+ debops: apache with pki, mariadb_server, php7.4 with extensions, mariadb client role with secret

.gitignore

@@ -1,2 +1,3 @@
 *.retry
 .idea
+/secret

apache.yml

@@ -0,0 +1,69 @@
+---
+
+- name: Manage and configure the Apache HTTP Server
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    apache__base_packages:
+      - libapache2-mod-php7.4
+    apache__role_modules:
+      'headers': True
+      'alias': True
+      'php7.4': True
+      'ssl':
+        enabled: '{{ True if (apache__https_listen and apache__https_enabled) else False }}'
+      'security2':
+        enabled: '{{ apache__security_module_enabled|bool }}'
+      'status':
+        enabled: '{{ apache__status_enabled|bool }}'
+        config: |
+          <Location /server-status>
+              # Revoke default permissions granted in `/etc/apache2/mods-available/status.conf`.
+              Require all denied
+          </Location>
+      'socache_shmcb':
+        enabled: '{{ True
+                     if (apache__ocsp_stapling_enabled|bool
+                         and "shmcb" in apache__ocsp_stapling_cache)
+                     else omit }}'
+      'authz_host':
+        enabled: '{{ True
+                     if (apache__status_enabled|bool
+                         and apache__status_allow_localhost)
+                     else omit }}'
+      'rewrite':
+        enabled: '{{ True
+                     if (apache__register_mod_rewrite_used is defined and
+                         apache__register_mod_rewrite_used.rc|d(1) == 0)
+                     else omit }}'
+    apache__allow:
+      - 0.0.0.0
+#    apache__default_vhost:
+#      name: '{{ apache__default_vhost_name }}'
+#      filename: '000-default'
+#      root: '/var/www/html'
+
+  pre_tasks:
+
+    - name: Prepare apache environment
+      import_role:
+        name: 'apache'
+        tasks_from: 'main_env'
+      tags: [ 'role::apache', 'role::apache:env' ]
+
+  roles:
+
+#    - role: ferm
+#      tags: [ 'role::ferm', 'skip::ferm' ]
+#      ferm__dependent_rules:
+#        - '{{ apache__ferm__dependent_rules }}'
+
+    - role: apache
+      tags: [ 'role::apache', 'skip::apache' ]

manala.nginx.yml

@@ -0,0 +1,11 @@
+---
+- hosts: debian10
+  collections:
+    - nginxinc.nginx_core
+    - manala.roles
+  tasks:
+    - name: Install NGINX
+      ansible.builtin.include_role:
+        name: nginx
+      vars:
+        nginx_type: opensource

manala.php.yml

@@ -0,0 +1,22 @@
+---
+- hosts: debian10
+  collections:
+    - nginxinc.nginx_core
+    - manala.roles
+  vars:
+    manala_apt_repositories:
+      - contrib
+    manala_apt_preferences:
+      - git@backports
+      - sury_php:100
+      - php@sury_php:300
+      - nginx@nginx
+  tasks:
+    - name: Install Manala APT
+      ansible.builtin.include_role:
+        name: manala.roles.apt
+    - name: Install PHP
+      ansible.builtin.include_role:
+        name: manala.roles.php
+      vars:
+        manala_php_version: 7.4

mariadb.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Manage MariaDB client
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
+    mariadb__upstream_version: '10.5'
+    mariadb__databases:
+      - name: 'intermetiz'
+      - name: 'intermetiz-products'
+    mariadb__users:
+      - name: 'intermetiz'
+        host: '%'
+        database: 'intermetiz%'
+
+  roles:
+
+    - role: secret
+
+    - role: keyring
+      tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb' ]
+      keyring__dependent_apt_keys:
+        - '{{ mariadb__keyring__dependent_apt_keys }}'
+
+    - role: python
+      tags: [ 'role::python', 'skip::python', 'role::mariadb' ]
+      python__dependent_packages3:
+        - '{{ mariadb__python__dependent_packages3 }}'
+      python__dependent_packages2:
+        - '{{ mariadb__python__dependent_packages2 }}'
+
+    - role: mariadb
+      tags: [ 'role::mariadb', 'skip::mariadb' ]

