diff --git a/ansible/main.yml b/ansible/main.yml
new file mode 100644
index 0000000..03d1ba3
--- /dev/null
+++ b/ansible/main.yml
@@ -0,0 +1,10 @@
+- hosts: localhost
+ connection: local
+ become: yes
+ become_method: sudo
+ become_user: root
+ roles:
+ - doku
+ - mysql
+ - adminer
+ - ssl-apache
diff --git a/ansible/roles/adminer/tasks/main.yml b/ansible/roles/adminer/tasks/main.yml
new file mode 100644
index 0000000..f453185
--- /dev/null
+++ b/ansible/roles/adminer/tasks/main.yml
@@ -0,0 +1,24 @@
+- name: installation php
+ apt:
+ name: php-mysql
+ state: present
+
+- name: installation adminer
+ get_url:
+ url: http://www.adminer.org/latest.php
+ dest: /var/www/html/adminer.php
+
+- name: droit 755
+ file:
+ path: /var/www/html/adminer
+ state: directory
+ mode: '0755'
+ recurse: yes
+
+- name: droit adminer
+ file:
+ path: /var/www/html/adminer
+ state: directory
+ owner: www-data
+ group: www-data
+ recurse: yes
diff --git a/ansible/roles/doku/defaults/main.yml b/ansible/roles/doku/defaults/main.yml
new file mode 100644
index 0000000..e268da9
--- /dev/null
+++ b/ansible/roles/doku/defaults/main.yml
@@ -0,0 +1 @@
+doku: "dokuwiki-2020-07-29"
diff --git a/ansible/roles/doku/tasks/main.yml b/ansible/roles/doku/tasks/main.yml
new file mode 100644
index 0000000..259c3b2
--- /dev/null
+++ b/ansible/roles/doku/tasks/main.yml
@@ -0,0 +1,83 @@
+- name: installation apache2
+ apt:
+ name: apache2
+ state: present
+
+- name: installation php
+ apt:
+ name: php
+ state: present
+
+- name: installation php-mbstring
+ apt:
+ name: php-mbstring
+ state: present
+
+- name: installation php-gd
+ apt:
+ name: php-gd
+ state: present
+
+- name: installation php-xml
+ apt:
+ name: php7.4-xml
+ state: present
+
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+ get_url:
+ url: http://depl.sio.lan/store/dokuwiki-stable.tgz
+ dest: /tmp
+
+- name: Extraction archive
+ unarchive:
+ src: /tmp/dokuwiki-stable.tgz
+ dest: /var/www/html/
+ remote_src: yes
+
+- name: stat rept
+ stat:
+ path: /var/www/html/{{ doku }}
+ register: rept_stat
+
+- name: Renommage de dokuwiki-stable
+ command: mv /var/www/html/{{ doku }} /var/www/html/doku
+ when: rept_stat.stat.exists
+
+- name: Droit root recursive
+ file:
+ path: /var/www/html/doku
+ state: directory
+ recurse: yes
+ owner: root
+ group: root
+
+- name: droit 755
+ file:
+ path: /var/www/html/doku
+ state: directory
+ mode: '0755'
+ recurse: yes
+
+- name: droit apache data
+ file:
+ path: /var/www/html/doku/data
+ state: directory
+ owner: www-data
+ group: www-data
+ recurse: yes
+
+- name: droit apache lib
+ file:
+ path: /var/www/html/doku/lib
+ state: directory
+ owner: www-data
+ group: www-data
+ recurse: yes
+
+- name: droit apache conf
+ file:
+ path: /var/www/html/doku/conf
+ state: directory
+ owner: www-data
+ group: www-data
+ recurse: yes
diff --git a/ansible/roles/mysql/handlers/main.yml b/ansible/roles/mysql/handlers/main.yml
new file mode 100644
index 0000000..fd495eb
--- /dev/null
+++ b/ansible/roles/mysql/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart MySQL
+ service:
+ name: mysqld
+ state: restarted
diff --git a/ansible/roles/mysql/tasks/main.yml b/ansible/roles/mysql/tasks/main.yml
new file mode 100644
index 0000000..58dcd9f
--- /dev/null
+++ b/ansible/roles/mysql/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: "[MYSQL] - update cache"
+ apt:
+ update_cache: yes
+
+- name: "[MYSQL] - install"
+ apt:
+ name: mariadb-server
+ state: latest
+
+- name: "[Python] - install"
+ apt:
+ name: python3-pymysql
+ state: latest
+
+- name: "[MYSQL] - Démarrage MySQL"
+ service:
+ name: "mysqld"
+ state: started
+ enabled: yes
+
+- name: "[MYSQL] - Création de la base de données"
+ mysql_db:
+ name: bdarbre
+ check_implicit_admin: yes
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+ state: present
+
+- name: Creation de l'utilisateur mysql avec tous les privliges
+ mysql_user:
+ name: ap43
+ password: Azerty1+
+ priv: "*.*:ALL,GRANT"
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+ state: present
