2018-09-03 20:06:05 +02:00
|
|
|
|
---
|
|
|
|
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
2023-07-30 19:31:56 +02:00
|
|
|
|
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
2018-09-03 20:06:05 +02:00
|
|
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
|
|
|
|
|
|
|
|
### UPSTREAM BEGIN ⇒ ###
|
|
|
|
|
|
- name: pull prerequisites from upstream
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: php
|
|
|
|
|
|
### ⇐ UPSTREAM BEGIN ###
|
|
|
|
|
|
|
|
|
|
|
|
- name: install software
|
|
|
|
|
|
package:
|
|
|
|
|
|
name: "{{item}}"
|
|
|
|
|
|
state: present
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- php-apcu
|
|
|
|
|
|
- php-gd
|
2019-05-09 22:43:36 +02:00
|
|
|
|
- php-imagick
|
2018-09-03 20:06:05 +02:00
|
|
|
|
- php-intl
|
|
|
|
|
|
- php-pgsql
|
|
|
|
|
|
- php-pspell
|
|
|
|
|
|
- php-sqlite
|
|
|
|
|
|
- php-xsl
|
|
|
|
|
|
- php-geoip
|
|
|
|
|
|
- geoip-database-extra
|
|
|
|
|
|
|
2023-12-30 16:32:52 +01:00
|
|
|
|
- name: install front software
|
|
|
|
|
|
package:
|
|
|
|
|
|
name: "{{item}}"
|
|
|
|
|
|
state: present
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- php-fpm
|
|
|
|
|
|
when:
|
|
|
|
|
|
- (inventory_hostname in groups['front'])
|
|
|
|
|
|
|
2018-09-03 20:06:05 +02:00
|
|
|
|
### UPSTREAM END ⇒ ###
|
|
|
|
|
|
- name: merge upstream
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: php
|
|
|
|
|
|
### ⇐ UPSTREAM END ###
|
|
|
|
|
|
|
2021-05-06 16:10:20 +02:00
|
|
|
|
- name: enable PHP extensions
|
2019-05-09 22:43:36 +02:00
|
|
|
|
lineinfile:
|
2021-05-06 16:10:20 +02:00
|
|
|
|
path: /etc/php/conf.d/{{item}}.ini
|
2019-05-09 22:43:36 +02:00
|
|
|
|
backrefs: true
|
2021-05-06 16:10:20 +02:00
|
|
|
|
regexp: '^;\s*(extension\s*=\s*{{item}}).*$'
|
2019-05-09 22:43:36 +02:00
|
|
|
|
line: '\1'
|
2021-05-06 16:10:20 +02:00
|
|
|
|
with_items:
|
|
|
|
|
|
- apcu
|
|
|
|
|
|
- geoip
|
|
|
|
|
|
- imagick
|
|
|
|
|
|
|
|
|
|
|
|
- name: alter PHP APCu configuration lines
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/conf.d/apcu.ini
|
|
|
|
|
|
regexp: '^;*{{item.name}}\s*='
|
|
|
|
|
|
line: '{{item.name}}={{item.value}}'
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- {name: 'apc.enable_cli', value: 1}
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
2019-05-09 22:43:36 +02:00
|
|
|
|
|
2018-09-03 20:06:05 +02:00
|
|
|
|
- name: activate PHP extensions
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php.ini
|
|
|
|
|
|
backrefs: true
|
|
|
|
|
|
regexp: '^;*((?:zend_)?extension={{item}}(?:\.so)?)\s*$'
|
|
|
|
|
|
line: '\1'
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- bcmath
|
|
|
|
|
|
- bz2
|
|
|
|
|
|
- calendar
|
|
|
|
|
|
- dba
|
|
|
|
|
|
- exif
|
|
|
|
|
|
- gd
|
|
|
|
|
|
- gettext
|
|
|
|
|
|
- gmp
|
|
|
|
|
|
- iconv
|
|
|
|
|
|
- intl
|
|
|
|
|
|
- ldap
|
|
|
|
|
|
- opcache
|
|
|
|
|
|
- pdo_pgsql
|
|
|
|
|
|
- pdo_sqlite
|
|
|
|
|
|
- pgsql
|
|
|
|
|
|
- pspell
|
|
|
|
|
|
- shmop
|
|
|
|
|
|
- soap
|
|
|
|
|
|
- sockets
|
|
|
|
|
|
- sqlite3
|
|
|
|
|
|
- sysvmsg
|
|
|
|
|
|
- xmlrpc
|
|
|
|
|
|
- xsl
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: disable PHP configuration lines
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php.ini
|
|
|
|
|
|
backrefs: true
|
|
|
|
|
|
regexp: '^({{item}}\s*=.*)$'
|
|
|
|
|
|
line: ';\1'
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- output_buffering
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: alter PHP configuration lines
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php.ini
|
|
|
|
|
|
regexp: '^;*{{item.name}}\s*='
|
|
|
|
|
|
line: '{{item.name}}={{item.value}}'
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- {name: max_execution_time, value: 0}
|
|
|
