Single necessary change - remove sha-sum of composer version

Set to currently newest version of debops
Use newest python version
Native way for create pma nginx config symlink
Correct disable local nginx host - appropriate dict item name field for preventing errors

hosts

@@ -9,16 +9,17 @@
 #   - You can enter hostnames or ip addresses
 #   - A hostname/ip can be a member of multiple groups
 
+# Check ansible facts: ansible all -m setup -a 'filter=ansible_domain' -e lxc_host=IP_ADDRESS
 [lxc_templates]
 #debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root
 #debian10  ansible_host='{{ lxc_host }}' ansible_port=22230
 debian10  ansible_host='{{ lxc_host }}'
 
 [anygroup]
-server1     ansible_host=192.168.0.1
-server2     ansible_host=192.168.0.2
-server3     ansible_host=192.168.0.3
-server4     ansible_host=192.168.0.4
+#server1     ansible_host=192.168.0.1
+#server2     ansible_host=192.168.0.2
+#server3     ansible_host=192.168.0.3
+#server4     ansible_host=192.168.0.4
 
 # Add your own groups here. Hosts can be added to multiple groups like so:
 # [anothergroup]

playbooks/debops/mariadb-custom-db.yml

@@ -12,14 +12,15 @@
                    | combine(inventory__group_environment | d({}))
                    | combine(inventory__host_environment  | d({})) }}'
 
-
-  vars:
-    mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
-    mariadb__upstream_version: '10.5'
-
   vars_files:
     - ./../../vars/databases.yml
 
+  vars:
+    mariadb__upstream_mirror: 'https://mirror.netcologne.de/mariadb/mariadb-{{ mariadb__upstream_version }}/repo/{{ ansible_distribution | lower }}'
+    mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
+    mariadb__upstream_version: '11.8.3'
+
+
   roles:
 
     - role: secret

playbooks/debops/mariadb_server.yml

@@ -13,18 +13,16 @@
                    | combine(inventory__host_environment  | d({})) }}'
 
   vars:
+    mariadb_server__upstream_mirror: 'https://mirror.netcologne.de/mariadb/mariadb-{{ mariadb_server__upstream_version }}/repo/{{ ansible_distribution | lower }}'
     mariadb_server__flavor: '{{ ansible_local.mariadb.flavor
                                 |d(mariadb_server__flavor_map[ansible_distribution_release] | d("mariadb_upstream")) }}'
-    mariadb_server__upstream_version: '11.2'
+    mariadb_server__upstream_version: '11.8.3'
     mariadb_server__bind_address: '127.0.0.1'
     mariadb_server__mysqld_performance_options:
-      'innodb_buffer_pool_instances': '{{ ansible_processor_vcpus | d(1) }}'
       'innodb_buffer_pool_size': '{{ (ansible_memtotal_mb / 2) | int }}M'
-      'innodb_log_file_size': '{{ (ansible_memtotal_mb / 2) / 4 | int }}M'
-      'query_cache_type': '1'
-      'query_cache_size': '1M'
-      'query_cache_limit': '10M'
-      'join_buffer_size': '1M'
+      'innodb_log_file_size': '{{ ((ansible_memtotal_mb / 2) / 4) | int }}M'
+      'query_cache_type': '0'
+      'join_buffer_size': '10M'
       'performance_schema': 'ON'
       'skip-name-resolve': 'ON'
 #    mariadb_server__options:

playbooks/debops/nginx.yml

@@ -32,6 +32,7 @@
     # TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
     nginx_server_localhost:
       enabled: False
+      name: [ 'localhost', '127.0.0.1', '[::1]' ]
     nginx_listen_port: [ '80' ]
     nginx_listen_ssl_port: [ '443' ]
     nginx__servers:

playbooks/debops/php-prod.yml

@@ -1,5 +1,5 @@
 ---
-
+# https://docs.debops.org/en/stable-3.2/ansible/roles/php/getting-started.html#example-playbook
 - name: Install and manage PHP environment
   collections: [ 'debops.debops', 'debops.roles01',
                  'debops.roles02', 'debops.roles03' ]
@@ -10,6 +10,8 @@
                    | combine(inventory__group_environment | d({}))
                    | combine(inventory__host_environment  | d({})) }}'
 
+  vars_files:
+    - ./../../vars/php.yml
 
   vars:
     php__sury_apt_key_id_map:
@@ -55,9 +57,6 @@
         pm: static
         pm_max_children: 3
 
-  vars_files:
-    - ./../../vars/php.yml
-
   pre_tasks:
 
     - name: Apply keyring configuration for php environment

playbooks/own/php-composer.yml

@@ -7,17 +7,19 @@
 
   hosts: [ 'debian10' ]
 
+  vars_files:
+    - ./../../vars/php.yml
+
   tasks:
     - name: Download and install composer
       when: (php_version is defined)
       shell: |-
         php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-        php -r "if (hash_file('sha384', 'composer-setup.php') === 'dac665fdc30fdd8ec78b38b9800061b4150413ff2e3b6f88543c636f7cd84f6db9189d43a81e5503cda447da73c7e5b6') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
         php composer-setup.php
         php -r "unlink('composer-setup.php');"
         mv composer.phar /usr/local/bin/composer
 
