Compare commits

..

1 Commits

Author SHA1 Message Date
bdd9c71e53 Merge pull request 'Refactor ANSIBLE Folder' (#1) from hbaxter into master
Reviewed-on: #1
2025-07-04 10:35:28 +00:00
37 changed files with 279 additions and 554 deletions

View File

@ -1,2 +0,0 @@
skip_list:
- yaml[line-length]

View File

@ -1,6 +1,5 @@
svc_acct_name: "ubuntu" svc_acct_name: "ubuntu"
svc_acct_keys: svc_acct_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
- "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= peter.edmond@telos.digital" - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com " - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
admin_email: "digital@telospartners.com"

View File

@ -1,85 +0,0 @@
---
httpd_php: true
httpd_tls_site_root: /srv/roundcube/roundcubemail-{{ roundcube_version }}/public_html
httpd_optional_enabled_modules:
- deflate
- expires
- headers
httpd_tls_vhost_raw: |
<IfModule mod_rewrite.c>
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteRule ^favicon\.ico$ skins/elastic/images/favicon.ico
# security rules:
# - deny access to files not containing a dot or starting with a dot
# in all locations except installer directory
RewriteRule ^(?!installer|\.well-known\/|[a-zA-Z0-9]{16})(\.?[^\.]+)$ - [F]
# - deny access to some locations
RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|vendor|program\/(include|lib|localization|steps)) - [F]
# - deny access to some documentation files
RewriteRule /?(README.*|CHANGELOG.*|SECURITY.*|meta\.json|composer\..*|jsdeps.json)$ - [F]
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
# prefer to brotli over gzip if brotli is available
<IfModule mod_brotli.c>
SetOutputFilter BROTLI_COMPRESS
# some assets have been compressed, so no need to do it again
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|web[pm]|woff2?)$ no-brotli
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
FileETag MTime Size
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
<IfModule mod_headers.c>
# Disable page indexing
Header set X-Robots-Tag "noindex, nofollow"
# replace 'merge' with 'append' for Apache < 2.2.9
#Header merge Cache-Control public env=!NO_CACHE
# Optional security headers
# Only provides increased security if the browser supports those features
# Be careful! Testing is required! They should be adjusted to your installation / user environment
# HSTS - HTTP Strict Transport Security
#Header always set Strict-Transport-Security "max-age=31536000; preload" env=HTTPS
# HPKP - HTTP Public Key Pinning
# Only template - fill with your values
#Header always set Public-Key-Pins "max-age=3600; report-uri=\"\"; pin-sha256=\"\"; pin-sha256=\"\"" env=HTTPS
# X-Xss-Protection
# This header is used to configure the built in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit).
#Header set X-XSS-Protection "1; mode=block"
# X-Frame-Options
# The X-Frame-Options header (RFC), or XFO header, protects your visitors against clickjacking attacks
# Already set by php code! Do not activate both options
#Header set X-Frame-Options SAMEORIGIN
# X-Content-Type-Options
# It prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.
#Header set X-Content-Type-Options "nosniff"
</IfModule>
mariadb_manage: true
mariadb_users:
- user: roundcube
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31383138383839383861303464383230363265323536636336306530316337333266373730643835
6130356163343631616663666132346633346336333538650a303932343831386132326261313433
61306462623666353831626136633633623331666338663239373236376464303338633364656364
3333653363653838300a326662626333666135366130366466633466353366666235316633383135
39323532623037656635356266666434333831363834646232373031336134626166666664653662
6266313336656565303663353436626334313865313330303538
priv: "'roundcubedb.*'': 'ALL,GRANT'"
mariadb_databases:
- roundcubedb
roundcube_db_dsnw: "mysql://roundcube:{{ mariadb_users[0].password }}@localhost/roundcubedb"
# roundcube_db_dsnw: 'mysql://roundcube:pass@localhost/roundcubemail'

View File

@ -1 +0,0 @@
php_user: ''

