# pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous:
# ansible-playbook creation_nouveau_site.yml --tags "https"
+# pour ne jouer que la partie permettant de configrer un accès SFTP lancer la commance ci-dessous:
+# ansible-playbook creation_nouveau_site.yml --tags "https"
+
- name: Promp pour définir les variables du nouveau ite
hosts: ligatures
become: true # toutes les tâches seront pas défaut éxécuter en tant que root
vars:
# config_nginx: true à l'avenir on pourrait demander à l'utilisateur de choisir si il veut configurer nginx
- # nouvelle_version: 27.1.7 # nextcloud
- # ancienne_version: 27.1.6 # nextcloud
vars_prompt:
tasks:
- - name: Inclure la configuration d'un site web basique
- ansible.builtin.include_tasks: tasks/config_www.yml
-
- name: Inclure les configurations optionnelles d'un site www
ansible.builtin.include_tasks: tasks/config_options_www.yml
- when: SITE != 'nuage'
+ tags:
+ - https
+ - sftp
+
+ - name: Inclure la configuration d'un site web basique
+ ansible.builtin.include_tasks: tasks/config_www.yml
- name: Inclure la configuration nginx
ansible.builtin.include_tasks: tasks/config_nginx.yml
vars:
template_site: 'http'
- - name: Générer un certififat avec certbot # noqa : command-instead-of-module
+ - name: Générer le certififat du sous-domaine avec certbot # noqa : command-instead-of-module
become: true
ansible.builtin.command: 'certbot certonly -n --nginx -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}'
register: certbot_log
ignore_errors: true
changed_when: false
+ when: config_ss_domain != 'www'
+
+ - name: Générer le certififat du domaine et du sous-domaine avec certbot quand le sous domaine est www # noqa : command-instead-of-module
+ become: true
+ ansible.builtin.command: 'certbot certonly -n --nginx -d {{ DOMAIN }}.{{ TLD }} -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}'
+ register: certbot_log
+ ignore_errors: true
+ changed_when: false
+ when: config_ss_domain == 'www'
- name: Afficher les logs certbot
ansible.builtin.debug:
when: config_php == 'oui' or SITE == 'paheko' or SITE == 'WP' or SITE == 'nuage'
- name: Inclure la configuration d'une bdd postgres
- ansible.builtin.include_tasks: tasks/config_bdd_postgres.yml
+ ansible.builtin.include_tasks: tasks/config_postgres.yml
when: config_bdd == 'postgres' or SITE == 'nuage'
- name: Inclure la configuration d'une bdd mariadb
- ansible.builtin.include_tasks: tasks/config_bdd_mariadb.yml
+ ansible.builtin.include_tasks: tasks/config_mariadb.yml
when: config_bdd == 'mariadb' or SITE == 'WP'
- name: Inclure la configuration nextcloud si besoin
when: SITE == 'paheko'
- name: Inclure la configuration WP si besoin
- ansible.builtin.include_tasks: tasks/config_wp.yml
+ ansible.builtin.include_tasks: tasks/config_WP.yml
when: SITE == 'WP'
- name: Inclure le configuration du backup
ansible.builtin.include_tasks: tasks/config_backup.yml
- name: Inclure le configuration SFTP
- ansible.builtin.include_tasks: tasks/config_sftp.yml
- when: sftp_key =! '' and sftp_key =! 'non'
+ ansible.builtin.include_tasks:
+ file: tasks/config_sftp.yml
+ apply:
+ tags: sftp
+ when: sftp_key != '' and sftp_key != 'non'
+ tags: sftp
nextcloud_common_files_path: "/home/sites/data/nextcloud/common"
nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage"
nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
-nextcloud_old_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ ancienne_version }}"
nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}"
nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
-nextcloud_old_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}"
nextcloud_symbolic_common: "../../../nextcloud/common.config.php"
php_fpm_service: php{{ php_version}}-fpm
php_version: '8.2'
- name: Create a dump of the postgreSQL database # noqa : command-instead-of-module
become: true
become_user: "{{ nextcloud_php_user }}"
- ansible.builtin.command: "pg_dump -f /tmp/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}"
+ ansible.builtin.command: "pg_dump -f {{ nextcloud_webroot }}/data/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}"
args:
chdir: "{{ nextcloud_webroot }}"
-
-- name: Create new app common folder from old version one
- become_user: "site_{{ SIGLE }}_{{ SITE }}"
- become: true
+- name: Copie des fichiers sources WP dans le home du nouveau site
ansible.builtin.copy:
- src: "/home/sites/data/wordpress"
- dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/"
+ src: "/home/sites/data/wordpress/"
+ dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/"
remote_src: true # because the copy is from remote host to remote host
- mode: '754' # or 'u=rwx,g=rx,o=r'
+ mode: '2750' # or 'u=rwx,g=rx,o=r'
+ owner: "site_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
- name: Créer les fichiers spécifiques wp
ansible.builtin.template:
src: "templates/{{ item.src }}"
- dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/{{ item.dest }}"
+ dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop:
- src: "wp-config.php.j2"
dest: "wp-config.php"
- owner: "php_{{ SIGLE }}_{{ SITE }}"
- group: "site_{{ SIGLE }}_{{ SITE }}"
+ owner: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '640'
- name: Recharger PHP et nginx
backup: true
register: presence_sigle
loop:
- - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config"
- - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data"
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/config"
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data"
when: SITE == 'nuage'
- name: Mise à jour de la conf de borgmatic pour le backup d'un site non nuage
backup: true
register: presence_sigle
loop:
- - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
when: SITE != 'nuage'
+- name: Etckeeper commit if necessary
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}"
+ ignore_errors: true
+
+- name: Install ansible mysql required packages
+ ansible.builtin.apt:
+ name:
+ - python3-pymysql
+
- name: Boucle d'ajout du user php dans plusieurs groupe
ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
groups: "{{ item }}"
append: true
loop:
- mysql
- - "site_{{ SIGLE }}_{{ SITE }}"
+ - "site_{{ SIGLE }}_{{ config_ss_domain }}"
- name: Création de la nouvelle bdd Mariadb
community.mysql.mysql_db:
- name: "php_{{ SIGLE }}_{{ SITE }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
state: present
login_unix_socket: /run/mysqld/mysqld.sock
encoding: utf8mb4 # pour WP
- name: Créer le user mysql
- mysql_user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
- priv: "php_{{ SIGLE }}_{{ SITE }}.*:ALL"
+ community.mysql.mysql_user:
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ priv: "php_{{ SIGLE }}_{{ config_ss_domain }}.*:ALL"
+ plugin: unix_socket
state: present
- login_unix_socket: /run/mysqld/mysqld.sock
\ No newline at end of file
+ login_unix_socket: /run/mysqld/mysqld.sock
loop_control:
label: "{{ item.path }}"
loop:
- - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
state: directory
owner: 'root'
group: 'root'
owner: 'log_sites'
group: 'log_sites'
mode: '755'
- - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
state: directory
owner: 'log_sites'
group: 'log_sites'
- name: Création de la conf server nginx
ansible.builtin.template:
src: "templates/nginx_{{ template_site }}_server.j2"
- dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/server.conf"
+ dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/server.conf"
owner: "root"
group: "root"
mode: '640' # or u=rwx,g=r,o=
- name: Création de la conf common nginx
ansible.builtin.template:
src: "templates/nginx_{{ template_site }}_common.j2"
- dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf"
+ dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf"
owner: "root"
group: "root"
mode: '640' # or u=rwx,g=r,o=
- when: SITE != 'nuage' and template_site != 'http'
+ when: SITE != 'nuage' and template_site != 'http' and SITE != 'WP'
- name: Recharger le service nginx
ansible.builtin.service:
name: nginx
state: reloaded
when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' and template_site == 'http'
+
+# ne jamais executer cette tâche sauf si le playbook est appelé avec le tag https - fin du playbook
+- name: Recharger le service nginx
+ ansible.builtin.service:
+ name: nginx
+ state: reloaded
+ tags:
+ - https
+ - never
\ No newline at end of file
- name: Etckeeper commit if necessary
- ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}"
ignore_errors: true
- name: Install required packages
- name: Boucle d'ajout du user php dans plusieurs groupe
ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
groups: "{{ item }}"
append: true
loop:
- nextcloud
- postgres-data
- redis
- - "site_{{ SIGLE }}_{{ SITE }}"
+ - "site_{{ SIGLE }}_{{ config_ss_domain }}"
- name: Bloc nouvelle version nextcloud
when: nouvelle_version is undefined
block:
- name: Demande la version de nextcloud à installer
ansible.builtin.pause:
- prompt: "Quelle version de nextcloud doit être utilisée"
