From 082b4f8812ccc9e47addc2c4f62d477c56fbce43 Mon Sep 17 00:00:00 2001
From: rominique <romain.legoff@heureux-cyclage.org>
Date: Thu, 2 May 2024 19:28:48 +0200
Subject: [PATCH] ajout support SITE WP

---
 tasks/config_WP.yml          |  49 +++---
 tasks/config_mariadb.yml     | 330 ++---------------------------------
 templates/nginx_WP_server.j2 |  43 +++++
 templates/php_WP_conf.j2     |  15 ++
 templates/wp-config.php.j2   |  78 +++++++++
 5 files changed, 169 insertions(+), 346 deletions(-)
 create mode 100644 templates/nginx_WP_server.j2
 create mode 100644 templates/php_WP_conf.j2
 create mode 100644 templates/wp-config.php.j2

diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml
index cee9b66..c328bc0 100644
--- a/tasks/config_WP.yml
+++ b/tasks/config_WP.yml
@@ -1,33 +1,26 @@
-- name: Etckeeper commit if necessary
-  ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
 
-- name: Install required packages
-  ansible.builtin.apt:
-    name:
-      - ghostscript
-      - php
-      - php-mysqli
-      - php-curl
-#      - php-dom
-      - php-exif
-      - php-igbinary
-      - php-mbstring
-      - imagemagick
-      - php-imagick
-      - php-intl
-      - php-openssl
-      - libxml
-      - php-xml
-      - libzip
-      - php-zip
-      - php-redis
-    state: present
-  register: php_install
-
-- name: Enable PHP modules
-  ansible.builtin.command: phpenmod imagick intl
-  when: php_install.changed
+- name: Create new app common folder from old version one
+  become_user: "site_{{ SIGLE }}_{{ SITE }}"
+  become: true
+  ansible.builtin.copy:
+    src: "/home/sites/data/wordpress"
+    dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/"
+    remote_src: true # because the copy is from remote host to remote host
+    mode: '754' # or 'u=rwx,g=rx,o=r'
 
+- name: Créer les fichiers spécifiques wp
+  ansible.builtin.template:
+    src: "templates/{{ item.src }}"
+    dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/{{ item.dest }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - src: "wp-config.php.j2"
+      dest: "wp-config.php"
+      owner: "php_{{ SIGLE }}_{{ SITE }}"
+      group: "site_{{ SIGLE }}_{{ SITE }}"
+      mode: '640'
 
 - name: Recharger PHP et nginx
   ansible.builtin.service:
diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml
index 06652ce..3816d0c 100644
--- a/tasks/config_mariadb.yml
+++ b/tasks/config_mariadb.yml
@@ -1,328 +1,22 @@
-- name: Etckeeper commit if necessary
-  ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
-  ignore_errors: true
-
-- name: Install required packages
-  ansible.builtin.apt:
-    name:
-#      - php-ctype
-      - php-curl
-#      - php-dom
-#      - php-fileinfo
-      - php-gd
-      - php-json
-      - "php{{ php_version }}-xml"
-      - php-mbstring
-#      - php-openssl
-#      - php-posix
-#      - php-session
-#      - php-simplexml
-#      - php-xmlreader
-#      - php-xmlwriter
-      - php-zip
-#      - php-zlib
-#      - php-pdo_pgsql
-      - "php{{ php_version }}-pgsql"
-      - php-pgsql
-      - php-intl
-      - php-bz2
-#      - php-sodium
-      - php-gmp
-#      - php-exif
-      - php-redis
-      - php-imagick
-      - python3-psycopg2 # module ansible psql
-    state: present
-
 - name: Boucle d'ajout du user php dans plusieurs groupe
   ansible.builtin.user:
     name: "php_{{ SIGLE }}_{{ SITE }}"
     groups: "{{ item }}"
     append: true
   loop:
-    - nextcloud
-    - postgres-data
-    - redis
+    - mysql
     - "site_{{ SIGLE }}_{{ SITE }}"
 
