* conditional logic for nginx www redirect
+ use lxc_host & ssh proxying for resolve connection to inner lxc host in proxmox + bash helper for launch playbooks + nginx html default template * create databases moved into own custom variables + new using debops roles: yadm (dotfiles), sudo, root_account, system_users #861m7vaer Шаблон операционной системы на Debian 10
This commit is contained in:
		| @ -1,9 +1,12 @@ | |||||||
| --- | --- | ||||||
|  | - import_playbook: debops/tzdata.yml | ||||||
| - import_playbook: debops/pki.yml | - import_playbook: debops/pki.yml | ||||||
| - import_playbook: debops/mariadb_server.yml | - import_playbook: debops/mariadb_server.yml | ||||||
| - import_playbook: debops/mariadb-custom-db.yml | - import_playbook: debops/mariadb-custom-db.yml | ||||||
| - import_playbook: debops/php-wp.yml | - import_playbook: debops/php-wp.yml | ||||||
| - import_playbook: debops/apache.yml | - import_playbook: debops/apache.yml | ||||||
|  | - import_playbook: debops/users.yml | ||||||
|  | - import_playbook: debops/sudo.yml | ||||||
|  |  | ||||||
| # Import all other group playbooks in this file... | # Import all other group playbooks in this file... | ||||||
|  |  | ||||||
|  | |||||||
| @ -49,6 +49,7 @@ | |||||||
| #      name: '{{ apache__default_vhost_name }}' | #      name: '{{ apache__default_vhost_name }}' | ||||||
| #      filename: '000-default' | #      filename: '000-default' | ||||||
| #      root: '/var/www/html' | #      root: '/var/www/html' | ||||||
|  |     apache__vhost_allow_override: 'All' | ||||||
|  |  | ||||||
|   pre_tasks: |   pre_tasks: | ||||||
|  |  | ||||||
|  | |||||||
							
								
								
