Refactor/Role: Merge role httpd_with_php into httpd Roundcube role

Start of roundcube role WIP
merge http

ANSIBLE/group_vars/all/all.yml

@@ -2,4 +2,5 @@ svc_acct_name: "ubuntu"
 svc_acct_keys: 
   - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
   - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= peter.edmond@telos.digital"
-  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
+  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
+admin_email: "digital@telospartners.com"

ANSIBLE/group_vars/dev_roundcube/main.yml

@@ -0,0 +1,2 @@
+---
+httpd_php: true

ANSIBLE/group_vars/ubuntu/all.yaml

@@ -0,0 +1 @@
+php_user: ''

ANSIBLE/inventory/telos_digital.yml

@@ -13,3 +13,4 @@ monitor:
 dev_roundcube:
   hosts:
     test-webmail.telos.digital:
+      httpd_site_name: 'test-webmail.telos.digital'

ANSIBLE/roles/httpd/defaults/main.yml

@@ -0,0 +1,16 @@
+httpd_site_name: 'default'
+httpd_site_root: '/var/www/html'
+
+httpd_php: false
+httpd_php_version: 8.3
+httpd_php_pkgs:
+  - php
+  - php-fpm
+  - php-cli
+  - php-mysql
+  - php-curl
+  - php-gd
+  - php-mbstring
+  - php-xml
+  - php-zip
+ 

ANSIBLE/roles/httpd/handlers/main.yml

@@ -9,3 +9,7 @@
     name: apache2
     state: restarted
 
+- name: Restart PHP-FPM
+  service:
+    name: php{{ httpd_php_version }}-fpm
+    state: restarted

ANSIBLE/roles/httpd/tasks/main.yml

@@ -1,12 +1,12 @@
 ---
 - name: Install Apache2
-  apt:
+  ansible.builtin.apt:
     name: apache2
     state: present
-    update_cache: yes
+    update_cache: true
 
 - name: Install Certbot and Apache plugin
-  apt:
+  ansible.builtin.apt:
     name:
       - certbot
       - python3-certbot-apache
@@ -14,7 +14,7 @@
 
 - name: Ensure site root exists
   file:
-    path: "{{ site_root }}"
+    path: "{{ httpd_site_root }}"
     state: directory
     owner: www-data
     group: www-data
@@ -22,20 +22,20 @@
 
 - name: Create index.html
   template:
-    src: index.html.j2
-    dest: "{{ site_root }}/index.html"
+    src: httpd/index.html.j2
+    dest: "{{ httpd_site_root }}/index.html"
     owner: www-data
     group: www-data
     mode: '0644'
 
 - name: Create Apache virtual host config
   template:
-    src: vhost.conf.j2
-    dest: /etc/apache2/sites-available/{{ site_name }}.conf
+    src: httpd/vhost.conf.j2
+    dest: "/etc/apache2/sites-available/{{ httpd_site_name }}.conf"
   notify: Reload Apache
 
 - name: Enable site
-  command: a2ensite {{ site_name }}
+  command: "a2ensite {{ httpd_site_name }}"
   notify: Reload Apache
 
 - name: Enable SSL module
@@ -51,9 +51,12 @@
 - name: Obtain Let's Encrypt certificate using certbot
   command: >
     certbot --apache -n --agree-tos --redirect
-    -d {{ site_name }}
+    -d {{ httpd_site_name }}
     --email {{ admin_email }}
   args:
-    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
+    creates: "/etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem"
 
+- name: PHP Application
+  when: httpd_php == true
+  ansible.builtin.include_tasks: php.yml
 

ANSIBLE/roles/httpd/tasks/php.yml

@@ -0,0 +1,32 @@
+---
+- name: Install PHP, PHP-FPM, and common extensions
+  ansible.builtin.apt:
+    name: "{{ httpd_php_pkgs }}"
+    state: present
+    update_cache: true
+- name: Enable Apache modules for PHP-FPM
+  ansible.builtin.command: a2enmod {{ item }}
+  loop:
+    - proxy_fcgi
+    - setenvif
+    - php{{ httpd_php_version }}  # or php8.1 depending on your distro
+  notify: Reload Apache
+  ignore_errors: true  # in case some modules aren't available
+
+- name: Ensure PHP-FPM service is running
+  ansible.builtin.service:
+    name: php{{ httpd_php_version }}-fpm
+    state: started
+    enabled: true
+  when: httpd_php_version is defined
+
+- name: Deploy custom PHP-FPM pool config
+  ansible.builtin.template:
+    src: php/www.conf.j2
+    dest: /etc/php/{{ httpd_php_version }}/fpm/pool.d/www.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart PHP-FPM
+
+

ANSIBLE/roles/httpd/templates/httpd/index.html.j2

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to {{ httpd_site_name }}</title>
+</head>
+<body>
+    <h1>Welcome to {{ httpd_site_name }}</h1>
+    <p>This site is served from: {{ httpd_site_root }}</p>
+</body>
+</html>
+

ANSIBLE/roles/httpd/templates/httpd/vhost.conf.j2

@@ -0,0 +1,14 @@
+<VirtualHost *:80>
+    ServerName {{ httpd_site_name }}
+    DocumentRoot {{ httpd_site_root }}
+
+    <Directory {{ httpd_site_root }}>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
+    CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
+</VirtualHost>
+

ANSIBLE/roles/httpd/templates/index.html.j2

@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Welcome to {{ site_name }}</title>
-</head>
-<body>
-    <h1>Welcome to {{ site_name }}</h1>
-    <p>This site is served from: {{ site_root }}</p>
-</body>
-</html>
-

