+ debops: apache with pki, mariadb_server, php7.4 with extensions, mariadb client role with secret
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
*.retry
|
||||
.idea
|
||||
/secret
|
||||
|
69
apache.yml
Normal file
69
apache.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
|
||||
- name: Manage and configure the Apache HTTP Server
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars:
|
||||
apache__base_packages:
|
||||
- libapache2-mod-php7.4
|
||||
apache__role_modules:
|
||||
'headers': True
|
||||
'alias': True
|
||||
'php7.4': True
|
||||
'ssl':
|
||||
enabled: '{{ True if (apache__https_listen and apache__https_enabled) else False }}'
|
||||
'security2':
|
||||
enabled: '{{ apache__security_module_enabled|bool }}'
|
||||
'status':
|
||||
enabled: '{{ apache__status_enabled|bool }}'
|
||||
config: |
|
||||
<Location /server-status>
|
||||
# Revoke default permissions granted in `/etc/apache2/mods-available/status.conf`.
|
||||
Require all denied
|
||||
</Location>
|
||||
'socache_shmcb':
|
||||
enabled: '{{ True
|
||||
if (apache__ocsp_stapling_enabled|bool
|
||||
and "shmcb" in apache__ocsp_stapling_cache)
|
||||
else omit }}'
|
||||
'authz_host':
|
||||
enabled: '{{ True
|
||||
if (apache__status_enabled|bool
|
||||
and apache__status_allow_localhost)
|
||||
else omit }}'
|
||||
'rewrite':
|
||||
enabled: '{{ True
|
||||
if (apache__register_mod_rewrite_used is defined and
|
||||
apache__register_mod_rewrite_used.rc|d(1) == 0)
|
||||
else omit }}'
|
||||
apache__allow:
|
||||
- 0.0.0.0
|
||||
# apache__default_vhost:
|
||||
# name: '{{ apache__default_vhost_name }}'
|
||||
# filename: '000-default'
|
||||
# root: '/var/www/html'
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- name: Prepare apache environment
|
||||
import_role:
|
||||
name: 'apache'
|
||||
tasks_from: 'main_env'
|
||||
tags: [ 'role::apache', 'role::apache:env' ]
|
||||
|
||||
roles:
|
||||
|
||||
# - role: ferm
|
||||
# tags: [ 'role::ferm', 'skip::ferm' ]
|
||||
# ferm__dependent_rules:
|
||||
# - '{{ apache__ferm__dependent_rules }}'
|
||||
|
||||
- role: apache
|
||||
tags: [ 'role::apache', 'skip::apache' ]
|
11
manala.nginx.yml
Normal file
11
manala.nginx.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- hosts: debian10
|
||||
collections:
|
||||
- nginxinc.nginx_core
|
||||
- manala.roles
|
||||
tasks:
|
||||
- name: Install NGINX
|
||||
ansible.builtin.include_role:
|
||||
name: nginx
|
||||
vars:
|
||||
nginx_type: opensource
|
22
manala.php.yml
Normal file
22
manala.php.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- hosts: debian10
|
||||
collections:
|
||||
- nginxinc.nginx_core
|
||||
- manala.roles
|
||||
vars:
|
||||
manala_apt_repositories:
|
||||
- contrib
|
||||
manala_apt_preferences:
|
||||
- git@backports
|
||||
- sury_php:100
|
||||
- php@sury_php:300
|
||||
- nginx@nginx
|
||||
tasks:
|
||||
- name: Install Manala APT
|
||||
ansible.builtin.include_role:
|
||||
name: manala.roles.apt
|
||||
- name: Install PHP
|
||||
ansible.builtin.include_role:
|
||||
name: manala.roles.php
|
||||
vars:
|
||||
manala_php_version: 7.4
|
41
mariadb.yml
Normal file
41
mariadb.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
|
||||
- name: Manage MariaDB client
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars:
|
||||
mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
|
||||
mariadb__upstream_version: '10.5'
|
||||
mariadb__databases:
|
||||
- name: 'intermetiz'
|
||||
- name: 'intermetiz-products'
|
||||
mariadb__users:
|
||||
- name: 'intermetiz'
|
||||
host: '%'
|
||||
database: 'intermetiz%'
|
||||
|
||||
roles:
|
||||
|
||||
- role: secret
|
||||
|
