+ sample configs for nginx-proxy lxc instance

+ site_name as general option for different lxc_host and site_name (personally used for vps deployment)
+ vps deploy script
+ node version manager install
+ php version setup vars moved into separate vars-file
+ ansible.cfg that helps to use local inventory and group_vars files
+ root account playbook

_mysql-server-site.yml

@@ -0,0 +1,7 @@
+---
+- import_playbook: debops/mariadb_server.yml
+- import_playbook: debops/mariadb-custom-db.yml
+
+# Import all other group playbooks in this file...
+
+...

ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory=./hosts
+group_vars=./group_vars

data/db-dumps/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

debops/files/etc/nginx-master-proxy/conf.d/sample-filecloud.conf.example

@@ -3,7 +3,7 @@ server {
     server_name domain;
     client_max_body_size 0;
     location / {
-        proxy_pass http://lxc_host;
+        proxy_pass http://site_name;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Real-IP $remote_addr;

debops/files/etc/nginx-master-proxy/conf.d/sample-s3.conf.example

@@ -5,7 +5,7 @@ server {
     client_max_body_size 0;
     proxy_buffering off;
     location / {
-        proxy_pass http://lxc_host:9000;
+        proxy_pass http://site_name:9000;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Real-IP $remote_addr;

debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example

@@ -2,7 +2,7 @@ server {
     listen 80;
     server_name domain;
     location / {
-        proxy_pass https://lxc_host;
+        proxy_pass https://site_name;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Real-IP $remote_addr;

debops/files/etc/nginx-master-proxy/conf.d/sample-youtrack.conf.example

@@ -2,7 +2,7 @@ server {
     listen 80;
     server_name domain;
     location / {
-        proxy_pass http://lxc_host:8080;
+        proxy_pass http://site_name:8080;
         access_log off;
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
@@ -13,7 +13,7 @@ server {
         proxy_http_version 1.1;
     }
     location /api/eventSourceBus {
-        proxy_pass http://lxc_host:8080;
+        proxy_pass http://site_name:8080;
         access_log off;
         proxy_cache off;
         proxy_buffering off;

debops/nginx.yml

@@ -24,11 +24,11 @@
     nginx_ocsp: False
     nginx_worker_processes: auto
     nginx__servers:
-      - name: '{{ lxc_host }}'
+      - name: '{{ site_name }}'
 
         type: php
 
-        root: '/var/www/{{ lxc_host }}'
+        root: '/var/www/{{ site_name }}'
 
         public_dir_name: ''
 
@@ -38,10 +38,12 @@
 
         location_list:
           - pattern: '/'
-            options: rewrite ^/.*$ /index.php last;
             locations:
               - pattern: '~ ^/*.-backend/'
                 options: set $upstream unix:/run/php7.4-fpm-backend.sock;
+            options: try_files /index.html @october;
+          - pattern: '@october'
+            options: rewrite ^/.*$ /index.php last;
           - pattern: '~* ^(?!/index).*\.php$'
             options: return 403;
 
@@ -74,17 +76,17 @@
   post_tasks:
     - name: Default index.html
       template:
-        src: var/www/lxc_host/index.html.j2
+        src: var/www/site_name/index.html.j2
-        dest: '/var/www/{{ lxc_host }}/index.html'
+        dest: '/var/www/{{ site_name }}/index.html'
         mode: 0644
-        owner: '{{ lxc_host }}'
+        owner: '{{ site_name }}'
 
     - name: Copy normalized.css
       template:
-        src: var/www/lxc_host/normalize.css
+        src: var/www/site_name/normalize.css
-        dest: '/var/www/{{ lxc_host }}/'
+        dest: '/var/www/{{ site_name }}/'
         mode: 0644
-        owner: '{{ lxc_host }}'
+        owner: '{{ site_name }}'
 
   roles:
 

debops/php-prod.yml

@@ -10,10 +10,8 @@
                    | combine(inventory__group_environment | d({}))
                    | combine(inventory__host_environment  | d({})) }}'
 
+
   vars:
-    php__version_preference: [ 'php7.4' ]
-    php__sury: '{{ ansible_local.php.sury
-                   |d(ansible_distribution_release in [ "buster" ]) | bool }}'
     php__sury_apt_key_id: '{{ php__sury_apt_key_id_map[ansible_distribution] }}'
     php__sury_apt_repo: '{{ php__sury_apt_repo_map[ansible_distribution] }}'
     php__sury_apt_key_id_map:
@@ -36,7 +34,6 @@
     # mbstring требует только некоторые пакеты в laravel
     # bcmath - нужно для работы парсера Excel файлов на одном из проектов
     # Laravel/OctoberCMS: intl, redis
-    php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath', 'intl', 'redis' ]
     php__composer_upstream_enabled: '{{ True
                                         if (ansible_distribution_release in
                                             [ "buster" ])
@@ -58,6 +55,9 @@
         pm: static
         pm_max_children: 3
 
+  vars_files:
+    - ./../vars/php.yml
+
   pre_tasks:
 
     - name: Apply keyring configuration for php environment

debops/system_users.yml

@@ -20,7 +20,7 @@
 
   post_tasks:
     - name: Change starship character to dollar sign
-      shell: "sed -i 's/#/\\\\$/g' /home/{{ lxc_host }}/.config/starship.toml"
+      shell: "sed -i 's/#/\\\\$/g' /home/{{ site_name }}/.config/starship.toml"
       args:
         executable: /bin/bash
 

group_vars/all.yml

@@ -6,4 +6,7 @@ remote_user: root
 keyring__keyserver: hkp://keyserver.ubuntu.com:80
 # Add further variables which apply to all servers to this file...
 
