diff --git a/.gitignore b/.gitignore
index df5c4e1..41173c0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
*.retry
.idea
+/secret
diff --git a/apache.yml b/apache.yml
new file mode 100644
index 0000000..fa1dc54
--- /dev/null
+++ b/apache.yml
@@ -0,0 +1,69 @@
+---
+
+- name: Manage and configure the Apache HTTP Server
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ vars:
+ apache__base_packages:
+ - libapache2-mod-php7.4
+ apache__role_modules:
+ 'headers': True
+ 'alias': True
+ 'php7.4': True
+ 'ssl':
+ enabled: '{{ True if (apache__https_listen and apache__https_enabled) else False }}'
+ 'security2':
+ enabled: '{{ apache__security_module_enabled|bool }}'
+ 'status':
+ enabled: '{{ apache__status_enabled|bool }}'
+ config: |
+
+ # Revoke default permissions granted in `/etc/apache2/mods-available/status.conf`.
+ Require all denied
+
+ 'socache_shmcb':
+ enabled: '{{ True
+ if (apache__ocsp_stapling_enabled|bool
+ and "shmcb" in apache__ocsp_stapling_cache)
+ else omit }}'
+ 'authz_host':
+ enabled: '{{ True
+ if (apache__status_enabled|bool
+ and apache__status_allow_localhost)
+ else omit }}'
+ 'rewrite':
+ enabled: '{{ True
+ if (apache__register_mod_rewrite_used is defined and
+ apache__register_mod_rewrite_used.rc|d(1) == 0)
+ else omit }}'
+ apache__allow:
+ - 0.0.0.0
+# apache__default_vhost:
+# name: '{{ apache__default_vhost_name }}'
+# filename: '000-default'
+# root: '/var/www/html'
+
+ pre_tasks:
+
+ - name: Prepare apache environment
+ import_role:
+ name: 'apache'
+ tasks_from: 'main_env'
+ tags: [ 'role::apache', 'role::apache:env' ]
+
+ roles:
+
+# - role: ferm
+# tags: [ 'role::ferm', 'skip::ferm' ]
+# ferm__dependent_rules:
+# - '{{ apache__ferm__dependent_rules }}'
+
+ - role: apache
+ tags: [ 'role::apache', 'skip::apache' ]
diff --git a/manala.nginx.yml b/manala.nginx.yml
new file mode 100644
index 0000000..0aae5ac
--- /dev/null
+++ b/manala.nginx.yml
@@ -0,0 +1,11 @@
+---
+- hosts: debian10
+ collections:
+ - nginxinc.nginx_core
+ - manala.roles
+ tasks:
+ - name: Install NGINX
+ ansible.builtin.include_role:
+ name: nginx
+ vars:
+ nginx_type: opensource
diff --git a/manala.php.yml b/manala.php.yml
new file mode 100644
index 0000000..651abc6
--- /dev/null
+++ b/manala.php.yml
@@ -0,0 +1,22 @@
+---
+- hosts: debian10
+ collections:
+ - nginxinc.nginx_core
+ - manala.roles
+ vars:
+ manala_apt_repositories:
+ - contrib
+ manala_apt_preferences:
+ - git@backports
+ - sury_php:100
+ - php@sury_php:300
+ - nginx@nginx
+ tasks:
+ - name: Install Manala APT
+ ansible.builtin.include_role:
+ name: manala.roles.apt
+ - name: Install PHP
+ ansible.builtin.include_role:
+ name: manala.roles.php
+ vars:
+ manala_php_version: 7.4
diff --git a/mariadb.yml b/mariadb.yml
new file mode 100644
index 0000000..3b14500
--- /dev/null
+++ b/mariadb.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Manage MariaDB client
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ vars:
+ mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
+ mariadb__upstream_version: '10.5'
+ mariadb__databases:
+ - name: 'intermetiz'
+ - name: 'intermetiz-products'
+ mariadb__users:
+ - name: 'intermetiz'
+ host: '%'
+ database: 'intermetiz%'
+
+ roles:
+
+ - role: secret
+
+ - role: keyring
+ tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb' ]
+ keyring__dependent_apt_keys:
+ - '{{ mariadb__keyring__dependent_apt_keys }}'
+
+ - role: python
+ tags: [ 'role::python', 'skip::python', 'role::mariadb' ]
+ python__dependent_packages3:
+ - '{{ mariadb__python__dependent_packages3 }}'
+ python__dependent_packages2:
+ - '{{ mariadb__python__dependent_packages2 }}'
+
+ - role: mariadb
+ tags: [ 'role::mariadb', 'skip::mariadb' ]