||||
- role: keyring
|
||||
tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb' ]
|
||||
keyring__dependent_apt_keys:
|
||||
- '{{ mariadb__keyring__dependent_apt_keys }}'
|
||||
|
||||
- role: python
|
||||
tags: [ 'role::python', 'skip::python', 'role::mariadb' ]
|
||||
python__dependent_packages3:
|
||||
- '{{ mariadb__python__dependent_packages3 }}'
|
||||
python__dependent_packages2:
|
||||
- '{{ mariadb__python__dependent_packages2 }}'
|
||||
|
||||
- role: mariadb
|
||||
tags: [ 'role::mariadb', 'skip::mariadb' ]
|
48
mariadb_server.yml
Normal file
48
mariadb_server.yml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
|
||||
- name: Manage MariaDB server
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars:
|
||||
mariadb_server__flavor: '{{ ansible_local.mariadb.flavor
|
||||
|d(mariadb_server__flavor_map[ansible_distribution_release] | d("mariadb_upstream")) }}'
|
||||
mariadb_server__upstream_version: '10.5'
|
||||
mariadb_server__bind_address: '0.0.0.0'
|
||||
|
||||
roles:
|
||||
- role: keyring
|
||||
tags: [ 'role::keyring', 'skip::keyring', 'role::mariadb_server' ]
|
||||
keyring__dependent_apt_keys:
|
||||
- '{{ mariadb_server__keyring__dependent_apt_keys }}'
|
||||
|
||||
- role: etc_services
|
||||
tags: [ 'role::etc_services' ]
|
||||
etc_services__dependent_list:
|
||||
- '{{ mariadb_server__etc_services__dependent_rules }}'
|
||||
#
|
||||
# - role: ferm
|
||||
# tags: [ 'role::ferm', 'skip::ferm' ]
|
||||
# ferm__dependent_rules:
|
||||
# - '{{ mariadb_server__ferm__dependent_rules }}'
|
||||
|
||||
# - role: tcpwrappers
|
||||
# tags: [ 'role::tcpwrappers', 'skip::tcpwrappers' ]
|
||||
# tcpwrappers__dependent_allow:
|
||||
# - '{{ mariadb_server__tcpwrappers__dependent_allow }}'
|
||||
|
||||
- role: python
|
||||
tags: [ 'role::python', 'skip::python', 'role::mariadb_server' ]
|
||||
python__dependent_packages3:
|
||||
- '{{ mariadb_server__python__dependent_packages3 }}'
|
||||
python__dependent_packages2:
|
||||
- '{{ mariadb_server__python__dependent_packages2 }}'
|
||||
|
||||
- role: mariadb_server
|
||||
tags: [ 'role::mariadb_server', 'skip::mariadb_server' ]
|
80
php.yml
Normal file
80
php.yml
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
|
||||
- name: Install and manage PHP environment
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars:
|
||||
php__version_preference: [ 'php7.4' ]
|
||||
php__sury: '{{ ansible_local.php.sury
|
||||
|d(ansible_distribution_release in [ "buster" ]) | bool }}'
|
||||
php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}'
|
||||
php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}'
|
||||
php__sury_apt_key_id_map:
|
||||
'Debian':
|
||||
- id: '1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743'
|
||||
repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
|
||||
state: '{{ "present" if php__sury|bool else "absent" }}'
|
||||
|
||||
# Key replaced due to security concerns
|
||||
# Ref: https://www.patreon.com/posts/dpa-new-signing-25451165
|
||||
- id: 'DF3D 585D B8F0 EB65 8690 A554 AC0E 4758 4A7A 714D'
|
||||
state: 'absent'
|
||||
php__sury_apt_repo_map:
|
||||
'Debian': 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main'
|
||||
'Ubuntu': 'ppa:ondrej/php'
|
||||
php__base_packages:
|
||||
- unzip
|
||||
- git
|
||||
# mysql - это нужно только для WordPress
|
||||
# mbstring требует только некоторые пакеты в laravel
|
||||
# bcmath - нужно для работы парсера Excel файлов на одном из проектов
|
||||
php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath'' ]
|
||||
php__composer_upstream_enabled: '{{ True
|
||||
if (ansible_distribution_release in
|
||||
[ "buster" ])