+ notify: Restart MySQL
diff --git a/ansible/roles/ssl-apache/files/000-default.conf b/ansible/roles/ssl-apache/files/000-default.conf
new file mode 100644
index 0000000..3c67ddd
--- /dev/null
+++ b/ansible/roles/ssl-apache/files/000-default.conf
@@ -0,0 +1,32 @@
+
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+ ServerName onfarbo43
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+ Redirect "/" "https://onfarbo43/"
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/ansible/roles/ssl-apache/files/default-ssl.conf b/ansible/roles/ssl-apache/files/default-ssl.conf
new file mode 100644
index 0000000..cfae74c
--- /dev/null
+++ b/ansible/roles/ssl-apache/files/default-ssl.conf
@@ -0,0 +1,24 @@
+#
+
+ ServerAdmin webmaster@localhost
+ ServerName onfarbo43
+
+ DocumentRoot /var/www/html
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ SSLEngine on
+
+ SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
+ SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
+
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+
+#
diff --git a/ansible/roles/ssl-apache/files/ports.conf b/ansible/roles/ssl-apache/files/ports.conf
new file mode 100644
index 0000000..3664779
--- /dev/null
+++ b/ansible/roles/ssl-apache/files/ports.conf
@@ -0,0 +1,16 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+Listen 443 https
+
+#
+# Listen 443
+#
+
+
+ Listen 443
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/ansible/roles/ssl-apache/handlers/main.yml b/ansible/roles/ssl-apache/handlers/main.yml
new file mode 100644
index 0000000..245ffc6
--- /dev/null
+++ b/ansible/roles/ssl-apache/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: restart apache2
+ service:
+ name: apache2
+ state: restarted
+
+- name: reload apache2
+ service:
+ name: apache2
+ state: reloaded
diff --git a/ansible/roles/ssl-apache/tasks/main.yml b/ansible/roles/ssl-apache/tasks/main.yml
new file mode 100644
index 0000000..f6d8c0d
--- /dev/null
+++ b/ansible/roles/ssl-apache/tasks/main.yml
@@ -0,0 +1,63 @@
+- name: Installation des paquets
+ apt:
+ name: ['openssl', 'sudo']
+
+- name: Création de la clé
+ community.crypto.openssl_privatekey:
+ path: /etc/ssl/private/apache-selfsigned.key
+ mode: "640"
+ owner: root
+ group: root
+
+- name: Création du certificat
+ community.crypto.x509_certificate:
+ path: /etc/ssl/certs/apache-selfsigned.crt
+ privatekey_path: /etc/ssl/private/apache-selfsigned.key
+ provider: selfsigned
+ mode: "644"
+ owner: root
+ group: root
+
+- name: Suppression du fichier 000-default.conf
+ file:
+ path: /etc/apache2/sites-available/000-default.conf
+ state: absent
+
+- name: Supression du fichier default-ssl.conf
+ file:
+ path: /etc/apache2/sites-available/default-ssl.conf
+ state: absent
+
+- name: Supression du fichier ports.conf
+ file:
+ path: /etc/apache2/ports.conf
+ state: absent
+
+- name: ajout de la redirection https
+ copy:
+ src: 000-default.conf
+ dest: /etc/apache2/sites-available
+
+- name: ajout du site https
+ copy:
+ src: default-ssl.conf
+ dest: /etc/apache2/sites-available
+
+- name: ajout du port 443
+ copy:
+ src: ports.conf
+ dest: /etc/apache2
+ notify: restart apache2
+
+- name: changement de répertoire
+ shell: cd /etc/apache2/sites-available
+
+- name: a2ensite default
+ command: sudo a2ensite 000-default.conf
+
+- name: a2ensite ssl
+ command: sudo a2ensite default-ssl.conf
+
+- name: a2enmod
+ command: sudo a2enmod ssl
+ notify: reload apache2
diff --git a/goss/goss.yaml b/goss/goss.yaml
new file mode 100644
index 0000000..9062f27
--- /dev/null
+++ b/goss/goss.yaml
@@ -0,0 +1,31 @@
+service:
+ mysql:
+ enabled: true
+ running: true
+ ssh:
+ enabled: true
+ running: true
+user:
+ mysql:
+ exists: true
+ uid: 106
+ gid: 113
+ groups:
+ - mysql
+ home: /nonexistent
+ shell: /bin/false
+group:
+ mysql:
+ exists: true
+ gid: 113
+ ssh:
+ exists: true
+ gid: 111
+command:
+ curl -k -s http://onfarbo43/doku|grep onfarbo43:
+ exit-status: 0
+ stdout:
+ - The document has moved here.
+ - Apache/2.4.52 (Debian) Server at onfarbo43 Port 80
+ stderr: []
+ timeout: 10000