v220904

2022-09-04 17:18:06 +02:00 · 2022-09-04 17:18:06 +02:00 · af69d886e8
commit af69d886e8
9 changed files with 349 additions and 0 deletions
--- a/files/000-default_fpm7.4.conf
+++ b/files/000-default_fpm7.4.conf
@ -0,0 +1,16 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/def/public
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log detailed
+    <Directory /var/www/def/public>
+            Options -Indexes +FollowSymLinks +MultiViews
+            AllowOverride All
+            Require all granted
+    </Directory>
+    <Files "*.php">
+        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
+    </Files>
+</VirtualHost>
+
+# vim: set tabstop=4 shiftwidth=4 expandtab smarttab:
--- a/files/000-default_modphp.conf
+++ b/files/000-default_modphp.conf
@ -0,0 +1,13 @@
+<VirtualHost *:80>
+    DocumentRoot /var/www/def/public
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log detailed
+    <Directory /var/www/def/public>
+            Options -Indexes +FollowSymLinks +MultiViews
+            AllowOverride All
+            Require all granted
+    </Directory>
+</VirtualHost>
+
+# vim: set tabstop=4 shiftwidth=4 expandtab smarttab:
--- a/files/charset.conf
+++ b/files/charset.conf
@ -0,0 +1,2 @@
+#AddDefaultCharset ISO-8859-2
+AddDefaultCharset UTF-8
--- a/files/hws.php.ini.fpm
+++ b/files/hws.php.ini.fpm
@ -0,0 +1,16 @@
+; HWS php configuration
+[PHP]
+memory_limit = 256M
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
+error_log = /var/log/php_errors.log
+post_max_size = 80M
+upload_max_filesize = 80M
+user_ini.filename = .php.ini
+user_ini.cache_ttl = 60
+
+[Date]
+date.timezone = "Europe/Budapest"
+
+[Session]
+session.gc_maxlifetime = 86400
+
--- a/files/hws.php.ini.modphp
+++ b/files/hws.php.ini.modphp
@ -0,0 +1,15 @@
+; HWS php configuration
+[PHP]
+memory_limit = 256M
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE
+error_log = /var/log/php_errors.log
+post_max_size = 80M
+upload_max_filesize = 80M
+#default_charset = "ISO-8859-2"
+
+[Date]
+date.timezone = "Europe/Budapest"
+
+[Session]
+session.gc_maxlifetime = 86400
+
--- a/files/log-detailed.conf
+++ b/files/log-detailed.conf
@ -0,0 +1 @@
+LogFormat "%{%s %Y-%m-%d %H:%M:%S}t %A:%{local}p|%v %a %u %I|%O%X %Dus %>s \"%r\" \"%{Referer}i\" \"%{User-Agent}i\"" detailed
--- a/files/logrotate.conf
+++ b/files/logrotate.conf
@ -0,0 +1,9 @@
+/var/log/php*.log
+{
+  rotate 7
+  daily
+  missingok
+  notifempty
+  compress
+  create 0664 www-data www-data
+}
--- a/files/other-vhosts-access-log.conf
+++ b/files/other-vhosts-access-log.conf
@ -0,0 +1,5 @@
+# Define an access log for VirtualHosts that don't define their own logfile
+#CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log detailed
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,272 @@
+---
+- name: check if apt.conf uses a proxy
+  shell: grep -Po '(?<=^Acquire::http::Proxy ")[^"]*' /etc/apt/apt.conf
+  register: proxy_grep
+  failed_when: false
+  changed_when: false
+
+- name: set proxy variable
+  set_fact:
+    proxy: "{{ proxy_grep.stdout }}"
+  when: proxy_grep.stdout != ""
+
+- name: /var/www bind mount in fstab
+  lineinfile:
+    dest: /etc/fstab
+    line: '/data/www       /var/www        none    bind    0       0'
+  register: fstab_www
+
+- name: mount /var/www
+  shell: 'mkdir -p /var/www && mv /var/www /data && mkdir -p /var/www && mount /var/www'
+  when: fstab_www.changed
+
+- name: www subdirs
+  file:
+    dest: "/var/www/{{ item }}"
+    state: directory
+  with_items:
+    - def
+    - def/public
+
+- name: www index.html
+  shell: "test -e /var/www/def/public/index.html || hostname > /var/www/def/public/index.html"
+
+- name: install packages, jessie
+  tags: apt
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - apache2
+    - libapache2-mod-php5
+    - mysql-client
+    - php5-cli
+    - php5-curl
+    - php5-gd
+    - php5-json
+    - php5-ldap
+    - php5-mysqlnd
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "8"
+
+- name: install packages, stretch-buster
+  tags: apt
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - apache2
+    - libapache2-mod-php
+    - mariadb-client
+    - php-cli
+    - php-bcmath
+    - php-curl
+    - php-gd
+    - php-json
+    - php-ldap
+    - php-mbstring
+    - php-mysql
+    - php-soap
+    - php-xml
+    - php-zip
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 9 or ansible_distribution_major_version|int() == 10
+
+- name: sury repo pgp key, bullseye+
+  tags: apt
