vars_prompt:
- name: SITE
- prompt: 'quel type de site?(ex: nuage, www, wiki, paheko)'
+ prompt: 'quel type de site?(ex: nuage, www, wiki, paheko ou gestion)'
private: false
default: "nuage"
- name: Inclure la configuration d'un site web basique
ansible.builtin.include_tasks: tasks/config_www.yml
+ - name: Inclure la configuration nginx
+ ansible.builtin.include_tasks: tasks/config_nginx.yml
+ vars:
+ template_site: "{{ SITE }}"
+ when: besoin_https == 'non'
+
+# scenario pre-install nginx sans ssl
+# test installed=false or needupgrade:true
+# test installed=true et needupgrade:false
+# puis certbot à la fin
+# puis template nginx ssl pour test manuel
+
+ - name: Bloc permettant de générer les certificats SSL
+ when: besoin_https == 'oui'
+ block:
+ - name: Inclure la configuration nginx http
+ ansible.builtin.include_tasks: tasks/config_nginx.yml
+ vars:
+ template_site: 'http'
+
+ - name: Générer un certififat avec certbot # noqa : command-instead-of-module
+ become: true
+ ansible.builtin.command: 'certbot certonly -n --nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}'
+ register: certbot_log
+ ignore_errors: true
+ changed_when: false
+
+ - name: Afficher les logs certbot
+ ansible.builtin.debug:
+ var: certbot_log
+ when: certbot_log is defined
+
+ - name: Activer la conf ssl dans nginx
+ ansible.builtin.set_fact:
+ ssl_ready: true
+ when: certbot_log is defined
+
+ - name: Inclure la configuration nginx avec ssl
+ ansible.builtin.include_tasks: tasks/config_nginx.yml
+ vars:
+ template_site: "{{ SITE }}"
+
- name: Inclure la configuration d'un pool PHP
ansible.builtin.include_tasks: tasks/config_pool_php.yml
- when: config_php == 'oui' or SITE == 'paheko' or SITE == 'nuage'
+ when: config_php == 'oui' or SITE == 'paheko' or SITE == 'gestion' or SITE == 'nuage'
- name: Inclure la configuration nextcloud si besoin
ansible.builtin.include_tasks: tasks/config_nuage.yml
- name: Inclure la configuration paheko si besoin
ansible.builtin.include_tasks: tasks/config_paheko.yml
- when: SITE == 'paheko'
-
- # MAJ borgmatic conf
-## Mettre à jour la conf de borgmatic pour intégrer les dossiers du nouveau nuage dans 'source_directories'
-
- # vim /etc/borgmatic/config.yaml
-
- # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/config
- # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data
-
- # - name: Bloc permettant de générer les certificats SSL
- # when: besoin_https == 'oui'
- # block:
- # - name: Inclure la configuration nginx http
- # ansible.builtin.include_tasks: tasks/config_nginx.yml
- # vars:
- # template_site: 'http'
-
- # - name: Générer un certififat avec certbot # noqa : command-instead-of-module
- # become: true
- # ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}'
- # register: certbot_log
- # changed_when: false
-
- # - name: Afficher les logs certbot
- # ansible.builtin.debug:
- # var: certbot_log
- # when: certbot_log is defined
-
- # - name: Inclure la configuration nginx
- # ansible.builtin.include_tasks: tasks/config_nginx.yml
- # vars:
- # template_site: "{{ SITE }}"
\ No newline at end of file
+ when: SITE == 'paheko' or SITE == 'gestion'
+
+ - name: Inclure le configuration du backup
+ ansible.builtin.include_tasks: tasks/config_backup.yml
+
+# SFTP key
--- /dev/null
+- name: Mise à jour de la conf de borgmatic pour le backup d'un nuage
+ ansible.builtin.lineinfile:
+ dest: /etc/borgmatic/config.yaml
+ search_string: "{{ item }}"
+ insertafter: ".+\/home\/sites\/data\/.+"
+ line: "{{ item }}"
+ state: present
+ backup: true
+ register: presence_sigle
+ loop:
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config"
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data"
+ when: SITE == 'nuage'
+
+- name: Mise à jour de la conf de borgmatic pour le backup d'un site non nuage
+ ansible.builtin.lineinfile:
+ dest: /etc/borgmatic/config.yaml
+ search_string: "{{ item }}"
+ insertafter: ".+\/home\/sites\/data\/.+"
+ line: "{{ item }}"
+ state: present
+ backup: true
+ register: presence_sigle
+ loop:
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ when: SITE != 'nuage'
ansible.builtin.service:
name: nginx
state: reloaded
- when: SITE != 'nuage' and SITE != 'paheko' and template_site == 'http'
+ when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion' and template_site == 'http'
+- name: Etckeeper commit if necessary
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+
- name: Install required packages
ansible.builtin.apt:
name:
# - php-exif
- php-redis
- php-imagick
- - python3-psycopg2 #module ansible psql
+ - python3-psycopg2 # module ansible psql
state: present
- name: Boucle d'ajout du user php dans plusieurs groupe
- name: Inclure la verif de l'install nextcloud
ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
-- name: "[PostgreSQL] - {{ nextcloud_php_user }} role is created."
