automation/deployer/roles/build/tasks/wordpress.yml
2020-05-03 18:35:42 +02:00

153 lines
4.4 KiB
YAML

#####################
# Create wp-content #
#####################
- name: Is it a new install?
stat:
path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php"
register: wpcontent
- name: Populate wp-content folder
block:
- name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content"
file:
path: "{{ www_path }}/{{ item.slug }}_wp-content"
state: absent
- name: "Download Wordpress v{{ wordpress.version }} archive"
get_url:
url: "https://wordpress.org/wordpress-{{ wordpress.version }}.tar.gz"
dest: "/tmp/wordpress.tgz"
checksum: "{{ wordpress.checksum }}"
- name: "Extract Wordpress v{{ wordpress.version }} archive"
unarchive:
src: "/tmp/wordpress.tgz"
dest: /tmp
remote_src: yes
- name: "Copy wp-content folder to destination"
copy:
src: /tmp/wordpress/wp-content/
dest: "{{ www_path }}/{{ item.slug }}_wp-content"
remote_src: yes
# group: www-data
# mode: '0660'
# directory_mode: '0770'
- name: Set proper access rights to wp-content tree
file:
path: "{{ www_path }}/{{ item.slug }}_wp-content"
state: directory
recurse: yes
group: www-data
mode: "u=rwX,g=rwX,o="
- name: "Remove downloaded content"
file:
path: "{{ toremove }}"
state: absent
loop:
- /tmp/wordpress.tgz
- /tmp/wordpress
loop_control:
loop_var: toremove
when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
tags: [docker, nginx]
#################
# Setup backups #
#################
- name: Setup weekly backup of wp-content
cron:
name: "backup {{ item.slug }}_wp-content"
# hour: "17"
# minute: "37"
special_time: weekly
user: "www-data"
job: "tar czf {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {{ www_path }}/{{ item.slug }}_wp-content"
become: yes
tags: backup
- name: Configure logrotate to rotate backups
blockinfile:
path: "/etc/logrotate.d/{{ item.slug }}"
create: yes
block: |
{{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {
rotate 5
nocompress
dateext
dateformat _%Y-%m-%d
extension .tar.gz
missingok
}
become: yes
tags: backup
####################
# Render templates #
####################
- name: "Create folder {{ sites_path }}/{{ item.slug }}"
file:
path: "{{ sites_path }}/{{ item.slug }}"
state: directory
mode: '750'
tags: [docker, nginx]
- name: "Create {{ sites_path }}/{{ item.slug }} sub-directories"
file:
path: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path }}"
state: directory
mode: "{{ filetree_item.mode }}"
with_filetree: "../templates/wordpress/"
loop_control:
loop_var: filetree_item
when: filetree_item.state == 'directory'
tags: [docker, nginx]
- name: Render template files
template:
src: "{{ filetree_item.src }}"
dest: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path | regex_replace('.j2','') }}"
mode: "{{ filetree_item.mode }}"
with_filetree: "../templates/wordpress/"
loop_control:
loop_var: filetree_item
when: filetree_item.state == 'file'
tags: [docker, nginx]
#######################
# MySQL configuration #
#######################
# MySQL equivalent:
# create user <user>@<ip> identified by <pass>;
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
mysql_user:
# Credentials to log in MySQL
login_host: localhost
login_user: root
login_password: "{{ mysql_root_password }}"
# Credentials of the new db user
host: "{{ item.subnet_site_ip }}"
name: "{{ item.mysql_username }}"
password: "{{ item.mysql_password }}"
# Grants
priv: "{{ item.mysql_database }}.*:all"
state: present
tags: mysql
###################
# SSL certificate #
###################
# - name: Create Let's Encrypt certificate
# This seems hard, see:
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
# Maybe using shell directly? e.g.
# certbot certonly --webroot -w /var/www/letsencrypt -d <url>