From 0e7e1f059f943f6617400cc32d155d73b4b4b9a3 Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 15 Mar 2024 15:56:51 +0100 Subject: [PATCH] corrections diverses --- creation_nouveau_site.yml | 53 ++++++++++++++++---------------- group_vars/vm.yml | 12 +++++--- host_vars/ligatures.yml | 4 ++- tasks/config_nuage.yml | 17 +++++----- tasks/config_www.yml | 2 +- templates/nginx_http_server.j2 | 8 ++--- templates/nginx_nuage_server.j2 | 26 ++++++++-------- templates/nginx_paheko_server.j2 | 18 +++++------ templates/nginx_www_common.j2 | 6 ++-- templates/nginx_www_server.j2 | 18 +++++------ 10 files changed, 84 insertions(+), 80 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index f3240da..0d36702 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -2,7 +2,7 @@ # attention - Par défaut ce scipt se lancer vers ligatures - name: Promp pour définir les variables du nouveau ite - hosts: vm_debian11 # test avec un nom de vm + hosts: ligatures become: true # toutes les tâches seront pas défaut éxécuter en tant que root vars: @@ -69,31 +69,6 @@ - name: Inclure la configuration d'un site web basique ansible.builtin.include_tasks: tasks/config_www.yml - - name: Bloc permettant de générer les certificats SSL - when: besoin_https == 'oui' - block: - - name: Inclure la configuration nginx http - ansible.builtin.include_tasks: tasks/config_nginx.yml - vars: - template_site: 'http' - - - name: Générer un certififat avec certbot # noqa : command-instead-of-module - become: true - ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}' - register: certbot_log - changed_when: false - - - name: Afficher les logs certbot - ansible.builtin.debug: - var: certbot_log - when: certbot_log is defined - - - - name: Inclure la configuration nginx - ansible.builtin.include_tasks: tasks/config_nginx.yml - vars: - template_site: "{{ SITE }}" - - name: Inclure la configuration d'un pool PHP ansible.builtin.include_tasks: tasks/config_pool_php.yml when: config_php == 'oui' or SITE == 'paheko' or SITE == 'nuage' @@ -112,4 +87,28 @@ # vim /etc/borgmatic/config.yaml # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/config - # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data \ No newline at end of file + # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data + + # - name: Bloc permettant de générer les certificats SSL + # when: besoin_https == 'oui' + # block: + # - name: Inclure la configuration nginx http + # ansible.builtin.include_tasks: tasks/config_nginx.yml + # vars: + # template_site: 'http' + + # - name: Générer un certififat avec certbot # noqa : command-instead-of-module + # become: true + # ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}' + # register: certbot_log + # changed_when: false + + # - name: Afficher les logs certbot + # ansible.builtin.debug: + # var: certbot_log + # when: certbot_log is defined + + # - name: Inclure la configuration nginx + # ansible.builtin.include_tasks: tasks/config_nginx.yml + # vars: + # template_site: "{{ SITE }}" \ No newline at end of file diff --git a/group_vars/vm.yml b/group_vars/vm.yml index 95c2ae0..a83fff7 100644 --- a/group_vars/vm.yml +++ b/group_vars/vm.yml @@ -5,10 +5,10 @@ nextcloud_files_path: "/opt/nuage" nouvelle_version: 26 ancienne_version: 25 # possble value: -# 23.0.12 -# 24.0.12 -# 25.0.9 -# 26.0.4 +# 23 +# 24 +# 25 +# 26 php_fpm_service: php{{ php_version }}-fpm php_version: '8.0' postgres_version: 13 @@ -18,4 +18,6 @@ nextcloud_db_name: "nextcloud" nextcloud_sources_files_path: "{{ nextcloud_files_path }}/sources" nextcloud_common_files_path: "{{ nextcloud_files_path }}/common" nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" \ No newline at end of file +nextcloud_symbolic_source: "../sources/nextcloud-{{ nouvelle_version }}" +nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" +nextcloud_symbolic_common: "../common/nextcloud-{{ nouvelle_version }}" \ No newline at end of file diff --git a/host_vars/ligatures.yml b/host_vars/ligatures.yml index d63cf76..d614963 100644 --- a/host_vars/ligatures.yml +++ b/host_vars/ligatures.yml @@ -1,10 +1,12 @@ nextcloud_php_user: "php_{{ SIGLE }}_nuage" nextcloud_websrv_user: "site_{{ SIGLE }}_nuage" -nextcloud_sources_files_path: "../../../nextcloud/sources" +nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources" nextcloud_common_files_path: "/home/sites/data/nextcloud/common" nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage" nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" +nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}" nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" +nextcloud_symbolic_common: "../../../nextcloud/common/nextcloud-{{ nouvelle_version }}" php_fpm_service: php{{ php_version}}-fpm php_version: '8.2' postgres_version: 15 diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 112d408..8f59cf0 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -27,6 +27,7 @@ # - php-exif - php-redis - php-imagick + - python3-psycopg2 #module ansible psql state: present - name: Boucle d'ajout du user php dans plusieurs groupe @@ -51,9 +52,9 @@ - name: Definir nouvelle_version ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version.user_input }}" + nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" - - name: Demande la version de nextcloud déjà installer + - name: Demande la version de nextcloud déjà installée ansible.builtin.pause: prompt: "Quelle version de nextcloud déjà installée" echo: true @@ -61,7 +62,7 @@ - name: Definir ancienne_version ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version.user_input }}" + ancienne_version: "{{ ancienne_version_prompt.user_input }}" - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml @@ -126,17 +127,17 @@ loop_control: label: "{{ item.path }}" loop: - - path: "{{ nextcloud_source }}/apps" + - path: "{{ nextcloud_webroot }}/apps" state: directory owner: "{{ nextcloud_php_user }}" group: "{{ nextcloud_websrv_user }}" mode: '2750' - - path: "{{ nextcloud_source }}/config" + - path: "{{ nextcloud_webroot }}/config" state: directory owner: "{{ nextcloud_php_user }}" group: "{{ nextcloud_websrv_user }}" mode: '2750' - - path: "{{ nextcloud_source }}/data" + - path: "{{ nextcloud_webroot }}/data" state: directory owner: "{{ nextcloud_php_user }}" group: "{{ nextcloud_websrv_user }}" @@ -144,7 +145,7 @@ - name: Create nextcloud root dir symbolic link ansible.builtin.file: - src: "{{ nextcloud_source }}" + src: "{{ nextcloud_symbolic_source }}" dest: "{{ nextcloud_webroot }}/nextcloud" owner: nextcloud group: nextcloud @@ -153,7 +154,7 @@ - name: Create nextcloud common app dir symbolic link ansible.builtin.file: - src: "{{ nextcloud_common }}" + src: "{{ nextcloud_symbolic_common }}" dest: "{{ nextcloud_webroot }}/common" owner: nextcloud group: nextcloud diff --git a/tasks/config_www.yml b/tasks/config_www.yml index 06af483..d01c9bf 100644 --- a/tasks/config_www.yml +++ b/tasks/config_www.yml @@ -1,7 +1,7 @@ - name: Ajout de l'utilisateur site_SIGLE_SITE ansible.builtin.user: name: "site_{{ SIGLE }}_{{ SITE }}" - home: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" shell: /bin/false groups: www-data system: true diff --git a/templates/nginx_http_server.j2 b/templates/nginx_http_server.j2 index e5dfb93..85b4a95 100644 --- a/templates/nginx_http_server.j2 +++ b/templates/nginx_http_server.j2 @@ -1,9 +1,9 @@ server { listen 80; server_name - {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; + {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; disable_symlinks if_not_owner; - access_log /home/sites/log/nginx/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/org/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}error.log warn; - root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/; + access_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}//access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ SITE }}/{{ DOMAIN }}/error.log warn; + root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/; } \ No newline at end of file diff --git a/templates/nginx_nuage_server.j2 b/templates/nginx_nuage_server.j2 index 3f39e05..661950a 100644 --- a/templates/nginx_nuage_server.j2 +++ b/templates/nginx_nuage_server.j2 @@ -5,7 +5,7 @@ map $arg_v $asset_immutable { } server { listen 80; - server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; + server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; #disable_symlinks if_not_owner; # Prevent nginx HTTP Server Detection @@ -15,30 +15,30 @@ server { return 301 https://$server_name$request_uri; - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; } server { listen 443 ssl http2; - server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; + server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; # Path to the root of your installation - root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud; + root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud; disable_symlinks if_not_owner; {% if besoin_https == 'oui' %} - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; {% endif %} - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; # Prevent nginx HTTP Server Detection server_tokens off; # HSTS settings # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.{{ TLD }}/. This option + # the consequences in https://hstspreload.{{ TLD }}/. This option # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. @@ -88,11 +88,11 @@ server { } location ~ /common-apps/(.*)$ { - alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1; + alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1; } location ~ /instance-apps/(.*)$ { - alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1; + alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1; } # Specify how to handle directories -- specifying `/index.php$request_uri` @@ -165,7 +165,7 @@ server { fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config; + fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config; fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }}; #fastcgi_intercept_errors on; diff --git a/templates/nginx_paheko_server.j2 b/templates/nginx_paheko_server.j2 index d09e5f9..9f9953a 100644 --- a/templates/nginx_paheko_server.j2 +++ b/templates/nginx_paheko_server.j2 @@ -1,17 +1,17 @@ server { listen 80; - include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; - access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; - return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; + include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; + access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443; - include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; + include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; {% if besoin_https == 'oui' %} - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; {% endif %} - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; } diff --git a/templates/nginx_www_common.j2 b/templates/nginx_www_common.j2 index a1484ae..d52083b 100644 --- a/templates/nginx_www_common.j2 +++ b/templates/nginx_www_common.j2 @@ -1,7 +1,7 @@ server_name - {{ DOMAIN }}.{{ TLD }} - www.{{ DOMAIN }}.{{ TLD }}; -root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; + {{ DOMAIN }}.{{ TLD }} + www.{{ DOMAIN }}.{{ TLD }}; +root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; index index.html; client_body_buffer_size 8k; diff --git a/templates/nginx_www_server.j2 b/templates/nginx_www_server.j2 index 2279016..924c738 100644 --- a/templates/nginx_www_server.j2 +++ b/templates/nginx_www_server.j2 @@ -1,17 +1,17 @@ server { listen 80; - server_name {{ DOMAIN }}.{{ TLD }}; - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; - return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri; + server_name {{ DOMAIN }}.{{ TLD }}; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443 ssl; - include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; + include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; {% if besoin_https == 'oui' %} - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; {% endif %} - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; + error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; } \ No newline at end of file -- 2.20.1