+ refactored and solve some problems with mariadb and nginx playbook
+ apps playbooks - docker, caprover * simple refactore starter scripts + apt update debops playboook prepend launch by default * sury repo changed * database users locked to localhost only * phpmyadmin blowfish generate secret fix
This commit is contained in:
		| @ -1,5 +1,5 @@ | ||||
| --- | ||||
| - import_playbook: own/apt-update.yml | ||||
| - import_playbook: debops/apt.yml | ||||
| - import_playbook: root-account.yml | ||||
| - import_playbook: debops/pki.yml | ||||
| - import_playbook: debops/system_users.yml | ||||
|  | ||||
							
								
								
									
										17
									
								
								playbooks/apps/caprover.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								playbooks/apps/caprover.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,17 @@ | ||||
| --- | ||||
| -   hosts: [ 'debian10' ] | ||||
|     tasks: | ||||
|         -   name: Configure Firewall | ||||
|             shell: | | ||||
|                 ufw allow 80,443,3000,996,7946,4789,2377/tcp; ufw allow 7946,4789,2377/udp; | ||||
|  | ||||
|         -   name: Install caprover | ||||
|             shell: | | ||||
|                 docker run -p 80:80 -p 443:443 -p 3000:3000 -e ACCEPTED_TERMS=true -v /var/run/docker.sock:/var/run/docker.sock -v /captain:/captain caprover/caprover | ||||
|  | ||||
|         -   name: "Install npm caprover package (after that use: caprover serversetup)" | ||||
|             shell: | | ||||
|                 export NVM_DIR="$HOME/.nvm" | ||||
|                 . "$NVM_DIR/nvm.sh" | ||||
|                 . "$NVM_DIR/bash_completion" | ||||
|                 npm install -g caprover | ||||
							
								
								
									
										33
									
								
								playbooks/apps/docker-debian.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								playbooks/apps/docker-debian.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,33 @@ | ||||
| --- | ||||
| -   hosts: [ 'debian10' ] | ||||
|     tasks: | ||||
|         -   name: Remove old packages | ||||
|             shell: | | ||||
|                 for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do apt-get remove $pkg; done | ||||
|                 apt-get autoremove | ||||
|  | ||||
|         -   name: Add APT repository | ||||
|             shell: | | ||||
|                 # Add Docker's official GPG key: | ||||
|                 apt-get update | ||||
|                 apt-get install ca-certificates curl | ||||
|                 install -m 0755 -d /etc/apt/keyrings | ||||
|                 curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | ||||
|                 chmod a+r /etc/apt/keyrings/docker.asc | ||||
|                  | ||||
|                 # Add the repository to Apt sources: | ||||
|                 echo \ | ||||
|                     "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ | ||||
|                     $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ | ||||
|                     tee /etc/apt/sources.list.d/docker.list > /dev/null | ||||
|                  | ||||
|                 apt-get update | ||||
|  | ||||
|         -   name: Install Docker | ||||
|             shell: | | ||||
|                 apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | ||||
|  | ||||
|         -   name: Test hello-world | ||||
|             shell: | | ||||
|                 docker run hello-world | ||||
|  | ||||
							
								
								
									
										29
									
								
								playbooks/apps/docker-ubuntu.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								playbooks/apps/docker-ubuntu.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,29 @@ | ||||
| --- | ||||
| -   hosts: [ 'debian10' ] | ||||
|     tasks: | ||||
|         -   name: Remove old packages | ||||
|             shell: | | ||||
|                 for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do apt-get remove $pkg; done | ||||
|                 apt-get autoremove | ||||
|  | ||||
|         -   name: Add APT repository | ||||
|             shell: | | ||||
|                 apt-get update | ||||
|                 apt-get install ca-certificates curl | ||||
|                 install -m 0755 -d /etc/apt/keyrings | ||||
|                 curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | ||||
|                 chmod a+r /etc/apt/keyrings/docker.asc | ||||
|                 echo \ | ||||
|                     "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ | ||||
|                     $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ | ||||
|                     tee /etc/apt/sources.list.d/docker.list > /dev/null | ||||
|                 apt-get update | ||||
|  | ||||
|         -   name: Install Docker | ||||
|             shell: | | ||||
|                 apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | ||||
|  | ||||
|         -   name: Test hello-world | ||||
|             shell: | | ||||
|                 docker run hello-world | ||||
|  | ||||
							