									
										19
									
								
								debops/keyring.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								debops/keyring.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,19 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Manage APT and GPG keyrings | ||||||
|  |   collections: [ 'debops.debops', 'debops.roles01', | ||||||
|  |                  'debops.roles02', 'debops.roles03' ] | ||||||
|  |   hosts: [ 'debian10' ] | ||||||
|  |   become: True | ||||||
|  |  | ||||||
|  |   environment: '{{ inventory__environment | d({}) | ||||||
|  |                    | combine(inventory__group_environment | d({})) | ||||||
|  |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |   vars: | ||||||
|  |     keyring__enabled: True | ||||||
|  |  | ||||||
|  |   roles: | ||||||
|  |  | ||||||
|  |     - role: keyring | ||||||
|  |       tags: [ 'role::keyring', 'skip::keyring' ] | ||||||
| @ -10,17 +10,14 @@ | |||||||
|                    | combine(inventory__group_environment | d({})) |                    | combine(inventory__group_environment | d({})) | ||||||
|                    | combine(inventory__host_environment  | d({})) }}' |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |  | ||||||
|   vars: |   vars: | ||||||
|     mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}' |     mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}' | ||||||
|     mariadb__upstream_version: '10.5' |     mariadb__upstream_version: '10.5' | ||||||
|     mariadb__databases: |  | ||||||
|       - name: 'intermetiz' |  | ||||||
|       - name: 'intermetiz-products' |  | ||||||
|     mariadb__users: |  | ||||||
|       - name: 'intermetiz' |  | ||||||
|         host: '%' |  | ||||||
|         database: 'intermetiz%' |  | ||||||
|  |  | ||||||
|  |   vars_files: | ||||||
|  |     - ./../vars/databases.yml | ||||||
|  |     - | ||||||
|   roles: |   roles: | ||||||
|  |  | ||||||
|     - role: secret |     - role: secret | ||||||
|  | |||||||
| @ -10,6 +10,10 @@ | |||||||
|                    | combine(inventory__group_environment | d({})) |                    | combine(inventory__group_environment | d({})) | ||||||
|                    | combine(inventory__host_environment  | d({})) }}' |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |  | ||||||
|  |   vars_files: | ||||||
|  |     - ./../vars/nginx.yml | ||||||
|  |  | ||||||
|   vars: |   vars: | ||||||
|     nginx_acme: False |     nginx_acme: False | ||||||
|     nginx_http_extra_options: | |     nginx_http_extra_options: | | ||||||
| @ -20,18 +24,15 @@ | |||||||
|     nginx_ocsp: False |     nginx_ocsp: False | ||||||
|     nginx_worker_processes: auto |     nginx_worker_processes: auto | ||||||
|     nginx__servers: |     nginx__servers: | ||||||
|       - name: vam-teplee |       - name: '{{ lxc_host }}' | ||||||
|  |  | ||||||
|         type: php |         type: php | ||||||
|  |  | ||||||
|         root: /var/www/vam-teplee |         root: '/var/www/{{ lxc_host }}' | ||||||
|  |  | ||||||
|         public_dir_name: '' |         public_dir_name: '' | ||||||
|  |  | ||||||
|         include_files_begin: |         include_files_begin: '{{ nginx_includes_begin }}' | ||||||
|           - includes.d/www.conf |  | ||||||
|           - includes.d/octobercms.conf |  | ||||||
|           - includes.d/staticfiles.conf |  | ||||||
|  |  | ||||||
|         options: set $upstream unix:/run/php7.4-fpm-www-data.sock; |         options: set $upstream unix:/run/php7.4-fpm-www-data.sock; | ||||||
|  |  | ||||||
| @ -55,32 +56,54 @@ | |||||||
|         php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)? |         php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)? | ||||||
|  |  | ||||||
|   pre_tasks: |   pre_tasks: | ||||||
|  |     - name: Set filtered includes | ||||||
|  |       set_fact: | ||||||
|  |         nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}" | ||||||
|  |       when: item != omit | ||||||
|  |       loop: | ||||||
|  |           - "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}" | ||||||
|  |           - includes.d/octobercms.conf | ||||||
|  |           - includes.d/staticfiles.conf | ||||||
|  |  | ||||||
|     - name: Copy OctoberCMS nginx conf includes and www redirect |     - name: Copy OctoberCMS nginx conf includes and www redirect | ||||||
|       copy: |       copy: | ||||||
|         src: "{{item}}" |         src: etc/nginx/includes.d | ||||||
|         dest: /etc/nginx/ |         dest: /etc/nginx/ | ||||||
|         mode: 0644 |         mode: 0644 | ||||||
|       loop: |  | ||||||
|         - nginx/includes.d |   post_tasks: | ||||||
|  |     - name: Default index.html | ||||||
|  |       template: | ||||||
|  |         src: var/www/lxc_host/index.html.j2 | ||||||
|  |         dest: '/var/www/{{ lxc_host }}/index.html' | ||||||
|  |         mode: 0644 | ||||||
|  |         owner: '{{ lxc_host }}' | ||||||
|  |  | ||||||
|  |     - name: Copy normalized.css | ||||||
|  |       template: | ||||||
|  |         src: var/www/lxc_host/normalized.css | ||||||
|  |         dest: '/var/www/{{ lxc_host }}/' | ||||||
|  |         mode: 0644 | ||||||
|  |         owner: '{{ lxc_host }}' | ||||||
|  |  | ||||||
|   roles: |   roles: | ||||||
|  |  | ||||||
|     - role: keyring | #    - role: keyring | ||||||
|       tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ] | #      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ] | ||||||
|       keyring__dependent_apt_keys: | #      keyring__dependent_apt_keys: | ||||||
|         - '{{ nginx__keyring__dependent_apt_keys }}' | #        - '{{ nginx__keyring__dependent_apt_keys }}' | ||||||
|  | # | ||||||
|     - role: apt_preferences | #    - role: apt_preferences | ||||||
|       tags: [ 'role::apt_preferences', 'skip::apt_preferences' ] | #      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ] | ||||||
|       apt_preferences__dependent_list: | #      apt_preferences__dependent_list: | ||||||
|         - '{{ nginx__apt_preferences__dependent_list }}' | #        - '{{ nginx__apt_preferences__dependent_list }}' | ||||||
|  | # | ||||||
|     - role: python | #    - role: python | ||||||
|       tags: [ 'role::python', 'skip::python' ] | #      tags: [ 'role::python', 'skip::python' ] | ||||||
|       python__dependent_packages3: | #      python__dependent_packages3: | ||||||
|         - '{{ nginx__python__dependent_packages3 }}' | #        - '{{ nginx__python__dependent_packages3 }}' | ||||||
|       python__dependent_packages2: | #      python__dependent_packages2: | ||||||
|         - '{{ nginx__python__dependent_packages2 }}' | #        - '{{ nginx__python__dependent_packages2 }}' | ||||||
|  |  | ||||||
|     - role: nginx |     - role: nginx | ||||||
|       tags: [ 'role::nginx', 'skip::nginx' ] |       tags: [ 'role::nginx', 'skip::nginx' ] | ||||||
|  | |||||||
							