+ prompt: "Quelle version de nextcloud doit être utilisée? (default: 27.1.9)"
echo: true
register: nextcloud_version_prompt
- name: Definir nouvelle_version
ansible.builtin.set_fact:
- nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
+ nouvelle_version: "{{ ( nextcloud_version_prompt.user_input | length == 0 ) | ternary ('27.1.9', nextcloud_version_prompt.user_input) }}"
- name: Bloc ancienne version nextcloud
when: ancienne_version is undefined
block:
- name: Demande la version de nextcloud déjà installée
ansible.builtin.pause:
- prompt: "Quelle version de nextcloud déjà installée"
+ prompt: "Quelle version de nextcloud déjà installée? (default: 26.0.4.2)"
echo: true
register: ancienne_version_prompt
- name: Definir ancienne_version
ansible.builtin.set_fact:
- ancienne_version: "{{ ancienne_version_prompt.user_input }}"
+ ancienne_version: "{{ ( ancienne_version_prompt.user_input | length == 0 ) | ternary ('26.0.4.2', ancienne_version_prompt.user_input) }}"
- name: Inclure la verif de l'install nextcloud
ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
-- name: PostgreSQL - nextcloud_php_user role is created
- become_user: postgres
- become: true
- community.postgresql.postgresql_user:
- name: "{{ nextcloud_php_user }}"
- state: present
- role_attr_flags: CREATEDB
-
-- name: PostgreSQL - nextcloud_db_name database is created
- become_user: postgres
- become: true
- community.postgresql.postgresql_db:
- name: "{{ nextcloud_db_name }}"
- state: "{{ item }}"
- owner: "{{ nextcloud_php_user }}"
- loop:
- - absent
- - present
-
- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
become_user: postgres
become: true
grant_option: true
name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
-- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
- community.postgresql.postgresql_pg_hba:
- dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
- contype: local
- users: "php_{{ SIGLE }}_{{ SITE }}"
- databases: "php_{{ SIGLE }}_{{ SITE }}"
- method: peer
- keep_comments_at_rules: true
- comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
-
- name: Boucle création des répertoires app, config et data nextcloud
ansible.builtin.file:
path: "{{ item.path }}"
- name: Create nextcloud common app dir symbolic link
ansible.builtin.file:
- src: "{{ nextcloud_symbolic_common }}"
+ src: "{{ nextcloud_common }}"
dest: "{{ nextcloud_webroot }}/common"
owner: nextcloud
group: nextcloud
group: "{{ nextcloud_websrv_user }}"
mode: '640'
-- name: Recharger plusieurs services
+- name: Recharger php
ansible.builtin.service:
name: "{{ item }}"
state: reloaded
loop:
- - "postgresql"
- "php{{ php_version }}-fpm"
- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
ansible.builtin.command: >
./console maintenance:install
--database='pgsql'
- --database-name="php_{{ SIGLE }}_{{ SITE }}"
- --database-user="php_{{ SIGLE }}_{{ SITE }}"
+ --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}"
+ --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}"
--database-host="/var/run/postgresql/"
--database-pass=""
--admin-user='admin'
--admin-pass='ckoideja'
- --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
+ --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/"
args:
chdir: "{{ nextcloud_webroot }}"
register: install_result
# role: "{{ nextcloud_php_user }}"
# name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+# on rend aléatoire la minutes de l'heure à laquelle les tâches d'arriere plan nextcloud tournent entre les différentes instance pour répartir la charge
- name: Creation d'un fichier cron pour /etc/cron.d
ansible.builtin.cron:
- name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
- minute: "*/5"
- user: "php_{{ SIGLE }}_{{ SITE }}"
+ name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins"
+ minute: "{{ 5 | random }}-59/5"
+ user: "php_{{ SIGLE }}_{{ config_ss_domain }}"
job: "{{ nextcloud_webroot }}/cron"
- name: Recharger plusieurs services
-- name: Bloc demande sous-domaine
- block:
-
- - name: Demande sous-domaine
- ansible.builtin.pause:
- prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)'
- echo: true
- register: config_ss_domain_promp
-
- - name: Definir config_ss_domain
- ansible.builtin.set_fact:
- config_ss_domain: "{{ config_ss_domain_promp.user_input | default(SITE) }}"
-
-- name: Bloc demande des autres options
- when: SITE != 'paheko' # and SITE != 'WP'
- block:
-
- - name: Demande php
- ansible.builtin.pause:
- prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)'
- echo: true
