From 05dc23ceb0f21a60920a868923e22dff81ad498e Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Thu, 14 Feb 2019 00:54:02 +0100
Subject: [PATCH] Passbolt: First try (not yet stable).

---
 ansible.cfg                   |  1 +
 group_vars/{all => all/vars}  |  0
 group_vars/all/vault          | 10 ++++++
 playbook.yml                  | 68 +++++++++++++++++++++++++++++++++++
 roles/common/tasks/common.yml |  1 +
 5 files changed, 80 insertions(+)
 rename group_vars/{all => all/vars} (100%)
 create mode 100644 group_vars/all/vault

diff --git a/ansible.cfg b/ansible.cfg
index 060844a..68dda68 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,3 +1,4 @@
 [defaults]
 inventory = inventory
 nocows = 1
+vault_password_file = ~/.ansible-afpy-vault
diff --git a/group_vars/all b/group_vars/all/vars
similarity index 100%
rename from group_vars/all
rename to group_vars/all/vars
diff --git a/group_vars/all/vault b/group_vars/all/vault
new file mode 100644
index 0000000..323bfbf
--- /dev/null
+++ b/group_vars/all/vault
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+62306636333439613036343536373463376639363738626439313666346563373935313230323761
+6163653438663034373162666536303330653539366236360a323736623261363764633566633033
+61646138356165313434613332376264366133663064363764323431353230663766343336623633
+3736633663613230640a363663633031393664373337336433363964323431366334376636313861
+30653237353239336339346531326434303932646164356638333562363033616338633230376461
+35616434353135626332313038633935643934656134376233666138633731623933383639656237
+39663139383230373366306633396261663964376439343931323230643131626431376333333735
+36313334353938333032356638393861346261353763323838333561303835616338373034363865
+6462
diff --git a/playbook.yml b/playbook.yml
index 8320fda..fbf21da 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,6 @@
 ---
 
+
 - hosts: all
   roles: [common]
 
@@ -35,3 +36,70 @@
     static_https: true
     static_domain: 2012.pycon.fr
     static_repo: https://github.com/AFPy/pyconfr_2012
+
+# - hosts: pycons
+#   roles: [passbolt]
+#   vars:
+#     passbolt_tmpdir: "/srv/passbolt-tmp/"
+#     passbolt_homedir: "/srv/passbolt/"
+#     passbolt_webroot: "/srv/passbolt/www/"
+#     passbolt_use_ssl: True
+#     passbolt_url: "https://passbolt.afpy.org"
+#     passbolt_domain: "passbolt.afpy.org"
+#     passbolt_gpgkey_length: 4096
+#     passbolt_gpgkey_sublength: 4096
+#     passbolt_gpgkey_email: "passbolt@afpy.org"
+#     passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
+#     passbolt_smtp_sender_email: "passbolt@afpy.org"
+#     passbolt_php_fpm_user: "www-data"
+#     passbolt_php_fpm_group: "www-data"
+#
+#     passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
+#     passbolt_php_fpm_listen: /var/run/php/fpm.sock
+#     passbolt_dbport: 3306
+#     mysql_root_username: root
+#     mysql_root_password: "{{ vault_mysql_root_password }}"
+#     mysql_databases:
+#       - name: passbolt
+#         encoding: utf8mb4
+#         collation: utf8mb4_unicode_ci
+#     mysql_users:
+#       - name: passbolt
+#         password: "{{ vault_passbolt_dbpass }}"
+#         priv: "passbolt.*:ALL"
+#     mysql_packages:
+#     - mariadb-server
+#     - mariadb-client
+#     - python-mysqldb
+#     mysql_bind_address: '127.0.0.1'
+#     php_memory_limit: "512M"
+#     php_date_timezone: "Europe/Paris"
+#     php_webserver_daemon: "nginx"
+#     php_enable_php_fpm: true
+#     php_enable_webserver: false
+#     php_default_version_debian: "7.0"
+#     nginx_sites:
+#         passbolt_http:
+#             - listen 80
+#             - server_name "{{ passbolt_domain }}"
+#             - location / {
+#               return 301 https://{{ passbolt_domain }}$request_uri;
+#               }
+#
+#         passbolt:
+#             - listen 443 ssl
+#             - server_name passbolt.afpy.org
+#             - server_tokens off
+#             - include snippets/letsencrypt-{{ passbolt_domain }}.conf
+#             - root {{ passbolt_webroot }}/webroot/
+#             - location / { try_files $uri /index.php$is_args$args; }
+#             - location ~ \.php(/|$) {
+#               fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
+#               fastcgi_split_path_info ^(.+\.php)(/.*)$;
+#               fastcgi_read_timeout 500;
+#               include fastcgi_params;
+#               fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+#               fastcgi_param SERVER_NAME $http_host;
+#               fastcgi_param DOCUMENT_ROOT $realpath_root;
+#               internal;
+#               }
diff --git a/roles/common/tasks/common.yml b/roles/common/tasks/common.yml
index 549b76a..c3229e6 100644
--- a/roles/common/tasks/common.yml
+++ b/roles/common/tasks/common.yml
@@ -37,6 +37,7 @@
       - python3-venv
       - python3-setuptools
       - python3-wheel
+      - sudo
 
 - name: Set some authorized keys
   authorized_key: user=root key="{{item}}"