|
||||
else False }}'
|
||||
php__php_included_packages: '{{ php__common_included_packages
|
||||
+ [ "sysvsem", "sysvshm" ] }}'
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- name: Apply keyring configuration for php environment
|
||||
import_role:
|
||||
name: 'keyring'
|
||||
vars:
|
||||
keyring__dependent_apt_keys:
|
||||
- '{{ php__keyring__dependent_apt_keys }}'
|
||||
tags: [ 'role::keyring', 'skip::keyring', 'role::php' ]
|
||||
|
||||
- name: Prepare php environment
|
||||
import_role:
|
||||
name: 'php'
|
||||
tasks_from: 'main_env'
|
||||
tags: [ 'role::php', 'role::php:env', 'role::logrotate' ]
|
||||
|
||||
roles:
|
||||
|
||||
- role: apt_preferences
|
||||
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
|
||||
apt_preferences__dependent_list:
|
||||
- '{{ php__apt_preferences__dependent_list }}'
|
||||
|
||||
- role: cron
|
||||
tags: [ 'role::cron', 'skip::cron' ]
|
||||
|
||||
- role: logrotate
|
||||
tags: [ 'role::logrotate', 'skip::logrotate' ]
|
||||
logrotate__dependent_config:
|
||||
- '{{ php__logrotate__dependent_config }}'
|
||||
|
||||
- role: apt_install
|
||||
|
||||
- role: php
|
||||
tags: [ 'role::php', 'skip::php' ]
|
16
phpmyadmin.yml
Normal file
16
phpmyadmin.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
- name: Manage MariaDB server
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
roles:
|
||||
|
||||
- role: phpmyadmin
|
||||
tags: [ 'role::phpmyadmin', 'skip::phpmyadmin' ]
|
36
pki.yml
Normal file
36
pki.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
|
||||
- name: Manage Public Key Infrastructure
|
||||
collections: [ 'debops.debops', 'debops.roles01',
|
||||
'debops.roles02', 'debops.roles03' ]
|
||||
hosts: [ 'debian10' ]
|
||||
become: True
|
||||
|
||||
environment: '{{ inventory__environment | d({})
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars:
|
||||
pki_internal: True
|
||||
pki_acme: False
|
||||
|
||||
pre_tasks:
|
||||
|
||||
- name: Prepare pki environment
|
||||
import_role:
|
||||
name: 'pki'
|
||||
tasks_from: 'main_env'
|
||||
tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ]
|
||||
|
||||
roles:
|
||||
|
||||
- role: secret
|
||||
tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ]
|
||||
secret_directories:
|
||||
- '{{ pki_env_secret_directories }}'
|
||||
|
||||
- role: cron
|
||||
tags: [ 'role::cron', 'skip::cron' ]
|
||||
|
||||
- role: pki
|
||||
tags: [ 'role::pki', 'skip::pki' ]
|
@ -3,5 +3,4 @@
|
||||
collections:
|
||||
- name: nginxinc.nginx_core
|
||||
version: 0.8.0
|
||||
|
||||
...
|
||||
- name: debops.debops
|
||||
|
3
role/defaults/main.yml
Normal file
3
role/defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
mariadb__root_password: '{{ lookup("password", secret + "/credentials/" +
|
||||
ansible_fqdn + "/mariadb/root/password length=20") }}'
|
19
roles/phpmyadmin/COPYRIGHT
Normal file
19
roles/phpmyadmin/COPYRIGHT
Normal file
@ -0,0 +1,19 @@
|
||||
debops.phpmyadmin - Manage phpMyAdmin service using Ansible
|
||||
|
||||
Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
This Ansible role is part of DebOps.
|
||||
|
||||
DebOps is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License version 3, as
|
||||
published by the Free Software Foundation.
|
||||
|
||||
DebOps is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with DebOps. If not, see https://www.gnu.org/licenses/.
|
4
roles/phpmyadmin/README.md
Normal file
4
roles/phpmyadmin/README.md
Normal file
@ -0,0 +1,4 @@
|
||||
### phpmyadmin
|
||||
|
||||
This role does not have official documentation.
|
||||
See [DebOps documentation](https://docs.debops.org/en/tags/v3.0.3^0/) instead.
