+ todo for nginx and pma configs

* pma blowfish secret generator and tmp dir fixes #861m7vaer Шаблон операционной системы на Debian 10
+ yadm initialization for non priveleged and existing users
2024-04-02 10:31:44 +03:00 · 2024-03-22 18:47:05 +03:00
9 changed files with 29 additions and 12 deletions
--- a/playbooks/nginx-site.yml
+++ b/playbooks/nginx-site.yml
@ -12,8 +12,10 @@
 - import_playbook: own/nginx-auth.yml
 - import_playbook: own/phpmyadmin.yml
 - import_playbook: own/phpmyadmin-nginx-auth.yml
- import_playbook: own/correct-paths-for-pct-enter.yml
+#- import_playbook: own/correct-paths-for-pct-enter.yml

 # Import all other group playbooks in this file...

+# TODO: удалить [::]: из конфигов. Определится с дефолтным конфигом. В конфиге pma.conf что-то не так с портами после получения сертификатов.
+# TODO: Перенести маппинг host tld для non-www в conf.d
 ...
--- a/playbooks/nginx-without-db-site.yml
+++ b/playbooks/nginx-without-db-site.yml
--- a/playbooks/own/phpmyadmin.yml
+++ b/playbooks/own/phpmyadmin.yml
@ -9,6 +9,7 @@

  vars:
    - phpmyadmin_version: 5.2.1
+    - blowfish_secret: lookup('community.general.random_string', length=12)

  # Create phpmyadmin config for apache2
  # TODO: Set blowfish_secret and make access rights for ./tmp directory
@ -23,3 +24,7 @@
        unzip -qq phpMyAdmin-{{ phpmyadmin_version }}-all-languages.zip
        rm phpMyAdmin-{{ phpmyadmin_version }}-all-languages.zip
        mv phpMyAdmin-{{ phpmyadmin_version }}-all-languages phpmyadmin
+        cd phpmyadmin
+        cp config.sample.inc.php config.inc.php
+        sed -i "s|'blowfish_secret'] = ''|'blowfish_secret'] = '{{ blowfish_secret }}'|g" config.inc.php
+        mkdir tmp && sudo chown :33 && chmod g+w tmp
--- a/playbooks/own/yadm.yml
+++ b/playbooks/own/yadm.yml
@ -0,0 +1,6 @@
+---
+- hosts: [ 'debian10' ]
+  tasks:
+    - name: Clone dotfiles repo
+      shell: yadm clone --bootstrap https://vcs.wpstudio.ru/gitea/dotfiles.git
+#      TODO: убрать sudo для автовключения тмукса из .bashrc
--- a/playbooks/yadm.yml
+++ b/playbooks/yadm.yml
@ -0,0 +1,2 @@
+---
+- import_playbook: own/yadm.yml
--- a/run-lxc-playbook.sh
+++ b/run-lxc-playbook.sh
@ -42,7 +42,7 @@ if [[ ! -f "$PLAYBOOK" ]]; then
 fi

 COMMAND=$(cat <<EOF
-ansible-playbook -e "lxc_host=$LXC_HOST" -e runner=lxc --ssh-common-args="-o ProxyCommand='ssh -W %h:%p -q root@$SERVER'" $PLAYBOOK
+ansible-playbook -e "lxc_host=$LXC_HOST" -e="domain_name=$LXC_HOST" -e runner=lxc --ssh-common-args="-o ProxyCommand='ssh -W %h:%p -q root@$SERVER'" $PLAYBOOK
 EOF
 )

--- a/run-playbook.sh
+++ b/run-playbook.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 SERVER=$1
 PLAYBOOK=$2
-SITE_NAME=$3
+USER=$3

 while [[ "$#" -gt 0 ]]; do
    case $1 in
@ -28,8 +28,12 @@ if [[ -z "$PLAYBOOK" ]]; then
  exit 1
 fi

+if [[ -z "$USER" ]]; then
+    USER=root
+fi
+
 COMMAND=$(cat <<EOF
-ansible-playbook -e "lxc_host=${SERVER} -e runner=normal"
+ansible-playbook -e "lxc_host=${SERVER}" -e "runner=normal" -e "ansible_user=${USER}"
 EOF
 )

--- a/run-site-playbook.sh
+++ b/run-site-playbook.sh
@ -43,6 +43,12 @@ if [[ -z "$DOMAIN_NAME" ]]; then
  exit 1
 fi

+if [[ ! -f "$PLAYBOOK" ]]; then
+  echo "Playbook file is not exists: $PLAYBOOK"
+  usage
+  exit 1
+fi
+
 COMMAND=$(cat <<EOF
 ansible-playbook -e "lxc_host=${SERVER}" -e "initial_site_name=${SITE_NAME}" -e "domain_name=${DOMAIN_NAME}" -e runner=site
 EOF
--- a/yadm.yml
+++ b/yadm.yml
@ -1,8 +0,0 @@
---
- import_playbook: debops/yadm.yml
- import_playbook: debops/users.yml
- import_playbook: debops/sudo.yml
-
-# Import all other group playbooks in this file...
-
-...