commit b34f00fbb8cc80062aa4316eb6b48b39618018f7 Author: phil Date: Thu Jan 4 07:37:47 2024 +0100 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..8be4cc2 --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +phpMyAdmin +========== + +This role installs phpMyAdmin. + +# Running the role + +Run the playbook with: +```Shell +ansible-playbook playbooks/phpmyadmin.yml +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..9e3ffb1 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +phpmyadmin_htpasswd_file: /etc/nginx/snippets/.htpasswd diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..9f07eaa --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: reload nginx + ansible.builtin.service: + name: nginx + state: reloaded + +- name: Get certificate + ansible.builtin.command: + cmd: dehydrated --cron -g diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..c21a509 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,9 @@ +galaxy_info: + author: foodcoops.net admins + description: Role to setup phpMyAdmin + license: GPLv3 + min_ansible_version: "2.9" + platforms: + - name: Debian + versions: + - bullseye diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..51b61ca --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Get PHP version + ansible.builtin.shell: + cmd: php -v | grep -Po '(?<=PHP )([0-9.]{3})' + register: php_version + changed_when: false + +- name: Install packages + ansible.builtin.import_tasks: packages.yml + tags: packages + +- name: Configure webserver + ansible.builtin.import_tasks: webserver.yml + tags: webserver diff --git a/tasks/packages.yml b/tasks/packages.yml new file mode 100644 index 0000000..bb346cd --- /dev/null +++ b/tasks/packages.yml @@ -0,0 +1,12 @@ +--- +- name: "Packages | Get installed packages" + ansible.builtin.package_facts: + manager: apt + +- name: "Packages | Install packages" + ansible.builtin.apt: + pkg: + - python3-passlib + - phpmyadmin + - php-fpm + cache_valid_time: 3600 diff --git a/tasks/webserver.yml b/tasks/webserver.yml new file mode 100644 index 0000000..8c5d653 --- /dev/null +++ b/tasks/webserver.yml @@ -0,0 +1,29 @@ +--- +- name: "Webserver | Add domain to certificate list" + ansible.builtin.lineinfile: + path: /etc/dehydrated/domains.txt + line: "{{ phpmyadmin_domain }}" + when: "'dehydrated' in ansible_facts.packages" + notify: Get certificate + +- name: "Webserver | Create htpasswd file" + community.general.htpasswd: + path: "{{ phpmyadmin_htpasswd_file }}" + name: "foodcoops.net" + password: "{{ vault_phpmyadmin_password }}" + owner: root + group: www-data + mode: 0640 + +- name: "Webserver | Copy Nginx configuration" + ansible.builtin.template: + src: nginx.conf + dest: "/etc/nginx/sites-available/{{ phpmyadmin_domain }}" + mode: 0644 + +- name: "Webserver | Enable Nginx configuration" + ansible.builtin.file: + src: "/etc/nginx/sites-available/{{ phpmyadmin_domain }}" + dest: "/etc/nginx/sites-enabled/{{ phpmyadmin_domain }}" + state: link + notify: reload nginx diff --git a/templates/nginx.conf b/templates/nginx.conf new file mode 100644 index 0000000..5016953 --- /dev/null +++ b/templates/nginx.conf @@ -0,0 +1,32 @@ +server { + listen 80; + server_name {{ phpmyadmin_domain }}; + include snippets/letsencrypt.conf; + location / { return 301 https://$http_host$request_uri; } +} + +server { + listen 443 ssl http2; + server_name {{ phpmyadmin_domain }}; + ssl_certificate /var/lib/dehydrated/certs/{{ phpmyadmin_domain }}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/{{ phpmyadmin_domain }}/privkey.pem; + include /etc/nginx/snippets/add_headers.conf; + + auth_basic "Restricted Access Only"; + auth_basic_user_file {{ phpmyadmin_htpasswd_file }}; + + root /usr/share/phpmyadmin; + index index.php index.html index.htm; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass unix:/run/php/php{{ php_version.stdout }}-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ \.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ { + root /usr/share/phpmyadmin; + } +} \ No newline at end of file