From 802a214fe2ec0af3842da07e9a88e35b8eaeae82 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Mon, 16 Dec 2019 22:09:24 +0100 Subject: [PATCH] Split playbook. --- backup.yml | 25 ++++++++ inventory | 3 + passbolt.yml | 87 ++++++++++++++++++++++++++++ pycon.yml | 45 +++++++++++++++ site.yml | 157 +-------------------------------------------------- 5 files changed, 163 insertions(+), 154 deletions(-) create mode 100644 backup.yml create mode 100644 passbolt.yml create mode 100644 pycon.yml diff --git a/backup.yml b/backup.yml new file mode 100644 index 0000000..dc38004 --- /dev/null +++ b/backup.yml @@ -0,0 +1,25 @@ +--- + +- hosts: rsnapshoters + roles: [common] + tasks: + - name: Setup rsnapshot cron + include_role: name=rsnapshoter + vars: + rsnapshotted_hosts: "{{ groups.rsnapshotted }}" + rsnapshot_backups: + - remote: passbolt.afpy.org:/srv/backups/ + path: passbolt.afpy.org/ + - remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/ + path: passbolt.afpy.org/ + - remote: passbolt.afpy.org:/srv/passbolt/www/config/ + path: passbolt.afpy.org/ + +- hosts: rsnapshotted + roles: [common] + tasks: + - name: Install rsync + package: + name: rsync + state: present + tags: rsnapshot diff --git a/inventory b/inventory index 054dfa8..1a79ce6 100644 --- a/inventory +++ b/inventory @@ -9,3 +9,6 @@ [rsnapshotted] 51.159.55.117 + +[passbolt] +51.159.55.117 diff --git a/passbolt.yml b/passbolt.yml new file mode 100644 index 0000000..69c1feb --- /dev/null +++ b/passbolt.yml @@ -0,0 +1,87 @@ +--- + +- hosts: pycons + roles: [tschifftner.exim4_sendonly, passbolt, common] + tasks: + - name: Create passbolt backup directory + file: + path: /srv/backups/ + owner: root + group: root + mode: 0700 + state: directory + tags: backup + - name: Setup mysql passbolt backup + cron: + name: passbolt mysql backup + minute: 20 + hour: 5 + job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql' + tags: backup + + + vars: + passbolt_tmpdir: "/srv/passbolt-tmp/" + passbolt_homedir: "/srv/passbolt/" + passbolt_webroot: "/srv/passbolt/www/" + passbolt_use_ssl: True + passbolt_url: "https://passbolt.afpy.org" + passbolt_domain: "passbolt.afpy.org" + passbolt_gpgkey_length: 4096 + passbolt_gpgkey_sublength: 4096 + passbolt_gpgkey_email: "passbolt@afpy.org" + passbolt_dbpass: "{{ vault_passbolt_dbpass }}" + passbolt_smtp_sender_email: "passbolt@afpy.org" + + passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/ + passbolt_php_fpm_listen: /var/run/php/fpm.sock + passbolt_php_fpm_user: passbolt + passbolt_php_fpm_group: passbolt + + passbolt_dbport: 3306 + mysql_root_username: root + mysql_root_password: "{{ vault_mysql_root_password }}" + mysql_databases: + - name: passbolt + encoding: utf8mb4 + collation: utf8mb4_unicode_ci + mysql_users: + - name: passbolt + password: "{{ vault_passbolt_dbpass }}" + priv: "passbolt.*:ALL" + mysql_packages: + - mariadb-server + - mariadb-client + - python-mysqldb + mysql_bind_address: '127.0.0.1' + php_memory_limit: "512M" + php_date_timezone: "Europe/Paris" + php_webserver_daemon: "nginx" + php_enable_php_fpm: true + php_enable_webserver: false + php_default_version_debian: "7.0" + nginx_sites: + passbolt_http: + - listen 80 + - server_name "{{ passbolt_domain }}" + - location / { + return 301 https://{{ passbolt_domain }}$request_uri; + } + + passbolt: + - listen 443 ssl + - server_name passbolt.afpy.org + - server_tokens off + - include snippets/letsencrypt-{{ passbolt_domain }}.conf + - root {{ passbolt_webroot }}/webroot/ + - location / { try_files $uri /index.php$is_args$args; } + - location ~ \.php(/|$) { + fastcgi_pass unix:{{ passbolt_php_fpm_listen }}; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_read_timeout 500; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param SERVER_NAME $http_host; + fastcgi_param DOCUMENT_ROOT $realpath_root; + internal; + } diff --git a/pycon.yml b/pycon.yml new file mode 100644 index 0000000..0dc1fc4 --- /dev/null +++ b/pycon.yml @@ -0,0 +1,45 @@ +--- + +- hosts: pycons + tasks: + - name: Basic setup + include_role: name=common + + - name: Setup PyCon Fr 2010 + include_role: name=pelican + vars: + pelican_user: pycon2010 + pelican_https: true + pelican_domain: 2010.pycon.fr + pelican_repo: https://github.com/AFPy/pyconfr_2010 + pelican_path_in_repo: 2010/ + pelican_home: "/srv/{{ pelican_user }}/" + + - name: Setup PyConFr 2011 + include_role: name=pelican + vars: + pelican_user: pycon2011 + pelican_https: true + pelican_domain: 2011.pycon.fr + pelican_repo: https://github.com/AFPy/pyconfr_2010 + pelican_path_in_repo: 2011/ + pelican_home: "/srv/{{ pelican_user }}/" + + - name: Setup PyConFr 2012 + include_role: name=static + vars: + static_user: pycon2012 + static_https: true + static_domain: 2012.pycon.fr + static_repo: https://github.com/AFPy/pyconfr_2012 + +- hosts: gallery + tasks: + - name: Setup sigal of paullaroid.pycon.fr + include_role: name=gallery + vars: + gallery_https: true + gallery_user: gallery + gallery_domain: paullaroid.pycon.fr + gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git + gallery_home: /srv/gallery/ diff --git a/site.yml b/site.yml index 906a1d2..daeef47 100644 --- a/site.yml +++ b/site.yml @@ -1,156 +1,5 @@ --- -- hosts: all - tasks: - - name: Common role - include_role: name=common - tags: common - -- hosts: gallery - tasks: - - name: Setup sigal of paullaroid.pycon.fr - include_role: name=gallery - vars: - gallery_https: true - gallery_user: gallery - gallery_domain: paullaroid.pycon.fr - gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git - gallery_home: /srv/gallery/ - -- hosts: pycons - tasks: - - name: Setup PyCon Fr 2010 - include_role: name=pelican - vars: - pelican_user: pycon2010 - pelican_https: true - pelican_domain: 2010.pycon.fr - pelican_repo: https://github.com/AFPy/pyconfr_2010 - pelican_path_in_repo: 2010/ - pelican_home: "/srv/{{ pelican_user }}/" - - - name: Setup PyConFr 2011 - include_role: name=pelican - vars: - pelican_user: pycon2011 - pelican_https: true - pelican_domain: 2011.pycon.fr - pelican_repo: https://github.com/AFPy/pyconfr_2010 - pelican_path_in_repo: 2011/ - pelican_home: "/srv/{{ pelican_user }}/" - - - name: Setup PyConFr 2012 - include_role: name=static - vars: - static_user: pycon2012 - static_https: true - static_domain: 2012.pycon.fr - static_repo: https://github.com/AFPy/pyconfr_2012 - -- hosts: rsnapshoters - tasks: - - name: Setup rsnapshot cron - include_role: name=rsnapshoter - vars: - rsnapshotted_hosts: "{{ groups.rsnapshotted }}" - rsnapshot_backups: - - remote: passbolt.afpy.org:/srv/backups/ - path: passbolt.afpy.org/ - - remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/ - path: passbolt.afpy.org/ - - remote: passbolt.afpy.org:/srv/passbolt/www/config/ - path: passbolt.afpy.org/ - -- hosts: rsnapshotted - tasks: - - name: Install rsync - package: - name: rsync - state: present - tags: rsnapshot - -- hosts: pycons - roles: [tschifftner.exim4_sendonly, passbolt] - tasks: - - name: Create passbolt backup directory - file: - path: /srv/backups/ - owner: root - group: root - mode: 0700 - state: directory - tags: backup - - name: Setup mysql passbolt backup - cron: - name: passbolt mysql backup - minute: 20 - hour: 5 - job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql' - tags: backup - - - vars: - passbolt_tmpdir: "/srv/passbolt-tmp/" - passbolt_homedir: "/srv/passbolt/" - passbolt_webroot: "/srv/passbolt/www/" - passbolt_use_ssl: True - passbolt_url: "https://passbolt.afpy.org" - passbolt_domain: "passbolt.afpy.org" - passbolt_gpgkey_length: 4096 - passbolt_gpgkey_sublength: 4096 - passbolt_gpgkey_email: "passbolt@afpy.org" - passbolt_dbpass: "{{ vault_passbolt_dbpass }}" - passbolt_smtp_sender_email: "passbolt@afpy.org" - - passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/ - passbolt_php_fpm_listen: /var/run/php/fpm.sock - passbolt_php_fpm_user: passbolt - passbolt_php_fpm_group: passbolt - - passbolt_dbport: 3306 - mysql_root_username: root - mysql_root_password: "{{ vault_mysql_root_password }}" - mysql_databases: - - name: passbolt - encoding: utf8mb4 - collation: utf8mb4_unicode_ci - mysql_users: - - name: passbolt - password: "{{ vault_passbolt_dbpass }}" - priv: "passbolt.*:ALL" - mysql_packages: - - mariadb-server - - mariadb-client - - python-mysqldb - mysql_bind_address: '127.0.0.1' - php_memory_limit: "512M" - php_date_timezone: "Europe/Paris" - php_webserver_daemon: "nginx" - php_enable_php_fpm: true - php_enable_webserver: false - php_default_version_debian: "7.0" - nginx_sites: - passbolt_http: - - listen 80 - - server_name "{{ passbolt_domain }}" - - location / { - return 301 https://{{ passbolt_domain }}$request_uri; - } - - passbolt: - - listen 443 ssl - - server_name passbolt.afpy.org - - server_tokens off - - include snippets/letsencrypt-{{ passbolt_domain }}.conf - - root {{ passbolt_webroot }}/webroot/ - - location / { try_files $uri /index.php$is_args$args; } - - location ~ \.php(/|$) { - fastcgi_pass unix:{{ passbolt_php_fpm_listen }}; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - fastcgi_read_timeout 500; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_param SERVER_NAME $http_host; - fastcgi_param DOCUMENT_ROOT $realpath_root; - internal; - } +- import_playbook: pycon.yml +- import_playbook: passbolt.yml +- import_playbook: backup.yml