add:(Wordpress)

2023-05-17 16:51:30 +02:00 · 2023-05-17 16:51:30 +02:00 · 860c225880
parent 27e6b5758a
commit 860c225880
17 changed files with 224 additions and 6 deletions
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@ -10,3 +10,7 @@ ansible_become_method: "sudo"

 nginx_cert_position: "/etc/ssl/dmz.pem"
 nginx_key_position: "/etc/ssl/dmz.key.pem"
+
+mysql_db_name: "wordpress_db"
+mysql_user_name: "wordpress_user"
+mysql_user_pass: "ApacheCestPasTerribleQuandMeme"
--- a/playbooks/apache.yml
+++ b/playbooks/apache.yml
@ -0,0 +1,10 @@
+---
+
+- name: Apache
+  hosts: all
+  vars_files:
+    - ../group_vars/all/vault.yml
+  roles:
+    - apache
+  tags:
+    - apache
--- a/playbooks/wordpress.yml
+++ b/playbooks/wordpress.yml
@ -0,0 +1,10 @@
+---
+
+- name: Wordpress
+  hosts: all
+  vars_files:
+    - ../group_vars/all/vault.yml
+  roles:
+    - wordpress
+  tags:
+    - wordpress
--- a/requirements.yml
+++ b/requirements.yml
@ -7,3 +7,5 @@ collections:
    version: 2.10.0
  - name: community.general
    version: 3.4.0
+  - name: community.mysql
+    version: 3.7.0
--- a/roles/apache/handlers/main.yml
+++ b/roles/apache/handlers/main.yml
@ -0,0 +1,8 @@
+---
+
+- name: apache_reload
+  become: Yes
+  ansible.builtin.service:
+    name: apache2.service
+    state: reloaded
+
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@ -0,0 +1,5 @@
+---
+
+- name: Create Apache server
+  remote_user: ansible
+  ansible.builtin.import_tasks: webserver.yml
--- a/roles/apache/tasks/webserver.yml
+++ b/roles/apache/tasks/webserver.yml
@ -0,0 +1,60 @@
+---
+- name: Install Apache2
+  become: Yes
+  ansible.builtin.apt:
+    update_cache: true
+    state: latest
+    name:
+      - apache2
+      - libapache2-mod-security2
+      - libapache2-mod-php
+
+
+- name: Check Wordpress default site status
+  stat:
+    path: "/etc/apache2/sites-enabled/000-default.conf"
+  register: default_active
+
+- name: Disable default HTTP website
+  become: Yes
+  ansible.builtin.command:
+    cmd: "/usr/sbin/a2dissite 000-default"
+  when: default_active.stat.exists # Skip if default don't exists
+
+
+- name: Change ports config file
+  become: yes
+  ansible.builtin.template:
+    src: "apache2-ports.conf.j2"
+    dest: "/etc/apache2/ports.conf"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - apache_reload
+
+
+- name: import wordpress available configuration
+  become: yes
+  ansible.builtin.template:
+    src: "wordpress-site.conf.j2"
+    dest: "/etc/apache2/sites-available/wordpress-site.conf"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - apache_reload
+
+
+- name: Check Wordpress website status
+  stat:
+    path: "/etc/apache2/sites-enabled/wordpress-site.conf"
+  register: wp_active
+
+- name: Enable wordpress HTTP website
+  become: Yes
+  ansible.builtin.command:
+    cmd: "/usr/sbin/a2ensite wordpress-site.conf"
+  notify:
+    - apache_reload
+  when: not wp_active.stat.exists # Skip if simlink already exists
--- a/roles/apache/templates/apache2-ports.conf.j2
+++ b/roles/apache/templates/apache2-ports.conf.j2
@ -0,0 +1,10 @@
+# Listen 8000
+
+<IfModule ssl_module>
+	Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
--- a/roles/apache/templates/index.html.j2
+++ b/roles/apache/templates/index.html.j2
@ -0,0 +1 @@
+TOP GUN
--- a/roles/apache/templates/wordpress-site.conf.j2
+++ b/roles/apache/templates/wordpress-site.conf.j2
@ -0,0 +1,23 @@
+Listen 8000
+
+<VirtualHost *:8000>
+	DocumentRoot /usr/share/wordpress
+
+	Alias /wp-content /var/lib/wordpress/wp-content 
+
+	<Directory /usr/share/wordpress>
+		Options FollowSymLinks
+		AllowOverride Limit Options FileInfo
+		DirectoryIndex index.php
+		Require all granted
+	</Directory>
+
+	<Directory /var/lib/wordpress/wp-content>
+		Options FollowSymLinks
+		Require all granted
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
--- a/roles/nginx/tasks/webserver.yml
+++ b/roles/nginx/tasks/webserver.yml
@ -28,6 +28,8 @@
    owner: root
    group: root
    mode: 0644
+  notify:
+    - Nginx_Reload

