Files
@ ac8884ab98ca
Branch filter:
Location: majic-ansible-roles/roles/php_website/tasks/main.yml - annotation
ac8884ab98ca
3.2 KiB
text/x-yaml
MAR-218: Fix some minor issues for the test runner script:
- No need to use the $ variable syntax for arithmetic operations.
- Use correct form when printing the list of roles (@ -> *).
- Fix missing quote when assembling the list of roles.
- No need to use the $ variable syntax for arithmetic operations.
- Use correct form when printing the list of roles (@ -> *).
- Fix missing quote when assembling the list of roles.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | 7727c37bce67 7727c37bce67 7727c37bce67 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 3af07319e2f3 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0be45939fc2a 14eb78a4f466 0f24d5b272f5 0f24d5b272f5 3af07319e2f3 e15b53d59517 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7cabc17c71c3 7727c37bce67 7727c37bce67 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 14eb78a4f466 14eb78a4f466 0f24d5b272f5 0f24d5b272f5 ff510f233909 ff510f233909 ff510f233909 0be45939fc2a 7727c37bce67 3f2756d25f85 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 7727c37bce67 4a3c8915f967 4a3c8915f967 4a3c8915f967 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7cabc17c71c3 4a3c8915f967 3f2756d25f85 c10934519e18 a20ca43cd967 14eb78a4f466 7727c37bce67 3f2756d25f85 c10934519e18 3dd7f39302f8 ff510f233909 ff510f233909 3dd7f39302f8 3dd7f39302f8 7cabc17c71c3 7727c37bce67 ff510f233909 7727c37bce67 d26fe0368a4b c10934519e18 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 7cabc17c71c3 d26fe0368a4b d26fe0368a4b d26fe0368a4b d26fe0368a4b c10934519e18 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 3dd7f39302f8 7cabc17c71c3 d26fe0368a4b d26fe0368a4b d26fe0368a4b aa2802e42d9d c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7cabc17c71c3 aa2802e42d9d 3f2756d25f85 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7cabc17c71c3 0f24d5b272f5 7727c37bce67 7727c37bce67 7727c37bce67 3f2756d25f85 c10934519e18 0f24d5b272f5 0f24d5b272f5 0f24d5b272f5 7727c37bce67 7727c37bce67 7387caca37f3 7387caca37f3 0c330b88956a 9f0f315631e4 7387caca37f3 7387caca37f3 | ---
- name: Create PHP website group
ansible.builtin.group:
name: "{{ user }}"
gid: "{{ uid | default(omit) }}"
state: present
- name: Create PHP website admin user
ansible.builtin.user:
name: "{{ admin }}"
uid: "{{ admin_uid | default(omit) }}"
group: "{{ user }}"
shell: /bin/bash
createhome: true
home: "{{ home }}"
state: present
- name: Set-up directory for storing user profile configuration files
ansible.builtin.file:
path: "{{ home }}/.profile.d"
state: directory
owner: "{{ admin }}"
group: "{{ user }}"
mode: "0750"
- name: Create PHP website user
ansible.builtin.user:
name: "{{ user }}"
uid: "{{ uid | default(omit) }}"
group: "{{ user }}"
comment: "umask=0007"
system: true
createhome: false
state: present
home: "{{ home }}"
# This is a workaround for a rather stupid bug that Debian seems
# uninterested to backport -
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
shell: /bin/sh
- name: Add nginx user to website group
ansible.builtin.user:
name: "www-data"
groups: "{{ user }}"
append: "yes"
notify:
- Restart nginx
# Ownership set to root so Postfix would not check if correct user owns the
# file.
- name: Set-up forwarding for mails delivered to local application user/admin
ansible.builtin.template:
src: "forward.j2"
dest: "{{ home }}/.forward"
owner: root
group: "{{ user }}"
mode: "0640"
- name: Install extra packages for website
ansible.builtin.apt:
name: "{{ packages }}"
state: present
- name: Deploy PHP FPM configuration file for website
ansible.builtin.template:
src: "fpm_site.conf.j2"
dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf"
validate: "{{ php_fpm_binary }} -t -y %s"
owner: root
group: root
mode: "0640"
notify:
- Restart PHP-FPM
- name: Deploy nginx TLS private key for website
ansible.builtin.copy:
dest: "/etc/ssl/private/{{ fqdn }}_https.key"
content: "{{ https_tls_key }}"
owner: root
group: root
mode: "0640"
notify:
- Restart nginx
- name: Deploy nginx TLS certificate for website
ansible.builtin.copy:
dest: "/etc/ssl/certs/{{ fqdn }}_https.pem"
content: "{{ https_tls_certificate }}"
owner: root
group: root
mode: "0644"
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
ansible.builtin.copy:
content: "/etc/ssl/certs/{{ fqdn }}_https.pem"
dest: "/etc/check_certificate/{{ fqdn }}_https.conf"
owner: root
group: root
mode: "0644"
- name: Deploy nginx configuration file for website
ansible.builtin.template:
src: "nginx_site.j2"
dest: "/etc/nginx/sites-available/{{ fqdn }}"
owner: root
group: root
mode: "0640"
validate: "/usr/local/bin/nginx_verify_site.sh -n '{{ fqdn }}' %s"
notify:
- Restart nginx
- name: Enable website
ansible.builtin.file:
src: "/etc/nginx/sites-available/{{ fqdn }}"
dest: "/etc/nginx/sites-enabled/{{ fqdn }}"
state: link
notify:
- Restart nginx
- name: Explicitly run all handlers
ansible.builtin.import_tasks: ../handlers/main.yml
when: "run_handlers | default(False) | bool()"
tags:
- handlers
|