-
Notifications
You must be signed in to change notification settings - Fork 1
/
main-playbook.yml
129 lines (118 loc) · 5.6 KB
/
main-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
- hosts: vps
become: yes
roles:
- { role: common, tags: common }
- { role: users, tags: users }
- { role: backupninja, tags: [backup, backupninja] }
- { role: rsyncnet, tags: [backup, rsyncnet] }
- { role: firewall-common, tags: firewall }
- hosts: lamp
become: yes
roles:
- { role: contrib/geerlingguy.apache, tags: [apache, deploy-site] }
- { role: cv, tags: cv }
- { role: contrib/geerlingguy.mysql, tags: mysql }
- { role: mysql-additional, tags: [mysql, mysql-additional] }
- { role: contrib/geerlingguy.php-versions , tags: [php, php-versions] }
- { role: contrib/geerlingguy.php , tags: php }
- { role: contrib/geerlingguy.apache-php-fpm , tags: php }
- { role: php-additional , tags: php }
- { role: apache-additional , tags: [apache, apache-additional] }
- { role: contrib/geerlingguy.composer, tags: composer}
- { role: drush, tags: drush}
- { role: wp-cli, tags: wp-cli}
- { role: contrib/geerlingguy.security, tags: security }
- { role: incoming-smtp, tags: postfix } # Must run before geerlingguy.postifx
- { role: contrib/geerlingguy.postfix, tags: postfix }
- { role: fail2ban, tags: fail2ban}
- { role: modsecurity, tags: modsecurity}
- { role: mysql-firewall, tags: mysql-firewall}
- { role: contrib/geerlingguy.docker, tags: docker}
- { role: contrib/geerlingguy.pip, tags: [docker, pip] }
- { role: promtail-docker, tags: promtail}
- hosts: training
become: yes
roles:
- { role: contrib/geerlingguy.apache, tags: [apache, deploy-site] }
- { role: cv, tags: cv }
- { role: contrib/geerlingguy.mysql, tags: mysql }
- { role: mysql-additional, tags: [mysql, mysql-additional] }
- { role: contrib/geerlingguy.php-versions , tags: [php, php-versions] }
- { role: contrib/geerlingguy.php , tags: php }
- { role: contrib/geerlingguy.apache-php-fpm , tags: php }
- { role: php-additional , tags: php }
- { role: apache-additional , tags: [apache, apache-additional] }
- { role: contrib/geerlingguy.composer, tags: composer}
- { role: drush, tags: drush}
- { role: wp-cli, tags: wp-cli}
- { role: contrib/geerlingguy.security, tags: security }
- { role: incoming-smtp, tags: postfix } # Must run before geerlingguy.postifx
- { role: contrib/geerlingguy.postfix, tags: postfix }
- { role: fail2ban, tags: fail2ban}
- { role: php-xdebug, tags: [xdebug, php-xdebug]}
- { role: civix, tags: civix }
- { role: civicrm-buildkit, tags: civicrm-buildkit }
- hosts: websites
become: "{{ 'no' if run_as_user == ansible_user else ('no' if 'mayfirst_ng_site' in group_names else 'yes') }}"
roles:
- { role: site-dns, tags: [site-dns] }
- { role: site-user-php-apache, tags: [site-upa], when: run_as_user != ansible_user and 'mayfirst_ng_site' not in group_names }
- { role: site-mysql, tags: [site-mysql], when: run_as_user != ansible_user and 'mayfirst_ng_site' not in group_names }
- { role: nosudo-backup, tags: [backup, nosudo-backup], when: run_as_user == ansible_user or 'mayfirst_ng_site' in group_names }
- { role: rsyncnet, tags: [backup, rsyncnet], when: run_as_user == ansible_user or 'mayfirst_ng_site' in group_names }
- { role: site-gitea, tags: [site-gitea] }
- { role: deploy-site, tags: [site-main] }
- { role: site-db-sync-initial, tags: [site-db-sync-initial] }
- { role: site-permissions, tags: [site-permissions]}
- { role: site-postinstall-config, tags: [site-postinstall-config] }
- { role: site-standard-extensions, tags: [site-standard-extensions]}
- { role: site-wp-monitor, tags: [site-wp-monitor] }
- { role: site-drupal-monitor, tags: [site-drupal-monitor] }
- { role: site-cron, tags: [site-cron], when: run_as_user != ansible_user and 'mayfirst_ng_site' not in group_names }
- { role: site-robots-txt, tags: [site-robots-txt] }
# - { role: monitoring, tags: monitoring }
- hosts: vps
become: "{{ 'no' if run_as_user|default('', True) == ansible_user else 'yes' }}"
roles:
# Run after deploy-site now that it monitors sites
- { role: icinga2-satellite, tags: [icinga2, icinga2-satellite] }
- { role: icinga2-primary, tags: [icinga2, icinga2-primary] }
- hosts: localhosts
become: yes
roles:
- common
- { role: contrib/geerlingguy.apache, tags: apache }
- { role: contrib/geerlingguy.mysql, tags: mysql }
- { role: mysql-additional, tags: [mysql, mysql-additional] }
- { role: contrib/geerlingguy.php-versions , tags: [php, php-versions] }
- { role: contrib/geerlingguy.php , tags: php }
- { role: contrib/geerlingguy.apache-php-fpm , tags: php }
- { role: php-additional , tags: php }
- { role: apache-additional , tags: [apache, apache-additional] }
- { role: contrib/geerlingguy.composer, tags: composer}
- { role: drush, tags: drush}
- { role: wp-cli, tags: wp-cli}
- { role: cv, tags: cv }
- { role: contrib/geerlingguy.mailhog, tags: mailhog }
- { role: contrib/geerlingguy.postfix, tags: postfix }
- { role: mailhog-postfix, tags: mailhog-postfix }
- { role: backupninja, tags: [backup, backupninja] }
- { role: rsyncnet, tags: [backup, rsyncnet] }
- { role: modsecurity, tags: modsecurity}
- hosts: nosudo
become: no
gather_facts: no
roles:
- { role: cv, tags: cv }
- { role: rsyncnet, tags: [backup, rsyncnet] }
- { role: icinga2-primary, tags: [icinga2, icinga2-primary] }
- hosts: redis
become: yes
roles:
- { role: contrib/geerlingguy.redis, tags: redis }
- { role: redis-additional, tags: redis }
- hosts: docker
become: yes
roles:
- { role: contrib/geerlingguy.docker, tags: docker}