+- name: PostgreSQL - nextcloud_php_user role is created
become_user: postgres
become: true
community.postgresql.postgresql_user:
state: present
role_attr_flags: CREATEDB
-- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created."
+- name: PostgreSQL - nextcloud_db_name database is created
become_user: postgres
become: true
community.postgresql.postgresql_db:
community.postgresql.postgresql_privs:
db: "{{ item.db }}"
privs: "{{ item.privs }}"
- type: "{{ item.type |default(omit)}}"
+ type: "{{ item.type |default(omit) }}"
objs: "{{ item.objs }}"
role: "{{ item.role }}"
grant_option: "{{ item.grant_option |default(omit) }}"
community.postgresql.postgresql_pg_hba:
dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
contype: local
- users: "php_{{ SIGLE}}_{{SITE}}"
- databases: "php_{{ SIGLE}}_{{SITE}}"
+ users: "php_{{ SIGLE }}_{{ SITE }}"
+ databases: "php_{{ SIGLE }}_{{ SITE }}"
method: peer
keep_comments_at_rules: true
- comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom"
+ comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
- name: Boucle création des répertoires app, config et data nextcloud
ansible.builtin.file:
state: link
follow: false
-- name: créer les fichiers spécifiques nextcloud
+- name: Créer les fichiers spécifiques nextcloud
ansible.builtin.template:
src: "templates/{{ item.src }}"
dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
owner: "{{ item.owner }}"
- group: "{{ item.group}}"
+ group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop:
- src: "nextcloud_cron.j2"
group: "{{ nextcloud_websrv_user }}"
mode: '640'
-# - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
-# become_user: "{{ nextcloud_php_user }}"
-# become: true
-# ansible.builtin.command: >
-# ./console maintenance:install
-# --database='pgsql'
-# --database-name="php_{{ SIGLE }}_{{ SITE }}"
-# --database-user="php_{{ SIGLE }}_{{ SITE }}/data/"
-# --database-host="/var/run/postgresql/"
-# --admin-user='admin'
-# --admin-pass='ckoideja'
-# --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/"
-# args:
-# chdir: "{{ nextcloud_webroot }}"
-# register: install_result
+- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
+ become_user: "{{ nextcloud_php_user }}"
+ become: true
+ ansible.builtin.command: >
+ ./console maintenance:install
+ --database='pgsql'
+ --database-name="php_{{ SIGLE }}_{{ SITE }}"
+ --database-user="php_{{ SIGLE }}_{{ SITE }}/data/"
+ --database-host="/var/run/postgresql/"
+ --admin-user='admin'
+ --admin-pass='ckoideja'
+ --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/"
+ args:
+ chdir: "{{ nextcloud_webroot }}"
+ register: install_result
+ ignore_errors: true
-# - name: créer les fichiers spécifiques nextcloud
-# ansible.builtin.template:
-# src: "templates/{{ item.src }}"
-# dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
-# owner: "{{ item.owner }}"
-# group: "{{ item.group}}"
-# mode: "{{ item.mode }}"
-# loop:
-# - src: "nextcloud_sigle_config.j2"
-# dest: "config/{{ SIGLE }}.config.php"
-# owner: "{{ nextcloud_php_user }}"
-# group: "{{ nextcloud_websrv_user }}"
-# mode: '640'
+- name: Afficher les logs du script d'install
+ ansible.builtin.debug:
+ var: install_result
+ when: install_result is defined
-# - name: Creation d'un lien symbolique vers le configuration nextcloud commun
-# ansible.builtin.file:
-# src: "../../../../nextcloud/common/common.config.php"
-# dest: "config/common.config.php"
-# owner: nextcloud
-# group: nextcloud
-# state: link
-# follow: false
+- name: Créer les fichiers spécifiques nextcloud
+ ansible.builtin.template:
+ src: "templates/{{ item.src }}"
+ dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop:
+ - src: "nextcloud_sigle_config.j2"
+ dest: "config/{{ SIGLE }}.config.php"
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640'
-# - name: Create sigle nextcloud config
-# become_user: "{{ nextcloud_php_user }}"
-# become: true
-# ansible.builtin.template:
-# src: templates/sigle.config.php.j2
-# dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
-# owner: "{{ nextcloud_php_user }}"
-# group: "{{ nextcloud_websrv_user }}"
-# mode: '640' # or u=rwx,g=r,o=
+- name: Creation d'un lien symbolique vers le configuration nextcloud commun
+ ansible.builtin.file:
+ src: "../../../../nextcloud/common/common.config.php"
+ dest: "config/common.config.php"
+ owner: nextcloud
+ group: nextcloud
+ state: link
+ follow: false
-# - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
-# become_user: postgres
-# become: true
-# community.postgresql.postgresql_privs:
-# db: "{{ item.db }}"
-# privs: "{{ item.privs }}"
-# type: "{{ item.type |default(omit)}}"
-# objs: "{{ item.objs }}"
-# role: "{{ item.role }}"
-# grant_option: "{{ item.grant_option |default(omit) }}"
-# loop_control:
-# label: "{{ item.name }}"
-# loop:
-# - db: "{{ nextcloud_db_name }}"
-# privs: "USAGE,CREATE"
-# type: "schema"
