From 2c9840d34793f2231dc760a5f9f9bc433096c9e2 Mon Sep 17 00:00:00 2001
From: hbaxter <hbaxter@telospartners.com>
Date: Fri, 4 Jul 2025 17:03:37 +0100
Subject: [PATCH] Refactor/Role: Merge role httpd_with_php into httpd Roundcube
 role Start of roundcube role WIP merge http

---
 ANSIBLE/group_vars/all/all.yml                |  3 +-
 ANSIBLE/group_vars/dev_roundcube/main.yml     |  2 +
 ANSIBLE/group_vars/ubuntu/all.yaml            |  1 +
 ANSIBLE/inventory/telos_digital.yml           |  1 +
 ANSIBLE/roles/httpd/defaults/main.yml         | 16 +++++
 ANSIBLE/roles/httpd/handlers/main.yml         |  4 ++
 ANSIBLE/roles/httpd/tasks/main.yml            | 25 ++++----
 ANSIBLE/roles/httpd/tasks/php.yml             | 32 ++++++++++
 .../roles/httpd/templates/httpd/index.html.j2 | 12 ++++
 .../roles/httpd/templates/httpd/vhost.conf.j2 | 14 +++++
 ANSIBLE/roles/httpd/templates/index.html.j2   | 12 ----
 .../templates/php}/www.conf.j2                |  4 +-
 ANSIBLE/roles/httpd/templates/vhost.conf.j2   | 14 -----
 .../roles/httpd_with_php/handlers/main.yml    | 16 -----
 ANSIBLE/roles/httpd_with_php/tasks/main.yml   | 59 -------------------
 ANSIBLE/roles/httpd_with_php/tasks/php.yml    | 42 -------------
 .../httpd_with_php/templates/index.html.j2    | 12 ----
 .../httpd_with_php/templates/vhost.conf.j2    | 14 -----
 .../roundcube/tasks/roundcube-config.yml      |  9 ++-
 .../roundcube/tasks/roundcube-release.yml     |  2 +
 20 files changed, 109 insertions(+), 185 deletions(-)
 create mode 100644 ANSIBLE/group_vars/dev_roundcube/main.yml
 create mode 100644 ANSIBLE/group_vars/ubuntu/all.yaml
 create mode 100644 ANSIBLE/roles/httpd/defaults/main.yml
 create mode 100644 ANSIBLE/roles/httpd/tasks/php.yml
 create mode 100644 ANSIBLE/roles/httpd/templates/httpd/index.html.j2
 create mode 100644 ANSIBLE/roles/httpd/templates/httpd/vhost.conf.j2
 delete mode 100644 ANSIBLE/roles/httpd/templates/index.html.j2
 rename ANSIBLE/roles/{httpd_with_php/templates => httpd/templates/php}/www.conf.j2 (80%)
 delete mode 100644 ANSIBLE/roles/httpd/templates/vhost.conf.j2
 delete mode 100644 ANSIBLE/roles/httpd_with_php/handlers/main.yml
 delete mode 100644 ANSIBLE/roles/httpd_with_php/tasks/main.yml
 delete mode 100644 ANSIBLE/roles/httpd_with_php/tasks/php.yml
 delete mode 100644 ANSIBLE/roles/httpd_with_php/templates/index.html.j2
 delete mode 100644 ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2

diff --git a/ANSIBLE/group_vars/all/all.yml b/ANSIBLE/group_vars/all/all.yml
index 911dd59..564c1ed 100644
--- a/ANSIBLE/group_vars/all/all.yml
+++ b/ANSIBLE/group_vars/all/all.yml
@@ -2,4 +2,5 @@ svc_acct_name: "ubuntu"
 svc_acct_keys: 
   - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
   - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= peter.edmond@telos.digital"
-  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
\ No newline at end of file
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
+admin_email: "digital@telospartners.com"
diff --git a/ANSIBLE/group_vars/dev_roundcube/main.yml b/ANSIBLE/group_vars/dev_roundcube/main.yml
new file mode 100644
index 0000000..ad005a9
--- /dev/null
+++ b/ANSIBLE/group_vars/dev_roundcube/main.yml
@@ -0,0 +1,2 @@
+---
+httpd_php: true
diff --git a/ANSIBLE/group_vars/ubuntu/all.yaml b/ANSIBLE/group_vars/ubuntu/all.yaml
new file mode 100644
index 0000000..19ad2cf
--- /dev/null
+++ b/ANSIBLE/group_vars/ubuntu/all.yaml
@@ -0,0 +1 @@
+php_user: ''
\ No newline at end of file
diff --git a/ANSIBLE/inventory/telos_digital.yml b/ANSIBLE/inventory/telos_digital.yml
index 158010a..3a67653 100644
--- a/ANSIBLE/inventory/telos_digital.yml
+++ b/ANSIBLE/inventory/telos_digital.yml
@@ -13,3 +13,4 @@ monitor:
 dev_roundcube:
   hosts:
     test-webmail.telos.digital:
+      httpd_site_name: 'test-webmail.telos.digital'
diff --git a/ANSIBLE/roles/httpd/defaults/main.yml b/ANSIBLE/roles/httpd/defaults/main.yml
new file mode 100644
index 0000000..5bedd1e
--- /dev/null
+++ b/ANSIBLE/roles/httpd/defaults/main.yml
@@ -0,0 +1,16 @@
+httpd_site_name: 'default'
+httpd_site_root: '/var/www/html'
+
+httpd_php: false
+httpd_php_version: 8.3
+httpd_php_pkgs:
+  - php
+  - php-fpm
+  - php-cli
+  - php-mysql
+  - php-curl
+  - php-gd
+  - php-mbstring
+  - php-xml
+  - php-zip
+ 
\ No newline at end of file
diff --git a/ANSIBLE/roles/httpd/handlers/main.yml b/ANSIBLE/roles/httpd/handlers/main.yml
index 7f30057..43a22a7 100644
--- a/ANSIBLE/roles/httpd/handlers/main.yml
+++ b/ANSIBLE/roles/httpd/handlers/main.yml
@@ -9,3 +9,7 @@
     name: apache2
     state: restarted
 