+secret__levels: '.'
+
+site_name: '{{ site_name | d(lxc_host) }}'
 ...

nginx-site.yml

@@ -7,12 +7,14 @@
 - import_playbook: debops/root_account.yml
 - import_playbook: debops/sudo.yml
 - import_playbook: debops/system_users.yml
-- import_playbook: debops/mariadb.yml
+- import_playbook: debops/mariadb_server.yml
+- import_playbook: debops/mariadb-custom-db.yml
 - import_playbook: debops/php-prod.yml
 - import_playbook: debops/nginx.yml
 - import_playbook: debops/nodejs.yml
 - import_playbook: debops/redis.yml
 - import_playbook: playbooks/own/var-www-set-ownerships.yml
+- import_playbook: playbooks/own/node-version-manager.yml
 
 # Import all other group playbooks in this file...
 

playbooks/own/node-version-manager.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Installing node version manager
+  hosts: [ 'debian10' ]
+  tasks:
+    - name: Install nvm
+      become: true
+      become_user: '{{ site_name }}'
+      shell: 'wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash'

playbooks/own/var-www-set-ownerships.yml

@@ -4,4 +4,4 @@
   hosts: [ 'debian10' ]
   tasks:
     - name: Set ownerships to /var/www dir
-      shell: 'chown -R {{ lxc_host }}:{{ lxc_host }} /var/www'
+      shell: 'chown -R {{ site_name }}:{{ site_name }} /var/www'

root-account.yml

@@ -0,0 +1,9 @@
+---
+- import_playbook: playbooks/own/locales.yml
+- import_playbook: debops/tzdata.yml
+- import_playbook: debops/yadm.yml
+- import_playbook: debops/root_account.yml
+
+# Import all other group playbooks in this file...
+
+...

run-lxc-playbook.sh

@@ -4,7 +4,7 @@ LXC_HOST=$2
 PLAYBOOK=$3
 
 usage() {
-    echo "Usage: run-playbook.sh server lxc_host playbook"
+    echo "Usage: run-lxc-playbook.sh server lxc_host playbook"
     echo "server - main proxmox server IP address and lxc_host that the name of lxc container"
     echo "lxc_host - name of lxc container"
     echo "playbook - playbook file"
@@ -35,7 +35,7 @@ if [[ ! -f "$PLAYBOOK" ]]; then
 fi
 
 COMMAND=$(cat <<EOF
-ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK
+ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p -q root@$SERVER'" $PLAYBOOK
 EOF
 )
 

run-vps-playbook.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+SERVER=$1
+SITE_NAME=$2
+PLAYBOOK=$3
+
+usage() {
+    echo "Usage: run-vps-playbook.sh server site_name playbook"
+    echo "server - domain or ip adress of the vps server"
+    echo "site_name - site name"
+    echo "playbook - playbook file"
+}
+
+if [[ -z "$SERVER" ]]; then
+  echo "You must defined SERVER as first argument"
+  usage
+  exit 1
+fi
+
+if [[ -z "$SITE_NAME" ]]; then
+  echo "You must defined SITE_NAME as second argument"
+  usage
+  exit 1
+fi
+
+if [[ -z "$PLAYBOOK" ]]; then
+  echo "You must defined PLAYBOOK as third argument"
+  usage
+  exit 1
+fi
+
+COMMAND=$(cat <<EOF
+ansible-playbook -e "lxc_host=$SERVER" -e "site_name=$SITE_NAME" $PLAYBOOK
+EOF
+)
+
+printf 'Launch ansible playbook:\n%s\n' "$COMMAND"
+read -p "Are you sure?  " -n 1 -r
+echo    # (optional) move to a new line
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    /bin/bash -c "$COMMAND"
+fi

vars/databases-example.yml

@@ -1,7 +1,9 @@
 mariadb__databases:
-  - name: '{{ lxc_host }}'
+  - name: '{{ site_name }}'
+    source: ./data/db-dumps/dump.sql
+    target: /tmp/dump.sql
 
 mariadb__users:
-  - name: '{{ lxc_host }}'
+  - name: '{{ site_name }}'
     host: '%'
-    database: '{{ lxc_host }}%'
+    database: '{{ site_name }}%'

vars/php-example.yml

@@ -0,0 +1,14 @@
+php__version_preference: [ 'php7.4' ]
+php__sury: true
+php__packages: [ 'curl', 'xml', 'gd', 'zip', 'mbstring', 'mysql', 'bcmath', 'intl', 'redis' ]
+# For php8.1 automatic install gd is not possible, because https://github.com/debops/debops/issues/2272 and https://github.com/oerdnj/deb.sury.org/issues/1947
+# For solve that - touch file: /etc/apt/preferences.d/libgd-pin100
+# with these contents:
+#Package: libgd3
+#Pin-Priority: 100
+# and launch installation process:
+#apt update
+#apt install -t bullseye libgd3
+#apt-cache policy libgd3
+#apt install php8.1-gd
+# TODO: Move that into own script

vars/sudo-example.yml

@@ -1,4 +1,4 @@
 sudo__sudoers:
-  - name: '{{ lxc_host }}-nopasswd'
+  - name: '{{ site_name }}-nopasswd'
     raw: |
-      {{ lxc_host }}  ALL=(ALL) NOPASSWD: ALL
+      {{ site_name }}  ALL=(ALL) NOPASSWD: ALL

vars/system_users-example.yml

@@ -1,9 +1,9 @@
 system_users__groups:
-  - name: '{{ lxc_host }}'
+  - name: '{{ site_name }}'
     user: False
 
 system_users__accounts:
-  - name: '{{ lxc_host }}'
+  - name: '{{ site_name }}'
-    group: '{{ lxc_host }}'
+    group: '{{ site_name }}'
     admin: True
     shell: '/bin/bash'