- register: config_php_promp
-
- - name: Definir config_php
- ansible.builtin.set_fact:
- config_php: "{{ config_php_promp.user_input | default('non') }}"
-
- - name: Demande bdd
- ansible.builtin.pause:
- prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)'
- echo: true
- register: config_bdd_promp
-
- - name: Definir config_bdd
- ansible.builtin.set_fact:
- config_bdd: "{{ config_bdd_promp.user_input | default('non') }}"
-
- - name: Demande sftp_key
- ansible.builtin.pause:
- prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)'
- echo: true
- register: sftp_key_promp
-
- - name: Definir sftp_key
- ansible.builtin.set_fact:
- sftp_key: "{{ sftp_key_promp.user_input | default('non') }}"
+- name: Demande sous-domaine
+ tags:
+ - https
+ - sftp
+ ansible.builtin.pause:
+ prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)'
+ echo: true
+ register: config_ss_domain_promp
+ when: SITE != 'nuage'
+
+- name: Demande php
+ ansible.builtin.pause:
+ prompt: 'Faut-il configurer un pool PHP?(oui/non)'
+ echo: true
+ register: config_php_promp
+ when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP'
+
+- name: Demande bdd
+ ansible.builtin.pause:
+ prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)'
+ echo: true
+ register: config_bdd_promp
+ when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP'
+
+- name: Demande sftp_key
+ ansible.builtin.pause:
+ prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)'
+ echo: true
+ register: sftp_key_promp
+ when: SITE != 'paheko' and SITE != 'nuage'
+ tags: sftp
+
+- name: Definir config_ss_domain
+ tags:
+ - https
+ - sftp
+ ansible.builtin.set_fact:
+ config_ss_domain: "{{ ( SITE == 'nuage' | default ('') ) | ternary (SITE, config_ss_domain_promp.user_input) }}"
+
+- name: Definir config_php
+ ansible.builtin.set_fact:
+ config_php: "{{ ( config_php_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_php_promp.user_input) }}"
+
+- name: Definir config_bdd
+ ansible.builtin.set_fact:
+ config_bdd: "{{ ( config_bdd_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_bdd_promp.user_input) }}"
+
+- name: Definir sftp_key
+ tags: sftp
+ ansible.builtin.set_fact:
+ sftp_key: "{{ sftp_key_promp.user_input | default('non') }}"
\ No newline at end of file
- name: Etckeeper commit if necessary
- ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}"
- name: Install required packages
ansible.builtin.apt:
- name: Copie la source paheko vers le home du site
become: true
-# become_user: "php_{{ SIGLE }}_{{ SITE }}"
+# become_user: "php_{{ SIGLE }}_{{ config_ss_domain }}"
ansible.builtin.copy:
src: "/home/sites/data/paheko/{{ paheko_version }}/"
- dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
remote_src: true # because the config file is already in the nextcloud_tmp_path
mode: '2750'
- name: Modification du propriétaire group et droits du dossier
ansible.builtin.file:
- path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/"
+ path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/"
state: directory
- owner: "php_{{ SIGLE }}_{{ SITE }}"
- group: "site_{{ SIGLE }}_{{ SITE }}"
+ owner: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '2750'
recurse: true
- name: Ajout de l'utilisateur php_SIGLE_SITE
ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
- home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
shell: /bin/false
system: true
append: true
create_home: false
password: '!'
-# group: "php_{{ SIGLE }}_{{ SITE }}"
+# group: "php_{{ SIGLE }}_{{ config_ss_domain }}"
- name: Boucle d'ajout du user php dans plusieurs groupe
ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
groups: "{{ item }}"
append: true
loop:
mode: '1751'
- path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}"
state: directory
- owner: "php_{{ SIGLE }}_{{ SITE }}"
- group: "php_{{ SIGLE }}_{{ SITE }}"
+ owner: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "php_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '1751'
- - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
state: directory
- owner: "php_{{ SIGLE }}_{{ SITE }}"
- group: "php_{{ SIGLE }}_{{ SITE }}"
+ owner: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "php_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '750'
- name: Boucle création ou modifications des répertoires config d'un pool php
loop_control:
label: "{{ item.path }}"
loop:
- - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
state: directory # If directory, all intermediate subdirectories will be created if they do not exist.
