Updates
This commit is contained in:
parent
b34f00fbb8
commit
6dc11ec24e
12 changed files with 162 additions and 80 deletions
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
.fact_cache
|
||||||
|
.vault_pass
|
||||||
|
ansible.log
|
||||||
|
galaxy/
|
||||||
|
.vscode/
|
22
README.md
22
README.md
|
@ -3,6 +3,28 @@ phpMyAdmin
|
||||||
|
|
||||||
This role installs phpMyAdmin.
|
This role installs phpMyAdmin.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
| Name | Note | Default |
|
||||||
|
|--|--|--|
|
||||||
|
| `phpmyadmin_user` | System user to create | `pma`
|
||||||
|
| `phpmyadmin_hosts` | Array with hosts to connect to | *optional* |
|
||||||
|
| `phpmyadmin_hosts.name` | Hostname of database host | * optional* |
|
||||||
|
| `phpmyadmin_host.address` | IP address of database host | *optional* |
|
||||||
|
|
||||||
|
## Playbook
|
||||||
|
|
||||||
|
This role depends on [ansible-role-php](https://git.systemausfall.org/senselab/ansible-role-php):
|
||||||
|
```Shell
|
||||||
|
---
|
||||||
|
- name: Install phpMyAdmin
|
||||||
|
hosts:
|
||||||
|
- myhost
|
||||||
|
roles:
|
||||||
|
- role: senselab.php
|
||||||
|
- role: senselab.phpmyadmin
|
||||||
|
````
|
||||||
|
|
||||||
# Running the role
|
# Running the role
|
||||||
|
|
||||||
Run the playbook with:
|
Run the playbook with:
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
---
|
---
|
||||||
phpmyadmin_htpasswd_file: /etc/nginx/snippets/.htpasswd
|
phpmyadmin_user: pma
|
||||||
|
|
|
@ -1,9 +1,24 @@
|
||||||
---
|
---
|
||||||
- name: reload nginx
|
- name: Stop php-fpm-socket
|
||||||
ansible.builtin.service:
|
ansible.builtin.systemd:
|
||||||
name: nginx
|
name: "php-fpm@{{ phpmyadmin_user }}.socket"
|
||||||
state: reloaded
|
state: stopped
|
||||||
|
|
||||||
- name: Get certificate
|
- name: Stop php-fpm-service
|
||||||
ansible.builtin.command:
|
ansible.builtin.systemd:
|
||||||
cmd: dehydrated --cron -g
|
name: "php-fpm@{{ phpmyadmin_user }}.service"
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: Start php-fpm-socket
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "php-fpm@{{ phpmyadmin_user }}.socket"
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: Start php-fpm-service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "php-fpm@{{ phpmyadmin_user }}.service"
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
daemon_reload: true
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: foodcoops.net admins
|
author: Sense.Lab e.V. admins
|
||||||
description: Role to setup phpMyAdmin
|
description: Role to setup phpMyAdmin
|
||||||
license: GPLv3
|
license: GPLv3
|
||||||
min_ansible_version: "2.9"
|
min_ansible_version: "2.9"
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- bullseye
|
- bookworm
|
||||||
|
|
|
@ -1,14 +1,19 @@
|
||||||
---
|
---
|
||||||
- name: Get PHP version
|
- name: Configure PHP
|
||||||
ansible.builtin.shell:
|
ansible.builtin.import_tasks: phpfpm.yml
|
||||||
cmd: php -v | grep -Po '(?<=PHP )([0-9.]{3})'
|
tags: phpfpm
|
||||||
register: php_version
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
ansible.builtin.import_tasks: packages.yml
|
ansible.builtin.import_tasks: packages.yml
|
||||||
tags: packages
|
tags: packages
|
||||||
|
|
||||||
- name: Configure webserver
|
- name: Copy configuration
|
||||||
ansible.builtin.import_tasks: webserver.yml
|
ansible.builtin.template:
|
