149 lines
3.6 KiB
YAML
149 lines
3.6 KiB
YAML
---
|
|
- hosts: all
|
|
become: true
|
|
|
|
vars:
|
|
|
|
from_vagrant: no
|
|
deploy_user: deployer
|
|
|
|
apps:
|
|
notes:
|
|
name: notes
|
|
dbname: notes_db
|
|
dbuser: notes_user
|
|
dbpassword: Sf6tp6LKeCyrjVZ2YGKYUd
|
|
www: '/var/www/notes'
|
|
|
|
app_envs:
|
|
NOTES_SECRET_TOKEN: qJqFNP5B9RP2EfqgpTPyZe
|
|
NOTES_DATABASE_HOST: 127.0.0.1
|
|
NOTES_DATABASE_PORT: 3306
|
|
NOTES_DATABASE_NAME: "{{ apps.notes.dbname }}"
|
|
NOTES_DATABASE_USER: "{{ apps.notes.dbuser }}"
|
|
NOTES_DATABASE_PASSWORD: "{{ apps.notes.dbpassword }}"
|
|
SYMFONY_ENV: prod
|
|
|
|
timezone: UTC
|
|
|
|
# nginx settings
|
|
|
|
nginx_remove_default_vhost: true
|
|
|
|
# php settings
|
|
|
|
php_version: "7.1"
|
|
php_packages:
|
|
- php7.1
|
|
- php7.1-curl
|
|
- php7.1-gd
|
|
- php7.1-fpm
|
|
- php7.1-mbstring
|
|
- php7.1-xml
|
|
- php7.1-intl
|
|
- php7.1-zip
|
|
- php7.1-mysql
|
|
php_webserver_daemon: nginx
|
|
php_enable_php_fpm: true
|
|
php_date_timezone: "{{ timezone }}"
|
|
php_fpm_listen: /var/run/php{{ php_version }}-fpm.sock
|
|
|
|
# mysql settings
|
|
|
|
mysql_databases:
|
|
- name: "{{ apps.notes.dbname }}"
|
|
mysql_users:
|
|
- name: "{{ apps.notes.dbuser }}"
|
|
host: '127.0.0.1'
|
|
password: "{{ apps.notes.dbpassword }}"
|
|
priv: "{{ apps.notes.dbname }}.*:ALL"
|
|
|
|
letsencrypt_webroot_path: /var/www/letsencrypt
|
|
letsencrypt_email: anwinged@ya.ru
|
|
letsencrypt_cert_domains:
|
|
- notes.anwinged.ru
|
|
|
|
pre_tasks:
|
|
- name: Ensure that PHP PPA is added.
|
|
apt_repository: repo=ppa:ondrej/php state=present
|
|
- name: Update apt cache
|
|
apt: update_cache=yes
|
|
- name: Install system packages
|
|
apt: pkg={{ item }} state=latest
|
|
with_items:
|
|
- curl
|
|
- git
|
|
- make
|
|
- python-software-properties
|
|
- wget
|
|
- zip
|
|
- name: Add deploy user
|
|
user:
|
|
name: "{{ deploy_user }}"
|
|
groups: www-data
|
|
- name: "Set authorized key took from file for {{ deploy_user }}"
|
|
authorized_key:
|
|
user: "{{ deploy_user }}"
|
|
state: present
|
|
key: "{{ lookup('file', 'id_rsa.pub') }}"
|
|
when: from_vagrant
|
|
|
|
roles:
|
|
- yatesr.timezone
|
|
- geerlingguy.nginx
|
|
- geerlingguy.php-versions
|
|
- geerlingguy.php
|
|
- geerlingguy.mysql
|
|
- role: static-site
|
|
static_site_name: anwinged
|
|
static_site_domain: anwinged.ru
|
|
- role: static-site
|
|
static_site_name: s2photo
|
|
static_site_domain: s2photo.ru
|
|
|
|
tasks:
|
|
- name: Create system environment variables.
|
|
lineinfile:
|
|
dest: /etc/environment
|
|
regexp: '^{{ item.key }}='
|
|
line: '{{ item.key }}="{{ item.value }}"'
|
|
with_dict: "{{ app_envs }}"
|
|
|
|
- name: Generate dhparams.
|
|
shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048
|
|
args:
|
|
creates: /etc/nginx/dhparams.pem
|
|
|
|
- name: Create letsencrypt directory.
|
|
file:
|
|
name: /var/www/letsencrypt
|
|
state: directory
|
|
|
|
- name: Copy notes acme server config.
|
|
template:
|
|
src: notes-acme.vhost.j2
|
|
dest: "/etc/nginx/sites-enabled/notes-acme.conf"
|
|
notify: restart nginx
|
|
|
|
- name: Restart nginx.
|
|
service: name=nginx state=restarted
|
|
|
|
- name: Configure Lest Encrypt certificate.
|
|
include_role:
|
|
name: thefinn93.ansible-letsencrypt
|
|
|
|
- name: Copy notes server config.
|
|
template:
|
|
src: notes.vhost.j2
|
|
dest: "/etc/nginx/sites-enabled/notes.conf"
|
|
notify: restart nginx
|
|
|
|
- name: 'Create folder for {{ apps.notes.name }}.'
|
|
file:
|
|
path: "{{ apps.notes.www }}"
|
|
state: directory
|
|
owner: "{{ deploy_user }}"
|
|
group: www-data
|
|
recurse: yes
|
|
notify: restart nginx
|