								
								
									
										20
									
								
								debops/root_account.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								debops/root_account.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,20 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Manage root system account | ||||||
|  |   collections: [ 'debops.debops', 'debops.roles01', | ||||||
|  |                  'debops.roles02', 'debops.roles03' ] | ||||||
|  |   hosts: [ 'debian10' ] | ||||||
|  |   become: True | ||||||
|  |  | ||||||
|  |   environment: '{{ inventory__environment | d({}) | ||||||
|  |                    | combine(inventory__group_environment | d({})) | ||||||
|  |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |   vars: | ||||||
|  |     root_account__enabled: True | ||||||
|  | #    root_account__dotfiles_enabled: True | ||||||
|  | #    root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git' | ||||||
|  |  | ||||||
|  |   roles: | ||||||
|  |     - role: root_account | ||||||
|  |       tags: [ 'role::root_account', 'skip::root_account' ] | ||||||
							
								
								
									
										30
									
								
								debops/sudo.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								debops/sudo.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Configure sudo service | ||||||
|  |   collections: [ 'debops.debops', 'debops.roles01', | ||||||
|  |                  'debops.roles02', 'debops.roles03' ] | ||||||
|  |   hosts: [ 'debian10' ] | ||||||
|  |   become: True | ||||||
|  |  | ||||||
|  |   environment: '{{ inventory__environment | d({}) | ||||||
|  |                    | combine(inventory__group_environment | d({})) | ||||||
|  |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |   vars_files: | ||||||
|  |     - ./../vars/sudo.yml | ||||||
|  |  | ||||||
|  |   roles: | ||||||
|  | #    - role: python | ||||||
|  | #      tags: [ 'role::python', 'skip::python', 'role::ldap' ] | ||||||
|  | #      python__dependent_packages3: | ||||||
|  | #        - '{{ ldap__python__dependent_packages3 }}' | ||||||
|  | #      python__dependent_packages2: | ||||||
|  | #        - '{{ ldap__python__dependent_packages2 }}' | ||||||
|  | # | ||||||
|  | #    - role: ldap | ||||||
|  | #      tags: [ 'role::ldap', 'skip::ldap' ] | ||||||
|  | #      ldap__dependent_tasks: | ||||||
|  | #        - '{{ sudo__ldap__dependent_tasks }}' | ||||||
|  |  | ||||||
|  |     - role: sudo | ||||||
|  |       tags: [ 'role::sudo', 'skip::sudo' ] | ||||||
							
								
								
									
										27
									
								
								debops/system_users.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										27
									
								
								debops/system_users.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,27 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Manage local users and groups | ||||||
|  |   collections: [ 'debops.debops', 'debops.roles01', | ||||||
|  |                  'debops.roles02', 'debops.roles03' ] | ||||||
|  |   hosts: [ 'debian10' ] | ||||||
|  |   become: True | ||||||
|  |  | ||||||
|  |   environment: '{{ inventory__environment | d({}) | ||||||
|  |                    | combine(inventory__group_environment | d({})) | ||||||
|  |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |   vars: | ||||||
|  |     system_users__self: False | ||||||
|  |     system_users__dotfiles_enabled: True | ||||||
|  |     system_users__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git' | ||||||
|  |  | ||||||
|  |   vars_files: | ||||||
|  |     - ./../vars/system_users.yml | ||||||
|  |  | ||||||
|  |   roles: | ||||||
|  |  | ||||||
|  |     - role: libuser | ||||||
|  |       tags: [ 'role::libuser', 'skip::libuser' ] | ||||||
|  |  | ||||||
|  |     - role: system_users | ||||||
|  |       tags: [ 'role::system_users', 'skip::system_users' ] | ||||||
							
								
								
									
										76
									
								
								debops/templates/var/www/lxc_host/index.html.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										76
									
