uap33-r/onfarbo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ansible + goss

Browse Source
This commit is contained in:
root
2022-02-09 09:28:32 +01:00
parent 3c8d12a40f
commit b85cfcdf7e
12 changed files with 332 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/main.yml Normal file
View File

@@ -0,0 +1,10 @@
- hosts: localhost
connection: local
become: yes
become_method: sudo
become_user: root
roles:
- doku
- mysql
- adminer
- ssl-apache

24
ansible/roles/adminer/tasks/main.yml Normal file
View File

@@ -0,0 +1,24 @@
- name: installation php
apt:
name: php-mysql
state: present
- name: installation adminer
get_url:
url: http://www.adminer.org/latest.php
dest: /var/www/html/adminer.php
- name: droit 755
file:
path: /var/www/html/adminer
state: directory
mode: '0755'
recurse: yes
- name: droit adminer
file:
path: /var/www/html/adminer
state: directory
owner: www-data
group: www-data
recurse: yes

1
ansible/roles/doku/defaults/main.yml Normal file
View File

@@ -0,0 +1 @@
doku: "dokuwiki-2020-07-29"

83
ansible/roles/doku/tasks/main.yml Normal file
View File

@@ -0,0 +1,83 @@
- name: installation apache2
apt:
name: apache2
state: present
- name: installation php
apt:
name: php
state: present
- name: installation php-mbstring
apt:
name: php-mbstring
state: present
- name: installation php-gd
apt:
name: php-gd
state: present
- name: installation php-xml
apt:
name: php7.4-xml
state: present
- name: recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl.sio.lan/store/dokuwiki-stable.tgz
dest: /tmp
- name: Extraction archive
unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
remote_src: yes
- name: stat rept
stat:
path: /var/www/html/{{ doku }}
register: rept_stat
- name: Renommage de dokuwiki-stable
command: mv /var/www/html/{{ doku }} /var/www/html/doku
when: rept_stat.stat.exists
- name: Droit root recursive
file:
path: /var/www/html/doku
state: directory
recurse: yes
owner: root
group: root
- name: droit 755
file:
path: /var/www/html/doku
state: directory
mode: '0755'
recurse: yes
- name: droit apache data
file:
path: /var/www/html/doku/data
state: directory
owner: www-data
group: www-data
recurse: yes
- name: droit apache lib
file:
path: /var/www/html/doku/lib
state: directory
owner: www-data
group: www-data
recurse: yes
- name: droit apache conf
file:
path: /var/www/html/doku/conf
state: directory
owner: www-data
group: www-data
recurse: yes

4
ansible/roles/mysql/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: Restart MySQL
service:
name: mysqld
state: restarted

35
ansible/roles/mysql/tasks/main.yml Normal file
View File

@@ -0,0 +1,35 @@
- name: "[MYSQL] - update cache"
apt:
update_cache: yes
- name: "[MYSQL] - install"
apt:
name: mariadb-server
state: latest
- name: "[Python] - install"
apt:
name: python3-pymysql
state: latest
- name: "[MYSQL] - Démarrage MySQL"
service:
name: "mysqld"
state: started
enabled: yes
- name: "[MYSQL] - Création de la base de données"
mysql_db:
name: bdarbre
check_implicit_admin: yes
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
- name: Creation de l'utilisateur mysql avec tous les privliges
mysql_user:
name: ap43
password: Azerty1+
priv: "*.*:ALL,GRANT"
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
notify: Restart MySQL

32
ansible/roles/ssl-apache/files/000-default.conf Normal file
View File

@@ -0,0 +1,32 @@
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName onfarbo43
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Redirect "/" "https://onfarbo43/"
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

24
ansible/roles/ssl-apache/files/default-ssl.conf Normal file
View File

@@ -0,0 +1,24 @@
#<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName onfarbo43
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
#</IfModule>

16
ansible/roles/ssl-apache/files/ports.conf Normal file
View File

@@ -0,0 +1,16 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 443 https
#<IfModule ssl_module>
# Listen 443
#</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

9
ansible/roles/ssl-apache/handlers/main.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: restart apache2
service:
name: apache2
state: restarted
- name: reload apache2
service:
name: apache2
state: reloaded

63
ansible/roles/ssl-apache/tasks/main.yml Normal file
View File

@@ -0,0 +1,63 @@
- name: Installation des paquets
apt:
name: ['openssl', 'sudo']
- name: Création de la clé
community.crypto.openssl_privatekey:
path: /etc/ssl/private/apache-selfsigned.key
mode: "640"
owner: root
group: root
- name: Création du certificat
community.crypto.x509_certificate:
path: /etc/ssl/certs/apache-selfsigned.crt
privatekey_path: /etc/ssl/private/apache-selfsigned.key
provider: selfsigned
mode: "644"
owner: root
group: root
- name: Suppression du fichier 000-default.conf
file:
path: /etc/apache2/sites-available/000-default.conf
state: absent
- name: Supression du fichier default-ssl.conf
file:
path: /etc/apache2/sites-available/default-ssl.conf
state: absent
- name: Supression du fichier ports.conf
file:
path: /etc/apache2/ports.conf
state: absent
- name: ajout de la redirection https
copy:
src: 000-default.conf
dest: /etc/apache2/sites-available
- name: ajout du site https
copy:
src: default-ssl.conf
dest: /etc/apache2/sites-available
- name: ajout du port 443
copy:
src: ports.conf
dest: /etc/apache2
notify: restart apache2
- name: changement de répertoire
shell: cd /etc/apache2/sites-available
- name: a2ensite default
command: sudo a2ensite 000-default.conf
- name: a2ensite ssl
command: sudo a2ensite default-ssl.conf
- name: a2enmod
command: sudo a2enmod ssl
notify: reload apache2

31
goss/goss.yaml Normal file
View File

@@ -0,0 +1,31 @@
service:
mysql:
enabled: true
running: true
ssh:
enabled: true
running: true
user:
mysql:
exists: true
uid: 106
gid: 113
groups:
- mysql
home: /nonexistent
shell: /bin/false
group:
mysql:
exists: true
gid: 113
ssh:
exists: true
gid: 111
command:
curl -k -s http://onfarbo43/doku|grep onfarbo43:
exit-status: 0
stdout:
- <p>The document has moved <a href="https://onfarbo43/doku">here</a>.</p>
- <address>Apache/2.4.52 (Debian) Server at onfarbo43 Port 80</address>
stderr: []
timeout: 10000