 +0,0 @@
----
-- name: 'Check app requirements for {{ app_name }}.'
-  fail:
-    msg: You must set app name.
-  when: not app_name
-
-- name: 'Create group "{{ app_group }}" for {{ app_name }}.'
-  group:
-    name: '{{ app_group }}'
-    state: present
-
-- name: 'Create user "{{ app_user }}" for {{ app_name }}.'
-  user:
-    name: '{{ app_user }}'
-    comment: '{{ app_name }} application owner'
-    group: '{{ app_group }}'
-    shell: /bin/bash
-
-- name: 'Set up user ssh keys for {{ app_name }}.'
-  authorized_key:
-    user: '{{ app_user }}'
-    key: '{{ item }}'
-    state: present
-  with_items: '{{ app_user_ssh_keys }}'
-
-- name: 'Set up environment variables for {{ app_name }}.'
-  lineinfile:
-    dest: '/home/{{ app_user }}/.bashrc'
-    regexp: '^export {{ item.key }}='
-    line: 'export {{ item.key }}="{{ item.value }}"'
-  with_dict: '{{ app_envs }}'
-
-- name: 'Create ssl certificate for {{ app_name }}.'
-  include_role:
-    name: ssl-certificate
-    private: yes
-  vars:
-    cert_type: '{{ app_cert_type }}'
-    cert_name: '{{ app_name }}'
-    cert_email: '{{ app_cert_email }}'
-    cert_domains: '{{ app_domains }}'
-  when: app_cert
-
-- name: 'Create web directory for {{ app_name }}.'
-  file:
-    state: directory
-    path: '{{ app_directory }}'
-    owner: '{{ app_user }}'
-    group: '{{ app_group }}'
-    recurse: yes
-  notify: restart nginx
-
-- name: 'Create nginx config for {{ app_name }}.'
-  template:
-    src: app.conf.j2
-    dest: '/etc/nginx/sites-enabled/{{ app_name }}.conf'
-  notify: restart nginx
-
-- name: 'Creates php-fpm pool config for {{ app_name }}.'
-  template:
-    src: fpm-pool.conf.j2
-    dest: '/etc/php/{{ app_php_version }}/fpm/pool.d/{{ app_name }}.conf'
-  notify: restart php-fpm

ansible/roles/symfony-app/templates/app.conf.j2

@@ -1,50 +0,0 @@
-server {
-    server_name {{ app_domains | join(" ") }};
-
-    {% if app_cert %}
-        listen 443 ssl http2;
-    {% else %}
-        listen 80;
-    {% endif %}
-
-    {% if app_cert %}
-        {% include './ssl.j2' %}
-    {% endif %}
-
-    root {{ app_web_root }};
-
-    location / {
-        # try to serve file directly, fallback to app.php
-        try_files $uri /app.php$is_args$args;
-    }
-
-    location ~ ^/app\.php(/|$) {
-        fastcgi_pass {{ app_php_connection }};
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        include fastcgi_params;
-
-        # When you are using symlinks to link the document root to the
-        # current version of your application, you should pass the real
-        # application path instead of the path to the symlink to PHP
-        # FPM.
-        # Otherwise, PHP's OPcache may not properly detect changes to
-        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
-        # for more information).
-        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        fastcgi_param DOCUMENT_ROOT $realpath_root;
-
-        # Prevents URIs that include the front controller. This will 404:
-        # http://domain.tld/app.php/some-path
-        # Remove the internal directive to allow URIs like this
-        internal;
-    }
-
-    # return 404 for all other php files not matching the front controller
-    # this prevents access to other php files you don't want to be accessible.
-    location ~ \.php$ {
-        return 404;
-    }
-
-    error_log /var/log/nginx/{{ app_name }}_error.log;
-    access_log /var/log/nginx/{{ app_name }}_access.log;
-}

ansible/roles/symfony-app/templates/ssl.j2

@@ -1,15 +0,0 @@
-ssl on;
-ssl_certificate         {{ vars[app_name + "_ssl_certificate"] }};
-ssl_certificate_key     {{ vars[app_name + "_ssl_key"] }};
-ssl_trusted_certificate {{ vars[app_name + "_ssl_certificate"] }};
-
-ssl_session_cache shared:SSL:50m;
-ssl_session_timeout 5m;
-ssl_stapling on;
-ssl_stapling_verify on;
-
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-ssl_dhparam {{ vars[app_name + "_ssl_dhparam"] }};
-ssl_prefer_server_ciphers on;