From: rominique Date: Thu, 4 Apr 2024 11:39:39 +0000 (+0200) Subject: correction de la conf certbot X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=5f7ed8e1233e5b2bb33ac343113d3fa5bfe77ec3;p=lhc%2Fansible.git correction de la conf certbot ajout site gestion (paheko) --- diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index 0d36702..89338c1 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -13,7 +13,7 @@ vars_prompt: - name: SITE - prompt: 'quel type de site?(ex: nuage, www, wiki, paheko)' + prompt: 'quel type de site?(ex: nuage, www, wiki, paheko ou gestion)' private: false default: "nuage" @@ -69,9 +69,51 @@ - name: Inclure la configuration d'un site web basique ansible.builtin.include_tasks: tasks/config_www.yml + - name: Inclure la configuration nginx + ansible.builtin.include_tasks: tasks/config_nginx.yml + vars: + template_site: "{{ SITE }}" + when: besoin_https == 'non' + +# scenario pre-install nginx sans ssl +# test installed=false or needupgrade:true +# test installed=true et needupgrade:false +# puis certbot à la fin +# puis template nginx ssl pour test manuel + + - name: Bloc permettant de générer les certificats SSL + when: besoin_https == 'oui' + block: + - name: Inclure la configuration nginx http + ansible.builtin.include_tasks: tasks/config_nginx.yml + vars: + template_site: 'http' + + - name: Générer un certififat avec certbot # noqa : command-instead-of-module + become: true + ansible.builtin.command: 'certbot certonly -n --nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}' + register: certbot_log + ignore_errors: true + changed_when: false + + - name: Afficher les logs certbot + ansible.builtin.debug: + var: certbot_log + when: certbot_log is defined + + - name: Activer la conf ssl dans nginx + ansible.builtin.set_fact: + ssl_ready: true + when: certbot_log is defined + + - name: Inclure la configuration nginx avec ssl + ansible.builtin.include_tasks: tasks/config_nginx.yml + vars: + template_site: "{{ SITE }}" + - name: Inclure la configuration d'un pool PHP ansible.builtin.include_tasks: tasks/config_pool_php.yml - when: config_php == 'oui' or SITE == 'paheko' or SITE == 'nuage' + when: config_php == 'oui' or SITE == 'paheko' or SITE == 'gestion' or SITE == 'nuage' - name: Inclure la configuration nextcloud si besoin ansible.builtin.include_tasks: tasks/config_nuage.yml @@ -79,36 +121,9 @@ - name: Inclure la configuration paheko si besoin ansible.builtin.include_tasks: tasks/config_paheko.yml - when: SITE == 'paheko' - - # MAJ borgmatic conf -## Mettre à jour la conf de borgmatic pour intégrer les dossiers du nouveau nuage dans 'source_directories' - - # vim /etc/borgmatic/config.yaml - - # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/config - # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data - - # - name: Bloc permettant de générer les certificats SSL - # when: besoin_https == 'oui' - # block: - # - name: Inclure la configuration nginx http - # ansible.builtin.include_tasks: tasks/config_nginx.yml - # vars: - # template_site: 'http' - - # - name: Générer un certififat avec certbot # noqa : command-instead-of-module - # become: true - # ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}' - # register: certbot_log - # changed_when: false - - # - name: Afficher les logs certbot - # ansible.builtin.debug: - # var: certbot_log - # when: certbot_log is defined - - # - name: Inclure la configuration nginx - # ansible.builtin.include_tasks: tasks/config_nginx.yml - # vars: - # template_site: "{{ SITE }}" \ No newline at end of file + when: SITE == 'paheko' or SITE == 'gestion' + + - name: Inclure le configuration du backup + ansible.builtin.include_tasks: tasks/config_backup.yml + +# SFTP key diff --git a/tasks/config_backup.yml b/tasks/config_backup.yml new file mode 100644 index 0000000..da885b2 --- /dev/null +++ b/tasks/config_backup.yml @@ -0,0 +1,26 @@ +- name: Mise à jour de la conf de borgmatic pour le backup d'un nuage + ansible.builtin.lineinfile: + dest: /etc/borgmatic/config.yaml + search_string: "{{ item }}" + insertafter: ".+\/home\/sites\/data\/.+" + line: "{{ item }}" + state: present + backup: true + register: presence_sigle + loop: + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data" + when: SITE == 'nuage' + +- name: Mise à jour de la conf de borgmatic pour le backup d'un site non nuage + ansible.builtin.lineinfile: + dest: /etc/borgmatic/config.yaml + search_string: "{{ item }}" + insertafter: ".