-- name: Bloc nouvelle version nextcloud
-  when: nouvelle_version is undefined
-  block:
-    - name: Demande la version de nextcloud à installer
-      ansible.builtin.pause:
-        prompt: "Quelle version de nextcloud doit être utilisée"
-        echo: true
-      register: nextcloud_version_prompt
-
-    - name: Definir nouvelle_version
-      ansible.builtin.set_fact:
-        nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
-
-- name: Bloc ancienne version nextcloud
-  when: ancienne_version is undefined
-  block:
-    - name: Demande la version de nextcloud déjà installée
-      ansible.builtin.pause:
-        prompt: "Quelle version de nextcloud déjà installée"
-        echo: true
-      register: ancienne_version_prompt
-
-    - name: Definir ancienne_version
-      ansible.builtin.set_fact:
-        ancienne_version: "{{ ancienne_version_prompt.user_input }}"
-
-- name: Inclure la verif de l'install nextcloud
-  ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
-
-- name: PostgreSQL - nextcloud_php_user role is created
-  become_user: postgres
-  become: true
-  community.postgresql.postgresql_user:
-    name: "{{ nextcloud_php_user }}"
+- name: Création de la nouvelle bdd Mariadb
+  community.mysql.mysql_db:
+    name: "php_{{ SIGLE }}_{{ SITE }}"
     state: present
-    role_attr_flags: CREATEDB
-
-- name: PostgreSQL -  nextcloud_db_name  database is created
-  become_user: postgres
-  become: true
-  community.postgresql.postgresql_db:
-    name: "{{ nextcloud_db_name }}"
-    state: "{{ item }}"
-    owner: "{{ nextcloud_php_user }}"
-  loop:
-    - absent
-    - present
-
-- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
-  become_user: postgres
-  become: true
-  community.postgresql.postgresql_privs:
-    db: "{{ item.db }}"
-    privs: "{{ item.privs }}"
-    type: "{{ item.type |default(omit) }}"
-    objs: "{{ item.objs }}"
-    role: "{{ item.role }}"
-    grant_option: "{{ item.grant_option |default(omit) }}"
-  loop_control:
-    label: "{{ item.name }}"
-  loop:
-    - db: "{{ nextcloud_db_name }}"
-      privs: "ALL"
-      type: "schema"
-      objs: "public"
-      role: "{{ nextcloud_php_user }}"
-      grant_option: true
-      name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
-
-- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
-  community.postgresql.postgresql_pg_hba:
-    dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
-    contype: local
-    users: "php_{{ SIGLE }}_{{ SITE }}"
-    databases: "php_{{ SIGLE }}_{{ SITE }}"
-    method: peer
-    keep_comments_at_rules: true
-    comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
-
-- name: Boucle création des répertoires app, config et data nextcloud
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    state: "{{ item.state }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  loop_control:
-    label: "{{ item.path }}"
-  loop:
-    - path: "{{ nextcloud_webroot }}/apps"
-      state: directory
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '2750'
-    - path: "{{ nextcloud_webroot }}/config"
-      state: directory
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '2750'
-    - path: "{{ nextcloud_webroot }}/data"
-      state: directory
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '2750'
-
-- name: Create nextcloud root dir symbolic link
-  ansible.builtin.file:
-    src: "{{ nextcloud_symbolic_source }}"
-    dest: "{{ nextcloud_webroot }}/nextcloud"
-    owner: nextcloud
-    group: nextcloud
-    state: link
-    follow: false
+    login_unix_socket: /run/mysqld/mysqld.sock
+    encoding: utf8mb4  # pour WP
 