diff --git a/mariadb_server.yml b/mariadb_server.yml
new file mode 100644
index 0000000..af70648
--- /dev/null
+++ b/mariadb_server.yml
@@ -0,0 +1,48 @@
+---
+
+- name: Manage MariaDB server
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ vars:
+ mariadb_server__flavor: '{{ ansible_local.mariadb.flavor
+ |d(mariadb_server__flavor_map[ansible_distribution_release] | d("mariadb_upstream")) }}'
+ mariadb_server__upstream_version: '10.5'
+ mariadb_server__bind_address: '0.0.0.0'
+
+ roles:
+ - role: keyring
+ tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb_server' ]
+ keyring__dependent_apt_keys:
+ - '{{ mariadb_server__keyring__dependent_apt_keys }}'
+
+ - role: etc_services
+ tags: [ 'role::etc_services' ]
+ etc_services__dependent_list:
+ - '{{ mariadb_server__etc_services__dependent_rules }}'
+#
+# - role: ferm
+# tags: [ 'role::ferm', 'skip::ferm' ]
+# ferm__dependent_rules:
+# - '{{ mariadb_server__ferm__dependent_rules }}'
+
+# - role: tcpwrappers
+# tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
+# tcpwrappers__dependent_allow:
+# - '{{ mariadb_server__tcpwrappers__dependent_allow }}'
+
+ - role: python
+ tags: [ 'role::python', 'skip::python', 'role::mariadb_server' ]
+ python__dependent_packages3:
+ - '{{ mariadb_server__python__dependent_packages3 }}'
+ python__dependent_packages2:
+ - '{{ mariadb_server__python__dependent_packages2 }}'
+
+ - role: mariadb_server
+ tags: [ 'role::mariadb_server', 'skip::mariadb_server' ]
diff --git a/php.yml b/php.yml
new file mode 100644
index 0000000..508c4d0
--- /dev/null
+++ b/php.yml
@@ -0,0 +1,80 @@
+---
+
+- name: Install and manage PHP environment
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ vars:
+ php__version_preference: [ 'php7.4' ]
+ php__sury: '{{ ansible_local.php.sury
+ |d(ansible_distribution_release in [ "buster" ]) | bool }}'
+ php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}'
+ php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}'
+ php__sury_apt_key_id_map:
+ 'Debian':
+ - id: '1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743'
+ repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
+ state: '{{ "present" if php__sury|bool else "absent" }}'
+
+ # Key replaced due to security concerns
+ # Ref: https://www.patreon.com/posts/dpa-new-signing-25451165
+ - id: 'DF3D 585D B8F0 EB65 8690 A554 AC0E 4758 4A7A 714D'
+ state: 'absent'
+ php__sury_apt_repo_map:
+ 'Debian': 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
+ 'Ubuntu': 'ppa:ondrej/php'
+ php__base_packages:
+ - unzip
+ - git
+ # mysql - это нужно только для WordPress
+ # mbstring требует только некоторые пакеты в laravel
+ # bcmath - нужно для работы парсера Excel файлов на одном из проектов
+ php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath'' ]
+ php__composer_upstream_enabled: '{{ True
+ if (ansible_distribution_release in
+ [ "buster" ])
+ else False }}'
+ php__php_included_packages: '{{ php__common_included_packages
+ + [ "sysvsem", "sysvshm" ] }}'
+
+ pre_tasks:
+
+ - name: Apply keyring configuration for php environment
+ import_role:
+ name: 'keyring'
+ vars:
+ keyring__dependent_apt_keys:
+ - '{{ php__keyring__dependent_apt_keys }}'
+ tags: [ 'role::keyring', 'skip::keyring', 'role::php' ]
+
+ - name: Prepare php environment
+ import_role:
+ name: 'php'
+ tasks_from: 'main_env'
+ tags: [ 'role::php', 'role::php:env', 'role::logrotate' ]
+
+ roles:
+
+ - role: apt_preferences
+ tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
+ apt_preferences__dependent_list:
+ - '{{ php__apt_preferences__dependent_list }}'
+
+ - role: cron
+ tags: [ 'role::cron', 'skip::cron' ]
+
+ - role: logrotate
+ tags: [ 'role::logrotate', 'skip::logrotate' ]
+ logrotate__dependent_config:
+ - '{{ php__logrotate__dependent_config }}'
+
+ - role: apt_install
+
+ - role: php
+ tags: [ 'role::php', 'skip::php' ]
diff --git a/phpmyadmin.yml b/phpmyadmin.yml
new file mode 100644
index 0000000..f907f37
--- /dev/null
+++ b/phpmyadmin.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Manage MariaDB server
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ roles:
+
+ - role: phpmyadmin
+ tags: [ 'role::phpmyadmin', 'skip::phpmyadmin' ]
diff --git a/pki.yml b/pki.yml
new file mode 100644
index 0000000..73aeeff
--- /dev/null
+++ b/pki.yml
@@ -0,0 +1,36 @@
+---
+
+- name: Manage Public Key Infrastructure
+ collections: [ 'debops.debops', 'debops.roles01',
+ 'debops.roles02', 'debops.roles03' ]
+ hosts: [ 'debian10' ]
+ become: True
+
+ environment: '{{ inventory__environment | d({})
+ | combine(inventory__group_environment | d({}))
+ | combine(inventory__host_environment | d({})) }}'
+
+ vars:
+ pki_internal: True
+ pki_acme: False
+
+ pre_tasks:
+
+ - name: Prepare pki environment
+ import_role:
+ name: 'pki'
+ tasks_from: 'main_env'
+ tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ]
+
+ roles:
+
+ - role: secret
+ tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ]
+ secret_directories:
+ - '{{ pki_env_secret_directories }}'
+
+ - role: cron
+ tags: [ 'role::cron', 'skip::cron' ]
+
+ - role: pki
+ tags: [ 'role::pki', 'skip::pki' ]
diff --git a/requirements.yml b/requirements.yml
index 411947a..f1c7a5d 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,5 +3,4 @@
collections:
- name: nginxinc.nginx_core
version: 0.8.0
-
-...
\ No newline at end of file
+ - name: debops.debops
diff --git a/role/defaults/main.yml b/role/defaults/main.yml
new file mode 100644
index 0000000..52d9415
--- /dev/null
+++ b/role/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+mariadb__root_password: '{{ lookup("password", secret + "/credentials/" +
+ ansible_fqdn + "/mariadb/root/password length=20") }}'
diff --git a/roles/php/files/docker-php-ext-configure b/roles/php-from-source/files/docker-php-ext-configure
similarity index 100%
rename from roles/php/files/docker-php-ext-configure
rename to roles/php-from-source/files/docker-php-ext-configure
diff --git a/roles/php/files/docker-php-ext-enable b/roles/php-from-source/files/docker-php-ext-enable
similarity index 100%
rename from roles/php/files/docker-php-ext-enable
rename to roles/php-from-source/files/docker-php-ext-enable
diff --git a/roles/php/files/docker-php-ext-install b/roles/php-from-source/files/docker-php-ext-install
similarity index 100%
rename from roles/php/files/docker-php-ext-install
rename to roles/php-from-source/files/docker-php-ext-install
diff --git a/roles/php/files/docker-php-source b/roles/php-from-source/files/docker-php-source
similarity index 100%
rename from roles/php/files/docker-php-source
rename to roles/php-from-source/files/docker-php-source
diff --git a/roles/php/tasks/main.yml b/roles/php-from-source/tasks/main.yml
similarity index 100%
rename from roles/php/tasks/main.yml
rename to roles/php-from-source/tasks/main.yml
diff --git a/roles/phpmyadmin/COPYRIGHT b/roles/phpmyadmin/COPYRIGHT
new file mode 100644
index 0000000..0e0dd08
--- /dev/null
+++ b/roles/phpmyadmin/COPYRIGHT
@@ -0,0 +1,19 @@
+debops.phpmyadmin - Manage phpMyAdmin service using Ansible
+
+Copyright (C) 2014-2019 Maciej Delmanowski
+Copyright (C) 2015-2019 DebOps
+SPDX-License-Identifier: GPL-3.0-only
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.
diff --git a/roles/phpmyadmin/README.md b/roles/phpmyadmin/README.md
new file mode 100644
index 0000000..e642e01
--- /dev/null
+++ b/roles/phpmyadmin/README.md
@@ -0,0 +1,4 @@
+### phpmyadmin
+
+This role does not have official documentation.