+\/home\/sites\/data\/.+" + line: "{{ item }}" + state: present + backup: true + register: presence_sigle + loop: + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + when: SITE != 'nuage' diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index 02ac416..cb833aa 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -45,4 +45,4 @@ ansible.builtin.service: name: nginx state: reloaded - when: SITE != 'nuage' and SITE != 'paheko' and template_site == 'http' + when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion' and template_site == 'http' diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 8f59cf0..8ed1afd 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -1,3 +1,6 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + - name: Install required packages ansible.builtin.apt: name: @@ -27,7 +30,7 @@ # - php-exif - php-redis - php-imagick - - python3-psycopg2 #module ansible psql + - python3-psycopg2 # module ansible psql state: present - name: Boucle d'ajout du user php dans plusieurs groupe @@ -67,7 +70,7 @@ - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- name: "[PostgreSQL] - {{ nextcloud_php_user }} role is created." +- name: PostgreSQL - nextcloud_php_user role is created become_user: postgres become: true community.postgresql.postgresql_user: @@ -75,7 +78,7 @@ state: present role_attr_flags: CREATEDB -- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created." +- name: PostgreSQL - nextcloud_db_name database is created become_user: postgres become: true community.postgresql.postgresql_db: @@ -92,7 +95,7 @@ community.postgresql.postgresql_privs: db: "{{ item.db }}" privs: "{{ item.privs }}" - type: "{{ item.type |default(omit)}}" + type: "{{ item.type |default(omit) }}" objs: "{{ item.objs }}" role: "{{ item.role }}" grant_option: "{{ item.grant_option |default(omit) }}" @@ -111,11 +114,11 @@ community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local - users: "php_{{ SIGLE}}_{{SITE}}" - databases: "php_{{ SIGLE}}_{{SITE}}" + users: "php_{{ SIGLE }}_{{ SITE }}" + databases: "php_{{ SIGLE }}_{{ SITE }}" method: peer keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom" + comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: @@ -161,12 +164,12 @@ state: link follow: false -- name: créer les fichiers spécifiques nextcloud +- name: Créer les fichiers spécifiques nextcloud ansible.builtin.template: src: "templates/{{ item.src }}" dest: "{{ nextcloud_webroot }}/{{ item.dest }}" owner: "{{ item.owner }}" - group: "{{ item.group}}" + group: "{{ item.group }}" mode: "{{ item.mode }}" loop: - src: "nextcloud_cron.j2" @@ -185,128 +188,134 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -# - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module -# become_user: "{{ nextcloud_php_user }}" -# become: true -# ansible.builtin.command: > -# ./console maintenance:install -# --database='pgsql' -# --database-name="php_{{ SIGLE }}_{{ SITE }}" -# --database-user="php_{{ SIGLE }}_{{ SITE }}/data/" -# --database-host="/var/run/postgresql/" -# --admin-user='admin' -# --admin-pass='ckoideja' -# --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/" -# args: -# chdir: "{{ nextcloud_webroot }}" -# register: install_result +- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: > + ./console maintenance:install + --database='pgsql' + --database-name="php_{{ SIGLE }}_{{ SITE }}" + --database-user="php_{{ SIGLE }}_{{ SITE }}/data/" + --database-host="/var/run/postgresql/" + --admin-user='admin' + --admin-pass='ckoideja' + --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/" + args: + chdir: "{{ nextcloud_webroot }}" + register: install_result + ignore_errors: true -# - name: créer les fichiers spécifiques nextcloud -# ansible.builtin.template: -# src: "templates/{{ item.src }}" -# dest: "{{ nextcloud_webroot }}/{{ item.dest }}" -# owner: "{{ item.owner }}" -# group: "{{ item.group}}" -# mode: "{{ item.mode }}" -# loop: -# - src: "nextcloud_sigle_config.j2" -# dest: "config/{{ SIGLE }}.config.php" -# owner: "{{ nextcloud_php_user }}" -# group: "{{ nextcloud_websrv_user }}" -# mode: '640' +- name: Afficher les logs du script d'install + ansible.builtin.debug: + var: install_result + when: install_result is defined -# - name: Creation d'un lien symbolique vers le configuration nextcloud commun -# ansible.builtin.file: -# src: "../../../../nextcloud/common/common.config.php" -# dest: "config/common.config.php" -# owner: nextcloud -# group: nextcloud -# state: link -# follow: false +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_sigle_config.j2" + dest: "config/{{ SIGLE }}.