-- name: Create nextcloud common app dir symbolic link
-  ansible.builtin.file:
-    src: "{{ nextcloud_symbolic_common }}"
-    dest: "{{ nextcloud_webroot }}/common"
-    owner: nextcloud
-    group: nextcloud
-    state: link
-    follow: false
-
-- name: Créer les fichiers spécifiques nextcloud
-  ansible.builtin.template:
-    src: "templates/{{ item.src }}"
-    dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  loop:
-    - src: "nextcloud_cron.j2"
-      dest: "cron"
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '750'
-    - src: "nextcloud_console.j2"
-      dest: "console"
-      owner: "{{ nextcloud_websrv_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '750'
-    - src: "nextcloud_install_config.j2"
-      dest: "config/config.php"
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '640'
-
-- name: Recharger plusieurs services
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: reloaded
-  loop:
-    - "postgresql"
-    - "php{{ php_version }}-fpm"
-
-- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
-  become_user: "{{ nextcloud_php_user }}"
-  become: true
-  ansible.builtin.command: >
-          ./console maintenance:install
-          --database='pgsql'
-          --database-name="php_{{ SIGLE }}_{{ SITE }}"
-          --database-user="php_{{ SIGLE }}_{{ SITE }}"
-          --database-host="/var/run/postgresql/"
-          --database-pass=""
-          --admin-user='admin'
-          --admin-pass='ckoideja'
-          --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
-  args:
-    chdir: "{{ nextcloud_webroot }}"
-  register: install_result
-  ignore_errors: true
-
-- name: Afficher les logs du script d'install
-  ansible.builtin.debug:
-    var: install_result
-  when: install_result is defined
-
-- name: Afficher les logs du script d'install
-  ansible.builtin.fail:
-    msg: "Le script d'install a échoué: Voir les logs ci-dessus"
-  when: install_result.failed
-
-- name: Créer les fichiers spécifiques nextcloud
-  ansible.builtin.template:
-    src: "templates/{{ item.src }}"
-    dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
-    owner: "{{ item.owner }}"
-    group: "{{ item.group }}"
-    mode: "{{ item.mode }}"
-  loop:
-    - src: "nextcloud_sigle_config.j2"
-      dest: "config/{{ SIGLE }}.config.php"
-      owner: "{{ nextcloud_php_user }}"
-      group: "{{ nextcloud_websrv_user }}"
-      mode: '640'
-
-- name: Creation d'un lien symbolique vers le configuration nextcloud commun
-  ansible.builtin.file:
-    src: "../../../../nextcloud/common.config.php"
-    path: "{{ nextcloud_webroot }}/config/common.config.php"
-    owner: nextcloud
-    group: nextcloud
-    state: link
-    follow: false
-
-- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
-  become_user: postgres
-  become: true
-  community.postgresql.postgresql_privs:
-    db: "{{ item.db }}"
-    privs: "{{ item.privs }}"
-    type: "{{ item.type | default(omit) }}"
-    objs: "{{ item.objs }}"
-    role: "{{ item.role }}"
-    grant_option: "{{ item.grant_option | default(omit) }}"
-  loop_control:
-    label: "{{ item.name }}"
-  loop:
-    - db: "{{ nextcloud_db_name }}"
-      privs: "USAGE,CREATE"
-      type: "schema"
-      objs: "public"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_namespace"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_collation"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_index"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_attrdef"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_description"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   type: "table"
-    #   objs: "pg_settings"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
-    # - db: "{{ nextcloud_db_name }}"
-    #   privs: "SELECT"
-    #   objs: "pg_database"
-    #   role: "{{ nextcloud_php_user }}"
-    #   name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
-
-- name: Creation d'un fichier cron pour /etc/cron.d
-  ansible.builtin.cron:
-    name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
-    minute: "*/5"
-    user: "php_{{ SIGLE }}_{{ SITE }}"
-    job: "{{ nextcloud_webroot }}/cron"
-
-- name: Recharger plusieurs services