+See [DebOps documentation](https://docs.debops.org/en/tags/v3.0.3^0/) instead.
diff --git a/roles/phpmyadmin/defaults/main.yml b/roles/phpmyadmin/defaults/main.yml
new file mode 100644
index 0000000..d243c3c
--- /dev/null
+++ b/roles/phpmyadmin/defaults/main.yml
@@ -0,0 +1,99 @@
+---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
+# .. Copyright (C) 2014-2019 Maciej Delmanowski
+# .. Copyright (C) 2015-2019 DebOps
+# .. SPDX-License-Identifier: GPL-3.0-only
+
+# .. _phpmyadmin__ref_defaults:
+
+# debops.phpmyadmin default variables
+# ===================================
+
+# .. contents:: Sections
+# :local:
+#
+# .. include:: ../../../../includes/global.rst
+
+
+# .. envvar:: phpmyadmin_dependencies [[[
+#
+# Should PHPMyAdmin role manage its own dependencies?
+phpmyadmin_dependencies: True
+
+ # ]]]
+# .. envvar:: phpmyadmin_domain [[[
+#
+# What subdomain should be used for PHPMyAdmin in nginx configuration
+phpmyadmin_domain: [ 'mysql.{{ ansible_domain }}' ]
+
+ # ]]]
+# .. envvar:: phpmyadmin_password_length [[[
+#
+# Default length of generated passwords
+phpmyadmin_password_length: '20'
+
+ # ]]]
+# .. envvar:: phpmyadmin_control_password [[[
+#
+# Default PHPMyAdmin control password
+phpmyadmin_control_password: "{{ lookup('password', secret + '/mariadb/' + ansible_local['mariadb'].delegate_to + '/credentials/' + phpmyadmin_control_user + '/password length=' + phpmyadmin_password_length) }}"
+
+
+ # ]]]
+# .. envvar:: phpmyadmin_allow [[[
+#
+# List of IP addresses or network ranges in CIDR format, allowed to access
+# PHPMyAdmin. Leave empty to allow access from all IP addresses/networks
+phpmyadmin_allow: []
+
+ # ]]]
+# .. envvar:: phpmyadmin_upload_size [[[
+#
+# Max upload size for nginx and php5
+phpmyadmin_upload_size: '64M'
+
+ # ]]]
+# .. envvar:: phpmyadmin_php5_max_children [[[
+#
+# Maximum number of PHP5 processes for PHPMyAdmin
+phpmyadmin_php5_max_children: '20'
+
+ # ]]]
+# Configuration for other Ansible roles [[[
+# -----------------------------------------
+
+# .. envvar:: phpmyadmin__php__dependent_packages [[[
+#
+# Package configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_packages:
+
+ - 'mysql'
+ - 'mcrypt'
+ - 'gd'
+
+ # ]]]
+# .. envvar:: phpmyadmin__php__dependent_pools [[[
+#
+# Pool configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_pools:
+
+ - '{{ phpmyadmin_php5_pool }}'
+
+ # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_servers [[[
+#
+# Server configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_servers:
+
+ - '{{ phpmyadmin_nginx_server }}'
+
+ # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_upstreams [[[
+#
+# Upstream configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_upstreams:
+
+ - '{{ phpmyadmin_nginx_upstream_php5 }}'
+ # ]]]
+ # ]]]
diff --git a/roles/phpmyadmin/meta/main.yml b/roles/phpmyadmin/meta/main.yml
new file mode 100644
index 0000000..1d0aef5
--- /dev/null
+++ b/roles/phpmyadmin/meta/main.yml
@@ -0,0 +1,34 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski
+# Copyright (C) 2015-2019 DebOps
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+ author: 'Maciej Delmanowski'
+ description: 'Install and configure PHPMyAdmin on a MySQL database server'
+ company: 'DebOps'
+ license: 'GPL-3.0-only'
+ min_ansible_version: '1.7.0'
+ platforms:
+ - name: Ubuntu
+ versions:
+ - precise
+ - quantal
+ - raring
+ - saucy
+ - trusty
+ - name: Debian
