+ debops: apache with pki, mariadb_server, php7.4 with extensions, mariadb client role with secret

roles/phpmyadmin/COPYRIGHT

@@ -0,0 +1,19 @@
+debops.phpmyadmin - Manage phpMyAdmin service using Ansible
+
+Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+Copyright (C) 2015-2019 DebOps <https://debops.org/>
+SPDX-License-Identifier: GPL-3.0-only
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.

roles/phpmyadmin/README.md

@@ -0,0 +1,4 @@
+### phpmyadmin
+
+This role does not have official documentation.
+See [DebOps documentation](https://docs.debops.org/en/tags/v3.0.3^0/) instead.

roles/phpmyadmin/defaults/main.yml

@@ -0,0 +1,99 @@
+---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
+# .. Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# .. Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# .. SPDX-License-Identifier: GPL-3.0-only
+
+# .. _phpmyadmin__ref_defaults:
+
+# debops.phpmyadmin default variables
+# ===================================
+
+# .. contents:: Sections
+#    :local:
+#
+# .. include:: ../../../../includes/global.rst
+
+
+# .. envvar:: phpmyadmin_dependencies [[[
+#
+# Should PHPMyAdmin role manage its own dependencies?
+phpmyadmin_dependencies: True
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_domain [[[
+#
+# What subdomain should be used for PHPMyAdmin in nginx configuration
+phpmyadmin_domain: [ 'mysql.{{ ansible_domain }}' ]
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_password_length [[[
+#
+# Default length of generated passwords
+phpmyadmin_password_length: '20'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_control_password [[[
+#
+# Default PHPMyAdmin control password
+phpmyadmin_control_password: "{{ lookup('password', secret + '/mariadb/' + ansible_local['mariadb'].delegate_to + '/credentials/' + phpmyadmin_control_user + '/password length=' + phpmyadmin_password_length) }}"
+
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_allow [[[
+#
+# List of IP addresses or network ranges in CIDR format, allowed to access
+# PHPMyAdmin. Leave empty to allow access from all IP addresses/networks
+phpmyadmin_allow: []
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_upload_size [[[
+#
+# Max upload size for nginx and php5
+phpmyadmin_upload_size: '64M'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin_php5_max_children [[[
+#
+# Maximum number of PHP5 processes for PHPMyAdmin
+phpmyadmin_php5_max_children: '20'
+
+                                                                   # ]]]
+# Configuration for other Ansible roles [[[
+# -----------------------------------------
+
+# .. envvar:: phpmyadmin__php__dependent_packages [[[
+#
+# Package configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_packages:
+
+  - 'mysql'
+  - 'mcrypt'
+  - 'gd'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__php__dependent_pools [[[
+#
+# Pool configuration for the :ref:`debops.php` Ansible role.
+phpmyadmin__php__dependent_pools:
+
+  - '{{ phpmyadmin_php5_pool }}'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_servers [[[
+#
+# Server configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_servers:
+
+  - '{{ phpmyadmin_nginx_server }}'
+
+                                                                   # ]]]
+# .. envvar:: phpmyadmin__nginx__dependent_upstreams [[[
+#
+# Upstream configuration for the :ref:`debops.nginx` Ansible role.
+phpmyadmin__nginx__dependent_upstreams:
+
+  - '{{ phpmyadmin_nginx_upstream_php5 }}'
+                                                                   # ]]]
+                                                                   # ]]]

roles/phpmyadmin/meta/main.yml

@@ -0,0 +1,34 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+  author: 'Maciej Delmanowski'
+  description: 'Install and configure PHPMyAdmin on a MySQL database server'
+  company: 'DebOps'
+  license: 'GPL-3.0-only'
+  min_ansible_version: '1.7.0'
+  platforms:
+    - name: Ubuntu
+      versions:
+        - precise
+        - quantal
+        - raring
+        - saucy
+        - trusty
+    - name: Debian
+      versions:
+        - wheezy
+        - jessie
+  galaxy_tags:
+    - mysql
+    - database
+    - php

roles/phpmyadmin/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+- name: Import DebOps secret role
+  import_role:
+    name: 'secret'
+
+- name: Install dbconfig-common
+  apt: pkg=dbconfig-common state=present install_recommends=no
+  register: phpmyadmin__register_dbconfig_packages
+  until: phpmyadmin__register_dbconfig_packages is succeeded
+
+- name: Pre-configure PHPMyAdmin database
+  template: src=etc/dbconfig-common/phpmyadmin.conf.j2
+            dest=/etc/dbconfig-common/phpmyadmin.conf
+            owner=root group=root mode=0600
+
+- name: Install PHPMyAdmin packages
+  apt: pkg=phpmyadmin state=present install_recommends=no
+  register: phpmyadmin__register_packages
+  until: phpmyadmin__register_packages is succeeded
+
+- name: Create database for PHPMyAdmin
+  mysql_db: name={{ phpmyadmin_control_database | default('phpmyadmin') }} state=present
+  register: phpmyadmin_database
+
+- name: Import PHPMyAdmin schema
+  mysql_db:  # noqa no-handler
+    name: '{{ phpmyadmin_control_database | default("phpmyadmin") }}'
+    state: 'import'
+    target: '/usr/share/dbconfig-common/data/phpmyadmin/install/mysql'
+    login_unix_socket: '/run/mysqld/mysqld.sock'
+  when: phpmyadmin_database is defined and phpmyadmin_database is changed
+
+- name: Create PHPMyAdmin control user
+  mysql_user:
+    name: "{{ phpmyadmin_control_user | default('phpmyadmin') }}"
+    state: 'present'
+    password: '{{ phpmyadmin_control_password }}'
+    priv: "{{ phpmyadmin_control_database | default('phpmyadmin') }}.*:ALL"
+    login_unix_socket: '/run/mysqld/mysqld.sock'
+  no_log: '{{ debops__no_log | d(True) }}'