 - name: Import index page
  become: Yes
--- a/roles/nginx/templates/infra.conf.j2
+++ b/roles/nginx/templates/infra.conf.j2
@ -16,15 +16,13 @@ server {
    return 301 https://$host$request_uri;
 }

-# reverse-proxy to Apache -> 10000
+# reverse-proxy to Apache -> 8000
 server {
    listen 443 ssl;             # IPv4, on écoute sur le port HTTPS (443)
    listen [::]:443;            # IPv6

-    # server_name wiki.salo.pe;   # Ce serveur répond au host 'wiki.salo.pe'
-
    location /blog/ { 
-        proxy_pass http://localhost:10000/; # Redirect localhost port 8080
+        proxy_pass http://localhost:8000/; # Redirect localhost port 8000
    }

    ssl_certificate {{ nginx_cert_position }};
@ -48,8 +46,6 @@ server {
    listen 443 ssl;
    listen [::]:443;

-#    server_name grosse.salo.pe;
-
    root /var/www/html;
    index index.html;

@ -65,4 +61,11 @@ server {
    ssl_stapling_verify on;

    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location / {
+        limit_except GET POST PUT {
+            deny all;
+        }
+        # Autre directives
+    }
 }
--- a/roles/wordpress/handlers/main.yml
+++ b/roles/wordpress/handlers/main.yml
@ -0,0 +1,8 @@
+---
+
+- name: apache_reload
+  become: Yes
+  ansible.builtin.service:
+    name: apache2.service
+    state: reloaded
+
--- a/roles/wordpress/tasks/main.yml
+++ b/roles/wordpress/tasks/main.yml
@ -0,0 +1,10 @@
+---
+
+- name: Import Wordpress
+  remote_user: ansible
+  ansible.builtin.import_tasks: wordpress.yml
+
+
+- name: Create MySQL Database
+  remote_user: ansible
+  ansible.builtin.import_tasks: mysql.yml
--- a/roles/wordpress/tasks/mysql.yml
+++ b/roles/wordpress/tasks/mysql.yml
@ -0,0 +1,22 @@
+---
+- name: Create MySQL Database for Wordpress
+  become: Yes
+  community.mysql.mysql_db:
+    name: "{{ mysql_db_name }}"
+    state: present
+
+
+- name: Create MySQL user '{{ mysql_user_name }}'
+  become: Yes
+  community.mysql.mysql_user:
+    name: "{{ mysql_user_name }}"
+    password: "{{ mysql_user_pass }}"
+    priv: "{{ mysql_db_name }}.*:ALL"
+    host: localhost
+    state: present
+
+- name: Start MySQL server
+  become: Yes
+  ansible.builtin.service:
+    name: mysql.service
+    state: started
--- a/roles/wordpress/tasks/wordpress.yml
+++ b/roles/wordpress/tasks/wordpress.yml
@ -0,0 +1,30 @@
+---
+- name: Install Wordpress Dependencies
+  become: Yes
+  ansible.builtin.apt:
+    update_cache: true
+    state: latest
+    name:
+      - ghostscript
+      - php
+      - php-bcmath
+      - php-curl
+      - php-intl
+      - php-json
+      - php-mbstring
+      - php-mysql
+      - php-xml
+      - php-zip
+      - wordpress
+      - mariadb-server
+      - python3-mysqldb
+
+
+- name: Import Wordpress database config
+  become: yes
+  ansible.builtin.template:
+    src: "config-localhost.php.j2"
+    dest: "/etc/wordpress/config-localhost.php"
+    owner: root
+    group: root
+    mode: 0644
--- a/roles/wordpress/templates/config-localhost.php.j2
+++ b/roles/wordpress/templates/config-localhost.php.j2
@ -0,0 +1,10 @@
+<?php
+    define('DB_NAME', '{{ mysql_db_name }}');
+    define('DB_USER', '{{ mysql_user_name }}');
+    define('DB_PASSWORD', '{{ mysql_user_pass }}');
+    define('DB_HOST', 'localhost');
+    define('WP_CONTENT_DIR', '/var/lib/wordpress/wp-content');
+    define('WP_HOME', 'https://192.168.3.2/blog/');
+    define('WP_SITEURL', 'https://192.168.3.2/blog/');
+?>
+