-  ansible.builtin.service:
-    name: "{{ item }}"
-    state: reloaded
-  loop:
-    - "php{{ php_version }}-fpm"
-    - "nginx"
+- name: Créer le user mysql
+  mysql_user:
+    name: "php_{{ SIGLE }}_{{ SITE }}"
+    priv: "php_{{ SIGLE }}_{{ SITE }}.*:ALL"
+    state: present
+    login_unix_socket: /run/mysqld/mysqld.sock
\ No newline at end of file
diff --git a/templates/nginx_WP_server.j2 b/templates/nginx_WP_server.j2
new file mode 100644
index 0000000..a501e6d
--- /dev/null
+++ b/templates/nginx_WP_server.j2
@@ -0,0 +1,43 @@
+server {
+	listen 80;
+	server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
+	root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+	access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+	error_log  /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% if ssl_ready is defined and ssl_ready %}
+    return 301 https://$server_name$request_uri;
+ }
+server {
+	listen 443;
+    ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+    access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+    error_log  /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+{% endif %}
+	server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }};
+	root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+	index  index.php index.html index.htm;
+    client_max_body_size 500M;
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+        expires max;
+        log_not_found off;
+    }
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+    location ~ \.php$ {
+         include snippets/fastcgi-php.conf;
+         fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+         include fastcgi_params;
+    }
+}
\ No newline at end of file
diff --git a/templates/php_WP_conf.j2 b/templates/php_WP_conf.j2
new file mode 100644
index 0000000..0e127bc
--- /dev/null
+++ b/templates/php_WP_conf.j2
@@ -0,0 +1,15 @@
+[{{ TLD}}/{{ DOMAIN}}/{{ SITE}}]
+user = php_{{ SIGLE }}_{{ SITE }}
+group = php_{{ SIGLE }}_{{ SITE }}
+
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+
+listen.group = www-data
+
+pm = ondemand
+pm.max_children = 10
+pm.max_children = 10
+pm.process_idle_timeout = 60s
+pm.max_requests = 500
+
+access.log = /home/sites/log/php/fpm/{{ TLD}}/{{ DOMAIN}}/{{ SITE}}/access.log
\ No newline at end of file
diff --git a/templates/wp-config.php.j2 b/templates/wp-config.php.j2
new file mode 100644
index 0000000..c541557
--- /dev/null
+++ b/templates/wp-config.php.j2
@@ -0,0 +1,78 @@
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the
+ * installation. You don't have to use the web site, you can
+ * copy this file to "wp-config.php" and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * MySQL settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * @link https://codex.wordpress.org/Editing_wp-config.php
+ *
+ * @package WordPress
+ */
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define('WP_CACHE', true);
+define('WPCACHEHOME', '/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/wp-content/plugins/wp-super-cache/' );
+define('DB_NAME', 'php_{{ SIGLE }}_{{ SITE }}');
+
+/** MySQL database username */
+define('DB_USER', 'php_{{ SIGLE }}_{{ SITE }}');
+
+/** MySQL database password */
+define('DB_PASSWORD', '');
+
+/** MySQL hostname */
+define('DB_HOST', 'localhost:/run/mysqld/mysqld.sock');
+
+/** Database Charset to use in creating database tables. */
+define('DB_CHARSET', 'utf8mb4');
+
+/** The Database Collate type. Don't change this if in doubt. */
+define('DB_COLLATE', '');
+
+/**#@-*/
+
+/**
+ * WordPress Database Table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix  = 'wp_';
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the Codex.
+ *
+ * @link https://codex.wordpress.org/Debugging_in_WordPress
+ */
+define('WP_DEBUG', false);
+
+/* That's all, stop editing! Happy blogging. */
+
+/** Absolute path to the WordPress directory. */
+if ( !defined('ABSPATH') )
+	define('ABSPATH', dirname(__FILE__) . '/');
+
+/** Sets up WordPress vars and included files. */
+require_once(ABSPATH . 'wp-settings.php');
+
+define('FS_METHOD', 'direct');
+
+/* Personnalisations hébergement LHC */
+define( 'WP_AUTO_UPDATE_CORE', true);
-- 
2.20.1