||||||
tags: webserver
|
src: pma.php.j2
|
||||||
|
dest: "/etc/phpmyadmin/conf.d/{{ inventory_hostname }}.php"
|
||||||
|
mode: "0644"
|
||||||
|
notify:
|
||||||
|
- stop php-fpm-socket
|
||||||
|
- stop php-fpm-service
|
||||||
|
- start php-fpm-socket
|
||||||
|
- start php-fpm-service
|
||||||
|
|
|
@ -8,5 +8,4 @@
|
||||||
pkg:
|
pkg:
|
||||||
- python3-passlib
|
- python3-passlib
|
||||||
- phpmyadmin
|
- phpmyadmin
|
||||||
- php-fpm
|
|
||||||
cache_valid_time: 3600
|
cache_valid_time: 3600
|
||||||
|
|
50
tasks/phpfpm.yml
Normal file
50
tasks/phpfpm.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
- name: "PHPFPM | Create user"
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ phpmyadmin_user }}"
|
||||||
|
shell: /bin/false
|
||||||
|
create_home: false
|
||||||
|
password_lock: true
|
||||||
|
|
||||||
|
- name: "PHPFPM | Add www-data to user group"
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: www-data
|
||||||
|
groups: "{{ phpmyadmin_user }}"
|
||||||
|
append: true
|
||||||
|
|
||||||
|
- name: "PHPFPM | Create log file"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ php_fpm_log_dir }}/{{ phpmyadmin_user }}.log"
|
||||||
|
state: touch
|
||||||
|
mode: "0644"
|
||||||
|
owner: "{{ phpmyadmin_user }}"
|
||||||
|
group: "{{ phpmyadmin_user }}"
|
||||||
|
access_time: preserve
|
||||||
|
modification_time: preserve
|
||||||
|
|
||||||
|
- name: "PHPFPM | Create pool"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: fpmpool.j2
|
||||||
|
dest: "{{ php_fpm_pool_dir }}/{{ phpmyadmin_user }}.cfg"
|
||||||
|
mode: "0644"
|
||||||
|
notify:
|
||||||
|
- stop php-fpm-socket
|
||||||
|
- stop php-fpm-service
|
||||||
|
- start php-fpm-socket
|
||||||
|
|
||||||
|
- name: "PHPFPM | Create override directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/etc/systemd/system/php-fpm@{{ phpmyadmin_user }}.service.d"
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: "PHPFPM | Copy override file"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: override.conf.j2
|
||||||
|
dest: "/etc/systemd/system/php-fpm@{{ phpmyadmin_user }}.service.d/override.conf"
|
||||||
|
mode: "0644"
|
||||||
|
notify:
|
||||||
|
- stop php-fpm-socket
|
||||||
|
- stop php-fpm-service
|
||||||
|
- start php-fpm-socket
|
||||||
|
- start php-fpm-service
|
|
@ -1,29 +0,0 @@
|
||||||
---
|
|
||||||
- name: "Webserver | Add domain to certificate list"
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
path: /etc/dehydrated/domains.txt
|
|
||||||
line: "{{ phpmyadmin_domain }}"
|
|
||||||
when: "'dehydrated' in ansible_facts.packages"
|
|
||||||
notify: Get certificate
|
|
||||||
|
|
||||||
- name: "Webserver | Create htpasswd file"
|
|
||||||
community.general.htpasswd:
|
|
||||||
path: "{{ phpmyadmin_htpasswd_file }}"
|
|
||||||
name: "foodcoops.net"
|
|
||||||
password: "{{ vault_phpmyadmin_password }}"
|
|
||||||
owner: root
|
|
||||||
group: www-data
|
|
||||||
mode: 0640
|
|
||||||
|
|
||||||
- name: "Webserver | Copy Nginx configuration"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: nginx.conf
|
|
||||||
dest: "/etc/nginx/sites-available/{{ phpmyadmin_domain }}"
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: "Webserver | Enable Nginx configuration"
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: "/etc/nginx/sites-available/{{ phpmyadmin_domain }}"
|
|
||||||
dest: "/etc/nginx/sites-enabled/{{ phpmyadmin_domain }}"