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' -# - name: Create sigle nextcloud config -# become_user: "{{ nextcloud_php_user }}" -# become: true -# ansible.builtin.template: -# src: templates/sigle.config.php.j2 -# dest: "{{ nextcloud_webroot }}/config/sigle.config.php" -# owner: "{{ nextcloud_php_user }}" -# group: "{{ nextcloud_websrv_user }}" -# mode: '640' # or u=rwx,g=r,o= +- name: Creation d'un lien symbolique vers le configuration nextcloud commun + ansible.builtin.file: + src: "../../../../nextcloud/common/common.config.php" + dest: "config/common.config.php" + owner: nextcloud + group: nextcloud + state: link + follow: false -# - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php -# become_user: postgres -# become: true -# community.postgresql.postgresql_privs: -# db: "{{ item.db }}" -# privs: "{{ item.privs }}" -# type: "{{ item.type |default(omit)}}" -# objs: "{{ item.objs }}" -# role: "{{ item.role }}" -# grant_option: "{{ item.grant_option |default(omit) }}" -# loop_control: -# label: "{{ item.name }}" -# loop: -# - db: "{{ nextcloud_db_name }}" -# privs: "USAGE,CREATE" -# type: "schema" -# objs: "public" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_namespace" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_collation" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_index" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_attrdef" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_description" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_settings" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# objs: "pg_database" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" +- name: Create sigle nextcloud config + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.template: + src: templates/sigle.config.php.j2 + dest: "{{ nextcloud_webroot }}/config/sigle.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' # or u=rwx,g=r,o= -# - name: Creation d'un fichier cron pour /etc/cron.d -# ansible.builtin.cron: -# name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan " -# minute: "5" -# user: "php_{{ SIGLE}}_{{SITE}}" -# job: "{{ nextcloud_source }}/cron" +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type |default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "USAGE,CREATE" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_namespace" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_collation" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_index" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_attrdef" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_description" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_settings" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + objs: "pg_database" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" + +- name: Creation d'un fichier cron pour /etc/cron.d + ansible.builtin.cron: + name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + minute: "*/5" + user: "php_{{ SIGLE }}_{{ SITE }}" + job: "{{ nextcloud_webroot }}/cron" -# - name: Recharger plusieurs services -# ansible.builtin.service: -# name: "{{ item }}" -# state: reloaded -# loop: -# - "postgresql" -# - "php{{ php_version }}-fpm" -# - "nginx" +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "postgresql" + - "php{{ php_version }}-fpm" + - "nginx" diff --git a/tasks/config_paheko.yml b/tasks/config_paheko.yml index 904aff5..48f1c96 100644 --- a/tasks/config_paheko.yml +++ b/tasks/config_paheko.yml @@ -1,3 +1,6 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + - name: Install required packages ansible.builtin.apt: name: @@ -7,6 +10,7 @@ - php-cli - php-imagick - php-mbstring + - php-gnupg state: present register: php_install @@ -28,9 +32,9 @@ - name: Bloc paheko_version when: paheko_version is undefined block: - - name: Demande la version de nextcloud à installer + - name: Demande la version de paheko à installer ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisé" + prompt: "Quelle version de paheko doit être utilisé" echo: true register: paheko_version_prompt @@ -72,7 +76,7 @@ dest: "/home/sites/data/paheko/{{ paheko_version }}.tar.gz" mode: '755' # or u=rwx,g=rx,o=rx - - name: Extract downloaded nextcloud source + - name: Extract downloaded