owner: 'root'
group: 'root'
- name: Création de la conf du pool php
ansible.builtin.template:
src: "templates/php_{{ SITE }}_conf.j2"
- dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf"
+ dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/php-fpm.conf"
owner: "root"
group: "root"
mode: '640' # or u=rwx,g=r,o=
when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'WP'
-- name: ATTENTION la config php n'a pas été créer
+- name: Message d'alerte si besoin
ansible.builtin.debug:
- msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement"
- when: SITE != 'nuage' and SITE != 'paheko' or SITE != 'WP'
+ msg: "!!! ATTENTION !!! la config php n'a pas été créer car il n'y a pas de templates php pour votre site, il faudra le créer manuellement"
+ when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP'
-- name: Etckeeper commit if necessary
- ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
- ignore_errors: true
-
-- name: Install required packages
- ansible.builtin.apt:
- name:
-# - php-ctype
- - php-curl
-# - php-dom
-# - php-fileinfo
- - php-gd
- - php-json
- - "php{{ php_version }}-xml"
- - php-mbstring
-# - php-openssl
-# - php-posix
-# - php-session
-# - php-simplexml
-# - php-xmlreader
-# - php-xmlwriter
- - php-zip
-# - php-zlib
-# - php-pdo_pgsql
- - "php{{ php_version }}-pgsql"
- - php-pgsql
- - php-intl
- - php-bz2
-# - php-sodium
- - php-gmp
-# - php-exif
- - php-redis
- - php-imagick
- - python3-psycopg2 # module ansible psql
- state: present
-
-- name: Boucle d'ajout du user php dans plusieurs groupe
- ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
- groups: "{{ item }}"
- append: true
- loop:
- - nextcloud
- - postgres-data
- - redis
- - "site_{{ SIGLE }}_{{ SITE }}"
-
-- name: Bloc nouvelle version nextcloud
- when: nouvelle_version is undefined
- block:
- - name: Demande la version de nextcloud à installer
- ansible.builtin.pause:
- prompt: "Quelle version de nextcloud doit être utilisée"
- echo: true
- register: nextcloud_version_prompt
-
- - name: Definir nouvelle_version
- ansible.builtin.set_fact:
- nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
-
-- name: Bloc ancienne version nextcloud
- when: ancienne_version is undefined
- block:
- - name: Demande la version de nextcloud déjà installée
- ansible.builtin.pause:
- prompt: "Quelle version de nextcloud déjà installée"
- echo: true
- register: ancienne_version_prompt
-
- - name: Definir ancienne_version
- ansible.builtin.set_fact:
- ancienne_version: "{{ ancienne_version_prompt.user_input }}"
-
-- name: Inclure la verif de l'install nextcloud
- ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
-
- name: PostgreSQL - nextcloud_php_user role is created
become_user: postgres
become: true
community.postgresql.postgresql_user:
- name: "{{ nextcloud_php_user }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
state: present
role_attr_flags: CREATEDB
become_user: postgres
become: true
community.postgresql.postgresql_db:
- name: "{{ nextcloud_db_name }}"
+ name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
state: "{{ item }}"
- owner: "{{ nextcloud_php_user }}"
+ owner: "php_{{ SIGLE }}_{{ config_ss_domain }}"
loop:
- absent
- present
-- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
- become_user: postgres
- become: true
- community.postgresql.postgresql_privs:
- db: "{{ item.db }}"
- privs: "{{ item.privs }}"
- type: "{{ item.type |default(omit) }}"
- objs: "{{ item.objs }}"
- role: "{{ item.role }}"
- grant_option: "{{ item.grant_option |default(omit) }}"
- loop_control:
- label: "{{ item.name }}"
- loop:
- - db: "{{ nextcloud_db_name }}"
- privs: "ALL"
- type: "schema"
- objs: "public"
- role: "{{ nextcloud_php_user }}"
- grant_option: true
- name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
-
- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
community.postgresql.postgresql_pg_hba:
dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
contype: local
- users: "php_{{ SIGLE }}_{{ SITE }}"
- databases: "php_{{ SIGLE }}_{{ SITE }}"
+ users: "php_{{ SIGLE }}_{{ config_ss_domain }}"
+ databases: "php_{{ SIGLE }}_{{ config_ss_domain }}"
method: peer
keep_comments_at_rules: true
- comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
-
-- name: Boucle création des répertoires app, config et data nextcloud
- ansible.builtin.file:
- path: "{{ item.path }}"
- state: "{{ item.state }}"
- owner: "{{ item.owner }}"
- group: "{{ item.group }}"
- mode: "{{ item.mode }}"
- loop_control:
- label: "{{ item.path }}"
- loop:
- - path: "{{ nextcloud_webroot }}/apps"
- state: directory
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '2750'
- - path: "{{ nextcloud_webroot }}/config"
- state: directory
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '2750'
- - path: "{{ nextcloud_webroot }}/data"
- state: directory
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '2750'
-
-- name: Create nextcloud root dir symbolic link
- ansible.builtin.file:
- src: "{{ nextcloud_symbolic_source }}"
- dest: "{{ nextcloud_webroot }}/nextcloud"
- owner: nextcloud
- group: nextcloud
- state: link
- follow: false
-
-- name: Create nextcloud common app dir symbolic link
- ansible.builtin.file:
- src: "{{ nextcloud_symbolic_common }}"
- dest: "{{ nextcloud_webroot }}/common"
- owner: nextcloud
- group: nextcloud
- state: link
- follow: false
-
-- name: Créer les fichiers spécifiques nextcloud
- ansible.builtin.template:
- src: "templates/{{ item.src }}"
- dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