								
								
									
										22
									
								
								playbooks/debops/apt.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										22
									
								
								playbooks/debops/apt.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,22 @@ | ||||
| --- | ||||
|  | ||||
| - name: Manage Advanced Package Manager | ||||
|   collections: [ 'debops.debops', 'debops.roles01', | ||||
|                  'debops.roles02', 'debops.roles03' ] | ||||
|   hosts: [ 'debian10' ] | ||||
|   become: True | ||||
|  | ||||
|   environment: '{{ inventory__environment | d({}) | ||||
|                    | combine(inventory__group_environment | d({})) | ||||
|                    | combine(inventory__host_environment  | d({})) }}' | ||||
|  | ||||
|   post_tasks: | ||||
|  | ||||
|     - name: Upgrade | ||||
|       ansible.builtin.apt: | ||||
|         upgrade: True | ||||
|  | ||||
|   roles: | ||||
|  | ||||
|     - role: apt | ||||
|       tags: [ 'role::apt', 'skip::apt' ] | ||||
| @ -1,5 +1,7 @@ | ||||
| --- | ||||
|  | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/mariadb/defaults/main.html | ||||
|  | ||||
| - name: Manage MariaDB client | ||||
|   collections: [ 'debops.debops', 'debops.roles01', | ||||
|                  'debops.roles02', 'debops.roles03' ] | ||||
|  | ||||
| @ -1,5 +1,7 @@ | ||||
| --- | ||||
|  | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/mariadb/defaults/main.html | ||||
|  | ||||
| - name: Manage MariaDB client | ||||
|   collections: [ 'debops.debops', 'debops.roles01', | ||||
|                  'debops.roles02', 'debops.roles03' ] | ||||
|  | ||||
| @ -1,5 +1,7 @@ | ||||
| --- | ||||
|  | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/mariadb_server/defaults/main.html | ||||
|  | ||||
| - name: Manage MariaDB server | ||||
|   collections: [ 'debops.debops', 'debops.roles01', | ||||
|                  'debops.roles02', 'debops.roles03' ] | ||||
| @ -14,7 +16,20 @@ | ||||
|     mariadb_server__flavor: '{{ ansible_local.mariadb.flavor | ||||
|                                 |d(mariadb_server__flavor_map[ansible_distribution_release] | d("mariadb_upstream")) }}' | ||||
|     mariadb_server__upstream_version: '11.2' | ||||
|     mariadb_server__bind_address: '0.0.0.0' | ||||
|     mariadb_server__bind_address: '127.0.0.1' | ||||
|     mariadb_server__mysqld_performance_options: | ||||
|       'innodb_buffer_pool_instances': '{{ ansible_processor_vcpus | d(1) }}' | ||||
|       'innodb_buffer_pool_size': '{{ (ansible_memtotal_mb / 2) | int }}M' | ||||
|       'innodb_log_file_size': '{{ (ansible_memtotal_mb / 2) / 4 | int }}M' | ||||
|       'query_cache_type': '1' | ||||
|       'query_cache_size': '1M' | ||||
|       'query_cache_limit': '10M' | ||||
|       'join_buffer_size': '1M' | ||||
|       'performance_schema': 'ON' | ||||
|       'skip-name-resolve': 'ON' | ||||
| #    mariadb_server__options: | ||||
| #      'query_cache_size': '1M' | ||||
|  | ||||
|  | ||||
|   roles: | ||||
|     - role: keyring | ||||
|  | ||||
| @ -1,5 +1,7 @@ | ||||
| --- | ||||
|  | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/nginx/defaults/main.html | ||||
|  | ||||
| - name: Manage nginx webserver | ||||
|   collections: [ 'debops.debops', 'debops.roles01', | ||||
