forked from AFPy/infra
Split playbook.
This commit is contained in:
parent
0969fc0bef
commit
802a214fe2
25
backup.yml
Normal file
25
backup.yml
Normal file
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
|
||||
- hosts: rsnapshoters
|
||||
roles: [common]
|
||||
tasks:
|
||||
- name: Setup rsnapshot cron
|
||||
include_role: name=rsnapshoter
|
||||
vars:
|
||||
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
||||
rsnapshot_backups:
|
||||
- remote: passbolt.afpy.org:/srv/backups/
|
||||
path: passbolt.afpy.org/
|
||||
- remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/
|
||||
path: passbolt.afpy.org/
|
||||
- remote: passbolt.afpy.org:/srv/passbolt/www/config/
|
||||
path: passbolt.afpy.org/
|
||||
|
||||
- hosts: rsnapshotted
|
||||
roles: [common]
|
||||
tasks:
|
||||
- name: Install rsync
|
||||
package:
|
||||
name: rsync
|
||||
state: present
|
||||
tags: rsnapshot
|
87
passbolt.yml
Normal file
87
passbolt.yml
Normal file
|
@ -0,0 +1,87 @@
|
|||
---
|
||||
|
||||
- hosts: pycons
|
||||
roles: [tschifftner.exim4_sendonly, passbolt, common]
|
||||
tasks:
|
||||
- name: Create passbolt backup directory
|
||||
file:
|
||||
path: /srv/backups/
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
state: directory
|
||||
tags: backup
|
||||
- name: Setup mysql passbolt backup
|
||||
cron:
|
||||
name: passbolt mysql backup
|
||||
minute: 20
|
||||
hour: 5
|
||||
job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql'
|
||||
tags: backup
|
||||
|
||||
|
||||
vars:
|
||||
passbolt_tmpdir: "/srv/passbolt-tmp/"
|
||||
passbolt_homedir: "/srv/passbolt/"
|
||||
passbolt_webroot: "/srv/passbolt/www/"
|
||||
passbolt_use_ssl: True
|
||||
passbolt_url: "https://passbolt.afpy.org"
|
||||
passbolt_domain: "passbolt.afpy.org"
|
||||
passbolt_gpgkey_length: 4096
|
||||
passbolt_gpgkey_sublength: 4096
|
||||
passbolt_gpgkey_email: "passbolt@afpy.org"
|
||||
passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
|
||||
passbolt_smtp_sender_email: "passbolt@afpy.org"
|
||||
|
||||
passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
|
||||
passbolt_php_fpm_listen: /var/run/php/fpm.sock
|
||||
passbolt_php_fpm_user: passbolt
|
||||
passbolt_php_fpm_group: passbolt
|
||||
|
||||
passbolt_dbport: 3306
|
||||
mysql_root_username: root
|
||||
mysql_root_password: "{{ vault_mysql_root_password }}"
|
||||
mysql_databases:
|
||||
- name: passbolt
|
||||
encoding: utf8mb4
|
||||
collation: utf8mb4_unicode_ci
|
||||
mysql_users:
|
||||
- name: passbolt
|
||||
password: "{{ vault_passbolt_dbpass }}"
|
||||
priv: "passbolt.*:ALL"
|
||||
mysql_packages:
|
||||
- mariadb-server
|
||||
- mariadb-client
|
||||
- python-mysqldb
|
||||
mysql_bind_address: '127.0.0.1'
|
||||
php_memory_limit: "512M"
|
||||
php_date_timezone: "Europe/Paris"
|
||||
php_webserver_daemon: "nginx"
|
||||
php_enable_php_fpm: true
|
||||
php_enable_webserver: false
|
||||
php_default_version_debian: "7.0"
|
||||
nginx_sites:
|
||||
passbolt_http:
|
||||
- listen 80
|
||||
- server_name "{{ passbolt_domain }}"
|
||||
- location / {
|
||||
return 301 https://{{ passbolt_domain }}$request_uri;
|
||||
}
|
||||
|
||||
passbolt:
|
||||
- listen 443 ssl
|
||||
- server_name passbolt.afpy.org
|
||||
- server_tokens off
|
||||
- include snippets/letsencrypt-{{ passbolt_domain }}.conf