-# objs: "public"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_namespace"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_collation"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_index"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_attrdef"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_description"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# type: "table"
-# objs: "pg_settings"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
-# - db: "{{ nextcloud_db_name }}"
-# privs: "SELECT"
-# objs: "pg_database"
-# role: "{{ nextcloud_php_user }}"
-# name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+- name: Create sigle nextcloud config
+ become_user: "{{ nextcloud_php_user }}"
+ become: true
+ ansible.builtin.template:
+ src: templates/sigle.config.php.j2
+ dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640' # or u=rwx,g=r,o=
-# - name: Creation d'un fichier cron pour /etc/cron.d
-# ansible.builtin.cron:
-# name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan "
-# minute: "5"
-# user: "php_{{ SIGLE}}_{{SITE}}"
-# job: "{{ nextcloud_source }}/cron"
+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type |default(omit) }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option |default(omit) }}"
+ loop_control:
+ label: "{{ item.name }}"
+ loop:
+ - db: "{{ nextcloud_db_name }}"
+ privs: "USAGE,CREATE"
+ type: "schema"
+ objs: "public"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_namespace"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_collation"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_index"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_attrdef"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_description"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_settings"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ objs: "pg_database"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+
+- name: Creation d'un fichier cron pour /etc/cron.d
+ ansible.builtin.cron:
+ name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
+ minute: "*/5"
+ user: "php_{{ SIGLE }}_{{ SITE }}"
+ job: "{{ nextcloud_webroot }}/cron"
-# - name: Recharger plusieurs services
-# ansible.builtin.service:
-# name: "{{ item }}"
-# state: reloaded
-# loop:
-# - "postgresql"
-# - "php{{ php_version }}-fpm"
-# - "nginx"
+- name: Recharger plusieurs services
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "postgresql"
+ - "php{{ php_version }}-fpm"
+ - "nginx"
+- name: Etckeeper commit if necessary
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+
- name: Install required packages
ansible.builtin.apt:
name:
- php-cli
- php-imagick
- php-mbstring
+ - php-gnupg
state: present
register: php_install
- name: Bloc paheko_version
when: paheko_version is undefined
block:
- - name: Demande la version de nextcloud à installer
+ - name: Demande la version de paheko à installer
ansible.builtin.pause:
- prompt: "Quelle version de nextcloud doit être utilisé"
+ prompt: "Quelle version de paheko doit être utilisé"
echo: true
register: paheko_version_prompt
dest: "/home/sites/data/paheko/{{ paheko_version }}.tar.gz"
mode: '755' # or u=rwx,g=rx,o=rx
- - name: Extract downloaded nextcloud source
+ - name: Extract downloaded paheko source
become: true
become_user: www-data
ansible.builtin.unarchive:
ansible.builtin.copy:
src: "/home/sites/data/paheko/paheko-{{ paheko_version }}/"
dest: "/home/sites/data/paheko/{{ paheko_version }}"
- remote_src: true # because the config file is already in the nextcloud_tmp_path
+ remote_src: true # because the config file is already on the paheko path
mode: preserve
- - name: Deleted downloaded nextcloud files
+ - name: Deleted downloaded paheko files
become: true
ansible.builtin.file:
path: "{{ item }}"
path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/"
state: directory
owner: "php_{{ SIGLE }}_{{ SITE }}"
- group: "php_{{ SIGLE }}_{{ SITE }}"
- mode: '644'
+ group: "site_{{ SIGLE }}_{{ SITE }}"
+ mode: '2750'
recurse: true
- name: Boucle d'ajout du user php dans plusieurs groupe
# dest: "/usr/share/garradin/www/admin/static/favicon{{ icon | splitext | last }}"
# when: favicon is defined
-- name: Recharger PHP service
+- name: Recharger PHP et nginx
ansible.builtin.service:
name: "{{ item }}"
state: reloaded
- name: Création de la conf du pool php
ansible.builtin.template:
src: "templates/php_{{ SITE }}_conf.j2"
- dest: "/etc/php/{{ php_version}}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf"
+ dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf"
owner: "root"
group: "root"
mode: '640' # or u=rwx,g=r,o=
- when: SITE == 'nuage' or SITE == 'paheko'
+ when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'gestion'
- name: ATTENTION la config php n'a pas été créer
ansible.builtin.debug:
msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement"