|                  'debops.roles02', 'debops.roles03' ] | ||||
| @ -25,41 +27,38 @@ | ||||
|     nginx_ocsp: False | ||||
|     nginx_worker_processes: auto | ||||
|     nginx_manage_ipv6only: False | ||||
|     nginx_default_name: 'welcome' | ||||
|     nginx_default_ssl_name: 'welcome' | ||||
|     # TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config | ||||
|     nginx_server_localhost: | ||||
|       enabled: False | ||||
|     nginx_listen_port: [ '80' ] | ||||
|     nginx_listen_ssl_port: [ '443' ] | ||||
|     nginx__servers: | ||||
|       - name: '{{ domain_name }}' | ||||
|  | ||||
|         type: php | ||||
|  | ||||
|         root: '/var/www/{{ site_name }}' | ||||
|  | ||||
|         public_dir_name: '' | ||||
|  | ||||
|         include_files_begin: '{{ nginx_includes_begin }}' | ||||
|  | ||||
|         options: 'set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-www-data.sock;' | ||||
|  | ||||
|         location_list: | ||||
|           - pattern: '/' | ||||
|             locations: | ||||
|               - pattern: '~ ^/.*-backend/' | ||||
|                 options: | | ||||
|                   try_files /index.html @october | ||||
|                   set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-backend.sock | ||||
|                   client_max_body_size 1000M | ||||
|                   try_files /index.html @october; | ||||
|                   set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-backend.sock; | ||||
|                   client_max_body_size 1000M; | ||||
|             options: try_files /index.html @october; | ||||
|           - pattern: '@october' | ||||
|             options: rewrite ^/.*$ /index.php last; | ||||
|           - pattern: '~* ^(?!/index).*\.php$' | ||||
|             options: return 403; | ||||
|  | ||||
|         php_options: | | ||||
|           fastcgi_read_timeout 3000; | ||||
|         php_upstream: $upstream | ||||
|  | ||||
|         #location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ { | ||||
|         php_location_script_name: ~ ^(?<script_name>/index\.php) | ||||
|  | ||||
|         #location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ { | ||||
|         php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)? | ||||
|  | ||||
|  | ||||
| @ -12,12 +12,10 @@ | ||||
|  | ||||
|  | ||||
|   vars: | ||||
|     php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}' | ||||
|     php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}' | ||||
|     php__sury_apt_key_id_map: | ||||
|       'Debian': | ||||
|         - id: '1505 8500 A023 5D97 F5D1  0063 B188 E2B6 95BD 4743' | ||||
|           repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' | ||||
|           repo: 'deb https://packages.sury.su/php/ {{ ansible_distribution_release }} main' | ||||
|           state: '{{ "present" if php__sury|bool else "absent" }}' | ||||
|  | ||||
|         # Key replaced due to security concerns | ||||
| @ -25,8 +23,10 @@ | ||||
|         - id: 'DF3D 585D B8F0 EB65 8690  A554 AC0E 4758 4A7A 714D' | ||||
|           state: 'absent' | ||||
|     php__sury_apt_repo_map: | ||||
|       'Debian': 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' | ||||
|       'Debian': 'deb https://packages.sury.su/php/ {{ ansible_distribution_release }} main' | ||||
