-
Notifications
You must be signed in to change notification settings - Fork 0
/
website.yml
156 lines (139 loc) · 4.31 KB
/
website.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
- hosts:
- foss4gbe_new
gather_facts: no
vars:
years:
- year: 2022
# - year: 2019
- year: 2018
- year: 2017
- year: 2016
- year: 2015
mysql_years:
- year: 2022
- year: 2019
- year: 2018
- year: 2017
- year: 2016
tasks:
#- name: add private keys
# # note: you must add these under /root/.ssh/instance_keys as scaleway is specail
#
- name: install packages
apt:
name: apache2,mariadb-server,git,git-lfs,php,php-mysql,python-certbot-apache,etckeeper,python3-pymysql
tags:
- apt
- name: install python3-certbot-dns-gandi - manage https certificate
apt:
name: python3-certbot-dns-gandi
default_release: buster-backports
state: present
- name: store credentials gandi (dns)
template:
src: templates/gandi.ini
dest: /root/gandi.ini
mode: 0600
- name: get initial certificates
command:
cmd: certbot certonly -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials gandi.ini -d foss4g.be -d \*.foss4g.be --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email
creates: /etc/letsencrypt/live/foss4g.be/fullchain.pem
- name: ensure https certificate is renewed weekly
cron:
name: renew https certificate
job: "certbot renew -q -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /root/gandi.ini --server https://acme-v02.api.letsencrypt.org/directory"
special_time: weekly
- name: make sure mod_rewrite/ssl is enabled
apache2_module:
name: "{{ item }}"
state: present
notify: apache restart
loop:
- ssl
- rewrite
- name: clone yearly repos
git:
repo: https://github.com/OSGeo-be/foss4g.be
dest: /var/www/{{ item.year }}.foss4g.be
version: b{{ item.year }}
loop: "{{ years }}"
- name: disable default site
file:
dest: /etc/apache2/sites-enabled/000-default.conf
state: absent
- name: forward http to https
template:
src: http.conf
dest: /etc/apache2/sites-enabled/http.conf
notify: apache restart
- name: enable yearly site (https)
template:
src: year-le-ssl.conf
dest: /etc/apache2/sites-enabled/{{ item.year }}.conf
loop: "{{ years }}"
notify: apache restart
- name: enable override using htaccess
lineinfile:
path: /etc/apache2/apache2.conf
line: 'AllowOverride FileInfo Options'
regexp: '\s*AllowOverride.*'
- name: create mysql db
mysql_db:
name: "foss4g_{{ item.year }}"
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ mysql_years }}"
tags:
- mysql
-
- name: create mysql user
mysql_user:
name: "foss4g_{{ item.year }}"
password: "{{ mysql_password }}"
login_unix_socket: /var/run/mysqld/mysqld.sock
# note we only grant select, for a new edition we should also allow insert
priv: "foss4g_{{ item.year }}.*:SELECT"
loop: "{{ mysql_years }}"
tags:
- mysql
- name: copy data dump
copy:
src: "foss4g_{{ item.year }}.sql"
dest: "/tmp"
loop: "{{ mysql_years }}"
tags:
- never
- name: import dump
mysql_db:
name: "foss4g_{{ item.year }}"
state: import
target: /tmp/foss4g_{{ item.year }}.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
loop: "{{ mysql_years }}"
tags:
- never
- name: add mysql config php file
template:
src: templates/mysql.php
dest: /var/www/{{ item.year}}.foss4g.be/htdocs/mysql.php
loop: "{{ mysql_years }}"
tags:
- mysql
- name: copy beOpenGIS site
git:
repo: https://github.com/OSGeo-be/beopengis
dest: /var/www/beopengis.foss4g.be
tags:
- beopengis
- name: add beOpenGIS configuration
template:
src: beopengis.conf
dest: /etc/apache2/sites-enabled/beopengis.conf
notify: apache restart
tags:
- beopengis
handlers:
- name: apache restart
systemd:
state: restarted
service: apache2