bedah/ansible
1
0
Fork 0
forked from infra/ansible
Code Issues Pull Requests Releases Wiki Activity
933e25ca6a
ansible/roles/web/tasks/main.yml
Markus Hauschild d8e1e6edf4 web: split php pools into www and spaceapi 
prevent deadloks from crawlers that open lots of wiki pages which in
turn query the spaceapi
discovery and fix by voidptr
2024-05-17 22:32:51 +02:00

68 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Install dependencies
apt:
name:
- php-fpm
- php-ldap
- php-sqlite3
- php-xml
- python3-passlib
- name: Create vhost directories
file: path=/var/www/{{ item }} state=directory owner=www-data group=www-data
with_items:
- autoconfig
- autoconfig/mail
- ccc-r
- makerspace-regensburg
- kitchen
- name: Ensure (BK) certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.binary-kitchen.de.key -out /etc/nginx/ssl/www.binary-kitchen.de.crt -days 730 -subj "/CN=www.binary-kitchen.de" creates=/etc/nginx/ssl/www.binary-kitchen.de.crt
notify: Restart nginx
- name: Ensure (BK autodiscover) certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/autoconfig.binary-kitchen.de.key -out /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt -days 730 -subj "/CN=autoconfig.binary-kitchen.de" creates=/etc/nginx/ssl/autoconfig.binary-kitchen.de.crt
notify: Restart nginx
- name: Ensure (CCC-R) certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt
notify: Restart nginx
- name: Ensure (MS-R) certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.makerspace-regensburg.de.key -out /etc/nginx/ssl/www.makerspace-regensburg.de.crt -days 730 -subj "/CN=www.makerspace-regensburg.de" creates=/etc/nginx/ssl/www.makerspace-regensburg.de.crt
notify: Restart nginx
- name: Place Thunderbird autoconfig file
template: src=auto_mail.xml.j2 dest=/var/www/autoconfig/mail/config-v1.1.xml
- name: Configure php-fpm
copy: src={{ item }} dest=/etc/php/8.2/fpm/pool.d/
notify: Restart php8.2-fpm
with_fileglob: "php/8.2/fpm/pool.d/*.conf"
- name: Configure htaccess for fpm status
htpasswd:
path: /etc/nginx/fpm_status.htaccess
name: "{{ fpm_status_user}}"
password: "{{ fpm_status_pass }}"
owner: root
group: www-data
mode: 0640
- name: Configure certificate manager
copy: src=certs dest=/etc/acertmgr/www.binary-kitchen.de.conf
notify: Run acertmgr
- name: Configure vhosts
copy: src=vhost dest=/etc/nginx/sites-available/www
notify: Restart nginx
- name: Enable vhosts
file: src=/etc/nginx/sites-available/www dest=/etc/nginx/sites-enabled/www state=link
notify: Restart nginx
- name: Start php8.2-fpm
service: name=php8.2-fpm state=started enabled=yes
Reference in New Issue View Git Blame Copy Permalink