|       'Ubuntu': 'ppa:ondrej/php' | ||||
|     php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}' | ||||
|     php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}' | ||||
|     php__base_packages: | ||||
|       - unzip | ||||
|       - git | ||||
|  | ||||
| @ -14,14 +14,10 @@ | ||||
|     - ./../../vars/php.yml | ||||
|  | ||||
|   vars: | ||||
|     php__sury: '{{ ansible_local.php.sury | ||||
|                    |d(ansible_distribution_release in [ "buster" ]) | bool }}' | ||||
|     php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}' | ||||
|     php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}' | ||||
|     php__sury_apt_key_id_map: | ||||
|       'Debian': | ||||
|         - id: '1505 8500 A023 5D97 F5D1  0063 B188 E2B6 95BD 4743' | ||||
|           repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' | ||||
|           repo: 'deb https://packages.sury.su/php/ {{ ansible_distribution_release }} main' | ||||
|           state: '{{ "present" if php__sury|bool else "absent" }}' | ||||
|  | ||||
|         # Key replaced due to security concerns | ||||
| @ -29,8 +25,10 @@ | ||||
|         - id: 'DF3D 585D B8F0 EB65 8690  A554 AC0E 4758 4A7A 714D' | ||||
|           state: 'absent' | ||||
|     php__sury_apt_repo_map: | ||||
|       'Debian': 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' | ||||
|       'Debian': 'deb https://packages.sury.su/php/ {{ ansible_distribution_release }} main' | ||||
|       'Ubuntu': 'ppa:ondrej/php' | ||||
|     php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}' | ||||
|     php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}' | ||||
|     php__base_packages: | ||||
|       - unzip | ||||
|       - git | ||||
|  | ||||
| @ -13,14 +13,8 @@ | ||||
|   vars: | ||||
|     root_account__enabled: True | ||||
|     root_account__password: False | ||||
| #    root_account__dotfiles_enabled: True | ||||
| #    root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git' | ||||
|  | ||||
|   post_tasks: | ||||
|     - name: Tmux Plugins Manager | ||||
|       # Вообще это конструкция не нужна, так как tmux и сам все прекрасно умеет устанавливать, только если бы у него в этот момент была программа git | ||||
|       # Хотя нет, блин, нихрена он не умеет. Последнюю команду он почему не запускает: ~/.tmux/plugins/tpm/bin/install_plugins | ||||
|       shell: test -d ~/.tmux/plugins/tpm || git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm && ~/.tmux/plugins/tpm/bin/install_plugins | ||||
|     root_account__dotfiles_enabled: True | ||||
|     root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git' | ||||
|  | ||||
|   roles: | ||||
|     - role: root_account | ||||
|  | ||||
| @ -1,5 +1,6 @@ | ||||
| --- | ||||
| - import_playbook: own/allow-releaseinfo-change.yml | ||||
| - import_playbook: debops/apt.yml | ||||
| - import_playbook: root-account.yml | ||||
| - import_playbook: debops/pki.yml | ||||
| - import_playbook: debops/system_users.yml | ||||
|  | ||||
| @ -1,4 +1,5 @@ | ||||
| --- | ||||
| - import_playbook: debops/apt.yml | ||||
| - import_playbook: root-account.yml | ||||
| - import_playbook: debops/pki.yml | ||||
| - import_playbook: debops/system_users.yml | ||||
| @ -1,4 +1,6 @@ | ||||
