This commit is contained in:
Kekskurse 2021-01-15 02:10:48 +01:00
parent 0577550b2a
commit b19703b7cf
5 changed files with 182 additions and 9 deletions

1
.gitignore vendored
View file

@ -12,3 +12,4 @@ Homestead.yaml
npm-debug.log npm-debug.log
yarn-error.log yarn-error.log
storage/cache storage/cache
resources/ansible/*

View file

@ -36,7 +36,6 @@ FLUSH PRIVILEGES;
``` ```
``` ```
CREATE USER 'kuvia'@'%' IDENTIFIED WITH mysql_native_password BY 'QA8jS9T.H;8RB<A4';
GRANT ALL ON kuvia.* TO 'kuvia'@'%'; GRANT ALL ON kuvia.* TO 'kuvia'@'%';
``` ```
@ -77,7 +76,6 @@ server {
location ~ /\.ht { location ~ /\.ht {
deny all; deny all;
} }
} }
``` ```

View file

@ -0,0 +1,8 @@
all:
children:
web:
hosts:
www1.fra.kuvia.cloud:
mysql:
hosts:
www1.fra.kuvia.cloud:

View file

@ -0,0 +1,172 @@
---
# file: webservers.yml
- hosts: all
tasks:
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
update_cache: yes
- community.general.ufw:
rule: limit
port: ssh
proto: tcp
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
rule: allow
src: '10.114.0.0/20'
- name: Allow everything and enable UFW
community.general.ufw:
state: enabled
policy: deny
- hosts: mysql
tasks:
- name: Install mysql-server
apt:
name: mysql-server
state: present
- name: Install python3-pip
apt:
name: python3-pip
state: present
- name: Install PyMySQL python package
pip:
name: PyMySQL
- name: Create database user with name 'kuvia' and password 'kuvia!2020@geheim' with all database privileges
community.mysql.mysql_user:
name: kuvia
password: kuvia!2020@geheim
host: "%"
priv: 'kuvia.*:ALL'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Create a new database with name 'kuvia'
community.mysql.mysql_db:
name: kuvia
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Set Bindung for mysql
ansible.builtin.replace:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address\s*=.*$'
replace: 'bind-address = 0.0.0.0'
- name: Restart mysql
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: mysql
- hosts: web
tasks:
- name: Install nginx
apt:
name: nginx
state: present
- name: Install git
apt:
name: git
state: present
- name: Install php-fpm
apt:
name: php-fpm
state: present
- name: Install php-cli
apt:
name: php-cli
state: present
- name: Install php-simplexml
apt:
name: php-simplexml
state: present
- name: Install php-mbstring
apt:
name: php-mbstring
state: present
- name: Install php-gd
apt:
name: php-gd
state: present
- name: Install php-mysql
apt:
name: php-mysql
state: present
- name: Install unzip
apt:
name: unzip
state: present
- name: Install php-zip
apt:
name: php-zip
state: present
- name: Check that the /bin/composer exists
stat:
path: /bin/composer
register: stat_result
- name: Download foo.conf
get_url:
url: https://getcomposer.org/installer
dest: /tmp/composer-setup.php
mode: '0440'
when: not stat_result.stat.exists
- name: Execute the command in remote shell; stdout goes to the specified file on the remote
ansible.builtin.shell: php /tmp/composer-setup.php --install-dir=/bin --filename=composer
when: not stat_result.stat.exists
- name: Git checkout
git:
repo: 'https://git.keks.cloud/kekskurse/kuvia.git'
dest: /var/www/kuvia
update: yes
- name: Change file ownership, group and permissions
ansible.builtin.file:
path: /var/www/kuvia/storage
owner: www-data
group: www-data
recurse: yes
state: directory
- name: Download and installs all libs and dependencies outlined in the /var/www/kuvia
community.general.composer:
command: install
working_dir: /var/www/kuvia
environment:
- COMPOSER_ALLOW_SUPERUSER: 1
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: env.j2
dest: /var/www/kuvia/.env
owner: root
group: root
mode: '0644'
- name: Artisan migration
ansible.builtin.shell: php artisan migrate --force
args:
chdir: /var/www/kuvia
become: yes
become_user: www-data
tags:
- debug
- name: Allow all access to tcp port 80
community.general.ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow all access to tcp port 443
community.general.ufw:
rule: allow
port: '443'
proto: tcp
- name: Template a file to /etc/file.conf
ansible.builtin.template:
src: nginx.j2
dest: /etc/nginx/sites-available/kuvia
owner: root
group: root
mode: '0644'
- name: Create a symbolic link
ansible.builtin.file:
src: /etc/nginx/sites-available/kuvia
dest: /etc/nginx/sites-enabled/kuvia
state: link
- name: Restart nginx
ansible.builtin.systemd:
state: restarted
daemon_reload: no
name: nginx

View file

@ -10,7 +10,7 @@
<!-- Add photos --> <!-- Add photos -->
@foreach($images as $image) @foreach($images as $image)
<img class="imageToReplace" src="/{{ $tenant->url }}/{{ $gallery->url }}/{{ $image->id }}/file?size=small" src-big="/{{ $tenant->url }}/{{ $gallery->url }}/{{ $image->id }}/file?size=big" data-thumb="/{{ $tenant->url }}/{{ $gallery->url }}/{{ $image->id }}/file?size=small"> <img class="imageToReplace" src="/{{ $tenant->url }}/{{ $gallery->url }}/{{ $image->id }}/file?size=small" data-thumb="/{{ $tenant->url }}/{{ $gallery->url }}/{{ $image->id }}/file?size=small">
@endforeach @endforeach
</div> </div>
@ -34,13 +34,7 @@
<script src="/js/photor.min.js"></script> <!-- 5 KB in gzip --> <script src="/js/photor.min.js"></script> <!-- 5 KB in gzip -->
<script> <script>
$(document).ready(function() {
$(".imageToReplace").each(function () {
$(this).attr("src", $(this).attr("src-big"));
});
$('.photor').photor();
});
</script> </script>
</body> </body>