|
99
roles/phpmyadmin/defaults/main.yml
Normal file
99
roles/phpmyadmin/defaults/main.yml
Normal file
@ -0,0 +1,99 @@
|
||||
---
|
||||
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
||||
|
||||
# .. Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
# .. Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
# .. SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
# .. _phpmyadmin__ref_defaults:
|
||||
|
||||
# debops.phpmyadmin default variables
|
||||
# ===================================
|
||||
|
||||
# .. contents:: Sections
|
||||
# :local:
|
||||
#
|
||||
# .. include:: ../../../../includes/global.rst
|
||||
|
||||
|
||||
# .. envvar:: phpmyadmin_dependencies [[[
|
||||
#
|
||||
# Should PHPMyAdmin role manage its own dependencies?
|
||||
phpmyadmin_dependencies: True
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_domain [[[
|
||||
#
|
||||
# What subdomain should be used for PHPMyAdmin in nginx configuration
|
||||
phpmyadmin_domain: [ 'mysql.{{ ansible_domain }}' ]
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_password_length [[[
|
||||
#
|
||||
# Default length of generated passwords
|
||||
phpmyadmin_password_length: '20'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_control_password [[[
|
||||
#
|
||||
# Default PHPMyAdmin control password
|
||||
phpmyadmin_control_password: "{{ lookup('password', secret + '/mariadb/' + ansible_local['mariadb'].delegate_to + '/credentials/' + phpmyadmin_control_user + '/password length=' + phpmyadmin_password_length) }}"
|
||||
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_allow [[[
|
||||
#
|
||||
# List of IP addresses or network ranges in CIDR format, allowed to access
|
||||
# PHPMyAdmin. Leave empty to allow access from all IP addresses/networks
|
||||
phpmyadmin_allow: []
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_upload_size [[[
|
||||
#
|
||||
# Max upload size for nginx and php5
|
||||
phpmyadmin_upload_size: '64M'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin_php5_max_children [[[
|
||||
#
|
||||
# Maximum number of PHP5 processes for PHPMyAdmin
|
||||
phpmyadmin_php5_max_children: '20'
|
||||
|
||||
# ]]]
|
||||
# Configuration for other Ansible roles [[[
|
||||
# -----------------------------------------
|
||||
|
||||
# .. envvar:: phpmyadmin__php__dependent_packages [[[
|
||||
#
|
||||
# Package configuration for the :ref:`debops.php` Ansible role.
|
||||
phpmyadmin__php__dependent_packages:
|
||||
|
||||
- 'mysql'
|
||||
- 'mcrypt'
|
||||
- 'gd'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin__php__dependent_pools [[[
|
||||
#
|
||||
# Pool configuration for the :ref:`debops.php` Ansible role.
|
||||
phpmyadmin__php__dependent_pools:
|
||||
|
||||
- '{{ phpmyadmin_php5_pool }}'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin__nginx__dependent_servers [[[
|
||||
#
|
||||
# Server configuration for the :ref:`debops.nginx` Ansible role.
|
||||
phpmyadmin__nginx__dependent_servers:
|
||||
|
||||
- '{{ phpmyadmin_nginx_server }}'
|
||||
|
||||
# ]]]
|
||||
# .. envvar:: phpmyadmin__nginx__dependent_upstreams [[[
|
||||
#
|
||||
# Upstream configuration for the :ref:`debops.nginx` Ansible role.
|
||||
phpmyadmin__nginx__dependent_upstreams:
|
||||
|
||||
- '{{ phpmyadmin_nginx_upstream_php5 }}'