mariadb_server.yml

@@ -0,0 +1,48 @@
+---
+
+- name: Manage MariaDB server
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    mariadb_server__flavor: '{{ ansible_local.mariadb.flavor
+                                |d(mariadb_server__flavor_map[ansible_distribution_release] | d("mariadb_upstream")) }}'
+    mariadb_server__upstream_version: '10.5'
+    mariadb_server__bind_address: '0.0.0.0'
+
+  roles:
+    - role: keyring
+      tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb_server' ]
+      keyring__dependent_apt_keys:
+        - '{{ mariadb_server__keyring__dependent_apt_keys }}'
+
+    - role: etc_services
+      tags: [ 'role::etc_services' ]
+      etc_services__dependent_list:
+        - '{{ mariadb_server__etc_services__dependent_rules }}'
+#
+#    - role: ferm
+#      tags: [ 'role::ferm', 'skip::ferm' ]
+#      ferm__dependent_rules:
+#        - '{{ mariadb_server__ferm__dependent_rules }}'
+
+#    - role: tcpwrappers
+#      tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
+#      tcpwrappers__dependent_allow:
+#        - '{{ mariadb_server__tcpwrappers__dependent_allow }}'
+
+    - role: python
+      tags: [ 'role::python', 'skip::python', 'role::mariadb_server' ]
+      python__dependent_packages3:
+        - '{{ mariadb_server__python__dependent_packages3 }}'
+      python__dependent_packages2:
+        - '{{ mariadb_server__python__dependent_packages2 }}'
+
+    - role: mariadb_server
+      tags: [ 'role::mariadb_server', 'skip::mariadb_server' ]

php.yml

@@ -0,0 +1,80 @@
+---
+
+- name: Install and manage PHP environment
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    php__version_preference: [ 'php7.4' ]
+    php__sury: '{{ ansible_local.php.sury
+                   |d(ansible_distribution_release in [ "buster" ]) | bool }}'
+    php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}'
+    php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}'
+    php__sury_apt_key_id_map:
+      'Debian':
+        - id: '1505 8500 A023 5D97 F5D1  0063 B188 E2B6 95BD 4743'
+          repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
+          state: '{{ "present" if php__sury|bool else "absent" }}'
+
+        # Key replaced due to security concerns
+        # Ref: https://www.patreon.com/posts/dpa-new-signing-25451165
+        - id: 'DF3D 585D B8F0 EB65 8690  A554 AC0E 4758 4A7A 714D'
+          state: 'absent'
+    php__sury_apt_repo_map:
+      'Debian': 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
+      'Ubuntu': 'ppa:ondrej/php'
+    php__base_packages:
+      - unzip
+      - git
+    # mysql - это нужно только для WordPress
+    # mbstring требует только некоторые пакеты в laravel
+    # bcmath - нужно для работы парсера Excel файлов на одном из проектов
+    php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath'' ]
+    php__composer_upstream_enabled: '{{ True
+                                        if (ansible_distribution_release in
+                                            [ "buster" ])
+                                        else False }}'
+    php__php_included_packages: '{{ php__common_included_packages
+                                    + [ "sysvsem", "sysvshm" ] }}'
+
+  pre_tasks:
+
+    - name: Apply keyring configuration for php environment
+      import_role:
+        name: 'keyring'
+      vars:
+        keyring__dependent_apt_keys:
+          - '{{ php__keyring__dependent_apt_keys }}'
+      tags: [ 'role::keyring', 'skip::keyring', 'role::php' ]
+
+    - name: Prepare php environment
+      import_role:
+        name: 'php'
+        tasks_from: 'main_env'
+      tags: [ 'role::php', 'role::php:env', 'role::logrotate' ]
+
+  roles:
+
+    - role: apt_preferences
+      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
+      apt_preferences__dependent_list:
+        - '{{ php__apt_preferences__dependent_list }}'
+
+    - role: cron
+      tags: [ 'role::cron', 'skip::cron' ]
+
+    - role: logrotate
+      tags: [ 'role::logrotate', 'skip::logrotate' ]
+      logrotate__dependent_config:
+        - '{{ php__logrotate__dependent_config }}'
+
+    - role: apt_install
+
+    - role: php
+      tags: [ 'role::php', 'skip::php' ]

