Add configuration for notes app

Vagrantfile

@@ -0,0 +1,28 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+ENV["LC_ALL"] = "en_US.UTF-8"
+
+# For installing ansible_local from pip on guest
+Vagrant.require_version ">= 1.8.3"
+
+Vagrant.configure("2") do |config|
+
+  config.vm.box = "ubuntu/xenial64"
+
+  config.vm.network "private_network", ip: "192.168.50.10"
+
+  config.vm.provision "ansible_local" do |ansible|
+    ansible.playbook = "ansible/configuration.yml"
+    ansible.galaxy_role_file = "ansible/requirements.yml"
+    ansible.galaxy_roles_path = "ansible/galaxy.roles"
+    ansible.sudo = true
+    ansible.extra_vars = {
+      from_vagrant: true,
+      deploy_user: "deployer_test",
+    }
+  end
+
+  config.vm.network "forwarded_port", guest: 80, host: 8080, auto_correct: true
+  config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true
+end

ansible/configuration.yml

@@ -3,16 +3,114 @@
   become: true
 
   vars:
+
+    from_vagrant: no
+    deploy_user: deployer
+
+    apps:
+      notes:
+        name: notes
+        dbname: notes_db
+        dbuser: notes_user
+        dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd
+        www: '/var/www/notes'
+
+    app_envs:
+      NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe
+      NOTES_DATABASE_HOST: 127.0.0.1
+      NOTES_DATABASE_PORT: 3306
+      NOTES_DATABASE_NAME: "{{ apps.notes.dbname }}"
+      NOTES_DATABASE_USER: "{{ apps.notes.dbuser }}"
+      NOTES_DATABASE_PASSWORD: "{{ apps.notes.dbpassword }}"
+      SYMFONY_ENV: prod
+
     timezone: UTC
+
+    # nginx settings
+
     nginx_remove_default_vhost: true
+    nginx_vhosts:
+      - server_name: notes.anwinged.ru
+        template: "{{ playbook_dir }}/templates/notes.vhost.j2"
+
+    # php settings
+
+    php_version: "7.1"
+    php_packages:
+      - php7.1
+      - php7.1-curl
+      - php7.1-gd
+      - php7.1-fpm
+      - php7.1-mbstring
+      - php7.1-xml
+      - php7.1-intl
+      - php7.1-zip
+      - php7.1-mysql
+    php_webserver_daemon: nginx
+    php_enable_php_fpm: true
+    php_date_timezone: "{{ timezone }}"
+    php_fpm_listen: /run/php/php{{ php_version }}-fpm.sock
+
+    # mysql settings
+
+    mysql_databases:
+      - name: "{{ apps.notes.dbname }}"
+    mysql_users:
+      - name: "{{ apps.notes.dbuser }}"
+        host: '127.0.0.1'
+        password: "{{ apps.notes.dbpassword }}"
+        priv: "{{ apps.notes.dbname }}.*:ALL"
+
+  pre_tasks:
+    - name: Ensure that PHP PPA is added.
+      apt_repository: repo=ppa:ondrej/php state=present
+    - name: Update apt cache
+      apt: update_cache=yes
+    - name: Install system packages
+      apt: pkg={{ item }} state=latest
+      with_items:
+        - curl
+        - git
+        - make
+        - python-software-properties
+        - wget
+        - zip
+    - name: Add deploy user
+      user:
+        name: "{{ deploy_user }}"
+        groups: www-data
+    - name: "Set authorized key took from file for {{ deploy_user }}"
+      authorized_key:
+        user: "{{ deploy_user }}"
+        state: present
+        key: "{{ lookup('file', 'id_rsa.pub') }}"
+      when: from_vagrant
 
   roles:
     - yatesr.timezone
     - geerlingguy.nginx
-    - server
+    - geerlingguy.php-versions
+    - geerlingguy.php
+    - geerlingguy.mysql
     - role: static-site
       static_site_name: anwinged
       static_site_domain: anwinged.ru
     - role: static-site
       static_site_name: s2photo
       static_site_domain: s2photo.ru
+
+  post_tasks:
+    - name: Create system environment variables.
+      lineinfile:
+        path: /etc/environment
+        regexp: '^{{ item.key }}='
+        line: '{{ item.key }}="{{ item.value }}"'
+      with_dict: "{{ app_envs }}"
+    - name: 'Create folder for {{ apps.notes.name }}.'
+      file:
+        path: "{{ apps.notes.www }}"
+        state: directory
+        owner: "{{ deploy_user }}"
+        group: www-data
+        recurse: yes
+      notify: restart nginx

ansible/requirements.yml

@@ -3,4 +3,13 @@
   version: 1.0.0
 
 - src: geerlingguy.nginx
-  version: 1.9.6
+  version: 2.5.0
+
+- src: geerlingguy.php-versions
+  version: 1.1.0
+
+- src: geerlingguy.php
+  version: 3.4.5
+
+- src: geerlingguy.mysql
+  version: 2.8.0

ansible/roles/server/tasks/main.yml

@@ -1,16 +0,0 @@
----
-- name: Update apt cache
-  apt: update_cache=yes
-
-- name: Install system packages
-  apt: pkg={{ item }} state=latest
-  with_items:
-    - curl
-    - wget
-    - python-software-properties
-    - git
-
-- name: Add deploy user
-  user:
-    name: deployer
-    groups: www-data

ansible/roles/static-site/tasks/main.yml

@@ -1,15 +1,15 @@
 ---
-- name: Create nginx config
+- name: "Create nginx config for {{ static_site_name }}."
   template:
     src: site.conf.j2
-    dest: /etc/nginx/sites-enabled/{{ static_site_name }}.conf
+    dest: "/etc/nginx/sites-enabled/{{ static_site_name }}.conf"
   notify: restart nginx
 
-- name: Create root folder
+- name: "Create root folder for {{ static_site_name }}."
   file:
-    path: /var/www/{{ static_site_name }}
+    path: "/var/www/{{ static_site_name }}"
     state: directory
-    owner: deployer
+    owner: "{{ deploy_user }}"
     group: www-data
     recurse: yes
   notify: restart nginx

ansible/templates/notes.vhost.j2

@@ -0,0 +1,46 @@
+server {
+
+    server_name notes.anwinged.ru;
+
+    root /var/www/notes/current/web;
+
+    location / {
+        # try to serve file directly, fallback to app.php
+        try_files $uri /app.php$is_args$args;
+    }
+
+    # PROD
+    location ~ ^/app\.php(/|$) {
+        fastcgi_pass unix:/var/run/php{{ php_version }}-fpm.sock;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        # When you are using symlinks to link the document root to the
+        # current version of your application, you should pass the real
+        # application path instead of the path to the symlink to PHP
+        # FPM.
+        # Otherwise, PHP's OPcache may not properly detect changes to
+        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
+        # for more information).
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        {% for name, value in app_envs.iteritems() %}
+        fastcgi_param {{ name }} "{{ value }}";
+        {% endfor %}
+
+        # Prevents URIs that include the front controller. This will 404:
+        # http://domain.tld/app.php/some-path
+        # Remove the internal directive to allow URIs like this
+        internal;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+        return 404;
+    }
+
+    error_log /var/log/nginx/{{ apps.notes.name }}_error.log;
+    access_log /var/log/nginx/{{ apps.notes.name }}_access.log;
+}