| --- | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/apt/getting-started.html#example-playbook | ||||
| - import_playbook: debops/apt.yml | ||||
| - import_playbook: root-account.yml | ||||
| - import_playbook: debops/pki.yml | ||||
| - import_playbook: debops/system_users.yml | ||||
| @ -6,6 +8,7 @@ | ||||
| - import_playbook: debops/mariadb-custom-db.yml | ||||
| - import_playbook: debops/php-prod.yml | ||||
| - import_playbook: own/libgd3-fix-for-php8.yml | ||||
|   when: php_version is defined and php_version != '7.4' | ||||
| - import_playbook: debops/nginx.yml | ||||
| - import_playbook: debops/redis.yml | ||||
| - import_playbook: own/var-www-set-ownerships.yml | ||||
|  | ||||
| @ -1,16 +1,18 @@ | ||||
| --- | ||||
| - name: Solve problem with libgd3 for php-gd | ||||
|   hosts: [ 'debian10' ] | ||||
|   when: (php_version != '7.4') | ||||
|   vars_files: | ||||
|     - ./../../vars/php.yml | ||||
|   tasks: | ||||
|     - copy: | ||||
|     - name: Set pin for libgd3 package | ||||
|       copy: | ||||
|         dest: '/etc/apt/preferences.d/libgd-pin100' | ||||
|         content: |- | ||||
|           Package: libgd3 | ||||
|           Pin-Priority: 100 | ||||
|     - shell: |- | ||||
|  | ||||
|     - name: Update apt cache policy and install libgd | ||||
|       shell: |- | ||||
|         apt update | ||||
|         apt install -t bullseye libgd3 -yy | ||||
|         apt-cache policy libgd3 | ||||
|  | ||||
| @ -22,7 +22,7 @@ | ||||
|         content: |- | ||||
|           server { | ||||
|               listen 80; | ||||
|               listen 443; | ||||
|               listen 443 ssl; | ||||
|               ssl_certificate           /etc/pki/realms/domain/default.crt; | ||||
|               ssl_certificate_key       /etc/pki/realms/domain/default.key; | ||||
|               server_name pma.{{ domain_name }}; | ||||
|  | ||||
| @ -9,6 +9,7 @@ | ||||
|  | ||||
|   vars: | ||||
|     - phpmyadmin_version: 5.2.1 | ||||
|       # https://docs.ansible.com/ansible/latest/collections/community/general/random_string_lookup.html#keyword-parameters | ||||
|     - blowfish_secret: "{{ lookup('community.general.random_string', length=32) }}" | ||||
|  | ||||
|   tasks: | ||||
| @ -24,5 +25,17 @@ | ||||
|         mv phpMyAdmin-{{ phpmyadmin_version }}-all-languages phpmyadmin | ||||
|         cd phpmyadmin | ||||
|         cp config.sample.inc.php config.inc.php | ||||
|         sed -i "s|'blowfish_secret'] = ''|'blowfish_secret'] = '{{ blowfish_secret }}'|g" config.inc.php | ||||
|         mkdir tmp && sudo chown :33 tmp && chmod g+w tmp | ||||
|  | ||||
|     - name: 'Set cookie blowfish secret' | ||||
|       # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html | ||||
|       replace: | ||||
|         path: /var/www/phpmyadmin/config.inc.php | ||||
|         regexp: "'blowfish_secret'] = ''" | ||||
|         replace: "'blowfish_secret'] = '{{ blowfish_secret | replace('\'', '\\\'') }}'\n\n$cfg['CookieSameSite'] = 'Lax';\n" | ||||
|  | ||||
|     - name: 'Set MaxTableList' | ||||
|       replace: | ||||
|         path: /var/www/phpmyadmin/config.inc.php | ||||
|         regexp: "^//$cfg['MaxRows'](.*)" | ||||
|         replace: "//$cfg['MaxRows']\1\n\n$cfg['MaxTableList'] = 500;\n" | ||||
|  | ||||
							
