# Deployer: deploy your shit and make it run So lame to have to configure nginx, MySQL, and your filesystem to install a stupid Wordpress instance. **Deployer** does my config for me like the slave it is. All the configuration is defined in `group_vars/all/vars.yml`, go check. Create a side `group_vars/all/vault.yml` for your secrets, and encrypt it with Ansible Vault: ```bash ansible-vault encrypt group_vars/all/vault.yml # other sub-commands: edit, decrypt... ``` I usually run the following command: ansible-playbook --ask-vault-pass sites.yml -i inventory -v ## Required packages on remote Python modules: * docker * docker-compose * pymysql * psycopg2 TODO: Ansible task to install that before the rest ## Features * Creating Wordpress instances (yoohoo, da best) * That send mail!!11!1! * Supports existing and new installs * Creating Drupal instances * Only existing ones (no new installs) * Create Gitea instances * Nginx and docker-compose configurations * Most of the work is by hand, because there is quite a lot of interaction between the host and the container (for forwarding ssh). * Create Synapse instances * Configured to access PostGreSQL on host. * *Access through TCP*: You need to allow postgres to listen to your docker network, e.g. `172.27.0.0/16`. See `/etc/postgresql/x.y/main/pg_hba.conf`, and read the comments about changing `listen_addresses` too. * Access through Unix socket: Make a non-superuser role for root, and configure Synapse to use `/var/run/postgresql` as DB host. ### Does not support * Setting up the host * SSL certificate creation (bro, do it yourself!). That is: ```bash # Make an nginx file for certbot cat << EOF > /etc/nginx/sites-enabled/yoursite.com server { listen 80; server_name www.yoursite.com yoursite.com; include snippets/letsencrypt.conf; } EOF nginx -t # Is everything alright? # If so, restart nginx service nginx restart # Create the certificate certbot certonly --webroot -w /var/www/letsencrypt -d yoursite.com -d www.yoursite.com # Remove the stupid file rm /etc/nginx/sites-enabled/yoursite.com service nginx restart ``` ## Misc ### Synapse Someone advised me to install matrix-media-repo to enable animated thumbnails as people's avatar (https://github.com/turt2live/matrix-media-repo/blob/master/config.sample.yaml#L394), and to setup https://github.com/ma1uta/ma1sd which is a federated identity server. ### Ansible * You can create passwords/keys in templates using the following Jinja2 command: {{ lookup('password', '/dev/null length=20') }} See https://docs.ansible.com/ansible/latest/plugins/lookup/password.html and https://docs.ansible.com/ansible/latest/user_guide/playbooks_lookups.html ### Useful MySQL commands ```sql select host, user, password from mysql.user order by user; create user 'arvuhez'@'172.26.0.2' identified by 'kjhs'; grant all on arvuhez.* to 'arvuhez'@'172.26.0.2'; show grants for 'arvuhez'@'172.26.0.2'; ```