phpmyadmin.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Manage MariaDB server
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  roles:
+
+    - role: phpmyadmin
+      tags: [ 'role::phpmyadmin', 'skip::phpmyadmin' ]

pki.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Manage Public Key Infrastructure
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    pki_internal: True
+    pki_acme: False
+
+  pre_tasks:
+
+    - name: Prepare pki environment
+      import_role:
+        name: 'pki'
+        tasks_from: 'main_env'
+      tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ]
+
+  roles:
+
+    - role: secret
+      tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ]
+      secret_directories:
+        - '{{ pki_env_secret_directories }}'
+
+    - role: cron
+      tags: [ 'role::cron', 'skip::cron' ]
+
+    - role: pki
+      tags: [ 'role::pki', 'skip::pki' ]

requirements.yml

@@ -3,5 +3,4 @@
 collections:
   - name: nginxinc.nginx_core
     version: 0.8.0
-    
-...
+  - name: debops.debops

role/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+mariadb__root_password: '{{ lookup("password", secret + "/credentials/" +
+                            ansible_fqdn + "/mariadb/root/password length=20") }}'

roles/phpmyadmin/COPYRIGHT

@@ -0,0 +1,19 @@
+debops.phpmyadmin - Manage phpMyAdmin service using Ansible
+
+Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+Copyright (C) 2015-2019 DebOps <https://debops.org/>
+SPDX-License-Identifier: GPL-3.0-only
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.

roles/phpmyadmin/README.md

@@ -0,0 +1,4 @@
+### phpmyadmin
+
+This role does not have official documentation.
+See [DebOps documentation](https://docs.debops.org/en/tags/v3.0.3^0/) instead.

roles/phpmyadmin/defaults/main.yml

@@ -0,0 +1,99 @@
+---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
+# .. Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# .. Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# .. SPDX-License-Identifier: GPL-3.0-only
+
+# .. _phpmyadmin__ref_defaults:
+
+# debops.phpmyadmin default variables
+# ===================================
+
+# .. contents:: Sections
+#    :local:
+#
+# .. include:: ../../../../includes/global.rst
+
+
+# .. envvar:: phpmyadmin_dependencies [[[
+#
+# Should PHPMyAdmin role manage its own dependencies?
+phpmyadmin_dependencies: True
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_domain [[[
+#
+# What subdomain should be used for PHPMyAdmin in nginx configuration
+phpmyadmin_domain: [ 'mysql.{{ ansible_domain }}' ]
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_password_length [[[
+#
+# Default length of generated passwords
+phpmyadmin_password_length: '20'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_control_password [[[
+#
+# Default PHPMyAdmin control password
+phpmyadmin_control_password: "{{ lookup('password', secret + '/mariadb/' + ansible_local['mariadb'].delegate_to + '/credentials/' + phpmyadmin_control_user + '/password length=' + phpmyadmin_password_length) }}"
+
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_allow [[[
+#
+# List of IP addresses or network ranges in CIDR format, allowed to access
+# PHPMyAdmin. Leave empty to allow access from all IP addresses/networks
+phpmyadmin_allow: []
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_upload_size [[[
+#
+# Max upload size for nginx and php5
+phpmyadmin_upload_size: '64M'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_php5_max_children [[[
+#
+# Maximum number of PHP5 processes for PHPMyAdmin
+phpmyadmin_php5_max_children: '20'
+
+                                                                   # ]]]
+# Configuration for other Ansible roles [[[
+# -----------------------------------------
+
+# .. envvar:: phpmyadmin__php__dependent_packages [[[
+#
+# Package configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_packages:
+
+  - 'mysql'
+  - 'mcrypt'
+  - 'gd'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__php__dependent_pools [[[
+#
+# Pool configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_pools:
+
+  - '{{ phpmyadmin_php5_pool }}'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_servers [[[
+#
+# Server configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_servers:
+
+  - '{{ phpmyadmin_nginx_server }}'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_upstreams [[[
+#
+# Upstream configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_upstreams:
+
+  - '{{ phpmyadmin_nginx_upstream_php5 }}'
+                                                                   # ]]]
+                                                                   # ]]]