|
|
|
- {name: max_input_time, value: -1}
|
|
|
|
|
|
- {name: memory_limit, value: 512M}
|
|
|
|
|
|
- {name: post_max_size, value: 0}
|
|
|
|
|
|
- {name: 'cgi.fix_pathinfo', value: 0}
|
|
|
|
|
|
- {name: upload_tmp_dir, value: /var/tmp/}
|
|
|
|
|
|
- {name: upload_max_filesize, value: "{{http_max_upload}}"}
|
|
|
|
|
|
- {name: 'date.timezone', value: "{{timezone}}"}
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
2023-12-30 16:32:52 +01:00
|
|
|
|
- name: configure php-fpm
|
|
|
|
|
|
block:
|
|
|
|
|
|
|
|
|
|
|
|
- name: create php-fpm working directories
|
|
|
|
|
|
copy:
|
|
|
|
|
|
content: |
|
|
|
|
|
|
#Type Path Mode UID GID Age Argument
|
|
|
|
|
|
d /run/php-fpm 775 http http - -
|
|
|
|
|
|
dest: /etc/tmpfiles.d/run_php.conf
|
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- create php-fpm tmpfiles
|
|
|
|
|
|
|
|
|
|
|
|
- name: prepare to override systemd settings
|
|
|
|
|
|
file:
|
|
|
|
|
|
name: /etc/systemd/system/{{item}}.service.d
|
|
|
|
|
|
state: directory
|
|
|
|
|
|
mode: 0755
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- php-fpm
|
|
|
|
|
|
|
|
|
|
|
|
- name: secure systemd settings for php-fpm
|
|
|
|
|
|
copy:
|
|
|
|
|
|
content: |
|
|
|
|
|
|
[Unit]
|
|
|
|
|
|
After=systemd-tmpfiles-setup.service
|
|
|
|
|
|
[Service]
|
|
|
|
|
|
User=http
|
|
|
|
|
|
Group=http
|
|
|
|
|
|
CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
|
|
|
|
|
|
PrivateTmp=true
|
|
|
|
|
|
PrivateDevices=true
|
|
|
|
|
|
ProtectSystem=true
|
|
|
|
|
|
ProtectHome=true
|
|
|
|
|
|
NoNewPrivileges=true
|
|
|
|
|
|
PIDFile=/run/php-fpm/php-fpm.pid
|
|
|
|
|
|
dest: /etc/systemd/system/php-fpm.service.d/secure-{{nickname}}.conf
|
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: set the php-fpm settings
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php-fpm.d/www.conf
|
|
|
|
|
|
regexp: '^;*{{item.key}}\s*='
|
|
|
|
|
|
line: '{{item.key}} = {{item.value}}'
|
|
|
|
|
|
with_dict:
|
|
|
|
|
|
listen: /run/shared_sockets/php-fpm
|
|
|
|
|
|
pm: dynamic
|
|
|
|
|
|
'pm.max_children': '{{php_max_workers}}'
|
|
|
|
|
|
'pm.start_servers': 1
|
|
|
|
|
|
'pm.min_spare_servers': 1
|
|
|
|
|
|
'pm.max_spare_servers': '{{php_max_workers}}'
|
|
|
|
|
|
'pm.max_requests': '{{php_worker_max_reqs}}'
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: disable useless user/group specs
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php-fpm.d/www.conf
|
|
|
|
|
|
backrefs: true
|
|
|
|
|
|
regexp: '^({{item}}\s*=.*)'
|
|
|
|
|
|
line: ';\1'
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
- user
|
|
|
|
|
|
- group
|
|
|
|
|
|
- 'listen.group'
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: set the PID file path for php-fpm
|
|
|
|
|
|
lineinfile:
|
|
|
|
|
|
path: /etc/php/php-fpm.conf
|
|
|
|
|
|
regexp: '^;*pid\s*='
|
|
|
|
|
|
line: 'pid = /run/php-fpm/php-fpm.pid'
|
|
|
|
|
|
notify:
|
|
|
|
|
|
- restart php-fpm.service (front)
|
|
|
|
|
|
|
|
|
|
|
|
- name: enable php-fpm.service
|
|
|
|
|
|
systemd:
|
|
|
|
|
|
daemon_reload: true
|
|
|
|
|
|
name: php-fpm.service
|
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
|
|
- name: PHP test-page in test environment
|
|
|
|
|
|
copy:
|
|
|
|
|
|
content: <?php phpinfo();
|
|
|
|
|
|
dest: /srv/http/index.php
|
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
when: (env == 'dev')
|
|
|
|
|
|
|
|
|
|
|
|
when:
|
|
|
|
|
|
- (inventory_hostname in groups['front'])
|
|
|
|
|
|
|
2018-09-03 20:06:05 +02:00
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
|
|
|
|
- name: commit local changes
|
|
|
|
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
|
|
|
|
vars:
|
|
|
|
|
|
msg: php
|
|
|
|
|
|
### ⇐ LOCAL COMMIT ###
|
|
|
|
|
|
- meta: flush_handlers
|