+- name: Restart PHP-FPM
+  service:
+    name: php{{ httpd_php_version }}-fpm
+    state: restarted
\ No newline at end of file
diff --git a/ANSIBLE/roles/httpd/tasks/main.yml b/ANSIBLE/roles/httpd/tasks/main.yml
index a70e075..d90d4ec 100644
--- a/ANSIBLE/roles/httpd/tasks/main.yml
+++ b/ANSIBLE/roles/httpd/tasks/main.yml
@@ -1,12 +1,12 @@
 ---
 - name: Install Apache2
-  apt:
+  ansible.builtin.apt:
     name: apache2
     state: present
-    update_cache: yes
+    update_cache: true
 
 - name: Install Certbot and Apache plugin
-  apt:
+  ansible.builtin.apt:
     name:
       - certbot
       - python3-certbot-apache
@@ -14,7 +14,7 @@
 
 - name: Ensure site root exists
   file:
-    path: "{{ site_root }}"
+    path: "{{ httpd_site_root }}"
     state: directory
     owner: www-data
     group: www-data
@@ -22,20 +22,20 @@
 
 - name: Create index.html
   template:
-    src: index.html.j2
-    dest: "{{ site_root }}/index.html"
+    src: httpd/index.html.j2
+    dest: "{{ httpd_site_root }}/index.html"
     owner: www-data
     group: www-data
     mode: '0644'
 
 - name: Create Apache virtual host config
   template:
-    src: vhost.conf.j2
-    dest: /etc/apache2/sites-available/{{ site_name }}.conf
+    src: httpd/vhost.conf.j2
+    dest: "/etc/apache2/sites-available/{{ httpd_site_name }}.conf"
   notify: Reload Apache
 
 - name: Enable site
-  command: a2ensite {{ site_name }}
+  command: "a2ensite {{ httpd_site_name }}"
   notify: Reload Apache
 
 - name: Enable SSL module
@@ -51,9 +51,12 @@
 - name: Obtain Let's Encrypt certificate using certbot
   command: >
     certbot --apache -n --agree-tos --redirect
-    -d {{ site_name }}
+    -d {{ httpd_site_name }}
     --email {{ admin_email }}
   args:
-    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
+    creates: "/etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem"
 
+- name: PHP Application
+  when: httpd_php == true
+  ansible.builtin.include_tasks: php.yml
 