+ versions:
+ - wheezy
+ - jessie
+ galaxy_tags:
+ - mysql
+ - database
+ - php
diff --git a/roles/phpmyadmin/tasks/main.yml b/roles/phpmyadmin/tasks/main.yml
new file mode 100644
index 0000000..d88fb0d
--- /dev/null
+++ b/roles/phpmyadmin/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski
+# Copyright (C) 2015-2019 DebOps
+# SPDX-License-Identifier: GPL-3.0-only
+
+- name: Import DebOps secret role
+ import_role:
+ name: 'secret'
+
+- name: Install dbconfig-common
+ apt: pkg=dbconfig-common state=present install_recommends=no
+ register: phpmyadmin__register_dbconfig_packages
+ until: phpmyadmin__register_dbconfig_packages is succeeded
+
+- name: Pre-configure PHPMyAdmin database
+ template: src=etc/dbconfig-common/phpmyadmin.conf.j2
+ dest=/etc/dbconfig-common/phpmyadmin.conf
+ owner=root group=root mode=0600
+
+- name: Install PHPMyAdmin packages
+ apt: pkg=phpmyadmin state=present install_recommends=no
+ register: phpmyadmin__register_packages
+ until: phpmyadmin__register_packages is succeeded
+
+- name: Create database for PHPMyAdmin
+ mysql_db: name={{ phpmyadmin_control_database | default('phpmyadmin') }} state=present
+ register: phpmyadmin_database
+
+- name: Import PHPMyAdmin schema
+ mysql_db: # noqa no-handler
+ name: '{{ phpmyadmin_control_database | default("phpmyadmin") }}'
+ state: 'import'
+ target: '/usr/share/dbconfig-common/data/phpmyadmin/install/mysql'
+ login_unix_socket: '/run/mysqld/mysqld.sock'
+ when: phpmyadmin_database is defined and phpmyadmin_database is changed
+
+- name: Create PHPMyAdmin control user
+ mysql_user:
+ name: "{{ phpmyadmin_control_user | default('phpmyadmin') }}"
+ state: 'present'
+ password: '{{ phpmyadmin_control_password }}'
+ priv: "{{ phpmyadmin_control_database | default('phpmyadmin') }}.*:ALL"
+ login_unix_socket: '/run/mysqld/mysqld.sock'
+ no_log: '{{ debops__no_log | d(True) }}'
diff --git a/roles/phpmyadmin/templates/etc/dbconfig-common/phpmyadmin.conf.j2 b/roles/phpmyadmin/templates/etc/dbconfig-common/phpmyadmin.conf.j2
new file mode 100644
index 0000000..30b42ad
--- /dev/null
+++ b/roles/phpmyadmin/templates/etc/dbconfig-common/phpmyadmin.conf.j2
@@ -0,0 +1,82 @@
+{# Copyright (C) 2014-2019 Maciej Delmanowski
+ # Copyright (C) 2015-2019 DebOps
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# This file is managed by Ansible, all changes will be lost
+
+# automatically generated by the maintainer scripts of phpmyadmin
+# any changes you make will be preserved, though your comments
+# will be lost! to change your settings you should edit this
+# file and then run "dpkg-reconfigure phpmyadmin"
+
+# dbc_install: configure database with dbconfig-common?
+# set to anything but "true" to opt out of assistance
+dbc_install='false'
+
+# dbc_upgrade: upgrade database with dbconfig-common?
+# set to anything but "true" to opt out of assistance
+dbc_upgrade='false'
+
+# dbc_remove: deconfigure database with dbconfig-common?
+# set to anything but "true" to opt out of assistance
+dbc_remove=''
+
+# dbc_dbtype: type of underlying database to use
+# this exists primarily to let dbconfig-common know what database
+# type to use when a package supports multiple database types.
+# don't change this value unless you know for certain that this
+# package supports multiple database types
+dbc_dbtype='mysql'
+
+# dbc_dbuser: database user
+# the name of the user who we will use to connect to the database.