|
||||
- root {{ passbolt_webroot }}/webroot/
|
||||
- location / { try_files $uri /index.php$is_args$args; }
|
||||
- location ~ \.php(/|$) {
|
||||
fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_read_timeout 500;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||
internal;
|
||||
}
|
45
pycon.yml
Normal file
45
pycon.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
|
||||
- hosts: pycons
|
||||
tasks:
|
||||
- name: Basic setup
|
||||
include_role: name=common
|
||||
|
||||
- name: Setup PyCon Fr 2010
|
||||
include_role: name=pelican
|
||||
vars:
|
||||
pelican_user: pycon2010
|
||||
pelican_https: true
|
||||
pelican_domain: 2010.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2010/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
|
||||
- name: Setup PyConFr 2011
|
||||
include_role: name=pelican
|
||||
vars:
|
||||
pelican_user: pycon2011
|
||||
pelican_https: true
|
||||
pelican_domain: 2011.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2011/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
|
||||
- name: Setup PyConFr 2012
|
||||
include_role: name=static
|
||||
vars:
|
||||
static_user: pycon2012
|
||||
static_https: true
|
||||
static_domain: 2012.pycon.fr
|
||||
static_repo: https://github.com/AFPy/pyconfr_2012
|
||||
|
||||
- hosts: gallery
|
||||
tasks:
|
||||
- name: Setup sigal of paullaroid.pycon.fr
|
||||
include_role: name=gallery
|
||||
vars:
|
||||
gallery_https: true
|
||||
gallery_user: gallery
|
||||
gallery_domain: paullaroid.pycon.fr
|
||||
gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git
|
||||
gallery_home: /srv/gallery/
|
157
site.yml
157
site.yml
|
@ -1,156 +1,5 @@
|
|||
---
|
||||
|
||||
- hosts: all
|
||||
tasks:
|
||||
- name: Common role
|
||||
include_role: name=common
|
||||
tags: common
|
||||
|
||||
- hosts: gallery
|
||||
tasks:
|
||||
- name: Setup sigal of paullaroid.pycon.fr
|
||||
include_role: name=gallery
|
||||
vars:
|
||||
gallery_https: true
|
||||
gallery_user: gallery
|
||||
gallery_domain: paullaroid.pycon.fr
|
||||
gallery_repo: https://github.com/AFPy/pycon-fr-gallery.git
|
||||
gallery_home: /srv/gallery/
|
||||
|
||||
- hosts: pycons
|
||||
tasks:
|
||||
- name: Setup PyCon Fr 2010
|
||||
include_role: name=pelican
|
||||
vars:
|
||||
pelican_user: pycon2010
|
||||
pelican_https: true
|
||||
pelican_domain: 2010.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2010/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
|
||||
- name: Setup PyConFr 2011
|
||||
include_role: name=pelican
|
||||
vars:
|
||||
pelican_user: pycon2011
|
||||
pelican_https: true
|
||||
pelican_domain: 2011.pycon.fr
|
||||
pelican_repo: https://github.com/AFPy/pyconfr_2010
|
||||
pelican_path_in_repo: 2011/
|
||||
pelican_home: "/srv/{{ pelican_user }}/"
|
||||
|
||||
- name: Setup PyConFr 2012
|
||||
include_role: name=static
|
||||
vars:
|
||||
static_user: pycon2012
|
||||
static_https: true
|
||||
static_domain: 2012.pycon.fr
|
||||
static_repo: https://github.com/AFPy/pyconfr_2012
|
||||
|
||||
- hosts: rsnapshoters
|
||||
tasks:
|
||||
- name: Setup rsnapshot cron
|
||||
include_role: name=rsnapshoter
|
||||
vars:
|
||||
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
||||
rsnapshot_backups:
|
||||
- remote: passbolt.afpy.org:/srv/backups/