|
||||
# ]]]
|
||||
# ]]]
|
34
roles/phpmyadmin/meta/main.yml
Normal file
34
roles/phpmyadmin/meta/main.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
# SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
# Ensure that custom Ansible plugins and modules included in the main DebOps
|
||||
# collection are available to roles in other collections.
|
||||
collections: [ 'debops.debops' ]
|
||||
|
||||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
|
||||
author: 'Maciej Delmanowski'
|
||||
description: 'Install and configure PHPMyAdmin on a MySQL database server'
|
||||
company: 'DebOps'
|
||||
license: 'GPL-3.0-only'
|
||||
min_ansible_version: '1.7.0'
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- precise
|
||||
- quantal
|
||||
- raring
|
||||
- saucy
|
||||
- trusty
|
||||
- name: Debian
|
||||
versions:
|
||||
- wheezy
|
||||
- jessie
|
||||
galaxy_tags:
|
||||
- mysql
|
||||
- database
|
||||
- php
|
44
roles/phpmyadmin/tasks/main.yml
Normal file
44
roles/phpmyadmin/tasks/main.yml
Normal file
@ -0,0 +1,44 @@
|
||||
---
|
||||
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
# SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
- name: Import DebOps secret role
|
||||
import_role:
|
||||
name: 'secret'
|
||||
|
||||
- name: Install dbconfig-common
|
||||
apt: pkg=dbconfig-common state=present install_recommends=no
|
||||
register: phpmyadmin__register_dbconfig_packages
|
||||
until: phpmyadmin__register_dbconfig_packages is succeeded
|
||||
|
||||
- name: Pre-configure PHPMyAdmin database
|
||||
template: src=etc/dbconfig-common/phpmyadmin.conf.j2
|
||||
dest=/etc/dbconfig-common/phpmyadmin.conf
|
||||
owner=root group=root mode=0600
|
||||
|
||||
- name: Install PHPMyAdmin packages
|
||||
apt: pkg=phpmyadmin state=present install_recommends=no
|
||||
register: phpmyadmin__register_packages
|
||||
until: phpmyadmin__register_packages is succeeded
|
||||
|
||||
- name: Create database for PHPMyAdmin
|
||||
mysql_db: name={{ phpmyadmin_control_database | default('phpmyadmin') }} state=present
|
||||
register: phpmyadmin_database
|
||||
|
||||
- name: Import PHPMyAdmin schema
|
||||
mysql_db: # noqa no-handler
|
||||
name: '{{ phpmyadmin_control_database | default("phpmyadmin") }}'
|
||||
state: 'import'
|
||||
target: '/usr/share/dbconfig-common/data/phpmyadmin/install/mysql'
|
||||
login_unix_socket: '/run/mysqld/mysqld.sock'
|
||||
when: phpmyadmin_database is defined and phpmyadmin_database is changed
|
||||
|
||||
- name: Create PHPMyAdmin control user
|
||||
mysql_user:
|
||||
name: "{{ phpmyadmin_control_user | default('phpmyadmin') }}"
|
||||
state: 'present'
|
||||
password: '{{ phpmyadmin_control_password }}'
|
||||
priv: "{{ phpmyadmin_control_database | default('phpmyadmin') }}.*:ALL"
|
||||
login_unix_socket: '/run/mysqld/mysqld.sock'
|
||||
no_log: '{{ debops__no_log | d(True) }}'
|
@ -0,0 +1,82 @@
|
||||
{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
# SPDX-License-Identifier: GPL-3.0-only
|
||||
#}
|
||||
# This file is managed by Ansible, all changes will be lost
|
||||
|
||||
# automatically generated by the maintainer scripts of phpmyadmin
|
||||
# any changes you make will be preserved, though your comments
|
||||
# will be lost! to change your settings you should edit this
|
||||
# file and then run "dpkg-reconfigure phpmyadmin"
|
||||
|
||||
# dbc_install: configure database with dbconfig-common?
|
||||
# set to anything but "true" to opt out of assistance
|
||||
dbc_install='false'
|
||||
|
||||
# dbc_upgrade: upgrade database with dbconfig-common?
|
||||
# set to anything but "true" to opt out of assistance
|
||||
dbc_upgrade='false'
|
||||
|
||||
# dbc_remove: deconfigure database with dbconfig-common?
|
||||
# set to anything but "true" to opt out of assistance
|
||||
dbc_remove=''
|
||||
|
||||
# dbc_dbtype: type of underlying database to use
|
||||
# this exists primarily to let dbconfig-common know what database
|
||||
# type to use when a package supports multiple database types.
|
||||
# don't change this value unless you know for certain that this
|
||||
# package supports multiple database types
|
||||
dbc_dbtype='mysql'
|
||||
|
||||
# dbc_dbuser: database user
|
||||
# the name of the user who we will use to connect to the database.
|
||||
dbc_dbuser='{{ phpmyadmin_control_user }}'
|
||||
|
||||
# dbc_dbpass: database user password
|
||||
# the password to use with the above username when connecting
|
||||
# to a database, if one is required
|
||||
dbc_dbpass='{{ phpmyadmin_control_password }}'
