153 lines
4.4 KiB
YAML
153 lines
4.4 KiB
YAML
#####################
|
|
# Create wp-content #
|
|
#####################
|
|
|
|
- name: Is it a new install?
|
|
stat:
|
|
path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php"
|
|
register: wpcontent
|
|
|
|
- name: Populate wp-content folder
|
|
block:
|
|
- name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content"
|
|
file:
|
|
path: "{{ www_path }}/{{ item.slug }}_wp-content"
|
|
state: absent
|
|
- name: "Download Wordpress v{{ wordpress.version }} archive"
|
|
get_url:
|
|
url: "https://wordpress.org/wordpress-{{ wordpress.version }}.tar.gz"
|
|
dest: "/tmp/wordpress.tgz"
|
|
checksum: "{{ wordpress.checksum }}"
|
|
- name: "Extract Wordpress v{{ wordpress.version }} archive"
|
|
unarchive:
|
|
src: "/tmp/wordpress.tgz"
|
|
dest: /tmp
|
|
remote_src: yes
|
|
- name: "Copy wp-content folder to destination"
|
|
copy:
|
|
src: /tmp/wordpress/wp-content/
|
|
dest: "{{ www_path }}/{{ item.slug }}_wp-content"
|
|
remote_src: yes
|
|
# group: www-data
|
|
# mode: '0660'
|
|
# directory_mode: '0770'
|
|
- name: Set proper access rights to wp-content tree
|
|
file:
|
|
path: "{{ www_path }}/{{ item.slug }}_wp-content"
|
|
state: directory
|
|
recurse: yes
|
|
group: www-data
|
|
mode: "u=rwX,g=rwX,o="
|
|
|
|
- name: "Remove downloaded content"
|
|
file:
|
|
path: "{{ toremove }}"
|
|
state: absent
|
|
loop:
|
|
- /tmp/wordpress.tgz
|
|
- /tmp/wordpress
|
|
loop_control:
|
|
loop_var: toremove
|
|
|
|
when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
|
|
tags: [docker, nginx]
|
|
|
|
#################
|
|
# Setup backups #
|
|
#################
|
|
|
|
- name: Setup weekly backup of wp-content
|
|
cron:
|
|
name: "backup {{ item.slug }}_wp-content"
|
|
# hour: "17"
|
|
# minute: "37"
|
|
special_time: weekly
|
|
user: "www-data"
|
|
job: "tar czf {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {{ www_path }}/{{ item.slug }}_wp-content"
|
|
become: yes
|
|
tags: backup
|
|
|
|
- name: Configure logrotate to rotate backups
|
|
blockinfile:
|
|
path: "/etc/logrotate.d/{{ item.slug }}"
|
|
create: yes
|
|
block: |
|
|
{{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {
|
|
rotate 5
|
|
nocompress
|
|
dateext
|
|
dateformat _%Y-%m-%d
|
|
extension .tar.gz
|
|
missingok
|
|
}
|
|
become: yes
|
|
tags: backup
|
|
|
|
|
|
####################
|
|
# Render templates #
|
|
####################
|
|
|
|
- name: "Create folder {{ sites_path }}/{{ item.slug }}"
|
|
file:
|
|
path: "{{ sites_path }}/{{ item.slug }}"
|
|
state: directory
|
|
mode: '750'
|
|
tags: [docker, nginx]
|
|
|
|
- name: "Create {{ sites_path }}/{{ item.slug }} sub-directories"
|
|
file:
|
|
path: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path }}"
|
|
state: directory
|
|
mode: "{{ filetree_item.mode }}"
|
|
with_filetree: "../templates/wordpress/"
|
|
loop_control:
|
|
loop_var: filetree_item
|
|
when: filetree_item.state == 'directory'
|
|
tags: [docker, nginx]
|
|
|
|
- name: Render template files
|
|
template:
|
|
src: "{{ filetree_item.src }}"
|
|
dest: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path | regex_replace('.j2','') }}"
|
|
mode: "{{ filetree_item.mode }}"
|
|
with_filetree: "../templates/wordpress/"
|
|
loop_control:
|
|
loop_var: filetree_item
|
|
when: filetree_item.state == 'file'
|
|
tags: [docker, nginx]
|
|
|
|
|
|
#######################
|
|
# MySQL configuration #
|
|
#######################
|
|
|
|
# MySQL equivalent:
|
|
# create user <user>@<ip> identified by <pass>;
|
|
# grant all on <db>.* to <user>@<ip>;
|
|
- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
|
|
mysql_user:
|
|
# Credentials to log in MySQL
|
|
login_host: localhost
|
|
login_user: root
|
|
login_password: "{{ mysql_root_password }}"
|
|
# Credentials of the new db user
|
|
host: "{{ item.subnet_site_ip }}"
|
|
name: "{{ item.mysql_username }}"
|
|
password: "{{ item.mysql_password }}"
|
|
# Grants
|
|
priv: "{{ item.mysql_database }}.*:all"
|
|
state: present
|
|
tags: mysql
|
|
|
|
|
|
###################
|
|
# SSL certificate #
|
|
###################
|
|
|
|
# - name: Create Let's Encrypt certificate
|
|
# This seems hard, see:
|
|
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
|
|
# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
|
|
# Maybe using shell directly? e.g.
|
|
# certbot certonly --webroot -w /var/www/letsencrypt -d <url>
|