paheko source become: true become_user: www-data ansible.builtin.unarchive: @@ -87,10 +91,10 @@ ansible.builtin.copy: src: "/home/sites/data/paheko/paheko-{{ paheko_version }}/" dest: "/home/sites/data/paheko/{{ paheko_version }}" - remote_src: true # because the config file is already in the nextcloud_tmp_path + remote_src: true # because the config file is already on the paheko path mode: preserve - - name: Deleted downloaded nextcloud files + - name: Deleted downloaded paheko files become: true ansible.builtin.file: path: "{{ item }}" @@ -112,8 +116,8 @@ path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" state: directory owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "php_{{ SIGLE }}_{{ SITE }}" - mode: '644' + group: "site_{{ SIGLE }}_{{ SITE }}" + mode: '2750' recurse: true - name: Boucle d'ajout du user php dans plusieurs groupe @@ -136,7 +140,7 @@ # dest: "/usr/share/garradin/www/admin/static/favicon{{ icon | splitext | last }}" # when: favicon is defined -- name: Recharger PHP service +- name: Recharger PHP et nginx ansible.builtin.service: name: "{{ item }}" state: reloaded diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index 02d5908..8b9916b 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -67,19 +67,19 @@ - name: Création de la conf du pool php ansible.builtin.template: src: "templates/php_{{ SITE }}_conf.j2" - dest: "/etc/php/{{ php_version}}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf" + dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= - when: SITE == 'nuage' or SITE == 'paheko' + when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'gestion' - name: ATTENTION la config php n'a pas été créer ansible.builtin.debug: msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement" - when: SITE != 'nuage' and SITE != 'paheko' + when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion' -# - name: recharger PHP service -# ansible.builtin.service: -# name: "php{{ php_version }}-fpm" -# state: reloaded -# when: SITE != 'nuage' or SITE != 'paheko' +- name: recharger PHP service + ansible.builtin.service: + name: "php{{ php_version }}-fpm" + state: reloaded + when: SITE != 'nuage' or SITE != 'paheko' or SITE == 'gestion' diff --git a/templates/nginx_gestion_common.j2 b/templates/nginx_gestion_common.j2 new file mode 100644 index 0000000..03bb00c --- /dev/null +++ b/templates/nginx_gestion_common.j2 @@ -0,0 +1,16 @@ +server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; +root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www; + +location / { + try_files $uri $uri/ /_route.php?$query_string; + index index.php /_route.php; +} + +location ~ \.php { + try_files $uri $uri/ /_route.php?$query_string; + include /etc/nginx/conf.d/fastcgi.conf; + fastcgi_index index.php ; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }}; +} \ No newline at end of file diff --git a/templates/nginx_gestion_server.j2 b/templates/nginx_gestion_server.j2 new file mode 100644 index 0000000..a6b44a0 --- /dev/null +++ b/templates/nginx_gestion_server.j2 @@ -0,0 +1,17 @@ +server { + listen 80; + include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; +{% if ssl_ready is defined and ssl_ready %} + return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; + } +server { + listen 443; + include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; +{% endif %} +} \ No newline at end of file diff --git a/templates/nginx_http_server.j2 b/templates/nginx_http_server.j2 index 85b4a95..4d2277f 100644 --- a/templates/nginx_http_server.j2 +++ b/templates/nginx_http_server.j2 @@ -3,7 +3,7 @@ server { server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; disable_symlinks if_not_owner; - access_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}//access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/; } \ No newline at end of file diff --git a/templates/nginx_nuage_server.j2 b/templates/nginx_nuage_server.j2 index 661950a..7a0dd2f 100644 --- a/templates/nginx_nuage_server.j2 +++ b/templates/nginx_nuage_server.j2 @@ -14,7 +14,6 @@ server { # Enforce HTTPS return 301 https://$server_name$request_uri; - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; } @@ -26,7 +25,7 @@ server { root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud; disable_symlinks if_not_owner; -{% if besoin_https == 'oui' %} +{% if ssl_ready is defined and ssl_ready %} ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; {% endif %} diff --git a/templates/nginx_paheko_common.j2 b/templates/nginx_paheko_common.j2 index 02eb52d..03bb00c 100644 --- a/templates/nginx_paheko_common.j2 +++ b/templates/nginx_paheko_common.j2 @@ -1,5 +1,5 @@ server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; -root /home/www/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www; +root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www; location / { try_files $uri $uri/ /_route.php?