								
								debops/templates/var/www/lxc_host/index.html.j2
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,76 @@ | |||||||
|  | {# Copyright (C) 2014-2017 Maciej Delmanowski <drybjed@drybjed.net> | ||||||
|  |  # Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net> | ||||||
|  |  # Copyright (C) 2014-2017 DebOps <https://debops.org/> | ||||||
|  |  # SPDX-License-Identifier: GPL-3.0-only | ||||||
|  |  #} | ||||||
|  | <!DOCTYPE html> | ||||||
|  | <html lang="en"> | ||||||
|  | {% set nginx_tpl_domain = item.welcome_domain | d(item.name if (item.name is string) else item.name[0] | d(ansible_domain)) %} | ||||||
|  | {% if nginx_tpl_domain %} | ||||||
|  | {%   set nginx_tpl_welcome_title = '<a href="' + item.welcome_url_scheme | d("https") + '://' + nginx_tpl_domain + '/">' + nginx_tpl_domain + '</a>' %} | ||||||
|  | {% else %} | ||||||
|  | {%   set nginx_tpl_welcome_title = '<a href="http://companyname.website/">CompanyName.website</a>' %} | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  |   <head> | ||||||
|  |     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | ||||||
|  |     <meta name="referrer" content="no-referrer"> | ||||||
|  |     <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||||||
|  |     <title>{{ nginx_tpl_domain | d("CompanyName.website") }}</title> | ||||||
|  | {% if item.welcome_css | d(True) | bool %} | ||||||
|  |     <link rel="stylesheet" type="text/css" media="screen" href="normalize.css"> | ||||||
|  |     <style type="text/css" media="screen"> | ||||||
|  | html { | ||||||
|  |   font-size: 17px; | ||||||
|  |   font-family: "Droid Sans Condensed", sans-serif; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @media (max-width: 900px) { | ||||||
|  |   html { font-size: 15px; } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @media (max-width: 400px) { | ||||||
|  |   html { font-size: 13px; } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | #content { | ||||||
|  |   margin: 0 auto; | ||||||
|  |   width: 600px; | ||||||
|  |   padding: 2rem; | ||||||
|  |   text-align: center; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | @media (max-width: 900px) { | ||||||
|  |   #content { | ||||||
|  |     width: 70%; | ||||||
|  |     padding: 1.5rem; | ||||||
|  |   } | ||||||
|  | } | ||||||
|  |  | ||||||
|  | h1 { | ||||||
|  |   padding-bottom: 0.05em; | ||||||
|  |   border-bottom: 2px solid #0092DF; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | a { | ||||||
|  |   text-decoration: none; | ||||||
|  |   color: #0092DF; | ||||||
|  | } | ||||||
|  |     </style> | ||||||
|  | {% endif %} | ||||||
|  |   </head> | ||||||
|  |  | ||||||
|  |   <body> | ||||||
|  |     <div id="content"> | ||||||
|  |  | ||||||
|  |       <h2>{{ nginx_tpl_welcome_title }}</h2> | ||||||
|  |  | ||||||
|  | {% if nginx_tpl_domain %} | ||||||
|  |       <p id="http-status"><strong>{{ item.welcome_status_choices | d([ '200 OK', "418 I'm a teapot" ]) | random }}</strong></p> | ||||||
|  | {% elif not nginx_tpl_domain %} | ||||||
|  |       <p>If you're reading this, the web server was installed correctly.</p> | ||||||
|  | {% endif %} | ||||||
|  |  | ||||||
|  |     </div> | ||||||
|  |   </body> | ||||||
|  | </html> | ||||||
							
								
								
									
										427
									
								
								debops/templates/var/www/lxc_host/normalize.css
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										427
									