View File

@ -10,15 +10,3 @@ eoq:
monitor: monitor:
hosts: hosts:
monitor.telos.digital: monitor.telos.digital:
dev_roundcube:
hosts:
test-webmail.telos.digital:
httpd_site_name: 'test-webmail.telos.digital'
mariadb_root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63353366356333386164316433646431393932623666353235656666363833653339616162633765
3738313666653431383936643035326338313935303065360a643135666638373235313532326135
63376637646130373863383366313538623938656531376234616234336534356539306536356363
3364323038316565300a646239646636386363373664323530623130663130653337363861313434
61643933643263633363643436366261623934346339333032663935386135313264646637306464
3438303435373562363163363939386565336535363165303639

View File

@ -1,36 +0,0 @@
httpd_pkgs:
- apache2
httpd_pkgs_plugins: []
httpd_site_name: 'default'
httpd_site_root: '/var/www/html'
httpd_default_enabled_modules:
- ssl
httpd_optional_enabled_modules: []
httpd_tls_certbot: true
httpd_tls_auto_redirect: true
httpd_tls_certbot_additonal_args: ''
httpd_tls_site_root:
httpd_tls_vhost_default: true
httpd_tls_vhost_raw: ''
httpd_php: false
httpd_php_version: 8.3
httpd_php_socket: '/run/php/php{{ httpd_php_version }}-fpm.sock'
httpd_php_pkgs:
- php
- php-fpm
- php-cli
- php-mysql
- php-curl
- php-gd
- php-mbstring
- php-xml
- php-zip
httpd_php_enabled_modules:
- proxy_fcgi
- setenvif
- php{{ httpd_php_version }}

View File

@ -9,7 +9,3 @@
name: apache2 name: apache2
state: restarted state: restarted
- name: Restart PHP-FPM
service:
name: php{{ httpd_php_version }}-fpm
state: restarted

View File

@ -1,20 +0,0 @@
---
- name: Install Certbot and Apache plugin
ansible.builtin.apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure Apache is running and enabled
ansible.builtin.service:
name: apache2
state: started
enabled: true
- name: Obtain Let's Encrypt certificate using certbot
ansible.builtin.command: >
certbot --apache -n --agree-tos --redirect
-d {{ httpd_site_name }}
--email {{ admin_email }} {{ httpd_tls_certbot_additonal_args }}
args:
creates: "/etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem"

View File

@ -1,31 +0,0 @@
---
- name: Create index.html
ansible.builtin.template:
src: httpd/index.html.j2
dest: "{{ httpd_site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
ansible.builtin.template:
src: httpd/vhost.conf.j2
dest: "/etc/apache2/sites-available/{{ httpd_site_name }}.conf"
owner: www-data
group: www-data
mode: '0644'
notify: Reload Apache
- name: "Enable http site {{ httpd_site_name }}"
ansible.builtin.command: "a2ensite {{ httpd_site_name }}"
args:
creates: "/etc/apache2/sites-enabled/{{ httpd_site_name }}.conf"
notify: Reload Apache
- name: Enable modules
ansible.builtin.command: " a2enmod {{ item }}"
args:
creates: "/etc/apache2/mods-enabled/{{ item }}*"
loop: "{{ httpd_default_enabled_modules + httpd_optional_enabled_modules }}"
notify: Reload Apache

View File

@ -1,21 +0,0 @@
---
- name: Install Apache2 and plugins
ansible.builtin.apt:
name: "{{ httpd_pkgs + httpd_pkgs_plugins }}"
state: present
update_cache: true
- name: Ensure site root exists
ansible.builtin.file:
path: "{{ httpd_site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Ensure Apache is running and enabled
ansible.builtin.service:
name: apache2
state: started
enabled: true

View File

@ -1,19 +0,0 @@
---
- name: "Disable Certbot autocreated {{ httpd_site_name }}-le-ssl"
ansible.builtin.command: "a2dissite {{ httpd_site_name }}-le-ssl"
args:
removes: "/etc/apache2/sites-enabled/{{ httpd_site_name }}-le-ssl.conf"
notify: Reload Apache
- name: Create Apache TLS virtual host config
ansible.builtin.template:
src: httpd/tls_vhost.conf.j2
dest: "/etc/apache2/sites-available/{{ httpd_site_name }}_tls.conf"
owner: www-data
group: www-data
mode: '0644'
notify: Reload Apache
- name: "Enable http site {{ httpd_site_name }}_tls"
ansible.builtin.command: "a2ensite {{ httpd_site_name }}_tls"
args:
creates: "/etc/apache2/sites-enabled/{{ httpd_site_name }}_tls.conf"
notify: Reload Apache

