-
Notifications
You must be signed in to change notification settings - Fork 10
/
localvm.yml
163 lines (162 loc) · 5.69 KB
/
localvm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# file: localvm.yml
- hosts: ninja
user: "{{ user }}"
become: yes
become_user: root
become_method: sudo
gather_facts: yes
vars_files:
- vars/vars.yml
pre_tasks:
- name: Verify Ansible meets the installers version requirements.
assert:
that: "ansible_version.full | version_compare('2.5', '>=')"
msg: >
"You must update Ansible to at least 2.5 to use this version of the installer."
- name: apt-get clean
shell: apt-get clean
- name: Set firewall default policy
ufw: state=enabled policy=reject
- name: Allow ssh on port 22
ufw: rule=allow port=22
- name: Allow traffic to hit port 80
ufw: rule=allow port=80
- name: Allow traffic to hit port 443
ufw: rule=allow port=443
roles:
- basic
- php
- mariadb
- role: jdauphant.nginx
nginx_user: "www-data"
nginx_http_params:
- client_max_body_size 30M
nginx_events_params:
# - worker_processes 2
- worker_connections 1024
- multi_accept on
nginx_sites:
default:
- listen [::]:80
- server_name {{ server_name }}
- root /srv/www/invoiceninja.com/public
- index index.html
- role: stackbuilders.certbot
tags: ssl
certbot_domains: "{{ server_name }}"
certbot_email: "{{ letsencrypt_email }}"
- role: jdauphant.nginx
tags: ssl
nginx_user: "www-data"
nginx_sites:
default:
- listen 80
- server_name {{ server_name }}
- rewrite ^ https://$server_name$request_uri? permanent
- if ($scheme = http) { return 301 https://$server_name$request_uri; }
invoiceninja:
- listen 443 ssl
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2
- ssl_ciphers HIGH:!aNULL:!MD5
- server_name {{ server_name }}
- ssl_certificate /etc/nginx/ssl/{{ server_name }}/fullchain.pem
- ssl_certificate_key /etc/nginx/ssl/{{ server_name }}/privkey.pem
- root /srv/www/invoiceninja.com/public
#- access_log /srv/www/invoiceninja.com/logs/invoice.ninja.access.log
#- error_log /srv/www/invoiceninja.com/logs/invoice.ninja.error.log
- index index.php index.html index.htm
- location / { try_files $uri $uri/ =404; }
- if (!-e $request_filename) { rewrite ^(.+)$ /index.php?q=$1 last; }
- location ~* /logo/.*\.php$ { return 503; }
- |
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
- location ~ /\.ht { deny all; }
- role: logrotate
logrotate_scripts:
- name: nginx
path: /var/log/nginx/*.log
options:
- daily
- rotate 7
- missingok
- compress
- delaycompress
- copytruncate
scripts:
postrotate: "[ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid`"
- role: logrotate
logrotate_scripts:
- name: invoice-ninja
path: /srv/www/invoiceninja.com/logs/*.log
options:
- daily
- rotate 7
- missingok
- compress
- delaycompress
- copytruncate
scripts:
postrotate: "[ -s /run/nginx.pid ] && kill -USR1 `cat /run/nginx.pid`"
- role: logrotate
logrotate_scripts:
- name: var-log
path: /var/log/*.log
options:
- daily
- rotate 7
- missingok
- compress
- delaycompress
- copytruncate
post_tasks:
- name: Modify PHP.INI - set memory limit
lineinfile: dest=/etc/php/7.1/fpm/php.ini regexp='(.*)memory_limit =' line='memory_limit = 256M'
- name: Modify PHP.INI - set POST FILE LIMIT SIZE
lineinfile: dest=/etc/php/7.1/fpm/php.ini regexp='(.*)post_max_size =' line='post_max_size = 30M'
- name: Modify PHP pool variable - slowlog
lineinfile: dest=/etc/php/7.1/fpm/pool.d/www.conf regexp='(.*);slowlog = log/$pool.log.slow' line='slowlog = /var/log/$pool-php-slow.log'
- name: Modify PHP pool variable - slowlog enable
lineinfile: dest=/etc/php/7.1/fpm/pool.d/www.conf regexp='(.*);request_slowlog_timeout = 0' line='request_slowlog_timeout = 5s'
- name: Clone Invoice Ninja Repo
git: >
dest=/srv/www/invoiceninja.com
repo=https://github.com/invoiceninja/invoiceninja.git
update=yes
version={{ git_branch }}
- name: Create Root Path for web directory
file: path=/srv/www/invoiceninja.com/logs state=directory
- name: Create Access log
copy:
content: ""
dest: /srv/www/invoiceninja.com/logs/invoice.ninja.access.log
force: no
group: www-data
owner: www-data
mode: 664
- name: Create Error log
copy:
content: ""
dest: /srv/www/invoiceninja.com/logs/invoice.ninja.error.log
force: no
group: www-data
owner: www-data
mode: 664
- name: Run composer install
composer:
command: install
working_dir: /srv/www/invoiceninja.com
- name: set www-data as owner of storage/
file: dest=/srv/www/invoiceninja.com/storage owner=www-data group=www-data recurse=yes
- name: set www-data as owner of invoiceninja.com/
file: dest=/srv/www/invoiceninja.com owner=www-data group=www-data recurse=yes
- name: set www-data as owner of vendor/
file: dest=/srv/www/invoiceninja.com/vendor owner=www-data group=www-data recurse=yes mode=0775
- name: set www-data as owner of bootstrap/
file: dest=/srv/www/invoiceninja.com/bootstrap owner=www-data group=www-data recurse=yes mode=0775
- name: restart nginx
service: name=nginx state=restarted
- name: restart php
service: name=php7.1-fpm state=restarted