diff --git a/.gitignore b/.gitignore index 2213c5e..fb9023b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ environments +*.log .playbook .vagrant .vscode diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..050960b --- /dev/null +++ b/Makefile @@ -0,0 +1,9 @@ +all: vagrant + +vagrant: + vagrant up --no-destroy-on-error --no-color | tee ./vagrantup.log + ./forward-ssh.sh + +clean: + vagrant destroy -f --no-color + rm -rf .vagrant ./*.log diff --git a/README.md b/README.md index 16718bf..7055862 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,19 @@ # Free I.T. Athen's Infrastructure This project is used to develop Ansible for deploying and maintaining websites -and services operated by Free I.T. Athens. +and services operated by Free I.T. Athens (FRITA). -- Requires Ansible and Vagrant on the host +- Requires GNU Make, Ansible, and Vagrant on the host ## Quick Start 1. Clone this project -2. Run `vagrant up` to provision a Debian 11 base box +2. Run `make` to provision a Debian 11 base box +3. Go to + - [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/) + - [WordPress](https://www.local.freeitathens.org) +4. Click through the HTTPS security warning ## Authors -* **Kris Lamoureux** - *Project Founder* - @[krislamo](https://github.com/krislamo) +* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo) ## Copyrights and Licenses Copyright (C) 2019, 2020, 2022 Free I.T. Athens diff --git a/dev/vars/webserver.yml b/dev/vars/webserver.yml index 67b1fc7..a296048 100644 --- a/dev/vars/webserver.yml +++ b/dev/vars/webserver.yml @@ -1,5 +1,41 @@ +############### +### Secrets ### +############### +secret: + WORDPRESS_DB_PASSWORD: WPpa55w0rd! + +############## +### Docker ### +############## docker_users: - vagrant -webserver_env: - TRAEFIK_DOMAIN: traefik.example.org +################ +#### MariaDB ### +################ +databases: + - name: wordpress + pass: "{{ secret.WORDPRESS_DB_PASSWORD }}" + +####################### +### Webserver Stack ### +####################### +webserver: + ############### + ### Traefik ### + ############### + #TRAEFIK_VERSION: latest + #TRAEFIK_DOMAIN: traefik.local.freeitathens.org + #TRAEFIK_DASHBOARD: true + #TRAEFIK_EXPOSED_DEFAULT: false + TRAEFIK_DEBUG: true + + ################# + ### WordPress ### + ################# + #WORDPRESS_VERSION: latest + #WORDPRESS_DOMAIN: www.local.freeitathens.org + #WORDPRESS_DB_HOST: host.docker.internal + #WORDPRESS_DB_NAME: wordpress + #WORDPRESS_DB_USER: wordpress + WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}" diff --git a/forward-ssh.sh b/forward-ssh.sh new file mode 100755 index 0000000..459096d --- /dev/null +++ b/forward-ssh.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Finds the SSH private key under ./.vagrant and connects to +# the Vagrant box port forwarding localhost ports: 8443, 80, 443 +PRIVATE_KEY="$(find .vagrant -name "private_key")" +HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)" + +if [ "$(pgrep -afc "$PRIVATE_KEY")" -eq 0 ]; then + set -x + sudo ssh -fNT -i "$PRIVATE_KEY" \ + -L 8443:localhost:8443 \ + -L 80:localhost:80 \ + -L 443:localhost:443 \ + -o UserKnownHostsFile=/dev/null \ + -o StrictHostKeyChecking=no \ + vagrant@"${HOST_IP::-1}" 2>/dev/null + set +x +else + echo "ERROR: SSH process already running" + pgrep -af "$PRIVATE_KEY" + echo -e "\nKill process:\n\tsudo kill -9 \"\$(pgrep -f \"$PRIVATE_KEY\")\"" + exit 1 +fi diff --git a/roles/webserver/files/docker-compose.yml b/roles/webserver/files/docker-compose.yml index d927b20..855f95e 100644 --- a/roles/webserver/files/docker-compose.yml +++ b/roles/webserver/files/docker-compose.yml @@ -1,5 +1,8 @@ version: '3.5' +volumes: + wordpress: + networks: traefik: name: traefik @@ -7,10 +10,12 @@ networks: services: traefik: image: traefik:${TRAEFIK_VERSION:-latest} + restart: always command: - --api.dashboard=${TRAEFIK_DASHBOARD:-true} - --api.debug=${TRAEFIK_DEBUG:-false} - --providers.docker=true + - --providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_DEFAULT:-false} - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https @@ -28,5 +33,25 @@ services: traefik.http.routers.api.entrypoints: local traefik.http.routers.api.service: api@internal traefik.http.routers.api.tls: true + traefik.enable: true networks: - traefik + + wordpress: + image: wordpress:${WORDPRESS_VERSION:-latest} + restart: always + environment: + WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST:-host.docker.internal} + WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME-wordpress} + WORDPRESS_DB_USER: ${WORDPRESS_DB_USER:-wordpress} + WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD} + labels: + traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`) + traefik.http.routers.wordpress.entrypoints: websecure + traefik.http.routers.wordpress.tls.certresolver: letsencrypt + traefik.docker.network: traefik + traefik.enable: true + volumes: + - wordpress:/var/www/html + extra_hosts: + - host.docker.internal:host-gateway diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml index d8263e4..5cf1bb8 100644 --- a/roles/webserver/tasks/main.yml +++ b/roles/webserver/tasks/main.yml @@ -3,6 +3,29 @@ name: mariadb-server state: present +- name: Install MySQL Support for Python 3 + ansible.builtin.apt: + name: python3-pymysql + state: present + +- name: Create MariaDB databases + community.mysql.mysql_db: + name: "{{ item.name }}" + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + loop: "{{ databases }}" + no_log: "{{ item.pass is defined }}" + +- name: Create MariaDB users + community.mysql.mysql_user: + name: "{{ item.name }}" + password: "{{ item.pass }}" + priv: "{{ item.name }}.*:ALL,GRANT" + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + loop: "{{ databases }}" + no_log: "{{ item.pass is defined }}" + - name: Create webserver docker-compose directory ansible.builtin.file: path: "{{ webserver_root }}" diff --git a/roles/webserver/templates/compose-env.j2 b/roles/webserver/templates/compose-env.j2 index f536af2..34bb576 100644 --- a/roles/webserver/templates/compose-env.j2 +++ b/roles/webserver/templates/compose-env.j2 @@ -1,4 +1,4 @@ # {{ ansible_managed }} -{% for key, value in webserver_env.items() %} +{% for key, value in webserver.items() %} {{ key }}={{ value }} {% endfor %}