|
||||
|
||||
# dbc_dbserver: database host.
|
||||
# leave unset to use localhost (or a more efficient local method
|
||||
# if it exists).
|
||||
dbc_dbserver=''
|
||||
|
||||
# dbc_dbport: remote database port
|
||||
# leave unset to use the default. only applicable if you are
|
||||
# using a remote database.
|
||||
dbc_dbport=''
|
||||
|
||||
# dbc_dbname: name of database
|
||||
# this is the name of your application's database.
|
||||
dbc_dbname='{{ phpmyadmin_control_database }}'
|
||||
|
||||
# dbc_dbadmin: name of the administrative user
|
||||
# this is the administrative user that is used to create all of the above
|
||||
dbc_dbadmin='root'
|
||||
|
||||
# dbc_basepath: base directory to hold database files
|
||||
# leave unset to use the default. only applicable if you are
|
||||
# using a local (filesystem based) database.
|
||||
dbc_basepath=''
|
||||
|
||||
##
|
||||
## postgresql specific settings. if you don't use postgresql,
|
||||
## you can safely ignore all of these
|
||||
##
|
||||
|
||||
# dbc_ssl: should we require ssl?
|
||||
# set to "true" to require that connections use ssl
|
||||
dbc_ssl=''
|
||||
|
||||
# dbc_authmethod_admin: authentication method for admin
|
||||
# dbc_authmethod_user: authentication method for dbuser
|
||||
# see the section titled "AUTHENTICATION METHODS" in
|
||||
# /usr/share/doc/dbconfig-common/README.pgsql for more info
|
||||
dbc_authmethod_admin=''
|
||||
dbc_authmethod_user=''
|
||||
|
||||
##
|
||||
## end postgresql specific settings
|
||||
##
|
||||
|
55
roles/phpmyadmin/vars/main.yml
Normal file
55
roles/phpmyadmin/vars/main.yml
Normal file
@ -0,0 +1,55 @@
|
||||
---
|
||||
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
|
||||
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
|
||||
# SPDX-License-Identifier: GPL-3.0-only
|
||||
|
||||
phpmyadmin_control_user: 'phpmyadmin'
|
||||
phpmyadmin_control_database: 'phpmyadmin'
|
||||
|
||||
phpmyadmin_nginx_server:
|
||||
by_role: 'debops.phpmyadmin'
|
||||
enabled: True
|
||||
default: False
|
||||
type: 'php5'
|
||||
name: '{{ phpmyadmin_domain }}'
|
||||
root: '/usr/share/phpmyadmin'
|
||||
webroot_create: False
|
||||
|
||||
options: |
|
||||
client_max_body_size {{ phpmyadmin_upload_size }};
|
||||
|
||||
location:
|
||||
|
||||
# Required for location_allow to work
|
||||
'/': 'try_files $uri $uri/ =404;'
|
||||
|
||||
'~ ^/(setup|libraries)': 'deny all;'
|
||||
|
||||
location_allow:
|
||||
'/': '{{ phpmyadmin_allow }}'
|
||||
|
||||
php5: 'php5_phpmyadmin'
|
||||
|
||||
php5_options: |
|
||||
{% if phpmyadmin_allow is defined and phpmyadmin_allow %}
|
||||
{% for address in phpmyadmin_allow %}
|
||||
allow {{ address }};
|
||||
{% endfor %}
|
||||
deny all;
|
||||
{% endif %}
|
||||
|
||||
phpmyadmin_nginx_upstream_php5:
|
||||
enabled: True
|
||||
name: 'php5_phpmyadmin'
|
||||
type: 'php5'
|
||||
php5: 'phpmyadmin'
|
||||
|
||||
phpmyadmin_php5_pool:
|
||||
enabled: True
|
||||
name: 'phpmyadmin'
|
||||
user: 'www-data'
|
||||
group: 'www-data'
|
||||
pm_max_children: '{{ phpmyadmin_php5_max_children }}'
|
||||
php_value:
|
||||
post_max_size: '{{ phpmyadmin_upload_size }}'
|
||||
upload_max_filesize: '{{ phpmyadmin_upload_size }}'
|
2
secret/.gitignore
vendored
Normal file
2
secret/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
*
|
||||
!.gitignore
|
Reference in New Issue
Block a user