View File

@ -1,14 +1,59 @@
--- ---
- name: Install Apache2
apt:
name: apache2
state: present
update_cache: yes
- name: Install Certbot and Apache plugin
apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure site root exists
file:
path: "{{ site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Create index.html
template:
src: index.html.j2
dest: "{{ site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
template:
src: vhost.conf.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Reload Apache
- name: Enable site
command: a2ensite {{ site_name }}
notify: Reload Apache
- name: Enable SSL module
command: a2enmod ssl
notify: Reload Apache
- name: Ensure Apache is running and enabled
service:
name: apache2
state: started
enabled: yes
- name: Obtain Let's Encrypt certificate using certbot
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
- name: Apache2 Install
ansible.builtin.include_tasks: httpd_install.yml
- name: Apache2 Default Config
ansible.builtin.include_tasks: httpd_default_config.yml
- name: Certbot TLS
when: httpd_tls_certbot
ansible.builtin.include_tasks: httpd_certbot_tls.yml
- name: PHP Application
when: httpd_php
ansible.builtin.include_tasks: php.yml
- name: TLS Enabled Site
ansible.builtin.include_tasks: httpd_vhost_tls.yml

View File

@ -1,31 +0,0 @@
---
- name: Install PHP, PHP-FPM, and common extensions
ansible.builtin.apt:
name: "{{ httpd_php_pkgs }}"
state: present
update_cache: true
- name: Enable Apache modules for PHP-FPM
ansible.builtin.command: a2enmod {{ item }}
args:
creates: "/etc/apache2/mods-enabled/{{ item }}*"
loop: "{{ httpd_php_enabled_modules }}"
notify: Reload Apache
ignore_errors: true # in case some modules aren't available
register: httpd_php_modules_errors
- name: Ensure PHP-FPM service is running
ansible.builtin.service:
name: php{{ httpd_php_version }}-fpm
state: started
enabled: true
when: httpd_php_version is defined
- name: Deploy custom PHP-FPM pool config
ansible.builtin.template:
src: php/www.conf.j2
dest: /etc/php/{{ httpd_php_version }}/fpm/pool.d/www.conf
owner: root
group: root
mode: '0644'
notify: Restart PHP-FPM

View File

@ -1,12 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ httpd_site_name }}</title>
</head>
<body>
<h1>Welcome to {{ httpd_site_name }}</h1>
<p>This site is served from: {{ httpd_site_root }}</p>
</body>
</html>

View File

@ -1,33 +0,0 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
# General vhost config
ServerName {{ httpd_site_name }}
DocumentRoot {{ httpd_tls_site_root }}
#TLS Config
SSLCertificateFile /etc/letsencrypt/live/{{ httpd_site_name }}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ httpd_site_name }}/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Standardised Access & error Logging locations
ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
{% if httpd_tls_vhost_default %}
<Directory {{ httpd_tls_site_root }} >
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
{% if httpd_php %}
<FilesMatch \.php$>
SetHandler "proxy:unix:{{ httpd_php_socket }}|fcgi://localhost/"
</FilesMatch>
{% endif %}
</Directory>
{% endif %}
{% if httpd_tls_vhost_raw != '' %}
{{ httpd_tls_vhost_raw }}
{% endif %}
</VirtualHost>
</IfModule>

View File

@ -1,14 +0,0 @@
<VirtualHost *:80>
ServerName {{ httpd_site_name }}
DocumentRoot {{ httpd_site_root }}
<Directory {{ httpd_site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ httpd_site_name }}_access.log combined
</VirtualHost>

View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ site_name }}</title>
</head>
<body>
<h1>Welcome to {{ site_name }}</h1>
<p>This site is served from: {{ site_root }}</p>
</body>
</html>

View File

@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName {{ site_name }}
DocumentRoot {{ site_root }}
<Directory {{ site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
</VirtualHost>