- owner: "{{ item.owner }}"
- group: "{{ item.group }}"
- mode: "{{ item.mode }}"
- loop:
- - src: "nextcloud_cron.j2"
- dest: "cron"
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '750'
- - src: "nextcloud_console.j2"
- dest: "console"
- owner: "{{ nextcloud_websrv_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '750'
- - src: "nextcloud_install_config.j2"
- dest: "config/config.php"
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '640'
-
-- name: Recharger plusieurs services
- ansible.builtin.service:
- name: "{{ item }}"
- state: reloaded
- loop:
- - "postgresql"
- - "php{{ php_version }}-fpm"
-
-- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
- become_user: "{{ nextcloud_php_user }}"
- become: true
- ansible.builtin.command: >
- ./console maintenance:install
- --database='pgsql'
- --database-name="php_{{ SIGLE }}_{{ SITE }}"
- --database-user="php_{{ SIGLE }}_{{ SITE }}"
- --database-host="/var/run/postgresql/"
- --database-pass=""
- --admin-user='admin'
- --admin-pass='ckoideja'
- --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
- args:
- chdir: "{{ nextcloud_webroot }}"
- register: install_result
- ignore_errors: true
-
-- name: Afficher les logs du script d'install
- ansible.builtin.debug:
- var: install_result
- when: install_result is defined
-
-- name: Afficher les logs du script d'install
- ansible.builtin.fail:
- msg: "Le script d'install a échoué: Voir les logs ci-dessus"
- when: install_result.failed
-
-- name: Créer les fichiers spécifiques nextcloud
- ansible.builtin.template:
- src: "templates/{{ item.src }}"
- dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
- owner: "{{ item.owner }}"
- group: "{{ item.group }}"
- mode: "{{ item.mode }}"
- loop:
- - src: "nextcloud_sigle_config.j2"
- dest: "config/{{ SIGLE }}.config.php"
- owner: "{{ nextcloud_php_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '640'
-
-- name: Creation d'un lien symbolique vers le configuration nextcloud commun
- ansible.builtin.file:
- src: "../../../../nextcloud/common.config.php"
- path: "{{ nextcloud_webroot }}/config/common.config.php"
- owner: nextcloud
- group: nextcloud
- state: link
- follow: false
-
-- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
- become_user: postgres
- become: true
- community.postgresql.postgresql_privs:
- db: "{{ item.db }}"
- privs: "{{ item.privs }}"
- type: "{{ item.type | default(omit) }}"
- objs: "{{ item.objs }}"
- role: "{{ item.role }}"
- grant_option: "{{ item.grant_option | default(omit) }}"
- loop_control:
- label: "{{ item.name }}"
- loop:
- - db: "{{ nextcloud_db_name }}"
- privs: "USAGE,CREATE"
- type: "schema"
- objs: "public"
- role: "{{ nextcloud_php_user }}"
- name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_namespace"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_collation"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_index"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_attrdef"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_description"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # type: "table"
- # objs: "pg_settings"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
- # - db: "{{ nextcloud_db_name }}"
- # privs: "SELECT"
- # objs: "pg_database"
- # role: "{{ nextcloud_php_user }}"
- # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
-
-- name: Creation d'un fichier cron pour /etc/cron.d
- ansible.builtin.cron:
- name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
- minute: "*/5"
- user: "php_{{ SIGLE }}_{{ SITE }}"
- job: "{{ nextcloud_webroot }}/cron"
+ comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom"
-- name: Recharger plusieurs services
+- name: Recharger postgresql
ansible.builtin.service:
name: "{{ item }}"
state: reloaded
loop:
- - "php{{ php_version }}-fpm"
- - "nginx"
+ - "postgresql"
\ No newline at end of file
- name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly et modification du home
ansible.builtin.user:
- name: "site_{{ SIGLE }}_{{ SITE }}"
+ name: "site_{{ SIGLE }}_{{ config_ss_domain }}"
home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
shell: /bin/false
groups: sftponly
mode: '2751'
- path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh"
state: directory
- owner: "site_{{ SIGLE }}_{{ SITE }}"
- group: "site_{{ SIGLE }}_{{ SITE }}"
+ owner: "site_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '2700'
- name: Création du fichier authorized_keys
ansible.builtin.template:
src: "templates/authorized_keys.j2"
dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh/authorized_keys"
- owner: "site_{{ SIGLE }}_{{ SITE }}"
- group: "site_{{ SIGLE }}_{{ SITE }}"
+ owner: "site_{{ SIGLE }}_{{ config_ss_domain }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '600'
# verif le serveur openssh est bien config et sinon le faire? + reload
- name: Ajout de l'utilisateur site_SIGLE_SITE
ansible.builtin.user:
- name: "site_{{ SIGLE }}_{{ SITE }}"
- home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ name: "site_{{ SIGLE }}_{{ config_ss_domain }}"
+ home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
shell: /bin/false
groups: www-data
system: true
- name: Boucle d'ajout d'user dans le groupe site_SIGLE_SITE
ansible.builtin.user:
name: "{{ item }}"
- groups: "site_{{ SIGLE }}_{{ SITE }}"
+ groups: "site_{{ SIGLE }}_{{ config_ss_domain }}"
append: true
loop:
- 'www-data'
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
+ vars:
+ concat: "site_{{ SIGLE }}_{{ config_ss_domain }}"
loop_control:
label: "{{ item.path }}"
loop:
owner: 'root'
