diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index d689908..9c1cebe 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -10,3 +10,7 @@ ansible_become_method: "sudo"
nginx_cert_position: "/etc/ssl/dmz.pem"
nginx_key_position: "/etc/ssl/dmz.key.pem"
+
+mysql_db_name: "wordpress_db"
+mysql_user_name: "wordpress_user"
+mysql_user_pass: "ApacheCestPasTerribleQuandMeme"
diff --git a/playbooks/apache.yml b/playbooks/apache.yml
new file mode 100644
index 0000000..a435526
--- /dev/null
+++ b/playbooks/apache.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Apache
+ hosts: all
+ vars_files:
+ - ../group_vars/all/vault.yml
+ roles:
+ - apache
+ tags:
+ - apache
diff --git a/playbooks/wordpress.yml b/playbooks/wordpress.yml
new file mode 100644
index 0000000..f2c4cdf
--- /dev/null
+++ b/playbooks/wordpress.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Wordpress
+ hosts: all
+ vars_files:
+ - ../group_vars/all/vault.yml
+ roles:
+ - wordpress
+ tags:
+ - wordpress
diff --git a/requirements.yml b/requirements.yml
index 29512cb..c670b46 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -7,3 +7,5 @@ collections:
version: 2.10.0
- name: community.general
version: 3.4.0
+ - name: community.mysql
+ version: 3.7.0
diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml
new file mode 100644
index 0000000..9024a1a
--- /dev/null
+++ b/roles/apache/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: apache_reload
+ become: Yes
+ ansible.builtin.service:
+ name: apache2.service
+ state: reloaded
+
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
new file mode 100644
index 0000000..7899e94
--- /dev/null
+++ b/roles/apache/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Create Apache server
+ remote_user: ansible
+ ansible.builtin.import_tasks: webserver.yml
diff --git a/roles/apache/tasks/webserver.yml b/roles/apache/tasks/webserver.yml
new file mode 100644
index 0000000..b10849e
--- /dev/null
+++ b/roles/apache/tasks/webserver.yml
@@ -0,0 +1,60 @@
+---
+- name: Install Apache2
+ become: Yes
+ ansible.builtin.apt:
+ update_cache: true
+ state: latest
+ name:
+ - apache2
+ - libapache2-mod-security2
+ - libapache2-mod-php
+
+
+- name: Check Wordpress default site status
+ stat:
+ path: "/etc/apache2/sites-enabled/000-default.conf"
+ register: default_active
+
+- name: Disable default HTTP website
+ become: Yes
+ ansible.builtin.command:
+ cmd: "/usr/sbin/a2dissite 000-default"
+ when: default_active.stat.exists # Skip if default don't exists
+
+
+- name: Change ports config file
+ become: yes
+ ansible.builtin.template:
+ src: "apache2-ports.conf.j2"
+ dest: "/etc/apache2/ports.conf"
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - apache_reload
+
+
+- name: import wordpress available configuration
+ become: yes
+ ansible.builtin.template:
+ src: "wordpress-site.conf.j2"
+ dest: "/etc/apache2/sites-available/wordpress-site.conf"
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - apache_reload
+
+
+- name: Check Wordpress website status
+ stat:
+ path: "/etc/apache2/sites-enabled/wordpress-site.conf"
+ register: wp_active
+
+- name: Enable wordpress HTTP website
+ become: Yes
+ ansible.builtin.command:
+ cmd: "/usr/sbin/a2ensite wordpress-site.conf"
+ notify:
+ - apache_reload
+ when: not wp_active.stat.exists # Skip if simlink already exists
diff --git a/roles/apache/templates/apache2-ports.conf.j2 b/roles/apache/templates/apache2-ports.conf.j2
new file mode 100644
index 0000000..f8ab4bd
--- /dev/null
+++ b/roles/apache/templates/apache2-ports.conf.j2
@@ -0,0 +1,10 @@
+# Listen 8000
+
+
+ Listen 443
+
+
+
+ Listen 443
+
+
diff --git a/roles/apache/templates/index.html.j2 b/roles/apache/templates/index.html.j2
new file mode 100644
index 0000000..56db0b8
--- /dev/null
+++ b/roles/apache/templates/index.html.j2
@@ -0,0 +1 @@
+TOP GUN
diff --git a/roles/apache/templates/wordpress-site.conf.j2 b/roles/apache/templates/wordpress-site.conf.j2
new file mode 100644
index 0000000..5c92ff2
--- /dev/null
+++ b/roles/apache/templates/wordpress-site.conf.j2