+dbc_dbuser='{{ phpmyadmin_control_user }}'
+
+# dbc_dbpass: database user password
+# the password to use with the above username when connecting
+# to a database, if one is required
+dbc_dbpass='{{ phpmyadmin_control_password }}'
+
+# dbc_dbserver: database host.
+# leave unset to use localhost (or a more efficient local method
+# if it exists).
+dbc_dbserver=''
+
+# dbc_dbport: remote database port
+# leave unset to use the default. only applicable if you are
+# using a remote database.
+dbc_dbport=''
+
+# dbc_dbname: name of database
+# this is the name of your application's database.
+dbc_dbname='{{ phpmyadmin_control_database }}'
+
+# dbc_dbadmin: name of the administrative user
+# this is the administrative user that is used to create all of the above
+dbc_dbadmin='root'
+
+# dbc_basepath: base directory to hold database files
+# leave unset to use the default. only applicable if you are
+# using a local (filesystem based) database.
+dbc_basepath=''
+
+##
+## postgresql specific settings. if you don't use postgresql,
+## you can safely ignore all of these
+##
+
+# dbc_ssl: should we require ssl?
+# set to "true" to require that connections use ssl
+dbc_ssl=''
+
+# dbc_authmethod_admin: authentication method for admin
+# dbc_authmethod_user: authentication method for dbuser
+# see the section titled "AUTHENTICATION METHODS" in
+# /usr/share/doc/dbconfig-common/README.pgsql for more info
+dbc_authmethod_admin=''
+dbc_authmethod_user=''
+
+##
+## end postgresql specific settings
+##
+
diff --git a/roles/phpmyadmin/vars/main.yml b/roles/phpmyadmin/vars/main.yml
new file mode 100644
index 0000000..e188efc
--- /dev/null
+++ b/roles/phpmyadmin/vars/main.yml
@@ -0,0 +1,55 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski
+# Copyright (C) 2015-2019 DebOps
+# SPDX-License-Identifier: GPL-3.0-only
+
+phpmyadmin_control_user: 'phpmyadmin'
+phpmyadmin_control_database: 'phpmyadmin'
+
+phpmyadmin_nginx_server:
+ by_role: 'debops.phpmyadmin'
+ enabled: True
+ default: False
+ type: 'php5'
+ name: '{{ phpmyadmin_domain }}'
+ root: '/usr/share/phpmyadmin'
+ webroot_create: False
+
+ options: |
+ client_max_body_size {{ phpmyadmin_upload_size }};
+
+ location:
+
+ # Required for location_allow to work
+ '/': 'try_files $uri $uri/ =404;'
+
+ '~ ^/(setup|libraries)': 'deny all;'
+
+ location_allow:
+ '/': '{{ phpmyadmin_allow }}'
+
+ php5: 'php5_phpmyadmin'
+
+ php5_options: |
+ {% if phpmyadmin_allow is defined and phpmyadmin_allow %}
+ {% for address in phpmyadmin_allow %}
+ allow {{ address }};
+ {% endfor %}
+ deny all;
+ {% endif %}
+
+phpmyadmin_nginx_upstream_php5:
+ enabled: True
+ name: 'php5_phpmyadmin'
+ type: 'php5'
+ php5: 'phpmyadmin'
+
+phpmyadmin_php5_pool:
+ enabled: True
+ name: 'phpmyadmin'
+ user: 'www-data'
+ group: 'www-data'
+ pm_max_children: '{{ phpmyadmin_php5_max_children }}'
+ php_value:
+ post_max_size: '{{ phpmyadmin_upload_size }}'
+ upload_max_filesize: '{{ phpmyadmin_upload_size }}'
diff --git a/secret/.gitignore b/secret/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/secret/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/site.yml b/site.yml
index 4e8afad..6afbba6 100644
--- a/site.yml
+++ b/site.yml
@@ -1,7 +1,10 @@
---
-
-- import_playbook: anygroup.yml
+- import_playbook: pki.yml
+- import_playbook: mariadb_server.yml
+- import_playbook: mariadb.yml
+- import_playbook: php.yml
+- import_playbook: apache.yml
# Import all other group playbooks in this file...
-...
\ No newline at end of file
+...