Compare commits
2 Commits
a44b410265
...
4d1d486512
| Author | SHA1 | Date | |
|---|---|---|---|
| 4d1d486512 | |||
| 977a12730f |
@@ -16,7 +16,7 @@
|
||||
state: directory
|
||||
owner: "{{ webserver_user }}"
|
||||
group: "{{ webserver_group }}"
|
||||
mode: 0775
|
||||
mode: 0770
|
||||
force: false
|
||||
|
||||
- name: Download nextcloud latest from nextcloud.com
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
---
|
||||
# ensure rclone.conf is present (meta role dependencies)
|
||||
|
||||
- name: Create rclone mount dir
|
||||
- name: Create Rclone mount directory
|
||||
file:
|
||||
path: "{{ nextcloud_rclone_mount_dir }}"
|
||||
mode: 0755
|
||||
mode: 0770
|
||||
state: directory
|
||||
|
||||
# Touch rclone log file to set permissions
|
||||
@@ -12,7 +12,7 @@
|
||||
file:
|
||||
path: "{{ rclone_log_dir }}/mount_nextcloud.log"
|
||||
state: touch
|
||||
mode: 0644
|
||||
mode: 0640
|
||||
access_time: preserve
|
||||
modification_time: preserve
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
template:
|
||||
src: rclone_mount_nextcloud.service.j2
|
||||
dest: /etc/systemd/system/rclone_mount_nextcloud.service
|
||||
mode: 0644
|
||||
mode: 0640
|
||||
notify: restart rclone_mount_nextcloud
|
||||
|
||||
- name: "Add {{ webserver_user }} user to rclone group"
|
||||
|
||||
@@ -11,12 +11,13 @@ Type=notify
|
||||
ExecStart=/usr/bin/rclone mount DTSV_crypt:cloud_data {{ nextcloud_rclone_mount_dir }} \
|
||||
--devname rclone \
|
||||
--use-mmap \
|
||||
--default-permissions \
|
||||
--allow-other \
|
||||
--uid {{ created_rclone_user.uid }} \
|
||||
--gid {{ created_rclone_group.gid }} \
|
||||
--umask 002 \
|
||||
--dir-perms 775 \
|
||||
--file-perms 664 \
|
||||
--umask 0007 \
|
||||
--dir-perms 0770 \
|
||||
--file-perms 0660 \
|
||||
--dir-cache-time 8760h \
|
||||
--poll-interval 1h \
|
||||
--buffer-size 64M \
|
||||
|
||||
@@ -69,7 +69,7 @@
|
||||
- name: Create rclone cache/log directory
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
mode: 0755
|
||||
mode: 0750
|
||||
state: directory
|
||||
loop:
|
||||
- "{{ rclone_cache_dir }}"
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
file:
|
||||
path: "{{ hcloud_webserver_volume_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
force: false
|
||||
|
||||
- name: Mount hcloud volume
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
## Managed by Ansible ##
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name dev.{{ webserver_domain }} www.dev.{{ webserver_domain }};
|
||||
# enforce https
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
# Enable HTTP/2
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name dev.{{ webserver_domain }} www.dev.{{ webserver_domain }};
|
||||
include global/cert.conf;
|
||||
include global/header.conf;
|
||||
|
||||
# Path to the root of your installation
|
||||
root {{ wordpress_dir }};
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
index index.php index.html index.htm;
|
||||
|
||||
client_max_body_size 500M;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
|
||||
expires max;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass php-handler;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
||||
2
roles/wordpress/files/public_keys.pub
Normal file
2
roles/wordpress/files/public_keys.pub
Normal file
@@ -0,0 +1,2 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5M3pWvjwFjDOsrAwnJsysE23SuWW+wQRHUgBWInzX oli@VSC
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTPOurRC0RiGe7+hgWyZzD/kNIEB+XuztHxKkC/xRe6 wordpress@NOVA
|
||||
@@ -1,27 +1,45 @@
|
||||
---
|
||||
- name: Create wordpress group
|
||||
group:
|
||||
name: "{{ wordpress_group }}"
|
||||
state: present
|
||||
system: true
|
||||
when: wordpress_group != "root"
|
||||
|
||||
- name: Create wordpress user
|
||||
user:
|
||||
name: "{{ wordpress_user }}"
|
||||
group: "{{ wordpress_group }}"
|
||||
groups: "{{ wordpress_group }}"
|
||||
append: true
|
||||
shell: /bin/bash
|
||||
create_home: true
|
||||
|
||||
- name: Set authorized keys for wordpress user
|
||||
authorized_key:
|
||||
user: "{{ wordpress_user }}"
|
||||
key: "{{ lookup('file', 'public_keys.pub') }}"
|
||||
state: present
|
||||
exclusive: false # removing all the authorized keys already set
|
||||
|
||||
- name: Add {{ webserver_user }} user to {{ wordpress_group }} group
|
||||
user:
|
||||
name: "{{ webserver_user }}"
|
||||
groups: "{{ wordpress_group }}"
|
||||
append: true
|
||||
|
||||
- name: Create wordpress directory
|
||||
file:
|
||||
path: "{{ wordpress_dir }}"
|
||||
state: directory
|
||||
owner: "{{ webserver_user }}"
|
||||
group: "{{ webserver_group }}"
|
||||
group: "{{ wordpress_group }}"
|
||||
mode: 0755
|
||||
|
||||
- name: unpack latest wordpress version
|
||||
unarchive:
|
||||
remote_src: true
|
||||
src: "https://wordpress.org/latest.tar.gz"
|
||||
dest: "{{ wordpress_dir }}"
|
||||
owner: "{{ webserver_user }}"
|
||||
group: "{{ webserver_group }}"
|
||||
creates: "{{ wordpress_dir }}/wp-config-sample.php"
|
||||
extra_opts:
|
||||
- --strip-components=1
|
||||
|
||||
- name: Copy configuration file
|
||||
template:
|
||||
src: wp-config.php.j2
|
||||
dest: "{{ wordpress_dir }}/wp-config.php"
|
||||
owner: "{{ webserver_user }}"
|
||||
group: "{{ webserver_group }}"
|
||||
mode: 0600
|
||||
group: "{{ wordpress_group }}"
|
||||
mode: 0640
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
---
|
||||
wordpress_group: wordpress
|
||||
wordpress_user: "{{ wordpress_group }}"
|
||||
wordpress_dir: "/var/www/wordpress"
|
||||
|
||||
# database
|
||||
|
||||
Reference in New Issue
Block a user