+ latest extensions - deployed nginx, apache, php 74 & 81, nvm, automatic databases import and phpmyadmin with nginx basic auth

+ dhcp dnsmasq server playbook for create inner server network

#861m7vaer Шаблон операционной системы на Debian 10

playbooks/own/correct-paths-for-pct-enter.yml

@@ -0,0 +1,13 @@
+---
+- name: Nerest bash PATH var with set true paths after pct enter into lxc container from proxmox host
+  hosts: [ 'debian10' ]
+  tasks:
+    - name: Append .shell-env
+      ansible.builtin.lineinfile:
+        path: '/root/.shell-env'
+        line: |-
+          ##
+          ## Correct PATH for tmux enter
+          ##
+          PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+

playbooks/own/libgd3-fix-for-php81.yml

@@ -0,0 +1,14 @@
+---
+- name: Solve problem with libgd3 for php-gd
+  hosts: [ 'debian10' ]
+  tasks:
+    - copy:
+        dest: '/etc/apt/preferences.d/libgd-pin100'
+        content: |-
+          Package: libgd3
+          Pin-Priority: 100
+    - shell: |-
+        apt update
+        apt install -t bullseye libgd3 -yy
+        apt-cache policy libgd3
+        apt install php8.1-gd -yy

playbooks/own/lookup-password-test.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Configure Locales
+  hosts: [ 'debian10' ]
+  tasks:
+    - name: Set ownerships to /var/www dir
+      set_fact:
+        mariadb__server: '{{ lookup("password", "secret/vam-teplee-2023/testpass " + "length=15") }}'

playbooks/own/nginx-auth.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Setup nginx auth scaffolding dirs
+  hosts: [ 'debian10' ]
+  tasks:
+    - shell: |-
+        cd /etc/nginx
+        mkdir -p auth.d passwords.d
+
+    - copy:
+        dest: '/etc/nginx/auth.d/grant-access-certbot.conf'
+        content: |-
+          set $auth_basic Restricted;
+
+          if ($request_uri ~* "well-known") {
+            set $auth_basic off;
+          }
+            
+          auth_basic $auth_basic;

playbooks/own/phpmyadmin-nginx-auth.yml

@@ -0,0 +1,58 @@
+---
+
+- name: Install PhpMyAdmin
+
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+
+  hosts: [ 'debian10' ]
+
+  vars_files:
+    - ./../../vars/php.yml
+
+  tasks:
+    - name: Import DebOps secret role
+      ansible.builtin.import_role:
+        name: 'secret'
+
+    - name: 'Adding pma nginx config'
+      copy:
+        dest: '/etc/nginx/sites-available/pma.conf'
+        content: |-
+          server {
+              listen 81;
+              server_name {{ site_name }};
+              root /var/www/phpmyadmin;
+              index index.php;
+              include auth.d/pma-auth.conf;
+              location / {
+                  try_files $uri $uri/ /index.php?$args;
+              }
+              set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-www-data.sock;
+              location ~ \.php$ {
+                  fastcgi_pass $upstream;
+                  include fastcgi_params;
+                  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                  fastcgi_param SERVER_NAME     $host;
+              }
+          }
+
+    - name: 'Adding pma nginx auth config'
+      copy:
+        dest: '/etc/nginx/auth.d/pma-auth.conf'
+        content: |-
+          include auth.d/grant-access-certbot.conf;
+          auth_basic_user_file passwords.d/pma.passwords;
+
+    - name: 'Adding pma nginx auth passwords files'
+      shell: |-
+        echo "{{ site_name }}:$(openssl passwd -apr1 {{ lookup("password", secret + "/basic/" + site_name + "/pma " + "length=30")}} )" > /etc/nginx/passwords.d/pma.passwords
+
+    - name: 'Turning on pma web site nginx config'
+      shell: |-
+        cd /etc/nginx/sites-enabled
+        ln -s ../sites-available/pma.conf ./
+
+    - name: 'Restarting nginx'
+      shell: |-
+        nginx -t && systemctl restart nginx

playbooks/own/phpmyadmin.yml

@@ -0,0 +1,24 @@
+---
+
+- name: Install PhpMyAdmin
+
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+
+  hosts: [ 'debian10' ]
+
+  vars:
+    - phpmyadmin_version: 5.2.1
+
+  # TODO: Set blowfish_secret and make access rights for ./tmp directory
+  tasks:
+    - name: 'Download phpMyAdmin {{ phpmyadmin_version }} into var/www dir and uncompress'
+      become: true
+      become_user: '{{ site_name }}'
+      shell: |-
+        cd /var/www
+        rm -rf phpmyadmin
+        wget -q https://files.phpmyadmin.net/phpMyAdmin/{{ phpmyadmin_version }}/phpMyAdmin-{{ phpmyadmin_version }}-all-languages.zip
+        unzip -qq phpMyAdmin-{{ phpmyadmin_version }}-all-languages.zip
+        rm phpMyAdmin-{{ phpmyadmin_version }}-all-languages.zip
+        mv phpMyAdmin-{{ phpmyadmin_version }}-all-languages phpmyadmin