157 lines
4.6 KiB
YAML
157 lines
4.6 KiB
YAML
---
|
|
|
|
- hosts: all
|
|
tasks:
|
|
- name: Common role
|
|
include_role: name=common
|
|
tags: common
|
|
|
|
- hosts: gallery
|
|
tasks:
|
|
- name: Setup sigal of paullaroid.pycon.fr
|
|
include_role: name=gallery
|
|
vars:
|
|
gallery_https: true
|
|
gallery_user: gallery
|
|
gallery_domain: paullaroid.pycon.fr
|
|
gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git
|
|
gallery_home: /srv/gallery/
|
|
|
|
- hosts: pycons
|
|
tasks:
|
|
- name: Setup PyCon Fr 2010
|
|
include_role: name=pelican
|
|
vars:
|
|
pelican_user: pycon2010
|
|
pelican_https: true
|
|
pelican_domain: 2010.pycon.fr
|
|
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
|
pelican_path_in_repo: 2010/
|
|
pelican_home: "/srv/{{ pelican_user }}/"
|
|
|
|
- name: Setup PyConFr 2011
|
|
include_role: name=pelican
|
|
vars:
|
|
pelican_user: pycon2011
|
|
pelican_https: true
|
|
pelican_domain: 2011.pycon.fr
|
|
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
|
pelican_path_in_repo: 2011/
|
|
pelican_home: "/srv/{{ pelican_user }}/"
|
|
|
|
- name: Setup PyConFr 2012
|
|
include_role: name=static
|
|
vars:
|
|
static_user: pycon2012
|
|
static_https: true
|
|
static_domain: 2012.pycon.fr
|
|
static_repo: https://github.com/AFPy/pyconfr_2012
|
|
|
|
- hosts: rsnapshoters
|
|
tasks:
|
|
- name: Setup rsnapshot cron
|
|
include_role: name=rsnapshoter
|
|
vars:
|
|
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
|
rsnapshot_backups:
|
|
- remote: passbolt.afpy.org:/srv/backups/
|
|
path: passbolt.afpy.org/
|
|
- remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/
|
|
path: passbolt.afpy.org/
|
|
- remote: passbolt.afpy.org:/srv/passbolt/www/config/
|
|
path: passbolt.afpy.org/
|
|
|
|
- hosts: rsnapshotted
|
|
tasks:
|
|
- name: Install rsync
|
|
package:
|
|
name: rsync
|
|
state: present
|
|
tags: rsnapshot
|
|
|
|
- hosts: pycons
|
|
roles: [tschifftner.exim4_sendonly, passbolt]
|
|
tasks:
|
|
- name: Create passbolt backup directory
|
|
file:
|
|
path: /srv/backups/
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
state: directory
|
|
tags: backup
|
|
- name: Setup mysql passbolt backup
|
|
cron:
|
|
name: passbolt mysql backup
|
|
minute: 20
|
|
hour: 5
|
|
job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql'
|
|
tags: backup
|
|
|
|
|
|
vars:
|
|
passbolt_tmpdir: "/srv/passbolt-tmp/"
|
|
passbolt_homedir: "/srv/passbolt/"
|
|
passbolt_webroot: "/srv/passbolt/www/"
|
|
passbolt_use_ssl: True
|
|
passbolt_url: "https://passbolt.afpy.org"
|
|
passbolt_domain: "passbolt.afpy.org"
|
|
passbolt_gpgkey_length: 4096
|
|
passbolt_gpgkey_sublength: 4096
|
|
passbolt_gpgkey_email: "passbolt@afpy.org"
|
|
passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
|
|
passbolt_smtp_sender_email: "passbolt@afpy.org"
|
|
|
|
passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
|
|
passbolt_php_fpm_listen: /var/run/php/fpm.sock
|
|
passbolt_php_fpm_user: passbolt
|
|
passbolt_php_fpm_group: passbolt
|
|
|
|
passbolt_dbport: 3306
|
|
mysql_root_username: root
|
|
mysql_root_password: "{{ vault_mysql_root_password }}"
|
|
mysql_databases:
|
|
- name: passbolt
|
|
encoding: utf8mb4
|
|
collation: utf8mb4_unicode_ci
|
|
mysql_users:
|
|
- name: passbolt
|
|
password: "{{ vault_passbolt_dbpass }}"
|
|
priv: "passbolt.*:ALL"
|
|
mysql_packages:
|
|
- mariadb-server
|
|
- mariadb-client
|
|
- python-mysqldb
|
|
mysql_bind_address: '127.0.0.1'
|
|
php_memory_limit: "512M"
|
|
php_date_timezone: "Europe/Paris"
|
|
php_webserver_daemon: "nginx"
|
|
php_enable_php_fpm: true
|
|
php_enable_webserver: false
|
|
php_default_version_debian: "7.0"
|
|
nginx_sites:
|
|
passbolt_http:
|
|
- listen 80
|
|
- server_name "{{ passbolt_domain }}"
|
|
- location / {
|
|
return 301 https://{{ passbolt_domain }}$request_uri;
|
|
}
|
|
|
|
passbolt:
|
|
- listen 443 ssl
|
|
- server_name passbolt.afpy.org
|
|
- server_tokens off
|
|
- include snippets/letsencrypt-{{ passbolt_domain }}.conf
|
|
- root {{ passbolt_webroot }}/webroot/
|
|
- location / { try_files $uri /index.php$is_args$args; }
|
|
- location ~ \.php(/|$) {
|
|
fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
|
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
|
fastcgi_read_timeout 500;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
|
fastcgi_param SERVER_NAME $http_host;
|
|
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
|
internal;
|
|
}
|