---
- name: httpd installation & preparation
hosts: nextcloud
become: true
tasks:
- name: httpd installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- httpd
- mod_ssl
- name: firewalld - http service enable
ansible.builtin.firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- name: firewalld - https service enable
ansible.builtin.firewalld:
service: https
permanent: yes
immediate: yes
state: enabled
- name: sites-available directory create
ansible.builtin.file:
path: /etc/httpd/sites-available
state: directory
mode: '0755'
- name: sites-enabled directory create
ansible.builtin.file:
path: /etc/httpd/sites-enabled
state: directory
mode: '0755'
- name: sites-enabled add to the httpd configuration
ansible.builtin.lineinfile:
dest: /etc/httpd/conf/httpd.conf
insertafter: EOF
line: 'Include /etc/httpd/sites-enabled'
state: present
- name: httpd service enable
ansible.builtin.systemd:
name: httpd
enabled: true
- name: httpd service start
ansible.builtin.systemd:
name: httpd
state: started
- name: fail2ban installation & configuration
hosts: nextcloud
become: true
tasks:
- name: fail2ban installation
ansible.builtin.dnf:
name: fail2ban
state: latest
- name: fail2ban configuration
ansible.builtin.copy:
src: /etc/ansible/templates/fail2ban/sshd.local
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
mode: "0644"
backup: true
- name: fail2ban httpd configuration
ansible.builtin.copy:
src: /etc/ansible/templates/fail2ban/httpd.local
dest: /etc/fail2ban/jail.d/httpd.local
owner: root
group: root
mode: "0644"
backup: true
- name: fail2ban service enable
ansible.builtin.systemd:
name: fail2ban
enabled: true
- name: fail2ban service restart
ansible.builtin.systemd:
name: fail2ban
state: restarted
- name: php 8 installation & configuration
hosts: nextcloud
become: true
tasks:
- name: php 8 installation
ansible.builtin.dnf:
name: 'php'
state: present
- name: php 8 installation & configuration
hosts: nextcloud
become: true
tasks:
- name: php 8 installation
ansible.builtin.dnf:
name: 'php'
state: present
- name: php required modules installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- php-cli
- php-gd
- php-imagick
- php-intl
- php-json
- php-mbstring
- php-mysqlnd
- php-opcache
- php-pecl-apcu
- php-process
- php-redis
- php-zip
- name: php post_max_size 512M set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^post_max_size ="
line: "post_max_size = 512M"
state: present
- name: php upload_max_filesize 512M set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^upload_max_filesize ="
line: "upload_max_filesize = 512M"
state: present
- name: php max_input_vars 5000 set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^;max_input_vars = 1000"
line: "max_input_vars = 5000"
state: present
- name: php memory_limit 1024 set
ansible.builtin.lineinfile:
path: /etc/php.ini
regexp: "^memory_limit"
line: "memory_limit = 1024"
state: present
- name: httpd service restart
ansible.builtin.systemd:
name: httpd
state: restarted
- name: redis installation
hosts: nextcloud
become: true
tasks:
- name: redis installation
ansible.builtin.dnf:
name: redis
state: latest
- name: redis service enable
ansible.builtin.systemd:
name: redis.service
enabled: true
- name: redis service start
ansible.builtin.systemd:
name: redis.service
state: started
- name: mariadb installation & configuration
hosts: nextcloud
become: true
tasks:
- name: mariadb 10.11 repository add
ansible.builtin.copy:
src: /etc/ansible/templates/yum.repos.d/mariadb.repo
dest: /etc/yum.repos.d/mariadb.repo
owner: root
group: root
mode: "0644"
- name: autoremove unneeded packages installed as dependencies
ansible.builtin.dnf:
autoremove: yes
- name: update packages
ansible.builtin.dnf:
name: "*"
state: latest
- name: mariadb installation
ansible.builtin.dnf:
name: mariadb-server
state: latest
- name: python3-PyMySQL installation
ansible.builtin.dnf:
name: python3-PyMySQL
state: present
- name: mariadb service enable
ansible.builtin.systemd:
name: mariadb
enabled: true
- name: mariadb service start
ansible.builtin.systemd:
name: mariadb
state: started
- name: mariadb secure installation
hosts: nextcloud
become: true
tasks:
- name: my.cnf file set
ansible.builtin.template:
src: "/etc/ansible/templates/mariadb/my.cnf.j2"
dest: "~/.my.cnf"
owner: root
group: root
mode: "0600"
- name: root password set
community.mysql.mysql_user:
login_user: "root"
login_password: "{{ mariadb_root_password }}"
user: root
check_implicit_admin: true
password: "{{ mariadb_root_password }}"
host: localhost
- name: anonymous user account for localhost delete
community.mysql.mysql_user:
login_host: "localhost"
login_user: "root"
login_password: "{{ mariadb_root_password }}"
check_implicit_admin: true
name: ''
host: localhost
state: absent
- name: all anonymous user accounts delete
community.mysql.mysql_user:
login_host: "localhost"
login_user: "root"
login_password: "{{ mariadb_root_password }}"
check_implicit_admin: true
name: ''
host_all: true
state: absent
- name: test database delete
community.mysql.mysql_db:
login_host: "localhost"
login_user: "root"
login_password: "{{ mariadb_root_password }}"
check_implicit_admin: true
name: test
state: absent
- name: nextcloud installation & configuration
hosts: nextcloud
become: true
vars:
- dns_hostname: cloud
- dns_domain: krolaki.eu
- mariadb_database_password: veryStrongPassword
tasks:
- name: ssl certificate to the target server copy
ansible.builtin.copy:
src: "/etc/pki/tls/certs/{{ dns_hostname }}-{{ dns_domain }}.crt"
dest: "/etc/pki/tls/certs/{{ dns_hostname }}-{{ dns_domain }}.crt"
owner: root
group: root
mode: "0644"
- name: ssl key to the target server copy
ansible.builtin.copy:
src: "/etc/pki/tls/private/{{ dns_hostname }}-{{ dns_domain }}.key"
dest: "/etc/pki/tls/private/{{ dns_hostname }}-{{ dns_domain }}.key"
owner: root
group: root
mode: "0644"
- name: vhost configuration
ansible.builtin.template:
src: /etc/ansible/templates/httpd/sites-available/template.conf.j2
dest: /etc/httpd/sites-available/{{ dns_hostname }}.conf
- name: vhost enable
ansible.builtin.file:
src: /etc/httpd/sites-available/{{ dns_hostname }}.conf
dest: /etc/httpd/sites-enabled/{{ dns_hostname }}.conf
owner: root
group: root
state: link
- name: nextcloud download
ansible.builtin.unarchive:
src: "https://download.nextcloud.com/server/releases/latest.zip"
dest: /var/www/html/
remote_src: yes
owner: apache
group: apache
mode: "755"
- name: nextcloud directory create
ansible.builtin.file:
path: /var/www/html/{{ dns_hostname }}
state: directory
owner: apache
group: apache
mode: "755"
- name: nextcloud data directory create
ansible.builtin.file:
path: /var/www/html/{{ dns_hostname }}/data
state: directory
owner: apache
group: apache
mode: "755"
- name: nextcloud files copy
ansible.builtin.copy:
src: /var/www/html/nextcloud/
dest: /var/www/html/{{ dns_hostname }}
remote_src: yes
owner: apache
group: apache
mode: "755"
- name: nextcloud directory delete
ansible.builtin.file:
path: /var/www/html/nextcloud
state: absent
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/data(/.*)?'
setype: httpd_sys_rw_content_t
state: present
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/config(/.*)?'
setype: httpd_sys_rw_content_t
state: present
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/apps(/.*)?'
setype: httpd_sys_rw_content_t
state: present
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/.htaccess'
setype: httpd_sys_rw_content_t
state: present
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/.user.ini'
setype: httpd_sys_rw_content_t
state: present
- name: httpd_sys_rw_content_t dir selinux context set
community.general.sefcontext:
target: '/var/www/html/{{ dns_hostname }}/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
setype: httpd_sys_rw_content_t
state: present
- name: selinux file context set
ansible.builtin.command: restorecon -R '/var/www/html/{{ dns_hostname }}'
- name: httpd_can_network_connect flag set
ansible.posix.seboolean:
name: httpd_can_network_connect
state: true
persistent: true
- name: selinux load module
ansible.builtin.shell: "{{ item }}"
loop:
- ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
- semodule -X 300 -i my-phpfpm.pp
- name: database create
community.mysql.mysql_db:
login_host: "localhost"
login_user: "root"
login_password: "{{ mariadb_root_password }}"
name: "{{ dns_hostname }}"
state: present
- name: database user create
community.mysql.mysql_user:
login_host: "localhost"
login_user: "root"
login_password: "{{ mariadb_root_password }}"
name: "{{ dns_hostname }}"
password: "{{ mariadb_database_password }}"
priv: "{{ dns_hostname }}.*:ALL"
state: present
- name: httpd service restart
ansible.builtin.systemd:
name: httpd
state: restarted
...