- when: SITE != 'nuage' and SITE != 'paheko'
+ when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion'
-# - name: recharger PHP service
-# ansible.builtin.service:
-# name: "php{{ php_version }}-fpm"
-# state: reloaded
-# when: SITE != 'nuage' or SITE != 'paheko'
+- name: recharger PHP service
+ ansible.builtin.service:
+ name: "php{{ php_version }}-fpm"
+ state: reloaded
+ when: SITE != 'nuage' or SITE != 'paheko' or SITE == 'gestion'
--- /dev/null
+server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www;
+
+location / {
+ try_files $uri $uri/ /_route.php?$query_string;
+ index index.php /_route.php;
+}
+
+location ~ \.php {
+ try_files $uri $uri/ /_route.php?$query_string;
+ include /etc/nginx/conf.d/fastcgi.conf;
+ fastcgi_index index.php ;
+ fastcgi_param REDIRECT_STATUS 200;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
+}
\ No newline at end of file
--- /dev/null
+server {
+ listen 80;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% if ssl_ready is defined and ssl_ready %}
+ return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri;
+ }
+server {
+ listen 443;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% endif %}
+}
\ No newline at end of file
server_name
{{ SITE }}.{{ DOMAIN }}.{{ TLD }};
disable_symlinks if_not_owner;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}//access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/;
}
\ No newline at end of file
# Enforce HTTPS
return 301 https://$server_name$request_uri;
-
access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
}
root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
disable_symlinks if_not_owner;
-{% if besoin_https == 'oui' %}
+{% if ssl_ready is defined and ssl_ready %}
ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
{% endif %}
server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
-root /home/www/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www;
+root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www;
location / {
try_files $uri $uri/ /_route.php?$query_string;
fastcgi_index index.php ;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
-
fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
}
\ No newline at end of file
server {
listen 80;
include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% if ssl_ready is defined and ssl_ready %}
return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri;
}
server {
listen 443;
include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
-{% if besoin_https == 'oui' %}
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
-{% endif %}
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
-}
+{% endif %}
+}
\ No newline at end of file
server_name
{{ DOMAIN }}.{{ TLD }}
www.{{ DOMAIN }}.{{ TLD }};
-root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
index index.html;
client_body_buffer_size 8k;
server_name {{ DOMAIN }}.{{ TLD }};
access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% if ssl_ready is defined and ssl_ready %}
return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri;
}
server {
listen 443 ssl;
include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
-{% if besoin_https == 'oui' %}
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
-{% endif %}
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% endif %}
}
\ No newline at end of file
--- /dev/null
+[{{ TLD}}/{{ DOMAIN}}/{{ SITE}}]
+user = php_{{ SIGLE }}_{{ SITE }}
+group = php_{{ SIGLE }}_{{ SITE }}
+
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+access.log = /home/sites/log/php/fpm/{{ TLD}}/{{ DOMAIN}}/{{ SITE}}/access.log
\ No newline at end of file
- hosts: ligatures
vars:
- domain: chatperche
- ancienne_version: 27.1.0
- nouvelle_version: 27.1.4
-
+ # domain: chatperche
+ # ancienne_version: 27.1.0
+ # nouvelle_version: 27.1.4
+ TLD: 'org'
+ DOMAIN: 'heureux-cyclage'
+ SITE: 'gestion'
+ become: true
tasks:
# - name: Synchronisation des fichiers nextcloud présent sur ateliers dans la vm de migration nextcloud
- # ansible.builtin.command: "rsync --delay-updates -F --compress --archive --partial rominique@ateliers.heureux-cyclage.org:{{ item }} /opt/nuage/backups/{{ domain }}/"
+ # ansible.builtin.command: "rsync --delay-updates -F --compress --archive --partial rominique@ateliers.heureux-cyclage.org:{{ item }} /opt/nuage/backups/{{ DOMAIN }}/"
# delegate_to: vm_debian11
# loop:
# - "{{ nextcloud_webroot }}/config/config.php"
# ansible.builtin.debug:
# var: my_output
- - name: Download nextcloud source
- become: true
- become_user: nextcloud
- ansible.builtin.get_url:
- url: "{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2"
- dest: "{{ nextcloud_sources_files_path }}/"
- mode: '755' # or u=rwx,g=rx,o=rx
- checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5"
+ - name: Inclure le configuration du backup
+ ansible.builtin.include_tasks: tasks/config_backup.yml
\ No newline at end of file