$query_string; @@ -12,6 +12,5 @@ location ~ \.php { fastcgi_index index.php ; fastcgi_param REDIRECT_STATUS 200; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }}; } \ No newline at end of file diff --git a/templates/nginx_paheko_server.j2 b/templates/nginx_paheko_server.j2 index 9f9953a..a6b44a0 100644 --- a/templates/nginx_paheko_server.j2 +++ b/templates/nginx_paheko_server.j2 @@ -1,17 +1,17 @@ server { listen 80; include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; - access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; +{% if ssl_ready is defined and ssl_ready %} return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443; include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; -{% if besoin_https == 'oui' %} - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; -{% endif %} + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; -} +{% endif %} +} \ No newline at end of file diff --git a/templates/nginx_www_common.j2 b/templates/nginx_www_common.j2 index d52083b..829056c 100644 --- a/templates/nginx_www_common.j2 +++ b/templates/nginx_www_common.j2 @@ -1,7 +1,7 @@ server_name {{ DOMAIN }}.{{ TLD }} www.{{ DOMAIN }}.{{ TLD }}; -root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; +root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; index index.html; client_body_buffer_size 8k; diff --git a/templates/nginx_www_server.j2 b/templates/nginx_www_server.j2 index 924c738..68b7502 100644 --- a/templates/nginx_www_server.j2 +++ b/templates/nginx_www_server.j2 @@ -3,15 +3,15 @@ server { server_name {{ DOMAIN }}.{{ TLD }}; access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; +{% if ssl_ready is defined and ssl_ready %} return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443 ssl; include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; -{% if besoin_https == 'oui' %} - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; -{% endif %} + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; +{% endif %} } \ No newline at end of file diff --git a/templates/php_gestion_conf.j2 b/templates/php_gestion_conf.j2 new file mode 100644 index 0000000..5abb624 --- /dev/null +++ b/templates/php_gestion_conf.j2 @@ -0,0 +1,15 @@ +[{{ TLD}}/{{ DOMAIN}}/{{ SITE}}] +user = php_{{ SIGLE }}_{{ SITE }} +group = php_{{ SIGLE }}_{{ SITE }} + +listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }} + +listen.group = www-data + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +access.log = /home/sites/log/php/fpm/{{ TLD}}/{{ DOMAIN}}/{{ SITE}}/access.log \ No newline at end of file diff --git a/test.yml b/test.yml index 29a4802..3d0d04f 100644 --- a/test.yml +++ b/test.yml @@ -1,13 +1,16 @@ - hosts: ligatures vars: - domain: chatperche - ancienne_version: 27.1.0 - nouvelle_version: 27.1.4 - + # domain: chatperche + # ancienne_version: 27.1.0 + # nouvelle_version: 27.1.4 + TLD: 'org' + DOMAIN: 'heureux-cyclage' + SITE: 'gestion' + become: true tasks: # - name: Synchronisation des fichiers nextcloud présent sur ateliers dans la vm de migration nextcloud - # ansible.builtin.command: "rsync --delay-updates -F --compress --archive --partial rominique@ateliers.heureux-cyclage.org:{{ item }} /opt/nuage/backups/{{ domain }}/" + # ansible.builtin.command: "rsync --delay-updates -F --compress --archive --partial rominique@ateliers.heureux-cyclage.org:{{ item }} /opt/nuage/backups/{{ DOMAIN }}/" # delegate_to: vm_debian11 # loop: # - "{{ nextcloud_webroot }}/config/config.php" @@ -17,11 +20,5 @@ # ansible.builtin.debug: # var: my_output - - name: Download nextcloud source - become: true - become_user: nextcloud - ansible.builtin.get_url: - url: "{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2" - dest: "{{ nextcloud_sources_files_path }}/" - mode: '755' # or u=rwx,g=rx,o=rx - checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5" + - name: Inclure le configuration du backup + ansible.builtin.include_tasks: tasks/config_backup.yml \ No newline at end of file