roles/phpmyadmin/templates/etc/dbconfig-common/phpmyadmin.conf.j2

@@ -0,0 +1,82 @@
+{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2015-2019 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+# This file is managed by Ansible, all changes will be lost
+
+# automatically generated by the maintainer scripts of phpmyadmin
+# any changes you make will be preserved, though your comments
+# will be lost!  to change your settings you should edit this
+# file and then run "dpkg-reconfigure phpmyadmin"
+
+# dbc_install: configure database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_install='false'
+
+# dbc_upgrade: upgrade database with dbconfig-common?
+#              set to anything but "true" to opt out of assistance
+dbc_upgrade='false'
+
+# dbc_remove: deconfigure database with dbconfig-common?
+#             set to anything but "true" to opt out of assistance
+dbc_remove=''
+
+# dbc_dbtype: type of underlying database to use
+#	this exists primarily to let dbconfig-common know what database
+#	type to use when a package supports multiple database types.
+#	don't change this value unless you know for certain that this
+#	package supports multiple database types
+dbc_dbtype='mysql'
+
+# dbc_dbuser: database user
+#	the name of the user who we will use to connect to the database.
+dbc_dbuser='{{ phpmyadmin_control_user }}'
+
+# dbc_dbpass: database user password
+#	the password to use with the above username when connecting
+#	to a database, if one is required
+dbc_dbpass='{{ phpmyadmin_control_password }}'
+
+# dbc_dbserver: database host.
+#	leave unset to use localhost (or a more efficient local method
+#	if it exists).
+dbc_dbserver=''
+
+# dbc_dbport: remote database port
+#	leave unset to use the default.  only applicable if you are
+#	using a remote database.
+dbc_dbport=''
+
+# dbc_dbname: name of database
+#	this is the name of your application's database.
+dbc_dbname='{{ phpmyadmin_control_database }}'
+
+# dbc_dbadmin: name of the administrative user
+#	this is the administrative user that is used to create all of the above
+dbc_dbadmin='root'
+
+# dbc_basepath: base directory to hold database files
+#	leave unset to use the default.  only applicable if you are
+#	using a local (filesystem based) database.
+dbc_basepath=''
+
+##
+## postgresql specific settings.  if you don't use postgresql,
+## you can safely ignore all of these
+##
+
+# dbc_ssl: should we require ssl?
+#	set to "true" to require that connections use ssl
+dbc_ssl=''
+
+# dbc_authmethod_admin: authentication method for admin
+# dbc_authmethod_user: authentication method for dbuser
+#	see the section titled "AUTHENTICATION METHODS" in
+#	/usr/share/doc/dbconfig-common/README.pgsql for more info
+dbc_authmethod_admin=''
+dbc_authmethod_user=''
+
+##
+## end postgresql specific settings
+##
+

roles/phpmyadmin/vars/main.yml

@@ -0,0 +1,55 @@
+---
+# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2015-2019 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-only
+
+phpmyadmin_control_user: 'phpmyadmin'
+phpmyadmin_control_database: 'phpmyadmin'
+
+phpmyadmin_nginx_server:
+  by_role: 'debops.phpmyadmin'
+  enabled: True
+  default: False
+  type: 'php5'
+  name: '{{ phpmyadmin_domain }}'
+  root: '/usr/share/phpmyadmin'
+  webroot_create: False
+
+  options: |
+    client_max_body_size  {{ phpmyadmin_upload_size }};
+
+  location:
+
+    # Required for location_allow to work
+    '/': 'try_files $uri $uri/ =404;'
+
+    '~ ^/(setup|libraries)': 'deny all;'
+
+  location_allow:
+    '/': '{{ phpmyadmin_allow }}'
+
+  php5: 'php5_phpmyadmin'
+
+  php5_options: |
+    {% if phpmyadmin_allow is defined and phpmyadmin_allow %}
+    {% for address in phpmyadmin_allow %}
+    allow {{ address }};
+    {% endfor %}
+    deny all;
+    {% endif %}
+
+phpmyadmin_nginx_upstream_php5:
+  enabled: True
+  name: 'php5_phpmyadmin'
+  type: 'php5'
+  php5: 'phpmyadmin'
+
+phpmyadmin_php5_pool:
+  enabled: True
+  name: 'phpmyadmin'
+  user: 'www-data'
+  group: 'www-data'
+  pm_max_children: '{{ phpmyadmin_php5_max_children }}'
+  php_value:
+    post_max_size: '{{ phpmyadmin_upload_size }}'
+    upload_max_filesize: '{{ phpmyadmin_upload_size }}'