								
								debops/templates/var/www/lxc_host/normalize.css
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,427 @@ | |||||||
|  | /*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */ | ||||||
|  | /* Copyright (C) 2015 Nicolas Gallagher <nicolasgallagher@gmail.com> */ | ||||||
|  | /* Copyright (C) 2015 Jonathan Neal <jonathantneal@hotmail.com> */ | ||||||
|  | /* SPDX-License-Identifier: MIT */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Set default font family to sans-serif. | ||||||
|  |  * 2. Prevent iOS and IE text size adjust after device orientation change, | ||||||
|  |  *    without disabling user zoom. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | html { | ||||||
|  |   font-family: sans-serif; /* 1 */ | ||||||
|  |   -ms-text-size-adjust: 100%; /* 2 */ | ||||||
|  |   -webkit-text-size-adjust: 100%; /* 2 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove default margin. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | body { | ||||||
|  |   margin: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* HTML5 display definitions | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Correct `block` display not defined for any HTML5 element in IE 8/9. | ||||||
|  |  * Correct `block` display not defined for `details` or `summary` in IE 10/11 | ||||||
|  |  * and Firefox. | ||||||
|  |  * Correct `block` display not defined for `main` in IE 11. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | article, | ||||||
|  | aside, | ||||||
|  | details, | ||||||
|  | figcaption, | ||||||
|  | figure, | ||||||
|  | footer, | ||||||
|  | header, | ||||||
|  | hgroup, | ||||||
|  | main, | ||||||
|  | menu, | ||||||
|  | nav, | ||||||
|  | section, | ||||||
|  | summary { | ||||||
|  |   display: block; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Correct `inline-block` display not defined in IE 8/9. | ||||||
|  |  * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | audio, | ||||||
|  | canvas, | ||||||
|  | progress, | ||||||
|  | video { | ||||||
|  |   display: inline-block; /* 1 */ | ||||||
|  |   vertical-align: baseline; /* 2 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Prevent modern browsers from displaying `audio` without controls. | ||||||
|  |  * Remove excess height in iOS 5 devices. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | audio:not([controls]) { | ||||||
|  |   display: none; | ||||||
|  |   height: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address `[hidden]` styling not present in IE 8/9/10. | ||||||
|  |  * Hide the `template` element in IE 8/9/10/11, Safari, and Firefox < 22. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | [hidden], | ||||||
|  | template { | ||||||
|  |   display: none; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Links | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove the gray background color from active links in IE 10. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | a { | ||||||
|  |   background-color: transparent; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Improve readability of focused elements when they are also in an | ||||||
|  |  * active/hover state. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | a:active, | ||||||
|  | a:hover { | ||||||
|  |   outline: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Text-level semantics | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address styling not present in IE 8/9/10/11, Safari, and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | abbr[title] { | ||||||
|  |   border-bottom: 1px dotted; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address style set to `bolder` in Firefox 4+, Safari, and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | b, | ||||||
|  | strong { | ||||||
|  |   font-weight: bold; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address styling not present in Safari and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | dfn { | ||||||
|  |   font-style: italic; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address variable `h1` font-size and margin within `section` and `article` | ||||||
|  |  * contexts in Firefox 4+, Safari, and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | h1 { | ||||||
|  |   font-size: 2em; | ||||||
|  |   margin: 0.67em 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address styling not present in IE 8/9. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | mark { | ||||||
|  |   background: #ff0; | ||||||
|  |   color: #000; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address inconsistent and variable font size in all browsers. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | small { | ||||||
|  |   font-size: 80%; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Prevent `sub` and `sup` affecting `line-height` in all browsers. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | sub, | ||||||
|  | sup { | ||||||
|  |   font-size: 75%; | ||||||
|  |   line-height: 0; | ||||||
|  |   position: relative; | ||||||
|  |   vertical-align: baseline; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | sup { | ||||||
|  |   top: -0.5em; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | sub { | ||||||
|  |   bottom: -0.25em; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Embedded content | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove border when inside `a` element in IE 8/9/10. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | img { | ||||||
|  |   border: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Correct overflow not hidden in IE 9/10/11. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | svg:not(:root) { | ||||||
|  |   overflow: hidden; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Grouping content | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address margin not present in IE 8/9 and Safari. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | figure { | ||||||
|  |   margin: 1em 40px; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address differences between Firefox and other browsers. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | hr { | ||||||
|  |   box-sizing: content-box; | ||||||
|  |   height: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Contain overflow in all browsers. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | pre { | ||||||
|  |   overflow: auto; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address odd `em`-unit font size rendering in all browsers. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | code, | ||||||
