diff --git a/ansible/README.md b/ansible/README.md deleted file mode 100644 index 234a93d..0000000 --- a/ansible/README.md +++ /dev/null @@ -1,6 +0,0 @@ -Three parts: - -* make a docker-compose wordpress:apache instance with fixed IP, configured to query host's MySQL -* Configure host's MySQL's access rights to allow connections from fixed IP -* Make new nginx server (answering to site's URL) to do TLS and pass connections to container with fixed IP - diff --git a/ansible/ansible-playbook.yml b/ansible/ansible-playbook.yml.bkp similarity index 100% rename from ansible/ansible-playbook.yml rename to ansible/ansible-playbook.yml.bkp diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..bf66e44 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,15 @@ +[defaults] +# To forward my SSH key to remote hosts, and be able to pull from gitlab +transport = ssh + +ask_vault_pass = True + +[ssh_connection] + +# ForwardAgent to forward my SSH key to remote hosts, and be able to pull from gitlab +# ControlMaster to avoid a bug when cloning: https://github.com/ansible/ansible/issues/13876 +# ControlPersist for SSH multiplexing "-o ControlPersist=60s" <- Causes user not being added to docker group T_T +ssh_args = -o ForwardAgent=yes -o ControlMaster=auto + +# For speed +pipelining=True diff --git a/ansible/build.yml b/ansible/build.yml new file mode 100644 index 0000000..1fba8d7 --- /dev/null +++ b/ansible/build.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + gather_facts: no + roles: + - build \ No newline at end of file diff --git a/ansible/command b/ansible/command new file mode 100644 index 0000000..75377ab --- /dev/null +++ b/ansible/command @@ -0,0 +1 @@ +ansible-playbook --ask-vault-pass build.yml -i inventory diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml new file mode 100644 index 0000000..208d6b6 --- /dev/null +++ b/ansible/group_vars/all/vars.yml @@ -0,0 +1,19 @@ +--- + +www_path: /vault/www +sites_path: /vault/sites + +sites: + - slug: rdb # Shorthand name to use as directory/file name + # The complete site URL + url: www.rennesdesbois.fr + # What kind of service is that? + type: wordpress + # Subnet addresses + subnet_cidr_address: 172.27.0.0/24 + subnet_gateway_ip: 172.27.0.1 + subnet_site_ip: 172.27.0.2 + + mysql_database: rdb + mysql_username: rdb + mysql_password: "{{ vault_rdb_mysql_password }}" \ No newline at end of file diff --git a/ansible/group_vars/all/vault.yml b/ansible/group_vars/all/vault.yml new file mode 100644 index 0000000..fdea452 --- /dev/null +++ b/ansible/group_vars/all/vault.yml @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +64613132623931393566346236303131623137326233643334626630346233333933363135666132 +6331386332666238623539613361633836613837343530610a623632666231366436666136303764 +66333939643963323830326161646332633632336164366635613634366138663932393866356464 +3066396637656636380a626635366239363866653335333661346432313566356635303338313963 +34613666396637346536616365323636376466626637313134346266353230376166303031353461 +65633731623463393736663136303931666637303130353531353930663437353835346532373833 +63346539653439383138303732656637323562336265616338323133343863356235346265616130 +63333639666263363361 diff --git a/ansible/inventory b/ansible/inventory new file mode 100644 index 0000000..d3d8480 --- /dev/null +++ b/ansible/inventory @@ -0,0 +1 @@ +serenity ansible_user=adrien ansible_host=92.243.8.85 diff --git a/wordpress/php/Dockerfile b/ansible/roles/build/files/Dockerfile similarity index 100% rename from wordpress/php/Dockerfile rename to ansible/roles/build/files/Dockerfile diff --git a/ansible/roles/build/tasks/main.yml b/ansible/roles/build/tasks/main.yml new file mode 100644 index 0000000..5200a4c --- /dev/null +++ b/ansible/roles/build/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- name: Build Wordpress sites + include_tasks: wordpress.yml + loop: "{{ sites }}" + when: item.type == "wordpress" + + + + +# build an image + # do the msmtp bullshit +# docker compose +# nginx +# let's encrypt + +# in another role: deploy the stuff \ No newline at end of file diff --git a/ansible/roles/build/tasks/wordpress.yml b/ansible/roles/build/tasks/wordpress.yml new file mode 100644 index 0000000..0011615 --- /dev/null +++ b/ansible/roles/build/tasks/wordpress.yml @@ -0,0 +1,15 @@ +- name: "Create folder {{ sites_path }}/{{ item.slug }}" + file: + path: "{{ sites_path }}/{{ item.slug }}" + state: directory + mode: '750' + +- name: Render sexy Dockerfile + template: + src: Dockerfile.j2 + dest: "{{ sites_path }}/{{ item.slug }}/Dockerfile" + +- name: Render marvelous docker-compose.yml + template: + src: docker-compose.yml.j2 + dest: "{{ sites_path }}/{{ item.slug }}/docker-compose.yml" \ No newline at end of file diff --git a/ansible/roles/build/templates/Dockerfile.j2 b/ansible/roles/build/templates/Dockerfile.j2 new file mode 100644 index 0000000..b2bb821 --- /dev/null +++ b/ansible/roles/build/templates/Dockerfile.j2 @@ -0,0 +1,14 @@ +FROM wordpress:apache + +RUN apt-get update; \ + apt-get install -y --no-install-recommends msmtp; \ + rm -rf /var/lib/apt/lists/* + +RUN echo "sendmail_path = /usr/sbin/msmtp -t " > /usr/local/etc/php/conf.d/sendmail.ini + +RUN cat << EOF > /etc/msmtprc +account default +host {{ item.subnet_gateway_ip }} +port 25 +EOF + diff --git a/ansible/roles/build/templates/docker-compose.yml.j2 b/ansible/roles/build/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..8511983 --- /dev/null +++ b/ansible/roles/build/templates/docker-compose.yml.j2 @@ -0,0 +1,26 @@ +version: '3' + +# Generated by ansible for site {{ item.url }} +# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }} + +services: + wp: + build: . + restart: always + environment: + WORDPRESS_DB_HOST: "{{ item.subnet_gateway_ip }}" + WORDPRESS_DB_USER: "{{ item.mysql_username }}" + WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}" + WORDPRESS_DB_NAME: "{{ item.mysql_database }}" + volumes: + - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" + networks: + net: + ipv4_address: "{{ item.subnet_site_ip }}" + +networks: + net: + ipam: + driver: default + config: + - subnet: "{{ item.subnet_cidr_address }}" diff --git a/wordpress/php/msmtprc.j2 b/ansible/roles/build/templates/msmtprc.j2 similarity index 100% rename from wordpress/php/msmtprc.j2 rename to ansible/roles/build/templates/msmtprc.j2 diff --git a/ansible/templates/nginx-site.conf.j2 b/ansible/roles/build/templates/nginx-site.conf.j2 similarity index 71% rename from ansible/templates/nginx-site.conf.j2 rename to ansible/roles/build/templates/nginx-site.conf.j2 index 6762cb1..80d8785 100644 --- a/ansible/templates/nginx-site.conf.j2 +++ b/ansible/roles/build/templates/nginx-site.conf.j2 @@ -4,7 +4,7 @@ server { listen 80; listen [::]:80; - server_name {{ site_url }} www.{{ site_url }}; + server_name {{ site_url }}; rewrite ^ https://{{ site_url }}$request_uri permanent; } @@ -12,7 +12,7 @@ server { server { listen 443 ssl; listen [::]:443 ssl; - server_name {{ site_url }} www.{{ site_url }}; + server_name {{ site_url }}; access_log /var/log/nginx/{{ site_name }}-access.log; error_log /var/log/nginx/error.log; @@ -23,16 +23,7 @@ server { include snippets/ssl-params.conf; ssl_certificate /etc/letsencrypt/live/{{ site_url }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site_url }}/privkey.pem; - - if ($host = www.{{ site_url }}) { - rewrite ^ https://{{ site_url }}$request_uri permanent; - } - - # Run by host - # root /var/www/{{ site_name }}; - # include snippets/wordpress.conf; - # Run in Docker include snippets/header-params_server.conf; location / { include snippets/header-params_location.conf; diff --git a/ansible/templates/docker-compose.yml.j2 b/ansible/templates/docker-compose.yml.j2 deleted file mode 100644 index 283eddd..0000000 --- a/ansible/templates/docker-compose.yml.j2 +++ /dev/null @@ -1,26 +0,0 @@ -version: '3' - - -# Generated by ansible for site {{ site_url }} -# At {{ subnet_site_ip }} on {{ subnet_cidr_address }} - -services: - wp: - image: {{ docker_image }} - restart: always - environment: - WORDPRESS_DB_HOST: "{{ subnet_gateway_ip }}" - WORDPRESS_DB_USER: "{{ mysql_username }}" - WORDPRESS_DB_PASSWORD: "{{ mysql_password }}" - WORDPRESS_DB_NAME: "{{ mysql_database }}" - volumes: {{ docker_volumes | to_yaml }} - networks: - net: - ipv4_address: "{{ subnet_site_ip }}" - -networks: - net: - ipam: - driver: default - config: - - subnet: "{{ subnet_cidr_address }}" diff --git a/wordpress/php/TODO b/wordpress/php/TODO deleted file mode 100644 index def7654..0000000 --- a/wordpress/php/TODO +++ /dev/null @@ -1 +0,0 @@ -Add this to an Ansible role executing the templates to add the propoer IP, notably to msmtprc