|
||||
path: passbolt.afpy.org/
|
||||
- remote: passbolt.afpy.org:/srv/passbolt/www/webroot/img/public/
|
||||
path: passbolt.afpy.org/
|
||||
- remote: passbolt.afpy.org:/srv/passbolt/www/config/
|
||||
path: passbolt.afpy.org/
|
||||
|
||||
- hosts: rsnapshotted
|
||||
tasks:
|
||||
- name: Install rsync
|
||||
package:
|
||||
name: rsync
|
||||
state: present
|
||||
tags: rsnapshot
|
||||
|
||||
- hosts: pycons
|
||||
roles: [tschifftner.exim4_sendonly, passbolt]
|
||||
tasks:
|
||||
- name: Create passbolt backup directory
|
||||
file:
|
||||
path: /srv/backups/
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
state: directory
|
||||
tags: backup
|
||||
- name: Setup mysql passbolt backup
|
||||
cron:
|
||||
name: passbolt mysql backup
|
||||
minute: 20
|
||||
hour: 5
|
||||
job: '/usr/bin/mysqldump passbolt > /srv/backups/passbolt.sql'
|
||||
tags: backup
|
||||
|
||||
|
||||
vars:
|
||||
passbolt_tmpdir: "/srv/passbolt-tmp/"
|
||||
passbolt_homedir: "/srv/passbolt/"
|
||||
passbolt_webroot: "/srv/passbolt/www/"
|
||||
passbolt_use_ssl: True
|
||||
passbolt_url: "https://passbolt.afpy.org"
|
||||
passbolt_domain: "passbolt.afpy.org"
|
||||
passbolt_gpgkey_length: 4096
|
||||
passbolt_gpgkey_sublength: 4096
|
||||
passbolt_gpgkey_email: "passbolt@afpy.org"
|
||||
passbolt_dbpass: "{{ vault_passbolt_dbpass }}"
|
||||
passbolt_smtp_sender_email: "passbolt@afpy.org"
|
||||
|
||||
passbolt_php_fpm_includedir: /etc/php/7.0/fpm/pool.d/
|
||||
passbolt_php_fpm_listen: /var/run/php/fpm.sock
|
||||
passbolt_php_fpm_user: passbolt
|
||||
passbolt_php_fpm_group: passbolt
|
||||
|
||||
passbolt_dbport: 3306
|
||||
mysql_root_username: root
|
||||
mysql_root_password: "{{ vault_mysql_root_password }}"
|
||||
mysql_databases:
|
||||
- name: passbolt
|
||||
encoding: utf8mb4
|
||||
collation: utf8mb4_unicode_ci
|
||||
mysql_users:
|
||||
- name: passbolt
|
||||
password: "{{ vault_passbolt_dbpass }}"
|
||||
priv: "passbolt.*:ALL"
|
||||
mysql_packages:
|
||||
- mariadb-server
|
||||
- mariadb-client
|
||||
- python-mysqldb
|
||||
mysql_bind_address: '127.0.0.1'
|
||||
php_memory_limit: "512M"
|
||||
php_date_timezone: "Europe/Paris"
|
||||
php_webserver_daemon: "nginx"
|
||||
php_enable_php_fpm: true
|
||||
php_enable_webserver: false
|
||||
php_default_version_debian: "7.0"
|
||||
nginx_sites:
|
||||
passbolt_http:
|
||||
- listen 80
|
||||
- server_name "{{ passbolt_domain }}"
|
||||
- location / {
|
||||
return 301 https://{{ passbolt_domain }}$request_uri;
|
||||
}
|
||||
|
||||
passbolt:
|
||||
- listen 443 ssl
|
||||
- server_name passbolt.afpy.org
|
||||
- server_tokens off
|
||||
- include snippets/letsencrypt-{{ passbolt_domain }}.conf
|
||||
- root {{ passbolt_webroot }}/webroot/
|
||||
- location / { try_files $uri /index.php$is_args$args; }
|
||||
- location ~ \.php(/|$) {
|
||||
fastcgi_pass unix:{{ passbolt_php_fpm_listen }};
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_read_timeout 500;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
fastcgi_param SERVER_NAME $http_host;
|
||||
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||
internal;
|
||||
}
|
||||
- import_playbook: pycon.yml
|
||||
- import_playbook: passbolt.yml
|
||||
- import_playbook: backup.yml
|
||||
|
|
Loading…
Reference in New Issue
Block a user