# attention - Par défaut ce scipt se lancer vers ligatures
- name: Promp pour définir les variables du nouveau ite
- hosts: vm_debian11 # test avec un nom de vm
+ hosts: ligatures
become: true # toutes les tâches seront pas défaut éxécuter en tant que root
vars:
- name: Inclure la configuration d'un site web basique
ansible.builtin.include_tasks: tasks/config_www.yml
- - name: Bloc permettant de générer les certificats SSL
- when: besoin_https == 'oui'
- block:
- - name: Inclure la configuration nginx http
- ansible.builtin.include_tasks: tasks/config_nginx.yml
- vars:
- template_site: 'http'
-
- - name: Générer un certififat avec certbot # noqa : command-instead-of-module
- become: true
- ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}'
- register: certbot_log
- changed_when: false
-
- - name: Afficher les logs certbot
- ansible.builtin.debug:
- var: certbot_log
- when: certbot_log is defined
-
-
- - name: Inclure la configuration nginx
- ansible.builtin.include_tasks: tasks/config_nginx.yml
- vars:
- template_site: "{{ SITE }}"
-
- name: Inclure la configuration d'un pool PHP
ansible.builtin.include_tasks: tasks/config_pool_php.yml
when: config_php == 'oui' or SITE == 'paheko' or SITE == 'nuage'
# vim /etc/borgmatic/config.yaml
# - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/config
- # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data
\ No newline at end of file
+ # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data
+
+ # - name: Bloc permettant de générer les certificats SSL
+ # when: besoin_https == 'oui'
+ # block:
+ # - name: Inclure la configuration nginx http
+ # ansible.builtin.include_tasks: tasks/config_nginx.yml
+ # vars:
+ # template_site: 'http'
+
+ # - name: Générer un certififat avec certbot # noqa : command-instead-of-module
+ # become: true
+ # ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}'
+ # register: certbot_log
+ # changed_when: false
+
+ # - name: Afficher les logs certbot
+ # ansible.builtin.debug:
+ # var: certbot_log
+ # when: certbot_log is defined
+
+ # - name: Inclure la configuration nginx
+ # ansible.builtin.include_tasks: tasks/config_nginx.yml
+ # vars:
+ # template_site: "{{ SITE }}"
\ No newline at end of file
nouvelle_version: 26
ancienne_version: 25
# possble value:
-# 23.0.12
-# 24.0.12
-# 25.0.9
-# 26.0.4
+# 23
+# 24
+# 25
+# 26
php_fpm_service: php{{ php_version }}-fpm
php_version: '8.0'
postgres_version: 13
nextcloud_sources_files_path: "{{ nextcloud_files_path }}/sources"
nextcloud_common_files_path: "{{ nextcloud_files_path }}/common"
nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
-nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
\ No newline at end of file
+nextcloud_symbolic_source: "../sources/nextcloud-{{ nouvelle_version }}"
+nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
+nextcloud_symbolic_common: "../common/nextcloud-{{ nouvelle_version }}"
\ No newline at end of file
nextcloud_php_user: "php_{{ SIGLE }}_nuage"
nextcloud_websrv_user: "site_{{ SIGLE }}_nuage"
-nextcloud_sources_files_path: "../../../nextcloud/sources"
+nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources"
nextcloud_common_files_path: "/home/sites/data/nextcloud/common"
nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage"
nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
+nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}"
nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
+nextcloud_symbolic_common: "../../../nextcloud/common/nextcloud-{{ nouvelle_version }}"
php_fpm_service: php{{ php_version}}-fpm
php_version: '8.2'
postgres_version: 15
# - php-exif
- php-redis
- php-imagick
+ - python3-psycopg2 #module ansible psql
state: present
- name: Boucle d'ajout du user php dans plusieurs groupe
- name: Definir nouvelle_version
ansible.builtin.set_fact:
- nouvelle_version: "{{ nextcloud_version.user_input }}"
+ nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
- - name: Demande la version de nextcloud déjà installer
+ - name: Demande la version de nextcloud déjà installée
ansible.builtin.pause:
prompt: "Quelle version de nextcloud déjà installée"
echo: true
- name: Definir ancienne_version
ansible.builtin.set_fact:
- ancienne_version: "{{ ancienne_version.user_input }}"
+ ancienne_version: "{{ ancienne_version_prompt.user_input }}"
- name: Inclure la verif de l'install nextcloud
ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
loop_control:
label: "{{ item.path }}"
loop:
- - path: "{{ nextcloud_source }}/apps"
+ - path: "{{ nextcloud_webroot }}/apps"
state: directory
owner: "{{ nextcloud_php_user }}"
group: "{{ nextcloud_websrv_user }}"
mode: '2750'
- - path: "{{ nextcloud_source }}/config"
+ - path: "{{ nextcloud_webroot }}/config"
state: directory
owner: "{{ nextcloud_php_user }}"
group: "{{ nextcloud_websrv_user }}"
mode: '2750'
- - path: "{{ nextcloud_source }}/data"
+ - path: "{{ nextcloud_webroot }}/data"
state: directory
owner: "{{ nextcloud_php_user }}"
group: "{{ nextcloud_websrv_user }}"
- name: Create nextcloud root dir symbolic link
ansible.builtin.file:
- src: "{{ nextcloud_source }}"
+ src: "{{ nextcloud_symbolic_source }}"
dest: "{{ nextcloud_webroot }}/nextcloud"
owner: nextcloud
group: nextcloud
- name: Create nextcloud common app dir symbolic link
ansible.builtin.file:
- src: "{{ nextcloud_common }}"
+ src: "{{ nextcloud_symbolic_common }}"
dest: "{{ nextcloud_webroot }}/common"
owner: nextcloud
group: nextcloud
- name: Ajout de l'utilisateur site_SIGLE_SITE
ansible.builtin.user:
name: "site_{{ SIGLE }}_{{ SITE }}"
- home: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
shell: /bin/false
groups: www-data
system: true
server {
listen 80;
server_name
- {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
disable_symlinks if_not_owner;
- access_log /home/sites/log/nginx/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/org/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}error.log warn;
- root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}//access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}/error.log warn;
+ root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/;
}
\ No newline at end of file
}
server {
listen 80;
- server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
#disable_symlinks if_not_owner;
# Prevent nginx HTTP Server Detection
return 301 https://$server_name$request_uri;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
}
server {
listen 443 ssl http2;
- server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
# Path to the root of your installation
- root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
+ root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
disable_symlinks if_not_owner;
{% if besoin_https == 'oui' %}
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
{% endif %}
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
- # the consequences in https://hstspreload.{{ TLD }}/. This option
+ # the consequences in https://hstspreload.{{ TLD }}/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
}
location ~ /common-apps/(.*)$ {
- alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1;
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1;
}
location ~ /instance-apps/(.*)$ {
- alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1;
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
- fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config;
+ fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config;
fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
#fastcgi_intercept_errors on;
server {
listen 80;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
- return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri;
}
server {
listen 443;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
{% if besoin_https == 'oui' %}
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
{% endif %}
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
}
server_name
- {{ DOMAIN }}.{{ TLD }}
- www.{{ DOMAIN }}.{{ TLD }};
-root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+ {{ DOMAIN }}.{{ TLD }}
+ www.{{ DOMAIN }}.{{ TLD }};
+root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
index index.html;
client_body_buffer_size 8k;
server {
listen 80;
- server_name {{ DOMAIN }}.{{ TLD }};
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
- return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri;
+ server_name {{ DOMAIN }}.{{ TLD }};
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri;
}
server {
listen 443 ssl;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
{% if besoin_https == 'oui' %}
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
{% endif %}
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
}
\ No newline at end of file