roles/phpmyadmin/meta/main.yml

@@ -0,0 +1,34 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+  author: 'Maciej Delmanowski'
+  description: 'Install and configure PHPMyAdmin on a MySQL database server'
+  company: 'DebOps'
+  license: 'GPL-3.0-only'
+  min_ansible_version: '1.7.0'
+  platforms:
+    - name: Ubuntu
+      versions:
+        - precise
+        - quantal
+        - raring
+        - saucy
+        - trusty
+    - name: Debian
+      versions:
+        - wheezy
+        - jessie
+  galaxy_tags:
+    - mysql
+    - database
+    - php

roles/phpmyadmin/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+- name: Import DebOps secret role
+  import_role:
+    name: 'secret'
+
+- name: Install dbconfig-common
+  apt: pkg=dbconfig-common state=present install_recommends=no
+  register: phpmyadmin__register_dbconfig_packages
+  until: phpmyadmin__register_dbconfig_packages is succeeded
+
+- name: Pre-configure PHPMyAdmin database
+  template: src=etc/dbconfig-common/phpmyadmin.conf.j2
+            dest=/etc/dbconfig-common/phpmyadmin.conf
+            owner=root group=root mode=0600
+
+- name: Install PHPMyAdmin packages
+  apt: pkg=phpmyadmin state=present install_recommends=no
+  register: phpmyadmin__register_packages
+  until: phpmyadmin__register_packages is succeeded
+
+- name: Create database for PHPMyAdmin
+  mysql_db: name={{ phpmyadmin_control_database | default('phpmyadmin') }} state=present
+  register: phpmyadmin_database
+
+- name: Import PHPMyAdmin schema
+  mysql_db:  # noqa no-handler
+    name: '{{ phpmyadmin_control_database | default("phpmyadmin") }}'
+    state: 'import'
+    target: '/usr/share/dbconfig-common/data/phpmyadmin/install/mysql'
+    login_unix_socket: '/run/mysqld/mysqld.sock'
+  when: phpmyadmin_database is defined and phpmyadmin_database is changed
+
+- name: Create PHPMyAdmin control user
+  mysql_user:
+    name: "{{ phpmyadmin_control_user | default('phpmyadmin') }}"
+    state: 'present'
+    password: '{{ phpmyadmin_control_password }}'
+    priv: "{{ phpmyadmin_control_database | default('phpmyadmin') }}.*:ALL"
+    login_unix_socket: '/run/mysqld/mysqld.sock'
+  no_log: '{{ debops__no_log | d(True) }}'