ANSIBLE/roles/httpd/templates/php/www.conf.j2

@@ -3,7 +3,7 @@
 user = www-data
 group = www-data
 
-listen = /run/php/php{{ php_version }}-fpm.sock
+listen = /run/php/php{{ httpd_php_version }}-fpm.sock
 
 listen.owner = www-data
 listen.group = www-data
@@ -20,7 +20,7 @@ chdir = /
 ; Logging
 catch_workers_output = yes
 ; Uncomment for more detailed error logging
-; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
+; php_admin_value[error_log] = /var/log/php{{ httpd_php_version }}-fpm.log
 ; php_admin_flag[log_errors] = on
 
 ; Additional PHP configuration values

ANSIBLE/roles/httpd/templates/vhost.conf.j2

@@ -1,14 +0,0 @@
-<VirtualHost *:80>
-    ServerName {{ site_name }}
-    DocumentRoot {{ site_root }}
-
-    <Directory {{ site_root }}>
-        Options Indexes FollowSymLinks
-        AllowOverride All
-        Require all granted
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
-    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
-</VirtualHost>
-

ANSIBLE/roles/httpd_with_php/handlers/main.yml

@@ -1,16 +0,0 @@
----
-- name: Reload Apache
-  service:
-    name: apache2
-    state: reloaded
-
-- name: Restart Apache
-  service:
-    name: apache2
-    state: restarted
-
-- name: Restart PHP-FPM
-  service:
-    name: php{{ php_version }}-fpm
-    state: restarted
-

ANSIBLE/roles/httpd_with_php/tasks/main.yml

@@ -1,59 +0,0 @@
----
-- name: Install Apache2
-  apt:
-    name: apache2
-    state: present
-    update_cache: yes
-
-- name: Install Certbot and Apache plugin
-  apt:
-    name:
-      - certbot
-      - python3-certbot-apache
-    state: present
-
-- name: Ensure site root exists
-  file:
-    path: "{{ site_root }}"
-    state: directory
-    owner: www-data
-    group: www-data
-    mode: '0755'
-
-- name: Create index.html
-  template:
-    src: index.html.j2
-    dest: "{{ site_root }}/index.html"
-    owner: www-data
-    group: www-data
-    mode: '0644'
-
-- name: Create Apache virtual host config
-  template:
-    src: vhost.conf.j2
-    dest: /etc/apache2/sites-available/{{ site_name }}.conf
-  notify: Reload Apache
-
-- name: Enable site
-  command: a2ensite {{ site_name }}
-  notify: Reload Apache
-
-- name: Enable SSL module
-  command: a2enmod ssl
-  notify: Reload Apache
-
-- name: Ensure Apache is running and enabled
-  service:
-    name: apache2
-    state: started
-    enabled: yes
-
-- name: Obtain Let's Encrypt certificate using certbot
-  command: >
-    certbot --apache -n --agree-tos --redirect
-    -d {{ site_name }}
-    --email {{ admin_email }}
-  args:
-    creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
-
-- import_tasks: php.yml

ANSIBLE/roles/httpd_with_php/tasks/php.yml

@@ -1,42 +0,0 @@
----
-- name: Install PHP, PHP-FPM, and common extensions
-  apt:
-    name:
-      - php
-      - php-fpm
-      - php-cli
-      - php-mysql
-      - php-curl
-      - php-gd
-      - php-mbstring
-      - php-xml
-      - php-zip
-    state: present
-    update_cache: yes
-
-- name: Enable Apache modules for PHP-FPM
-  command: a2enmod {{ item }}
-  loop:
-    - proxy_fcgi
-    - setenvif
-    - php{{ php_version }}  # or php8.1 depending on your distro
-  notify: Reload Apache
-  ignore_errors: yes  # in case some modules aren't available
-
-- name: Ensure PHP-FPM service is running
-  service:
-    name: php{{ php_version }}-fpm
-    state: started
-    enabled: yes
-  when: php_version is defined
-
-- name: Deploy custom PHP-FPM pool config
-  template:
-    src: www.conf.j2
-    dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
-    owner: root
-    group: root
-    mode: '0644'
-  notify: Restart PHP-FPM
-
-

ANSIBLE/roles/httpd_with_php/templates/index.html.j2

@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <title>Welcome to {{ site_name }}</title>
-</head>
-<body>
-    <h1>Welcome to {{ site_name }}</h1>
-    <p>This site is served from: {{ site_root }}</p>
-</body>
-</html>
-

ANSIBLE/roles/httpd_with_php/templates/vhost.conf.j2

@@ -1,14 +0,0 @@
-<VirtualHost *:80>
-    ServerName {{ site_name }}
-    DocumentRoot {{ site_root }}
-
-    <Directory {{ site_root }}>
-        Options Indexes FollowSymLinks
-        AllowOverride All
-        Require all granted
-    </Directory>
-
-    ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
-    CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
-</VirtualHost>
-

ANSIBLE/roles/roundcube/tasks/roundcube-config.yml

@@ -1,7 +1,12 @@
 ---
-- name: Configure Roundcube config.php
+- name: Configure Roundcube config.inc.php
   ansible.builtin.template:
     src: config/config.inc.php.j2
     dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/config/config.inc.php"
-    mode: '644'
+    mode: '640'
     owner: "{{ roundcube_user }}"
+- name: Remove Roundcube Installer Dir 
+  ansible.builtin.file:
+    dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/installer/"
+    state: absent
+

ANSIBLE/roles/roundcube/tasks/roundcube-release.yml

@@ -16,5 +16,7 @@
     src: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
     dest: "{{ roundcube_base_dir }}"
     creates: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}"
+    owner: "{{ roundcube_user }}"
+    group: "{{ roundcube_user }}"
     remote_src: true