|
|
||||||
state: link
|
|
||||||
notify: reload nginx
|
|
23
templates/fpmpool.j2
Normal file
23
templates/fpmpool.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
[global]
|
||||||
|
error_log = ${FPM_ERROR_LOG}
|
||||||
|
|
||||||
|
[{{ phpmyadmin_user }}]
|
||||||
|
listen = ${FPM_SOCKET_PATH}
|
||||||
|
pm = ondemand
|
||||||
|
pm.max_children = 10
|
||||||
|
pm.process_idle_timeout = 10s
|
||||||
|
pm.max_requests = 200
|
||||||
|
pm.status_path = /status
|
||||||
|
chdir = /
|
||||||
|
clear_env = no
|
||||||
|
security.limit_extensions = .php .php3 .php4 .php5
|
||||||
|
php_admin_value[cgi.fix_pathinfo] = 0
|
||||||
|
php_admin_value[opcache.enable] = 1
|
||||||
|
php_admin_value[opcache.validate_permission] = 1
|
||||||
|
php_admin_value[opcache.validate_root] = 1
|
||||||
|
php_admin_value[session.cookie_samesite] = Lax
|
||||||
|
php_admin_value[openssl.capath] = /etc/ssl/certs
|
||||||
|
php_flag[display_errors] = off
|
||||||
|
php_admin_flag[log_errors] = on
|
||||||
|
php_admin_value[memory_limit] = 256M
|
||||||
|
php_admin_value[disable_functions] = mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_exec,passthru,system,proc_get_status,proc_close,proc_nice,proc_terminate,proc_open,curl_ini,parse_ini_file,show_source,dl,symlink,system_exec,exec,shell_exec,phpinfo
|
|
@ -1,32 +0,0 @@
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name {{ phpmyadmin_domain }};
|
|
||||||
include snippets/letsencrypt.conf;
|
|
||||||
location / { return 301 https://$http_host$request_uri; }
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
server_name {{ phpmyadmin_domain }};
|
|
||||||
ssl_certificate /var/lib/dehydrated/certs/{{ phpmyadmin_domain }}/fullchain.pem;
|
|
||||||
ssl_certificate_key /var/lib/dehydrated/certs/{{ phpmyadmin_domain }}/privkey.pem;
|
|
||||||
include /etc/nginx/snippets/add_headers.conf;
|
|
||||||
|
|
||||||
auth_basic "Restricted Access Only";
|
|
||||||
auth_basic_user_file {{ phpmyadmin_htpasswd_file }};
|
|
||||||
|
|
||||||
root /usr/share/phpmyadmin;
|
|
||||||
index index.php index.html index.htm;
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
try_files $uri =404;
|
|
||||||
fastcgi_pass unix:/run/php/php{{ php_version.stdout }}-fpm.sock;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
include /etc/nginx/fastcgi_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
|
|
||||||
root /usr/share/phpmyadmin;
|
|
||||||
}
|
|
||||||
}
|
|
24
templates/pma.php.j2
Normal file
24
templates/pma.php.j2
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
<?php
|
||||||
|
$cfg['ForceSSL'] = true;
|
||||||
|
|
||||||
|
{% if phpmyadmin_hosts is defined %}
|
||||||
|
$i = 0;
|
||||||
|
$hosts = array (
|
||||||
|
{% for host in phpmyadmin_hosts %}
|
||||||
|
"{{ host.name }}" => "{{ host.address }}",
|
||||||
|
{% endfor %}
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach ($hosts as $verbose => $host) {
|
||||||
|
$i++;
|
||||||
|
$cfg['Servers'][$i]['verbose'] = $verbose;
|
||||||
|
$cfg['Servers'][$i]['host'] = $host;
|
||||||
|
$cfg['Servers'][$i]['port'] = '3306';
|
||||||
|
$cfg['Servers'][$i]['connect_type'] = 'tcp';
|
||||||
|
$cfg['Servers'][$i]['extension'] = 'mysqli';
|
||||||
|
$cfg['Servers'][$i]['compress'] = FALSE;
|
||||||
|
$cfg['Servers'][$i]['auth_type'] = 'cookie';
|
||||||
|
}
|
||||||
|
{% endif %}
|
Loading…
Reference in a new issue