View File

@ -0,0 +1,16 @@
---
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted
- name: Restart PHP-FPM
service:
name: php{{ php_version }}-fpm
state: restarted

View File

@ -0,0 +1,59 @@
---
- name: Install Apache2
apt:
name: apache2
state: present
update_cache: yes
- name: Install Certbot and Apache plugin
apt:
name:
- certbot
- python3-certbot-apache
state: present
- name: Ensure site root exists
file:
path: "{{ site_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Create index.html
template:
src: index.html.j2
dest: "{{ site_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
- name: Create Apache virtual host config
template:
src: vhost.conf.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Reload Apache
- name: Enable site
command: a2ensite {{ site_name }}
notify: Reload Apache
- name: Enable SSL module
command: a2enmod ssl
notify: Reload Apache
- name: Ensure Apache is running and enabled
service:
name: apache2
state: started
enabled: yes
- name: Obtain Let's Encrypt certificate using certbot
command: >
certbot --apache -n --agree-tos --redirect
-d {{ site_name }}
--email {{ admin_email }}
args:
creates: /etc/letsencrypt/live/{{ site_name }}/fullchain.pem
- import_tasks: php.yml

View File

@ -0,0 +1,42 @@
---
- name: Install PHP, PHP-FPM, and common extensions
apt:
name:
- php
- php-fpm
- php-cli
- php-mysql
- php-curl
- php-gd
- php-mbstring
- php-xml
- php-zip
state: present
update_cache: yes
- name: Enable Apache modules for PHP-FPM
command: a2enmod {{ item }}
loop:
- proxy_fcgi
- setenvif
- php{{ php_version }} # or php8.1 depending on your distro
notify: Reload Apache
ignore_errors: yes # in case some modules aren't available
- name: Ensure PHP-FPM service is running
service:
name: php{{ php_version }}-fpm
state: started
enabled: yes
when: php_version is defined
- name: Deploy custom PHP-FPM pool config
template:
src: www.conf.j2
dest: /etc/php/{{ php_version }}/fpm/pool.d/www.conf
owner: root
group: root
mode: '0644'
notify: Restart PHP-FPM

View File

@ -0,0 +1,12 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Welcome to {{ site_name }}</title>
</head>
<body>
<h1>Welcome to {{ site_name }}</h1>
<p>This site is served from: {{ site_root }}</p>
</body>
</html>

View File

@ -0,0 +1,14 @@
<VirtualHost *:80>
ServerName {{ site_name }}
DocumentRoot {{ site_root }}
<Directory {{ site_root }}>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ site_name }}_error.log
CustomLog ${APACHE_LOG_DIR}/{{ site_name }}_access.log combined
</VirtualHost>

View File

@ -3,7 +3,7 @@
user = www-data user = www-data
group = www-data group = www-data
listen = {{ httpd_php_socket }} listen = /run/php/php{{ php_version }}-fpm.sock
listen.owner = www-data listen.owner = www-data
listen.group = www-data listen.group = www-data
@ -20,7 +20,7 @@ chdir = /
; Logging ; Logging
catch_workers_output = yes catch_workers_output = yes
; Uncomment for more detailed error logging ; Uncomment for more detailed error logging
; php_admin_value[error_log] = /var/log/php{{ httpd_php_version }}-fpm.log ; php_admin_value[error_log] = /var/log/php{{ php_version }}-fpm.log
; php_admin_flag[log_errors] = on ; php_admin_flag[log_errors] = on
; Additional PHP configuration values ; Additional PHP configuration values

View File

@ -1,5 +1,2 @@
--- ---
# defaults file for roles/mariadb # defaults file for roles/mariadb
mariadb_manage: false
mariadb_users: []
mariadb_databases: []

View File

@ -1,9 +0,0 @@
---
- name: Try to create databases
community.mysql.mysql_db:
login_user: root
login_password: "{{ mariadb_root_password }}"
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ item }}"
state: present
loop: "{{ mariadb_databases }}"