|  | kbd, | ||||||
|  | pre, | ||||||
|  | samp { | ||||||
|  |   font-family: monospace, monospace; | ||||||
|  |   font-size: 1em; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Forms | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Known limitation: by default, Chrome and Safari on OS X allow very limited | ||||||
|  |  * styling of `select`, unless a `border` property is set. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Correct color not being inherited. | ||||||
|  |  *    Known issue: affects color of disabled elements. | ||||||
|  |  * 2. Correct font properties not being inherited. | ||||||
|  |  * 3. Address margins set differently in Firefox 4+, Safari, and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button, | ||||||
|  | input, | ||||||
|  | optgroup, | ||||||
|  | select, | ||||||
|  | textarea { | ||||||
|  |   color: inherit; /* 1 */ | ||||||
|  |   font: inherit; /* 2 */ | ||||||
|  |   margin: 0; /* 3 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address `overflow` set to `hidden` in IE 8/9/10/11. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button { | ||||||
|  |   overflow: visible; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address inconsistent `text-transform` inheritance for `button` and `select`. | ||||||
|  |  * All other form control elements do not inherit `text-transform` values. | ||||||
|  |  * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera. | ||||||
|  |  * Correct `select` style inheritance in Firefox. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button, | ||||||
|  | select { | ||||||
|  |   text-transform: none; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio` | ||||||
|  |  *    and `video` controls. | ||||||
|  |  * 2. Correct inability to style clickable `input` types in iOS. | ||||||
|  |  * 3. Improve usability and consistency of cursor style between image-type | ||||||
|  |  *    `input` and others. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button, | ||||||
|  | html input[type="button"], /* 1 */ | ||||||
|  | input[type="reset"], | ||||||
|  | input[type="submit"] { | ||||||
|  |   -webkit-appearance: button; /* 2 */ | ||||||
|  |   cursor: pointer; /* 3 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Re-set default cursor for disabled elements. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button[disabled], | ||||||
|  | html input[disabled] { | ||||||
|  |   cursor: default; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove inner padding and border in Firefox 4+. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | button::-moz-focus-inner, | ||||||
|  | input::-moz-focus-inner { | ||||||
|  |   border: 0; | ||||||
|  |   padding: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Address Firefox 4+ setting `line-height` on `input` using `!important` in | ||||||
|  |  * the UA stylesheet. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | input { | ||||||
|  |   line-height: normal; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * It's recommended that you don't attempt to style these elements. | ||||||
|  |  * Firefox's implementation doesn't respect box-sizing, padding, or width. | ||||||
|  |  * | ||||||
|  |  * 1. Address box sizing set to `content-box` in IE 8/9/10. | ||||||
|  |  * 2. Remove excess padding in IE 8/9/10. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | input[type="checkbox"], | ||||||
|  | input[type="radio"] { | ||||||
|  |   box-sizing: border-box; /* 1 */ | ||||||
|  |   padding: 0; /* 2 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Fix the cursor style for Chrome's increment/decrement buttons. For certain | ||||||
|  |  * `font-size` values of the `input`, it causes the cursor style of the | ||||||
|  |  * decrement button to change from `default` to `text`. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | input[type="number"]::-webkit-inner-spin-button, | ||||||
|  | input[type="number"]::-webkit-outer-spin-button { | ||||||
|  |   height: auto; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Address `appearance` set to `searchfield` in Safari and Chrome. | ||||||
|  |  * 2. Address `box-sizing` set to `border-box` in Safari and Chrome. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | input[type="search"] { | ||||||
|  |   -webkit-appearance: textfield; /* 1 */ | ||||||
|  |   box-sizing: content-box; /* 2 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove inner padding and search cancel button in Safari and Chrome on OS X. | ||||||
|  |  * Safari (but not Chrome) clips the cancel button when the search input has | ||||||
|  |  * padding (and `textfield` appearance). | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | input[type="search"]::-webkit-search-cancel-button, | ||||||
|  | input[type="search"]::-webkit-search-decoration { | ||||||
|  |   -webkit-appearance: none; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Define consistent border, margin, and padding. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | fieldset { | ||||||
|  |   border: 1px solid #c0c0c0; | ||||||
|  |   margin: 0 2px; | ||||||
|  |   padding: 0.35em 0.625em 0.75em; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * 1. Correct `color` not being inherited in IE 8/9/10/11. | ||||||
|  |  * 2. Remove padding so people aren't caught out if they zero out fieldsets. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | legend { | ||||||
|  |   border: 0; /* 1 */ | ||||||
|  |   padding: 0; /* 2 */ | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove default vertical scrollbar in IE 8/9/10/11. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | textarea { | ||||||
|  |   overflow: auto; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Don't inherit the `font-weight` (applied by a rule above). | ||||||
|  |  * NOTE: the default cannot safely be changed in Chrome and Safari on OS X. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | optgroup { | ||||||
|  |   font-weight: bold; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | /* Tables | ||||||
|  |    ========================================================================== */ | ||||||
|  |  | ||||||
|  | /** | ||||||
|  |  * Remove most spacing between table cells. | ||||||
|  |  */ | ||||||
|  |  | ||||||
|  | table { | ||||||
|  |   border-collapse: collapse; | ||||||
|  |   border-spacing: 0; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | td, | ||||||
|  | th { | ||||||
|  |   padding: 0; | ||||||
|  | } | ||||||
							