diff --git a/ANSIBLE/roles/httpd/tasks/php.yml b/ANSIBLE/roles/httpd/tasks/php.yml
new file mode 100644
index 0000000..a430cad
--- /dev/null
+++ b/ANSIBLE/roles/httpd/tasks/php.yml
@@ -0,0 +1,32 @@
+---
+- name: Install PHP, PHP-FPM, and common extensions
+  ansible.builtin.apt:
+    name: "{{ httpd_php_pkgs }}"
+    state: present
+    update_cache: true
+- name: Enable Apache modules for PHP-FPM
+  ansible.builtin.command: a2enmod {{ item }}
+  loop:
+    - proxy_fcgi
+    - setenvif
+    - php{{ httpd_php_version }}  # or php8.1 depending on your distro
+  notify: Reload Apache
+  ignore_errors: true  # in case some modules aren't available
+
+- name: Ensure PHP-FPM service is running
+  ansible.builtin.service:
+    name: php{{ httpd_php_version }}-fpm
+    state: started
+    enabled: true
+  when: httpd_php_version is defined
+
+- name: Deploy custom PHP-FPM pool config
+  ansible.builtin.template:
+    src: php/www.conf.j2
+    dest: /etc/php/{{ httpd_php_version }}/fpm/pool.d/www.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart PHP-FPM
+
+
diff --git a/ANSIBLE/roles/httpd/templates/httpd/index.html.j2 b/ANSIBLE/roles/httpd/templates/httpd/index.html.j2
new file mode 100644
index 0000000..7da5359
--- /dev/null
+++ b/ANSIBLE/roles/httpd/templates/httpd/index.html.j2
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to {{ httpd_site_name }}</title>
+</head>
+<body>
+    <h1>Welcome to {{ httpd_site_name }}</h1>
+    <p>This site is served from: {{ httpd_site_root }}</p>
+</body>
+</html>
+
diff --git a/ANSIBLE/roles/httpd/templates/httpd/vhost.conf.j2 b/ANSIBLE/roles/httpd/templates/httpd/vhost.conf.j2
new file mode 100644
index 0000000..bb5772c
--- /dev/null
+++ b/ANSIBLE/roles/httpd/templates/httpd/vhost.conf.j2
@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName {{ httpd_site_name }}
+    DocumentRoot {{ httpd_site_root }}
+
+    <Directory {{ httpd_site_root }}>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
+    CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
+</VirtualHost>
+
diff --git a/ANSIBLE/roles/httpd/templates/index.html.j2 b/ANSIBLE/roles/httpd/templates/index.html.j2
deleted file mode 100644
index 939a6ee..0000000
--- a/ANSIBLE/roles/httpd/templates/index.html.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Welcome to {{ site_name }}</title>
-</head>
-<body>
-    <h1>Welcome to {{ site_name }}</h1>
-    <p>This site is served from: {{ site_root }}</p>
-</body>
-</html>
-
diff --git a/ANSIBLE/roles/httpd_with_php/templates/www.conf.j2 b/ANSIBLE/roles/httpd/templates/php/www.conf.j2
similarity index 80%
rename from ANSIBLE/roles/httpd_with_php/templates/www.conf.j2
rename to ANSIBLE/roles/httpd/templates/php/www.conf.j2
index 89bfb0f..a338f10 100644
--- a/ANSIBLE/roles/httpd_with_php/templates/www.conf.j2
+++ b/ANSIBLE/roles/httpd/templates/php/www.conf.j2
@@ -3,7 +3,7 @@
 user = www-data
 group = www-data
 
-listen = /run/php/php{{ php_version }}-fpm.sock
+listen = /run/php/php{{ httpd_php_version }}-fpm.sock
 
 listen.owner = www-data
 listen.group = www-data
@@ -20,7 +20,7 @@ chdir = /
 ; Logging
 catch_workers_output = yes
 ; Uncomment for more detailed error logging
-; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
+; php_admin_value[error_log] = /var/log/php{{ httpd_php_version }}-fpm.log
 ; php_admin_flag[log_errors] = on
 
