Passbolt role starts to work.

2019-03-22 09:57:51 +01:00 · 2019-03-22 09:57:51 +01:00 · 9fb546940b
commit 9fb546940b
parent 9c5b1fc771
2 changed files with 88 additions and 66 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,8 @@
 # Servers
 Dependencies:
 - tschifftner.exim4_sendonly
 ## TODO
 - [ ] Setup watchghost
--- a/playbook.yml
+++ b/playbook.yml
@ -37,69 +37,88 @@
    static_domain: 2012.pycon.fr
    static_repo: https://github.com/AFPy/pyconfr_2012
-# - hosts: pycons
+- hosts: pycons
-#   roles: [passbolt]
+  roles: [tschifftner.exim4_sendonly, passbolt]
-#   vars:
+  tasks:
-#     passbolt_tmpdir: "/srv/passbolt-tmp/"
+    - name: Create passbolt backup directory
-#     passbolt_homedir: "/srv/passbolt/"
+      file:
-#     passbolt_webroot: "/srv/passbolt/www/"
+        path: /src/passbolt_backup/
-#     passbolt_use_ssl: True
+        owner: root
-#     passbolt_url: "https://passbolt.afpy.org"
+        group: root
-#     passbolt_domain: "passbolt.afpy.org"
+        mode: 0700
-#     passbolt_gpgkey_length: 4096
+        state: directory
-#     passbolt_gpgkey_sublength: 4096
+      tags: backup
-#     passbolt_gpgkey_email: "passbolt@afpy.org"
+    - name: Setup mysql passbolt backup
-#     passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
+      cron:
-#     passbolt_smtp_sender_email: "passbolt@afpy.org"
+        name: passbolt mysql backup
-#     passbolt_php_fpm_user: "www-data"
+        minute: 20
-#     passbolt_php_fpm_group: "www-data"
+        hour: 5
-#
+        job: '/usr/bin/mysqldump passbolt > /src/$(date +"\%Y-\%m-\%d")-passbolt_backup.sql'
-#     passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
+      tags: backup
-#     passbolt_php_fpm_listen: /var/run/php/fpm.sock
+
-#     passbolt_dbport: 3306
+
-#     mysql_root_username: root
+  vars:
-#     mysql_root_password: "{{ vault_mysql_root_password }}"
+    passbolt_tmpdir: "/srv/passbolt-tmp/"
-#     mysql_databases:
+    passbolt_homedir: "/srv/passbolt/"
-#       - name: passbolt
+    passbolt_webroot: "/srv/passbolt/www/"
-#         encoding: utf8mb4
+    passbolt_use_ssl: True
-#         collation: utf8mb4_unicode_ci
+    passbolt_url: "https://passbolt.afpy.org"
-#     mysql_users:
+    passbolt_domain: "passbolt.afpy.org"
-#       - name: passbolt
+    passbolt_gpgkey_length: 4096
-#         password: "{{ vault_passbolt_dbpass }}"
+    passbolt_gpgkey_sublength: 4096
-#         priv: "passbolt.*:ALL"
+    passbolt_gpgkey_email: "passbolt@afpy.org"
-#     mysql_packages:
+    passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
-#     - mariadb-server
+    passbolt_smtp_sender_email: "passbolt@afpy.org"
-#     - mariadb-client
+
-#     - python-mysqldb
+    passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
-#     mysql_bind_address: '127.0.0.1'
+    passbolt_php_fpm_listen: /var/run/php/fpm.sock
-#     php_memory_limit: "512M"
+    passbolt_php_fpm_user: passbolt
-#     php_date_timezone: "Europe/Paris"
+    passbolt_php_fpm_group: passbolt
-#     php_webserver_daemon: "nginx"
+
-#     php_enable_php_fpm: true
+    passbolt_dbport: 3306
-#     php_enable_webserver: false
+    mysql_root_username: root
-#     php_default_version_debian: "7.0"
+    mysql_root_password: "{{ vault_mysql_root_password }}"
-#     nginx_sites:
+    mysql_databases:
-#         passbolt_http:
+      - name: passbolt
-#             - listen 80
+        encoding: utf8mb4
-#             - server_name "{{ passbolt_domain }}"
+        collation: utf8mb4_unicode_ci
-#             - location / {
+    mysql_users:
-#               return 301 https://{{ passbolt_domain }}$request_uri;
+      - name: passbolt
-#               }
+        password: "{{ vault_passbolt_dbpass }}"
-#
+        priv: "passbolt.*:ALL"
-#         passbolt:
+    mysql_packages:
-#             - listen 443 ssl
+    - mariadb-server
-#             - server_name passbolt.afpy.org
+    - mariadb-client
-#             - server_tokens off
+    - python-mysqldb
-#             - include snippets/letsencrypt-{{ passbolt_domain }}.conf
+    mysql_bind_address: '127.0.0.1'
-#             - root {{ passbolt_webroot }}/webroot/
+    php_memory_limit: "512M"
-#             - location / { try_files $uri /index.php$is_args$args; }
+    php_date_timezone: "Europe/Paris"
-#             - location ~ \.php(/|$) {
+    php_webserver_daemon: "nginx"
-#               fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
+    php_enable_php_fpm: true
-#               fastcgi_split_path_info ^(.+\.php)(/.*)$;
+    php_enable_webserver: false
-#               fastcgi_read_timeout 500;
+    php_default_version_debian: "7.0"
-#               include fastcgi_params;
+    nginx_sites:
-#               fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        passbolt_http:
-#               fastcgi_param SERVER_NAME $http_host;
+            - listen 80
-#               fastcgi_param DOCUMENT_ROOT $realpath_root;
+            - server_name "{{ passbolt_domain }}"
-#               internal;
+            - location / {
-#               }
+              return 301 https://{{ passbolt_domain }}$request_uri;
              }
        passbolt:
            - listen 443 ssl
            - server_name passbolt.afpy.org
            - server_tokens off
            - include snippets/letsencrypt-{{ passbolt_domain }}.conf
            - root {{ passbolt_webroot }}/webroot/
            - location / { try_files $uri /index.php$is_args$args; }
            - location ~ \.php(/|$) {
              fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
              fastcgi_split_path_info ^(.+\.php)(/.*)$;
              fastcgi_read_timeout 500;
              include fastcgi_params;
              fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
              fastcgi_param SERVER_NAME $http_host;
              fastcgi_param DOCUMENT_ROOT $realpath_root;
              internal;
              }