								
								
									
										39
									
								
								debops/yadm.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								debops/yadm.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,39 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Configure yadm, Yet Another Dotfiles Manager | ||||||
|  |   collections: [ 'debops.debops', 'debops.roles01', | ||||||
|  |                  'debops.roles02', 'debops.roles03' ] | ||||||
|  |   hosts: [ 'debian10' ] | ||||||
|  |   become: True | ||||||
|  |  | ||||||
|  |   environment: '{{ inventory__environment | d({}) | ||||||
|  |                    | combine(inventory__group_environment | d({})) | ||||||
|  |                    | combine(inventory__host_environment  | d({})) }}' | ||||||
|  |  | ||||||
|  |   vars: | ||||||
|  |     yadm__enabled: True | ||||||
|  |     yadm__dotfiles_enabled: True | ||||||
|  |  | ||||||
|  |     yadm__upstream_enabled: True | ||||||
|  |     yadm__upstream_version: '2.5.0' | ||||||
|  |  | ||||||
|  |     # That be used in yadm.fact.j2 - python script for resolving ansible.local.yadm.dotfile git repo | ||||||
|  |     yadm__dotfiles_host: vcs.wpstudio.ru | ||||||
|  |     yadm__dotfiles_owner: gitea | ||||||
|  |     yadm__default_dotfiles: | ||||||
|  |       - name: 'gitea' | ||||||
|  |         git: 'https://vcs.wpstudio.ru/gitea/dotfiles.git' | ||||||
|  |  | ||||||
|  |   roles: | ||||||
|  |     - role: keyring | ||||||
|  |       tags: [ 'role::keyring', 'skip::keyring', 'role::yadm' ] | ||||||
|  |       keyring__dependent_gpg_keys: | ||||||
|  |         - '{{ yadm__keyring__dependent_gpg_keys }}' | ||||||
|  |  | ||||||
|  |     - role: apt_preferences | ||||||
|  |       tags: [ 'role::apt_preferences', 'skip::apt_preferences' ] | ||||||
|  |       apt_preferences__dependent_list: | ||||||
|  |         - '{{ yadm__apt_preferences__dependent_list }}' | ||||||
|  |  | ||||||
|  |     - role: yadm | ||||||
|  |       tags: [ 'role::yadm', 'skip::yadm' ] | ||||||
							
								
								
									
										3
									
								
								hosts
									
									
									
									
									
								
							
							
						
						
									
										3
									
								
								hosts
									
									
									
									
									
								
							| @ -10,7 +10,8 @@ | |||||||
| #   - A hostname/ip can be a member of multiple groups | #   - A hostname/ip can be a member of multiple groups | ||||||
|  |  | ||||||
| [lxc_templates] | [lxc_templates] | ||||||
| debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root | #debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root | ||||||
|  | debian10  ansible_host='{{ lxc_host }}' | ||||||
|  |  | ||||||
| [anygroup] | [anygroup] | ||||||
| server1     ansible_host=192.168.0.1 | server1     ansible_host=192.168.0.1 | ||||||
|  | |||||||
							
								
								
									
										12
									
								
								nginx-only.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								nginx-only.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | |||||||
|  | --- | ||||||
|  | - hosts: debian10 | ||||||
|  |   roles: | ||||||
|  |     - release-changed | ||||||
|  |     - locales | ||||||
|  | #- import_playbook: debops/tzdata.yml | ||||||
|  | #- import_playbook: debops/pki.yml | ||||||
|  | - import_playbook: debops/yadm.yml | ||||||
|  | - import_playbook: debops/root_account.yml | ||||||
|  | #- import_playbook: debops/sudo.yml | ||||||
|  | #- import_playbook: debops/system_users.yml | ||||||
|  | #- import_playbook: debops/nginx.yml | ||||||
| @ -1,11 +1,13 @@ | |||||||
| --- | --- | ||||||
| - import_playbook: debops/tzdata.yml | - import_playbook: debops/tzdata.yml | ||||||
| #- import_playbook: debops/pki.yml | - import_playbook: debops/pki.yml | ||||||
| #- import_playbook: debops/mariadb.yml | - import_playbook: debops/mariadb.yml | ||||||
| #- import_playbook: debops/php-prod.yml | - import_playbook: debops/php-prod.yml | ||||||
| #- import_playbook: debops/nginx.yml | - import_playbook: debops/nginx.yml | ||||||
| #- import_playbook: debops/nodejs.yml | - import_playbook: debops/nodejs.yml | ||||||
| #- import_playbook: debops/redis.yml | - import_playbook: debops/redis.yml | ||||||
|  | - import_playbook: debops/users.yml | ||||||
|  | - import_playbook: debops/sudo.yml | ||||||
|  |  | ||||||
| # Import all other group playbooks in this file... | # Import all other group playbooks in this file... | ||||||
|  |  | ||||||
|  | |||||||
							
								
								
									
										9
									
								
								ping.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								ping.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,9 @@ | |||||||
|  | --- | ||||||
|  | - hosts: debian10 | ||||||
|  |   tasks: | ||||||
|  |     - name: whoami test | ||||||
|  |       shell: whoami | ||||||
|  |  | ||||||
|  | # Associate further roles to servers in specific group in this file... | ||||||
|  |  | ||||||
|  | ... | ||||||
							