								
								
									
										9
									
								
								playbooks/own/yadm-update.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								playbooks/own/yadm-update.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,9 @@ | ||||
| --- | ||||
| - hosts: ['debian10'] | ||||
|   tasks: | ||||
|       - name: Update existing YADM install with remote ip-address plugin and replace own | ||||
|         shell: | | ||||
|             yadm remote set-url origin https://vcs.wpstudio.ru/gitea/dotfiles.git | ||||
|             rm -rf .tmux/plugins/tmux-ip-address | ||||
|             yadm pull | ||||
|             yadm checkout . | ||||
| @ -1,30 +1,40 @@ | ||||
| --- | ||||
| - hosts: [ 'debian10' ] | ||||
|   tasks: | ||||
|     - name: Install yadm | ||||
|       become_user: root | ||||
|       shell: | | ||||
|         command -v yadm || curl -sfLo /usr/local/bin/yadm https://github.com/TheLocehiliosan/yadm/raw/master/yadm && chmod a+x /usr/local/bin/yadm | ||||
|  | ||||
|     - name: Install direnv | ||||
|       become_user: root | ||||
|       shell: | | ||||
|         command -v direnv || curl -sfLo /usr/local/bin/direnv https://github.com/direnv/direnv/releases/download/v2.35.0/direnv.linux-amd64 && chmod a+x /usr/local/bin/direnv | ||||
|         command -v direnv > /dev/null || { | ||||
|           curl -sfLo /usr/local/bin/direnv https://github.com/direnv/direnv/releases/download/v2.35.0/direnv.linux-amd64 && \ | ||||
|           chmod a+x /usr/local/bin/direnv | ||||
|         } | ||||
|  | ||||
|     - name: Install Starship | ||||
|       become_user: root | ||||
|       shell: | | ||||
|         command -v starship || curl -sS https://starship.rs/install.sh | sh -s -- -f | ||||
|         command -v starship> /dev/null || { | ||||
|           curl -sS https://starship.rs/install.sh | sh -s -- -f | ||||
|         } | ||||
|  | ||||
|     - name: Clone dotfiles repo | ||||
|     - name: Install with init or update yadm | ||||
|       become_user: root | ||||
|       shell: | | ||||
|         yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout ./ | ||||
|         command -v yadm && { | ||||
|           yadm remote set-url origin https://vcs.wpstudio.ru/gitea/dotfiles.git | ||||
|           rm -rf .tmux/plugins/tmux-ip-address | ||||
|           yadm pull && yadm checkout . | ||||
|         } || { | ||||
|           curl -sfLo /usr/local/bin/yadm https://github.com/TheLocehiliosan/yadm/raw/master/yadm && chmod a+x /usr/local/bin/yadm | ||||
|           yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout . | ||||
|         } | ||||
|  | ||||
|       # For manual change: sed -i 's/#/\\$/g' ${HOME}/.config/starship.toml | ||||
|     - name: 'Change character for non-root user' | ||||
|       become: false | ||||
|       become_user: root | ||||
|       shell: | | ||||
|           sed -i 's/#/\\$/g' ${HOME}/.config/starship.toml | ||||
|         HOME_USER=$(ls /home) | ||||
|         test ! -z "${HOME_USER}" && su --login ${HOME_USER} -c 'yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git && yadm checkout .' | ||||
|         test ! -z "${HOME_USER}" && su --login ${HOME_USER} -c 'sed -i "s/#/\\$/g" ${HOME}/.config/starship.toml' | ||||
|         exit 0 | ||||
|       args: | ||||
|           executable: /bin/bash | ||||
|         executable: /bin/bash | ||||