group: 'www-data'
mode: '2751'
- - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}"
state: directory
- owner: 'root'
- group: "site_{{ SIGLE }}_{{ SITE }}"
+ owner: "{{ ( SITE in ['www','WP'] ) | ternary ( concat , 'root' ) }}"
+ group: "site_{{ SIGLE }}_{{ config_ss_domain }}"
mode: '2750'
mode: '755' # or u=rwx,g=rx,o=rx
checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5"
-- name: create nextcloud source dir
+- name: Create nextcloud source dir
become: true
become_user: nextcloud
- ansible.builtin.file:
+ ansible.builtin.file:
path: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
state: directory
mode: '755' # or u=rwx,g=rx,o=rx
src: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2"
dest: "{{ nextcloud_sources_files_path }}/"
# mode: '755' # or u=rwx,g=rx,o=rx
- remote_src: yes
+ remote_src: true
-- name: "rename nextloud dir to nextcloud-{{ nouvelle_version }}"
+- name: Rename nextloud dir to nextcloud-nouvelle_version
become: true
become_user: nextcloud
- ansible.builtin.copy:
+ ansible.builtin.copy:
src: "{{ nextcloud_sources_files_path }}/nextcloud/"
dest: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
- remote_src: yes # because the config file is already in the nextcloud_tmp_path
+ remote_src: true # because the config file is already in the nextcloud_tmp_path
-- name: deleted downloaded nextcloud files
+- name: Deleted downloaded nextcloud files
become: true
become_user: nextcloud
ansible.builtin.file:
state: absent
loop:
- "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2"
- - "{{ nextcloud_sources_files_path }}/nextcloud"
\ No newline at end of file
+ - "{{ nextcloud_sources_files_path }}/nextcloud"
ansible_become: true
become_user: nextcloud
-- name: Create new app common folder from old version one
- become_user: nextcloud
+# on utilise une version uniquement si test-nuage a préalablement été mis à jour dans cette version
+
+- name: fail si test-nuage n'a pas été mis à jour avec cette version
+ ansible.builtin.fail:
+ msg: 'il faut déjà mettre à jour test-nuage avec cette version'
+ when: not new_nextcloud_common.stat.exists and test_nuage is not defined
+
+- name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage
become: true
ansible.builtin.copy:
- src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/"
+ src: "/home/sites/data/org/heureux-cyclage/test-nuage/apps/"
dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
remote_src: true # because the copy is from remote host to remote host
mode: '754' # or 'u=rwx,g=rx,o=r'
- when: not new_nextcloud_common.stat.exists
\ No newline at end of file
+ owner: nextcloud
+ group: nextcloud
+ when: not new_nextcloud_common.stat.exists and test_nuage is defined
<?php
-$SITE = '{{ SITE }}';
+$SITE = '{{ config_ss_domain }}';
$DOMAIN = '{{ DOMAIN }}';
$TLD = '{{ TLD }}';
$SIGLE = '{{ SIGLE }}';
<?php
-$SITE = '{{ SITE }}';
+$SITE = '{{ config_ss_domain }}';
$DOMAIN = '{{ DOMAIN }}';
$TLD = '{{ TLD }}';
$SIGLE = '{{ SIGLE }}';
server {
listen 80;
server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
- root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
{% if ssl_ready is defined and ssl_ready %}
return 301 https://$server_name$request_uri;
}
server {
listen 443;
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ ssl_certificate /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
+ root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/;
+ server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
{% endif %}
- server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
- root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
index index.php index.html index.htm;
client_max_body_size 500M;
location / {
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+ fastcgi_pass unix:/run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 80;
server_name {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
disable_symlinks if_not_owner;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/;
}
\ No newline at end of file
}
server {
listen 80;
- server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ server_name {{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }};
#disable_symlinks if_not_owner;
{% if ssl_ready is defined and ssl_ready %}
# Enforce HTTPS
return 301 https://$server_name$request_uri;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
}
server {
listen 443 ssl http2;
- server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ server_name {{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }};
# Path to the root of your installation
- root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
+ root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/nextcloud;
disable_symlinks if_not_owner;
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
{% endif %}
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
# Prevent nginx HTTP Server Detection
server_tokens off;
}
location ~ /common-apps/(.*)$ {
- alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1;
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common/$1;
}
location ~ /instance-apps/(.*)$ {
- alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1;
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/apps/$1;
}
# Specify how to handle directories -- specifying `/index.php$request_uri`
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
- fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config;
- fastcgi_pass unix:/run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }};
+ fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/config;