								
								
									
										8
									
								
								roles/locales/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/locales/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,8 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Setup EN & RU UTF-8 locales | ||||||
|  |   shell: | | ||||||
|  |     apt install -y locales && \ | ||||||
|  |     sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ | ||||||
|  |     sed -i 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen && \ | ||||||
|  |     locale-gen | ||||||
							
								
								
									
										4
									
								
								roles/release-changed/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								roles/release-changed/tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | |||||||
|  | --- | ||||||
|  |  | ||||||
|  | - name: Allow release info changed | ||||||
|  |   shell: apt --allow-releaseinfo-change update | ||||||
							
								
								
									
										48
									
								
								run-playbook.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										48
									
								
								run-playbook.sh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,48 @@ | |||||||
|  | #!/bin/bash | ||||||
|  | SERVER=$1 | ||||||
|  | LXC_HOST=$2 | ||||||
|  | PLAYBOOK=$3 | ||||||
|  |  | ||||||
|  | usage() { | ||||||
|  |     echo "Usage: run-playbook.sh server lxc_host playbook" | ||||||
|  |     echo "server - main proxmox server IP address and lxc_host that the name of lxc container" | ||||||
|  |     echo "lxc_host - name of lxc container" | ||||||
|  |     echo "playbook - playbook file" | ||||||
|  | } | ||||||
|  |  | ||||||
|  | if [[ -z "$SERVER" ]]; then | ||||||
|  |   echo "You must defined SERVER as first argument" | ||||||
|  |   usage | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [[ -z "$LXC_HOST" ]]; then | ||||||
|  |   echo "You must defined LXC_HOST as second argument" | ||||||
|  |   usage | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [[ -z "$PLAYBOOK" ]]; then | ||||||
|  |   echo "You must defined PLAYBOOK as third argument" | ||||||
|  |   usage | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | if [[ ! -f "$PLAYBOOK" ]]; then | ||||||
|  |   echo "Playbook file is not exists: $PLAYBOOK" | ||||||
|  |   usage | ||||||
|  |   exit 1 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | COMMAND=$(cat <<EOF | ||||||
|  | ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK | ||||||
|  | EOF | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | printf 'Launch ansible playbook:\n%s\n' "$COMMAND" | ||||||
|  | read -p "Are you sure?  " -n 1 -r | ||||||
|  | echo    # (optional) move to a new line | ||||||
|  | if [[ $REPLY =~ ^[Yy]$ ]] | ||||||
|  | then | ||||||
|  |     /bin/bash -c "$COMMAND" | ||||||
|  | fi | ||||||
							
								
								
									
										2
									
								
								vars/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								vars/.gitignore
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @ -0,0 +1,2 @@ | |||||||
|  | * | ||||||
|  | !*-example.yml | ||||||
							
								
								
									
										7
									
								
								vars/databases-example.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								vars/databases-example.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,7 @@ | |||||||
|  | mariadb__databases: | ||||||
|  |   - name: '{{ lxc_host }}' | ||||||
|  |  | ||||||
|  | mariadb__users: | ||||||
|  |   - name: '{{ lxc_host }}' | ||||||
|  |     host: '%' | ||||||
|  |     database: '{{ lxc_host }}%' | ||||||
							
								
								
									
										1
									
								
								vars/nginx-example.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								vars/nginx-example.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | |||||||
|  | nginx_www_redirect: False | ||||||
							
								
								
									
										4
									
								
								vars/sudo-example.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								vars/sudo-example.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,4 @@ | |||||||
|  | sudo__sudoers: | ||||||
|  |   - name: '{{ lxc_host }}-nopasswd' | ||||||
|  |     raw: | | ||||||
|  |       {{ lxc_host }}  ALL=(ALL) NOPASSWD: ALL | ||||||
							
								
								
									
										9
									
								
								vars/system_users-example.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								vars/system_users-example.yml
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,9 @@ | |||||||
|  | system_users__groups: | ||||||
|  |   - name: '{{ lxc_host }}' | ||||||
|  |     user: False | ||||||
|  |  | ||||||
|  | system_users__accounts: | ||||||
|  |   - name: '{{ lxc_host }}' | ||||||
|  |     group: '{{ lxc_host }}' | ||||||
|  |     admin: True | ||||||
|  |     shell: '/bin/bash' | ||||||
		Reference in New Issue
	
	Block a user