 ; Additional PHP configuration values
diff --git a/ANSIBLE/roles/httpd/templates/vhost.conf.j2 b/ANSIBLE/roles/httpd/templates/vhost.conf.j2
deleted file mode 100644
index a8f6ff5..0000000
--- a/ANSIBLE/roles/httpd/templates/vhost.conf.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-<VirtualHost *:80>
-    ServerName {{ site_name }}
-    DocumentRoot {{ site_root }}
-
-    <Directory {{ site_root }}>
-        Options Indexes FollowSymLinks
-        AllowOverride All
-        Require all granted
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
-    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
-</VirtualHost>
-
diff --git a/ANSIBLE/roles/httpd_with_php/handlers/main.yml b/ANSIBLE/roles/httpd_with_php/handlers/main.yml
deleted file mode 100644
index e7bf150..0000000
--- a/ANSIBLE/roles/httpd_with_php/handlers/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: Reload Apache
-  service:
-    name: apache2
-    state: reloaded
-
-- name: Restart Apache
-  service:
-    name: apache2
-    state: restarted
-
-- name: Restart PHP-FPM
-  service:
-    name: php{{ php_version }}-fpm
-    state: restarted
-
diff --git a/ANSIBLE/roles/httpd_with_php/tasks/main.yml b/ANSIBLE/roles/httpd_with_php/tasks/main.yml
deleted file mode 100644
index ff2ac2c..0000000
--- a/ANSIBLE/roles/httpd_with_php/tasks/main.yml
+++ /dev/null
@@ -1,59 +0,0 @@
----
-- name: Install Apache2
-  apt:
-    name: apache2
-    state: present
-    update_cache: yes
-
-- name: Install Certbot and Apache plugin
-  apt:
-    name:
-      - certbot
-      - python3-certbot-apache
-    state: present
-
-- name: Ensure site root exists
-  file:
-    path: "{{ site_root }}"
-    state: directory
-    owner: www-data
-    group: www-data
-    mode: '0755'
-
-- name: Create index.html
-  template:
-    src: index.html.j2
-    dest: "{{ site_root }}/index.html"
-    owner: www-data
-    group: www-data
-    mode: '0644'
-
-- name: Create Apache virtual host config
-  template:
-    src: vhost.conf.j2
-    dest: /etc/apache2/sites-available/{{ site_name }}.conf
-  notify: Reload Apache
-
-- name: Enable site
-  command: a2ensite {{ site_name }}
-  notify: Reload Apache
-
-- name: Enable SSL module
-  command: a2enmod ssl
-  notify: Reload Apache
-
-- name: Ensure Apache is running and enabled
-  service:
-    name: apache2
-    state: started
-    enabled: yes
-
-- name: Obtain Let's Encrypt certificate using certbot
-  command: >
-    certbot --apache -n --agree-tos --redirect
-    -d {{ site_name }}
-    --email {{ admin_email }}
-  args:
-    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
-
-- import_tasks: php.yml
diff --git a/ANSIBLE/roles/httpd_with_php/tasks/php.yml b/ANSIBLE/roles/httpd_with_php/tasks/php.yml
deleted file mode 100644
index 7c87178..0000000
--- a/ANSIBLE/roles/httpd_with_php/tasks/php.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-- name: Install PHP, PHP-FPM, and common extensions
-  apt:
-    name:
-      - php
-      - php-fpm
-      - php-cli
-      - php-mysql
-      - php-curl
-      - php-gd
-      - php-mbstring
-      - php-xml
-      - php-zip
-    state: present
-    update_cache: yes
-
-- name: Enable Apache modules for PHP-FPM
-  command: a2enmod {{ item }}
-  loop:
-    - proxy_fcgi
-    - setenvif
-    - php{{ php_version }}  # or php8.1 depending on your distro
-  notify: Reload Apache
-  ignore_errors: yes  # in case some modules aren't available
-
-- name: Ensure PHP-FPM service is running
-  service:
-    name: php{{ php_version }}-fpm
-    state: started
-    enabled: yes
-  when: php_version is defined
-
-- name: Deploy custom PHP-FPM pool config
-  template:
-    src: www.conf.j2
-    dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
-    owner: root
-    group: root
-    mode: '0644'
-  notify: Restart PHP-FPM
-
-
diff --git a/ANSIBLE/roles/httpd_with_php/templates/index.html.j2 b/ANSIBLE/roles/httpd_with_php/templates/index.html.j2
deleted file mode 100644
index 939a6ee..0000000
--- a/ANSIBLE/roles/httpd_with_php/templates/index.html.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Welcome to {{ site_name }}</title>
-</head>
-<body>
-    <h1>Welcome to {{ site_name }}</h1>
-    <p>This site is served from: {{ site_root }}</p>
-</body>
-</html>
-
diff --git a/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2 b/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
deleted file mode 100644
index a8f6ff5..0000000
--- a/ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-<VirtualHost *:80>
-    ServerName {{ site_name }}
-    DocumentRoot {{ site_root }}
-
-    <Directory {{ site_root }}>
-        Options Indexes FollowSymLinks
-        AllowOverride All
-        Require all granted
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
-    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
-</VirtualHost>
-
diff --git a/ANSIBLE/roles/roundcube/tasks/roundcube-config.yml b/ANSIBLE/roles/roundcube/tasks/roundcube-config.yml
index ef9f352..8baf0e9 100644
--- a/ANSIBLE/roles/roundcube/tasks/roundcube-config.yml
+++ b/ANSIBLE/roles/roundcube/tasks/roundcube-config.yml
@@ -1,7 +1,12 @@
 ---
-- name: Configure Roundcube config.php
+- name: Configure Roundcube config.inc.php
   ansible.builtin.template:
     src: config/config.inc.php.j2
     dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/config/config.inc.php"
-    mode: '644'
+    mode: '640'
     owner: "{{ roundcube_user }}"
+- name: Remove Roundcube Installer Dir 
+  ansible.builtin.file:
+    dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/installer/"
+    state: absent
+
diff --git a/ANSIBLE/roles/roundcube/tasks/roundcube-release.yml b/ANSIBLE/roles/roundcube/tasks/roundcube-release.yml
index 7b56a64..38762bd 100644
--- a/ANSIBLE/roles/roundcube/tasks/roundcube-release.yml
+++ b/ANSIBLE/roles/roundcube/tasks/roundcube-release.yml
@@ -16,5 +16,7 @@
     src: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
     dest: "{{ roundcube_base_dir }}"
     creates: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}"
+    owner: "{{ roundcube_user }}"
+    group: "{{ roundcube_user }}"
     remote_src: true