|  | ||||
| @ -1,5 +1,6 @@ | ||||
| --- | ||||
| - import_playbook: own/locales.yml | ||||
| - import_playbook: debops/apt.yml | ||||
| - import_playbook: debops/tzdata.yml | ||||
| #- import_playbook: own/allow-releaseinfo-change.yml# Need only for debian10 | ||||
| - import_playbook: debops/yadm.yml | ||||
|  | ||||
| @ -50,7 +50,7 @@ if [[ -z "$force" ]]; then | ||||
|   printf 'Launch ansible playbook:\n%s\n' "$COMMAND" | ||||
|   read -p "Are you sure?  " -n 1 -r | ||||
|   echo    # (optional) move to a new line | ||||
|   if [[ $REPLY =~ ^[Yy]$ ]] | ||||
|   if [[ $REPLY =~ ^[Yyн]$ ]] | ||||
|   then | ||||
|       /bin/bash -c "$COMMAND" | ||||
|   fi | ||||
|  | ||||
| @ -1,15 +1,26 @@ | ||||
| #!/bin/bash | ||||
| SERVER=$1 | ||||
| PLAYBOOK=$2 | ||||
| USER=$3 | ||||
| SSH_PORT=22 | ||||
| args=("$@") | ||||
|  | ||||
| while [[ "$#" -gt 0 ]]; do | ||||
|     case $1 in | ||||
|         -f|--force) force=1; shift ;; | ||||
|     esac | ||||
|     shift | ||||
| # Обработка опций | ||||
| for ((i=0; i<$#; i++)); do | ||||
|   if [ "${args[$i]}" == "-p" ]; then | ||||
|     SSH_PORT=${args[$i+1]} | ||||
|     unset 'args[i]' | ||||
|     unset 'args[i+1]' | ||||
|   fi | ||||
|   if [ "${args[$i]}" == "-f" ]; then | ||||
|     FORCE=1 | ||||
|     unset 'args[i]' | ||||
|   fi | ||||
| done | ||||
|  | ||||
| args=("${args[@]}") | ||||
|  | ||||
| SERVER=${args[0]} | ||||
| PLAYBOOK=${args[1]} | ||||
| USER=${args[2]} | ||||
|  | ||||
| usage() { | ||||
|     echo "Usage: run-vps-playbook.sh server playbook [user]" | ||||
|     echo "server - domain or ip address of the vps server" | ||||
| @ -34,17 +45,17 @@ if [[ -z "$USER" ]]; then | ||||
| fi | ||||
|  | ||||
| COMMAND=$(cat <<EOF | ||||
| ansible-playbook -e "lxc_host=${SERVER}" -e "runner=normal" -e "ansible_user=${USER}" | ||||
| ansible-playbook -e "lxc_host=${SERVER}" -e "runner=normal" -e "ansible_user=${USER}" --ssh-common-args="-p $SSH_PORT" | ||||
| EOF | ||||
| ) | ||||
|  | ||||
| COMMAND="${COMMAND} ${PLAYBOOK}" | ||||
|  | ||||
| if [[ -z "$force" ]]; then | ||||
| if [[ -z "$FORCE" ]]; then | ||||
|   printf 'Launch ansible playbook:\n%s\n' "${COMMAND}" | ||||
|   read -p "Are you sure?  " -n 1 -r | ||||
|   echo    # (optional) move to a new line | ||||
|   if [[ $REPLY =~ ^[Yy]$ ]] | ||||
|   if [[ $REPLY =~ ^[Yyн]$ ]] | ||||
|   then | ||||
|       /bin/bash -c "${COMMAND}" | ||||
|   fi | ||||
|  | ||||
| @ -60,7 +60,7 @@ if [[ -z "$force" ]]; then | ||||
|   printf 'Launch ansible playbook:\n%s\n' "${COMMAND}" | ||||
|   read -p "Are you sure?  " -n 1 -r | ||||
|   echo    # (optional) move to a new line | ||||
|   if [[ $REPLY =~ ^[Yy]$ ]] | ||||
|   if [[ $REPLY =~ ^[Yyн]$ ]] | ||||
|   then | ||||
|       /bin/bash -c "${COMMAND}" | ||||
|   fi | ||||
|  | ||||
| @ -1,3 +1,5 @@ | ||||
| # https://docs.debops.org/en/stable-3.2/ansible/roles/mariadb/defaults-detailed.html#mariadb-users | ||||
|  | ||||
| mariadb__databases: | ||||
|   - name: '{{ site_name }}' | ||||
|     source: '{{ inventory_dir }}//data/db-dumps/{{ site_name }}.sql.bz2' | ||||
| @ -5,5 +7,5 @@ mariadb__databases: | ||||
|  | ||||
| mariadb__users: | ||||
|   - name: '{{ site_name }}' | ||||
|     host: '%' | ||||
|     host: 'localhost' | ||||
|     database: '{{ site_name }}%' | ||||
|  | ||||
		Reference in New Issue
	
	Block a user