View File

@ -1,12 +0,0 @@
#
---
- name: Create Database users
community.mysql.mysql_user:
column_case_sensitive: false
login_password: "{{ mariadb_root_password }}"
# logon_user: "root"
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ item.user }}"
password: "{{ item.password }}"
priv: "{{ item.priv }}"
loop: "{{ mariadb_users }}"

View File

@ -1,48 +0,0 @@
---
- name: Install MariaDB server and client
ansible.builtin.apt:
name:
- mariadb-server
- mariadb-client
state: present
update_cache: true
- name: Ensure PyMySQL is installed
ansible.builtin.apt:
name: python3-pymysql
state: present
- name: Ensure MariaDB is running and enabled
ansible.builtin.service:
name: mariadb
state: started
enabled: true
- name: Try to connect to MariaDB with root password
ansible.builtin.shell: |
mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
register: mysql_root_status
failed_when: false
changed_when: false
- name: Value of mysql_root_status
ansible.builtin.debug:
msg: "{{mysql_root_status}}"
- name: Set MariaDB root password if not already set
community.mysql.mysql_user:
name: root
host: "{{ item }}"
password: "{{ mariadb_root_password }}"
login_unix_socket: /run/mysqld/mysqld.sock
check_implicit_admin: true
state: present
loop:
- localhost
# - 127.0.0.1
# - ::1
when: mysql_root_status.rc != 0
- name: Check MariaDB root password is set
ansible.builtin.debug:
msg: "MariaDB root password is already set, skipping reset"
when: mysql_root_status.rc == 0

View File

@ -1,8 +1,45 @@
- name: Mariadb Install & Init ---
ansible.builtin.include_tasks: install_initilise.yml - name: Install MariaDB server and client
- name: Mariadb db create apt:
when: mariadb_manage name:
ansible.builtin.include_tasks: create_dbs.yml - mariadb-server
- name: Mariadb users create - mariadb-client
when: mariadb_manage state: present
ansible.builtin.include_tasks: create_users.yml update_cache: yes
- name: Ensure PyMySQL is installed
apt:
name: python3-pymysql
state: present
- name: Ensure MariaDB is running and enabled
service:
name: mariadb
state: started
enabled: true
- name: Try to connect to MariaDB with root password
shell: |
mysql -u root -p'{{ mariadb_root_password }}' -e "SELECT 1;"
register: mysql_root_status
failed_when: false
changed_when: false
- name: Set MariaDB root password if not already set
mysql_user:
name: root
host: "{{ item }}"
password: "{{ mariadb_root_password }}"
login_unix_socket: /run/mysqld/mysqld.sock
check_implicit_admin: true
state: present
loop:
- localhost
- 127.0.0.1
- ::1
when: mysql_root_status.rc != 0
- debug:
msg: "MariaDB root password is already set, skipping reset"
when: mysql_root_status.rc == 0

View File

@ -1,14 +0,0 @@
---
roundcube_version: '1.6.11'
roundcube_version_sha256: 'sha256:a230e432065555bfa27bea3fcf4ac672f2359ef28ad84f5945ea3ccf702e7466'
roundcube_user: 'www-data'
roundcube_db_dsnw: 'mysql://roundcube:pass@localhost/roundcubemail'
roundcube_imap_host: 'localhost:143'
roundcube_smtp_host: 'localhost:587'
roundcube_support_url: 'support@test.com'
roundcube_product_name: 'Webmail'
roundcube_des_key: 'rcmail-!24ByteDESkey*Str'
roundcube_skin: 'elastic'
roundcube_enabled_plugins:
- archive
- zipdownload

View File

@ -1,5 +0,0 @@
---
- name: Load Roundcube Release
ansible.builtin.include_tasks: roundcube-release.yml
- name: Congigure Roundcube
ansible.builtin.include_tasks: roundcube-config.yml

View File

@ -1,12 +0,0 @@
---
- name: Configure Roundcube config.inc.php
ansible.builtin.template:
src: config/config.inc.php.j2
dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/config/config.inc.php"
mode: '640'
owner: "{{ roundcube_user }}"
- name: Remove Roundcube Installer Dir
ansible.builtin.file:
dest: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}/installer/"
state: absent