+ fastcgi_pass unix:/run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }};
#fastcgi_intercept_errors on;
fastcgi_request_buffering off;
server_name {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
-root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www;
+root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/www;
location / {
try_files $uri $uri/ /_route.php?$query_string;
fastcgi_index index.php ;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
+ fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }};
}
\ No newline at end of file
server {
listen 80;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
{% if ssl_ready is defined and ssl_ready %}
return 301 https://$server_name$request_uri;
}
server {
listen 443;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf;
+ ssl_certificate /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
{% endif %}
}
\ No newline at end of file
server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
{# semble ne pas être nécessaire rewrite ^/(.*) http://{{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}/$1 permanent; #}
-root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/;
index index.html;
client_body_buffer_size 8k;
server {
listen 80;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
{% if ssl_ready is defined and ssl_ready %}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
- include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
- ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
- access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
- error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf;
+ ssl_certificate /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/error.log warn;
{% endif %}
}
\ No newline at end of file
-[{{ TLD }}/{{ DOMAIN }}/{{ SITE }}]
-user = php_{{ SIGLE }}_{{ SITE }}
-group = php_{{ SIGLE }}_{{ SITE }}
+[{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}]
+user = php_{{ SIGLE }}_{{ config_ss_domain }}
+group = php_{{ SIGLE }}_{{ config_ss_domain }}
-listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }}
listen.group = www-data
pm.process_idle_timeout = 60s
pm.max_requests = 500
-access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log
\ No newline at end of file
+access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log
\ No newline at end of file
-[{{ TLD }}/{{ DOMAIN }}/{{ SITE }}]
-user = php_{{ SIGLE }}_{{ SITE }}
-group = php_{{ SIGLE }}_{{ SITE }}
+[{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}]
+user = php_{{ SIGLE }}_{{ config_ss_domain }}
+group = php_{{ SIGLE }}_{{ config_ss_domain }}
-listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }}
listen.group = www-data
pm.min_spare_servers = 1
pm.max_spare_servers = 3
-access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log
\ No newline at end of file
+access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log
\ No newline at end of file
-[{{ TLD }}/{{ DOMAIN }}/{{ SITE }}]
-user = php_{{ SIGLE }}_{{ SITE }}
-group = php_{{ SIGLE }}_{{ SITE }}
+[{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}]
+user = php_{{ SIGLE }}_{{ config_ss_domain }}
+group = php_{{ SIGLE }}_{{ config_ss_domain }}
-listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ config_ss_domain }}
listen.group = www-data
pm.min_spare_servers = 1
pm.max_spare_servers = 3
-access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log
\ No newline at end of file
+access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/access.log
\ No newline at end of file
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('WP_CACHE', true);
-define('WPCACHEHOME', '/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/wp-content/plugins/wp-super-cache/' );
-define('DB_NAME', 'php_{{ SIGLE }}_{{ SITE }}');
+define('WPCACHEHOME', '/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/wp-content/plugins/wp-super-cache/' );
+define('DB_NAME', 'php_{{ SIGLE }}_{{ config_ss_domain }}');
/** MySQL database username */
-define('DB_USER', 'php_{{ SIGLE }}_{{ SITE }}');
+define('DB_USER', 'php_{{ SIGLE }}_{{ config_ss_domain }}');
/** MySQL database password */
define('DB_PASSWORD', '');
- name: nouvelle_version
prompt: 'Nouvelle version nextcloud à télécharger?(ex: 27.1.8)'
private: false
- default: "27.1.8"
+ default: "28.0.6"
- name: TLD
prompt: 'TLD du site à mettre à jour?(ex: org)'
ansible_become: true
become_user: nextcloud
- - name: Create new app common folder from old version one
- become_user: nextcloud
+# on met à jour une instance uniquement si test-nuage a préalablement été mis à jour dans cette version
+
+ - name: fail si test-nuage n'a pas été mis à jour avec cette version
+ ansible.builtin.fail:
+ msg: 'il faut déjà mettre à jour test-nuage avec cette version'
+ when: not new_nextcloud_common.stat.exists and test_nuage is not defined
+
+ - name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage
become: true
ansible.builtin.copy:
- src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/"
+ src: "/home/sites/data/org/heureux-cyclage/test-nuage/apps/"
dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
remote_src: true # because the copy is from remote host to remote host
mode: '754' # or 'u=rwx,g=rx,o=r'
- when: not new_nextcloud_common.stat.exists
+ owner: nextcloud
+ group: nextcloud
+ when: not new_nextcloud_common.stat.exists and test_nuage is defined
- name: Include backup tasks
ansible.builtin.include_tasks: tasks/backup_nextcloud.yml
dépôts / lhc / ansible.git / commitdiff