+  shell: "curl {{ (proxy is defined) | ternary('--proxy '+ proxy|default(''), '')}} -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg"
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 11
+
+- name: sury repo in sources list, bullseye
+  tags: apt
+  lineinfile:
+    dest: /etc/apt/sources.list.d/php-sury.list
+    line: 'deb https://packages.sury.org/php/ bullseye main'
+    create: yes
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 11
+
+- name: apt update, bullseye
+  tags: apt
+  apt:
+    update_cache: yes
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 11
+
+- name: install packages, bullseye
+  tags: apt
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - apache2
+    - mariadb-client
+    - php7.4-cli
+    - php7.4-fpm
+    - php7.4-bcmath
+    - php7.4-curl
+    - php7.4-gd
+    - php7.4-json
+    - php7.4-ldap
+    - php7.4-mbstring
+    - php7.4-mysql
+    - php7.4-opcache
+    - php7.4-readline
+    - php7.4-soap
+    - php7.4-xml
+    - php7.4-zip
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 11
+
+- name: conf-available
+  copy:
+    src: "{{ item }}"
+    dest: /etc/apache2/conf-available
+  with_items:
+    - other-vhosts-access-log.conf
+    - charset.conf
+    - log-detailed.conf
+
+- name: enable confs / modules, -buster
+  shell: "a2enconf charset log-detailed && a2enmod rewrite"
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() < 11
+
+- name: enable confs / modules, bullseye+
+  shell: "a2enconf charset log-detailed && a2enmod rewrite headers proxy_fcgi"
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() >= 11
+
+- name: virtualhost config, -buster
+  copy:
+    src: 000-default_modphp.conf
+    dest: /etc/apache2/sites-available/000-default.conf
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() < 11
+
+- name: virtualhost config, bullseye
+  copy:
+    src: 000-default_fpm7.4.conf
+    dest: /etc/apache2/sites-available/000-default.conf
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() == 11
+
+- name: php config, jessie
+  copy:
+    src: hws.php.ini.modphp
+    dest: /etc/php5
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "8"
+
+- name: php config symlinks, jessie
+  file:
+    state: link
+    src: /etc/php5/hws.php.ini
+    path: "/etc/php5/{{ item }}/conf.d/hws.php.ini"
+  with_items:
+    - apache2
+    - cli
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "8"
+
+- name: php config, stretch
+  copy:
+    src: hws.php.ini.modphp
+    dest: /etc/php/7.0/hws.php.ini
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "9"
+
+- name: php config, buster
+  copy:
+    src: hws.php.ini.modphp
+    dest: /etc/php/7.3/hws.php.ini
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "10"
+
+- name: php config, bullseye
+  copy:
+    src: hws.php.ini.fpm
+    dest: /etc/php/7.4/hws.php.ini
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "11"
+
+- name: php config symlinks, stretch
+  file:
+    state: link
+    src: /etc/php/7.0/hws.php.ini
+    path: "/etc/php/7.0/{{ item }}/conf.d/hws.php.ini"
+  with_items:
+    - apache2
+    - cli
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "9"
+
+- name: php config symlinks, buster
+  file:
+    state: link
+    src: /etc/php/7.3/hws.php.ini
+    path: "/etc/php/7.3/{{ item }}/conf.d/hws.php.ini"
+  with_items:
+    - apache2
+    - cli
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "10"
+
+- name: php config symlinks, bullseye
+  file:
+    state: link
+    src: /etc/php/7.4/hws.php.ini
+    path: "/etc/php/7.4/{{ item }}/conf.d/hws.php.ini"
+  with_items:
+    - fpm
+    - cli
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version == "11"
+
+
+- name: php logrotate config
+  copy:
+    src: logrotate.conf
+    dest: /etc/logrotate.d/php
+
+- name: security.conf ServerTokens, bullseye+
+  tags: apt
+  lineinfile:
+    dest: /etc/apache2/conf-available/security.conf
+    regexp: "^ServerTokens"
+    line: "ServerTokens Prod"
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() >= 11
+
+- name: security.conf ServerSignature, bullseye+
+  tags: apt
+  lineinfile:
+    dest: /etc/apache2/conf-available/security.conf
+    regexp: "^ServerSignature"
+    line: "ServerSignature Off"
+  when: 
+    - ansible_distribution == "Debian"
+    - ansible_distribution_major_version|int() >= 11
+
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
				`@ -0,0 +1 @@`
				`LogFormat "%{%s %Y-%m-%d %H:%M:%S}t %A:%{local}p\|%v %a %u %I\|%O%X %Dus %>s \"%r\" \"%{Referer}i\" \"%{User-Agent}i\"" detailed`