View File

@ -1,22 +0,0 @@
---
- name: Download Roundcube Archive from GitHub Released Page
ansible.builtin.get_url:
url: "https://github.com/roundcube/roundcubemail/releases/download/{{ roundcube_version }}/roundcubemail-{{ roundcube_version }}-complete.tar.gz"
dest: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
checksum: "{{ roundcube_version_sha256 }}"
mode: '644'
force: false
- name: Ensure Roundcube Base Dir exsists
ansible.builtin.file:
dest: "{{ roundcube_base_dir }}"
mode: '0755'
state: 'directory'
- name: Unarchive Roundcube release
ansible.builtin.unarchive:
src: "/opt/roundcube_{{ roundcube_version }}.tar.gz"
dest: "{{ roundcube_base_dir }}"
creates: "{{ roundcube_base_dir }}/roundcubemail-{{ roundcube_version }}"
owner: "{{ roundcube_user }}"
group: "{{ roundcube_user }}"
remote_src: true

View File

@ -1,67 +0,0 @@
<?php
/*
+-----------------------------------------------------------------------+
| Local configuration for the Roundcube Webmail installation. |
| |
| This is a sample configuration file only containing the minimum |
| setup required for a functional installation. Copy more options |
| from defaults.inc.php to this file to override the defaults. |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
+-----------------------------------------------------------------------+
*/
$config = [];
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
// or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
$config['db_dsnw'] = '{{ roundcube_db_dsnw }}';
// IMAP host chosen to perform the log-in.
// See defaults.inc.php for the option description.
$config['imap_host'] = '{{ roundcube_imap_host }}';
// SMTP server host (for sending mails).
// See defaults.inc.php for the option description.
$config['smtp_host'] = '{{ roundcube_smtp_host }}';
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '{{ roundcube_support_url }}';
// Name your service. This is displayed on the login screen and in the window title
$config['product_name'] = '{{ roundcube_product_name }}';
// This key is used to encrypt the users imap password which is stored
// in the session record. For the default cipher method it must be
// exactly 24 characters long.
// YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
$config['des_key'] = '{{ roundcube_des_key }}';
// List of active plugins (in plugins/ directory)
$config['plugins'] = [
{% for plugin in roundcube_enabled_plugins %}
'{{ plugin }}',
{% endfor %}
];
// skin name: folder from skins/
$config['skin'] = '{{ roundcube_skin }}';

View File

@ -1,2 +0,0 @@
---
roundcube_base_dir: "/srv/roundcube"

View File

@ -8,7 +8,7 @@
- name: Wheel Group - name: Wheel Group
when: ansible_facts['os_family'] == "RedHat" when: ansible_facts['os_family'] == "RedHat"
ansible.builtin.user: ansible.builtin.user:
name: "{{ svc_acct_name }}" name: servicelink
groups: wheel groups: wheel
append: true append: true
- name: Sudo Group - name: Sudo Group
@ -17,13 +17,13 @@
name: "{{ svc_acct_name }}" name: "{{ svc_acct_name }}"
groups: sudo groups: sudo
append: true append: true
- name: "Make sudo passwordless for {{ svc_acct_name }}" - name: Make servicelink sudo Passwordless
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: present state: present
line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL" line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL"
validate: /usr/sbin/visudo -cf %s validate: /usr/sbin/visudo -cf %s
- name: "Create or fix ~/.ssh dir" - name: "Make .ssh dir"
ansible.builtin.file: ansible.builtin.file:
path: "/home/{{ svc_acct_name }}/.ssh/" path: "/home/{{ svc_acct_name }}/.ssh/"
state: directory state: directory
@ -37,7 +37,7 @@
owner: "{{ svc_acct_name }}" owner: "{{ svc_acct_name }}"
group: "{{ svc_acct_name }}" group: "{{ svc_acct_name }}"
mode: "0600" mode: "0600"
- name: Add Publickeys - name: Add Publickey
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys" path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
line: "{{ item }}" line: "{{ item }}"

View File

@ -1,10 +0,0 @@
---
- name: Install http php and mariadb
hosts: dev_roundcube
become: true
gather_facts: true
roles:
- httpd
- roundcube
- mariadb
# - svc_acct