-    - name: Download and install composer
+    - name: Downgrade composer to 1.x branch for legacy php versions
       when: (php_version is defined and php_version == '7.4')
       shell: |-
         composer self-update 1.10.27

playbooks/own/phpmyadmin-nginx-auth.yml

@@ -52,10 +52,11 @@
       shell: |-
         echo "pma:$(openssl passwd -apr1 {{ lookup("password", secret + "/basic/" + site_name + "/pma " + "length=30")}} )" > /etc/nginx/passwords.d/pma.passwords
 
-    - name: 'Turning on pma web site nginx config'
-      shell: |-
-        cd /etc/nginx/sites-enabled
-        ln -s ../sites-available/pma.conf ./
+    - name: Ensure pma nginx site is enabled (via symlink)
+      ansible.builtin.file:
+        src: /etc/nginx/sites-available/pma.conf
+        dest: /etc/nginx/sites-enabled/pma.conf
+        state: link
 
     - name: 'Restarting nginx'
       shell: |-

playbooks/own/phpmyadmin.yml

@@ -8,9 +8,9 @@
   hosts: [ 'debian10' ]
 
   vars:
-    - phpmyadmin_version: 5.2.1
-      # https://docs.ansible.com/ansible/latest/collections/community/general/random_string_lookup.html#keyword-parameters
-    - blowfish_secret: "{{ lookup('community.general.random_string', length=32) }}"
+    phpmyadmin_version: 5.2.1
+    # https://docs.ansible.com/ansible/latest/collections/community/general/random_string_lookup.html#keyword-parameters
+    blowfish_secret: "{{ lookup('community.general.random_string', length=32) }}"
 
   tasks:
     - name: 'Download phpMyAdmin {{ phpmyadmin_version }} into var/www dir and uncompress'
@@ -28,14 +28,32 @@
         mkdir tmp && sudo chown :33 tmp && chmod g+w tmp
 
     - name: 'Set cookie blowfish secret'
-      # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/replace_module.html
-      replace:
+      ansible.builtin.lineinfile:
         path: /var/www/phpmyadmin/config.inc.php
-        regexp: "'blowfish_secret'] = ''"
-        replace: "'blowfish_secret'] = '{{ blowfish_secret | replace('\'', '\\\'') }}'\n\n$cfg['CookieSameSite'] = 'Lax';\n"
+        regexp: "^\\^\\$\\\\cfg\\\\[\\'blowfish_secret\\'\\\\] = '';"
+        line: "$cfg['blowfish_secret'] = '{{ blowfish_secret }}';"
+        owner: '{{ site_name }}'
+        group: '{{ site_name }}'
+        mode: '0640'
+
+    - name: 'Set CookieSameSite to Lax'
+      ansible.builtin.lineinfile:
+        path: /var/www/phpmyadmin/config.inc.php
+        # Добавляет строку в конец файла, если она еще не существует
+        line: "$cfg['CookieSameSite'] = 'Lax';"
+        insertafter: EOF # Вставляет в конец файла
+        # Необязательно, но полезно убедиться, что строки нет до добавления
+        create: false
+        owner: '{{ site_name }}'
+        group: '{{ site_name }}'
+        mode: '0640'
 
     - name: 'Set MaxTableList'
-      replace:
+      ansible.builtin.lineinfile:
         path: /var/www/phpmyadmin/config.inc.php
-        regexp: "^//$cfg['MaxRows'](.*)"
-        replace: "//$cfg['MaxRows']\1\n\n$cfg['MaxTableList'] = 500;\n"
+        regexp: "^//\\$cfg\\['MaxRows'\\]"
+        line: "$cfg['MaxTableList'] = 500;"
+        insertafter: "^//\\$cfg\\['MaxRows'\\]" # Вставит сразу после закомментированной строки
+        owner: '{{ site_name }}'
+        group: '{{ site_name }}'
+        mode: '0640'

requirements.txt

@@ -0,0 +1,2 @@
+ansible==8.7.0
+netaddr==1.3.0

requirements.yml

@@ -1,8 +1,7 @@
 ---
-
+# https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html
 collections:
   - name: nginxinc.nginx_core
     version: 0.8.0
-  - name: https://github.com/debops/debops.git
-    type: git
-    version: d554096b5cb02f4c37f68d80d9103105dd5de34b
+  - name: debops.debops
+    version: 3.2.5

run-site-playbook.sh

@@ -50,7 +50,7 @@ if [[ -z "$DOMAIN_NAME" ]]; then
 fi
 
 COMMAND=$(cat <<EOF
-ansible-playbook -e "lxc_host=${SERVER}" -e "initial_site_name=${SITE_NAME}" -e "domain_name=${DOMAIN_NAME}" -e runner=site
+ansible-playbook -e "lxc_host=${SERVER}" -e "site_name=${SITE_NAME}" -e "domain_name=${DOMAIN_NAME}" -e runner=site
 EOF
 )