@@ -0,0 +1,23 @@
+Listen 8000
+
+
+ DocumentRoot /usr/share/wordpress
+
+ Alias /wp-content /var/lib/wordpress/wp-content
+
+
+ Options FollowSymLinks
+ AllowOverride Limit Options FileInfo
+ DirectoryIndex index.php
+ Require all granted
+
+
+
+ Options FollowSymLinks
+ Require all granted
+
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+
diff --git a/roles/nginx/tasks/webserver.yml b/roles/nginx/tasks/webserver.yml
index c96011e..66a299f 100644
--- a/roles/nginx/tasks/webserver.yml
+++ b/roles/nginx/tasks/webserver.yml
@@ -28,6 +28,8 @@
owner: root
group: root
mode: 0644
+ notify:
+ - Nginx_Reload
- name: Import index page
become: Yes
diff --git a/roles/nginx/templates/infra.conf.j2 b/roles/nginx/templates/infra.conf.j2
index d2ad4cc..e4dc2cc 100644
--- a/roles/nginx/templates/infra.conf.j2
+++ b/roles/nginx/templates/infra.conf.j2
@@ -16,15 +16,13 @@ server {
return 301 https://$host$request_uri;
}
-# reverse-proxy to Apache -> 10000
+# reverse-proxy to Apache -> 8000
server {
listen 443 ssl; # IPv4, on écoute sur le port HTTPS (443)
listen [::]:443; # IPv6
- # server_name wiki.salo.pe; # Ce serveur répond au host 'wiki.salo.pe'
-
location /blog/ {
- proxy_pass http://localhost:10000/; # Redirect localhost port 8080
+ proxy_pass http://localhost:8000/; # Redirect localhost port 8000
}
ssl_certificate {{ nginx_cert_position }};
@@ -48,8 +46,6 @@ server {
listen 443 ssl;
listen [::]:443;
-# server_name grosse.salo.pe;
-
root /var/www/html;
index index.html;
@@ -65,4 +61,11 @@ server {
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000" always;
+
+ location / {
+ limit_except GET POST PUT {
+ deny all;
+ }
+ # Autre directives
+ }
}
diff --git a/roles/wordpress/handlers/main.yml b/roles/wordpress/handlers/main.yml
new file mode 100644
index 0000000..9024a1a
--- /dev/null
+++ b/roles/wordpress/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: apache_reload
+ become: Yes
+ ansible.builtin.service:
+ name: apache2.service
+ state: reloaded
+
diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml
new file mode 100644
index 0000000..88af375
--- /dev/null
+++ b/roles/wordpress/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Import Wordpress
+ remote_user: ansible
+ ansible.builtin.import_tasks: wordpress.yml
+
+
+- name: Create MySQL Database
+ remote_user: ansible
+ ansible.builtin.import_tasks: mysql.yml
diff --git a/roles/wordpress/tasks/mysql.yml b/roles/wordpress/tasks/mysql.yml
new file mode 100644
index 0000000..74fe170
--- /dev/null
+++ b/roles/wordpress/tasks/mysql.yml
@@ -0,0 +1,22 @@
+---
+- name: Create MySQL Database for Wordpress
+ become: Yes
+ community.mysql.mysql_db:
+ name: "{{ mysql_db_name }}"
+ state: present
+
+
+- name: Create MySQL user '{{ mysql_user_name }}'
+ become: Yes
+ community.mysql.mysql_user:
+ name: "{{ mysql_user_name }}"
+ password: "{{ mysql_user_pass }}"
+ priv: "{{ mysql_db_name }}.*:ALL"
+ host: localhost
+ state: present
+
+- name: Start MySQL server
+ become: Yes
+ ansible.builtin.service:
+ name: mysql.service
+ state: started
diff --git a/roles/wordpress/tasks/wordpress.yml b/roles/wordpress/tasks/wordpress.yml
new file mode 100644
index 0000000..b83c9b1
--- /dev/null
+++ b/roles/wordpress/tasks/wordpress.yml
@@ -0,0 +1,30 @@
+---
+- name: Install Wordpress Dependencies
+ become: Yes
+ ansible.builtin.apt:
+ update_cache: true
+ state: latest
+ name:
+ - ghostscript
+ - php
+ - php-bcmath
+ - php-curl
+ - php-intl
+ - php-json
+ - php-mbstring
+ - php-mysql
+ - php-xml
+ - php-zip
+ - wordpress
+ - mariadb-server
+ - python3-mysqldb
+
+
+- name: Import Wordpress database config
+ become: yes
+ ansible.builtin.template:
+ src: "config-localhost.php.j2"
+ dest: "/etc/wordpress/config-localhost.php"
+ owner: root
+ group: root
+ mode: 0644
diff --git a/roles/wordpress/templates/config-localhost.php.j2 b/roles/wordpress/templates/config-localhost.php.j2
new file mode 100644
index 0000000..e3a74cc
--- /dev/null
+++ b/roles/wordpress/templates/config-localhost.php.j2
@@ -0,0 +1,10 @@
+
+