roles/phpmyadmin/templates/etc/dbconfig-common/phpmyadmin.conf.j2

@@ -0,0 +1,82 @@
+{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2015-2019 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# This file is managed by Ansible, all changes will be lost
+
+# automatically generated by the maintainer scripts of phpmyadmin
+# any changes you make will be preserved, though your comments
+# will be lost!  to change your settings you should edit this
+# file and then run "dpkg-reconfigure phpmyadmin"
+
+# dbc_install: configure database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_install='false'
+
+# dbc_upgrade: upgrade database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_upgrade='false'
+
+# dbc_remove: deconfigure database with dbconfig-common?
+#             set to anything but "true" to opt out of assistance
+dbc_remove=''
+
+# dbc_dbtype: type of underlying database to use
+#	this exists primarily to let dbconfig-common know what database
+#	type to use when a package supports multiple database types.
+#	don't change this value unless you know for certain that this
+#	package supports multiple database types
+dbc_dbtype='mysql'
+
+# dbc_dbuser: database user
+#	the name of the user who we will use to connect to the database.
+dbc_dbuser='{{ phpmyadmin_control_user }}'
+
+# dbc_dbpass: database user password
+#	the password to use with the above username when connecting
+#	to a database, if one is required
+dbc_dbpass='{{ phpmyadmin_control_password }}'
+
+# dbc_dbserver: database host.
+#	leave unset to use localhost (or a more efficient local method
+#	if it exists).
+dbc_dbserver=''
+
+# dbc_dbport: remote database port
+#	leave unset to use the default.  only applicable if you are
+#	using a remote database.
+dbc_dbport=''
+
+# dbc_dbname: name of database
+#	this is the name of your application's database.
+dbc_dbname='{{ phpmyadmin_control_database }}'
+
+# dbc_dbadmin: name of the administrative user
+#	this is the administrative user that is used to create all of the above
+dbc_dbadmin='root'
+
+# dbc_basepath: base directory to hold database files
+#	leave unset to use the default.  only applicable if you are
+#	using a local (filesystem based) database.
+dbc_basepath=''
+
+##
+## postgresql specific settings.  if you don't use postgresql,
+## you can safely ignore all of these
+##
+
+# dbc_ssl: should we require ssl?
+#	set to "true" to require that connections use ssl
+dbc_ssl=''
+
+# dbc_authmethod_admin: authentication method for admin
+# dbc_authmethod_user: authentication method for dbuser
+#	see the section titled "AUTHENTICATION METHODS" in
+#	/usr/share/doc/dbconfig-common/README.pgsql for more info
+dbc_authmethod_admin=''
+dbc_authmethod_user=''
+
+##
+## end postgresql specific settings
+##
+

roles/phpmyadmin/vars/main.yml

@@ -0,0 +1,55 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+phpmyadmin_control_user: 'phpmyadmin'
+phpmyadmin_control_database: 'phpmyadmin'
+
+phpmyadmin_nginx_server:
+  by_role: 'debops.phpmyadmin'
+  enabled: True
+  default: False
+  type: 'php5'
+  name: '{{ phpmyadmin_domain }}'
+  root: '/usr/share/phpmyadmin'
+  webroot_create: False
+
+  options: |
+    client_max_body_size  {{ phpmyadmin_upload_size }};
+
+  location:
+
+    # Required for location_allow to work
+    '/': 'try_files $uri $uri/ =404;'
+
+    '~ ^/(setup|libraries)': 'deny all;'
+
+  location_allow:
+    '/': '{{ phpmyadmin_allow }}'
+
+  php5: 'php5_phpmyadmin'
+
+  php5_options: |
+    {% if phpmyadmin_allow is defined and phpmyadmin_allow %}
+    {% for address in phpmyadmin_allow %}
+    allow {{ address }};
+    {% endfor %}
+    deny all;
+    {% endif %}
+
+phpmyadmin_nginx_upstream_php5:
+  enabled: True
+  name: 'php5_phpmyadmin'
+  type: 'php5'
+  php5: 'phpmyadmin'
+
+phpmyadmin_php5_pool:
+  enabled: True
+  name: 'phpmyadmin'
+  user: 'www-data'
+  group: 'www-data'
+  pm_max_children: '{{ phpmyadmin_php5_max_children }}'
+  php_value:
+    post_max_size: '{{ phpmyadmin_upload_size }}'
+    upload_max_filesize: '{{ phpmyadmin_upload_size }}'

secret/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

site.yml

@@ -1,7 +1,10 @@
 ---
-
-- import_playbook: anygroup.yml
+- import_playbook: pki.yml
+- import_playbook: mariadb_server.yml
+- import_playbook: mariadb.yml
+- import_playbook: php.yml
+- import_playbook: apache.yml
 
 # Import all other group playbooks in this file...
 
-...
+...