DTSV/Ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add wordpress SSH user for uploads

Browse Source
This commit is contained in:
Oli
2023-02-05 00:02:42 +00:00
parent 977a12730f
commit 4d1d486512
5 changed files with 37 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/nextcloud/tasks/nextcloud.yml
View File

@@ -16,7 +16,7 @@
state: directory state: directory
owner: "{{ webserver_user }}" owner: "{{ webserver_user }}"
group: "{{ webserver_group }}" group: "{{ webserver_group }}"
mode: 0775 mode: 0770
force: false force: false
- name: Download nextcloud latest from nextcloud.com - name: Download nextcloud latest from nextcloud.com

53
roles/webserver/templates/conf.d/wordpress.conf.j2
View File

@@ -1,53 +0,0 @@
## Managed by Ansible ##
server {
listen 80;
listen [::]:80;
server_name dev.{{ webserver_domain }} www.dev.{{ webserver_domain }};
# enforce https
return 301 https://$server_name$request_uri;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dev.{{ webserver_domain }} www.dev.{{ webserver_domain }};
include global/cert.conf;
include global/header.conf;
# Path to the root of your installation
root {{ wordpress_dir }};
add_header Strict-Transport-Security "max-age=63072000" always;
index index.php index.html index.htm;
client_max_body_size 500M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ \.php$ {
fastcgi_pass php-handler;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

2
roles/wordpress/files/public_keys.pub Normal file
View File

@@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5M3pWvjwFjDOsrAwnJsysE23SuWW+wQRHUgBWInzX oli@VSC
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTPOurRC0RiGe7+hgWyZzD/kNIEB+XuztHxKkC/xRe6 wordpress@NOVA

46
roles/wordpress/tasks/main.yml
View File

@@ -1,27 +1,45 @@
--- ---
- name: Create wordpress group
group:
name: "{{ wordpress_group }}"
state: present
system: true
when: wordpress_group != "root"
- name: Create wordpress user
user:
name: "{{ wordpress_user }}"
group: "{{ wordpress_group }}"
groups: "{{ wordpress_group }}"
append: true
shell: /bin/bash
create_home: true
- name: Set authorized keys for wordpress user
authorized_key:
user: "{{ wordpress_user }}"
key: "{{ lookup('file', 'public_keys.pub') }}"
state: present
exclusive: false # removing all the authorized keys already set
- name: Add {{ webserver_user }} user to {{ wordpress_group }} group
user:
name: "{{ webserver_user }}"
groups: "{{ wordpress_group }}"
append: true
- name: Create wordpress directory - name: Create wordpress directory
file: file:
path: "{{ wordpress_dir }}" path: "{{ wordpress_dir }}"
state: directory state: directory
owner: "{{ webserver_user }}" owner: "{{ webserver_user }}"
group: "{{ webserver_group }}" group: "{{ wordpress_group }}"
mode: 0755 mode: 0755
- name: unpack latest wordpress version
unarchive:
remote_src: true
src: "https://wordpress.org/latest.tar.gz"
dest: "{{ wordpress_dir }}"
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
creates: "{{ wordpress_dir }}/wp-config-sample.php"
extra_opts:
- --strip-components=1
- name: Copy configuration file - name: Copy configuration file
template: template:
src: wp-config.php.j2 src: wp-config.php.j2
dest: "{{ wordpress_dir }}/wp-config.php" dest: "{{ wordpress_dir }}/wp-config.php"
owner: "{{ webserver_user }}" owner: "{{ webserver_user }}"
group: "{{ webserver_group }}" group: "{{ wordpress_group }}"
mode: 0600 mode: 0640

2
roles/wordpress/vars/main.yml
View File

@@ -1,4 +1,6 @@
--- ---
wordpress_group: wordpress
wordpress_user: "{{ wordpress_group }}"
wordpress_dir: "/var/www/wordpress" wordpress_dir: "/var/www/wordpress"
# database # database