Semi-installation

.gitignore

@@ -1,5 +1,8 @@
-environments
+# Vagrant files
-*.log
-.playbook
 .vagrant
-.vscode
+
+# Unneeded ansible file
+*.retry
+
+# Custom environments
+/environments/

Makefile

@@ -1,9 +0,0 @@
-all: vagrant
-
-vagrant:
-	vagrant up --no-destroy-on-error --no-color | tee ./vagrantup.log
-	./forward-ssh.sh
-
-clean:
-	vagrant destroy -f --no-color
-	rm -rf .vagrant ./*.log

README.md

@@ -1,30 +1,22 @@
-# Free I.T. Athen's Infrastructure
+# Free I.T. Athen’s Infrastructure
-This project is used to develop Ansible for deploying and maintaining websites
+Ansible code used to deploy and maintain websites and services used by Free I.T. Athens.
-and services operated by Free I.T. Athens (FRITA).
 
-- Requires GNU Make, Ansible, and Vagrant on the host
+## Getting Started
+frita-infra is developed in Ansible 2.7.5 using Vagrant 2.2.2 + vagrant-libvirt as a test environment.
 
-## Quick Start
+Check it out by simply typing: `vagrant up`
-1. Clone this project
+
-2. Run `make` to provision a Debian 11 base box
+## Versioning
-3. Go to
+We use [SemVer](http://semver.org/) for versioning. For the versions available, see the tags on this repository. 
-    - [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/)
-    - [WordPress](https://www.local.freeitathens.org)
-4. Click through the HTTPS security warning
 
 ## Authors
-* **Kris Lamoureux** - *Project Founder* - [@krislamo](https://github.com/krislamo)
+* **Kris Lamoureux** - *Project Founder* - [krislamo](https://github.com/krislamo)
 
 ## Copyrights and Licenses
-Copyright (C) 2019, 2020, 2022  Free I.T. Athens
+Copyright (C) 2019  Free I.T. Athens
 
-This program is free software: you can redistribute it and/or modify it under
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
-the terms of the GNU General Public License as published by the Free Software
-Foundation, version 3 of the License.
 
-This program is distributed in the hope that it will be useful, but WITHOUT
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-You should have received a copy of the GNU General Public License along with
+You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
-this program. If not, see <https://www.gnu.org/licenses/>.

Vagrantfile

@@ -1,24 +1,28 @@
+# Copyright (C) 2019  Free I.T. Athens
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 # vi: set ft=ruby :
 
-# Set PLAYBOOK shell var for ./dev/playbook.yml
-PLAYBOOK=ENV["PLAYBOOK"]
-if !PLAYBOOK
-  if File.exist?('.playbook')
-    PLAYBOOK = IO.read('.playbook').split("\n")[0]
-  end
-
-  if !PLAYBOOK || PLAYBOOK.empty?
-    PLAYBOOK = "webserver"
-  end
-else
-  File.write(".playbook", PLAYBOOK)
-end
-
-# Debian 11
 Vagrant.configure("2") do |config|
-  config.vm.box = "debian/bullseye64"
+
+  # Debian Stable box
+  config.vm.box = "debian/stretch64"
   config.vm.synced_folder ".", "/vagrant", disabled: true
-  config.vm.network "private_network", type: "dhcp"
+
+  # Set static IP
+  config.vm.network "private_network", ip: "192.168.121.2"
 
   # Machine Name
   config.vm.define :frita do |frita| #
@@ -31,9 +35,9 @@ Vagrant.configure("2") do |config|
 
   # Provision with Ansible
   config.vm.provision "ansible" do |ansible|
-    ENV['ANSIBLE_ROLES_PATH'] = File.dirname(__FILE__) + "/roles"
     ansible.compatibility_mode = "2.0"
-    ansible.playbook = "dev/" + PLAYBOOK + ".yml"
+    ansible.playbook = "site.yml"
   end
 
 end
+

ansible.cfg

@@ -1,6 +1,7 @@
 [defaults]
 inventory = ./environments/development
-interpreter_python = /usr/bin/python3
+interpreter_python = /usr/bin/python
 
 [ssh_connection]
 pipelining=True
+

dev/vars/webserver.yml

@@ -1,41 +0,0 @@
-###############
-### Secrets ###
-###############
-secret:
-  WORDPRESS_DB_PASSWORD: WPpa55w0rd!
-
-##############
-### Docker ###
-##############
-docker_users:
-  - vagrant
-
-################
-#### MariaDB ###
-################
-databases:
-  - name: wordpress
-    pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
-
-#######################
-### Webserver Stack ###
-#######################
-webserver:
-  ###############
-  ### Traefik ###
-  ###############
-  #TRAEFIK_VERSION: latest
-  #TRAEFIK_DOMAIN: traefik.local.freeitathens.org
-  #TRAEFIK_DASHBOARD: true
-  #TRAEFIK_EXPOSED_DEFAULT: false
-  TRAEFIK_DEBUG: true
-
-  #################
-  ### WordPress ###
-  #################
-  #WORDPRESS_VERSION: latest
-  #WORDPRESS_DOMAIN: www.local.freeitathens.org
-  #WORDPRESS_DB_HOST: host.docker.internal
-  #WORDPRESS_DB_NAME: wordpress
-  #WORDPRESS_DB_USER: wordpress
-  WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}"

dev/webserver.yml

@@ -1,8 +0,0 @@
-- name: Install FRITA Web Server
-  hosts: all
-  become: true
-  vars_files:
-    - vars/webserver.yml
-  roles:
-    - docker
-    - webserver

forward-ssh.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-# Finds the SSH private key under ./.vagrant and connects to
-# the Vagrant box port forwarding localhost ports: 8443, 80, 443
-PRIVATE_KEY="$(find .vagrant -name "private_key")"
-HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)"
-
-if [ "$(pgrep -afc "$PRIVATE_KEY")" -eq 0 ]; then
-  set -x
-  sudo ssh -fNT -i "$PRIVATE_KEY" \
-    -L 8443:localhost:8443 \
-    -L 80:localhost:80 \
-    -L 443:localhost:443 \
-    -o UserKnownHostsFile=/dev/null \
-    -o StrictHostKeyChecking=no \
-      vagrant@"${HOST_IP::-1}" 2>/dev/null
-  set +x
-else
-  echo "ERROR: SSH process already running"
-  pgrep -af "$PRIVATE_KEY"
-  echo -e "\nKill process:\n\tsudo kill -9 \"\$(pgrep -f \"$PRIVATE_KEY\")\""
-  exit 1
-fi

group_vars/all

@@ -0,0 +1,46 @@
+### WordPress Configuration ###
+
+# Domain
+wp_domain: www.freeitathens.org
+wp_admin_email: contact@freeitathens.org
+
+# Version of WordPress to deploy
+wp_version: 5.1.1
+wp_sha1_hash: f1bff89cc360bf5ef7086594e8a9b68b4cbf2192
+
+# WordPress Home Directory
+# Note: value is a directory without trailing '/'
+wp_dir: /var/www/wordpress
+
+# WordPress Database Settings
+wp_db_host: localhost
+wp_db_name: wordpress
+wp_db_user: wordpress_user
+wp_db_pass: Password1
+wp_db_table_prefix: wp_
+
+
+### Nextcloud Configuration ###
+
+# Domain
+nc_domain: cloud.freeitathens.org
+nc_admin_email: contact@freeitathens.org
+
+# Version of Nextcloud to deploy
+nc_version: 15.0.2
+nc_sha256_hash: c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea
+
+# Nextcloud Home Directory
+# Note: value is a directory without trailing '/'
+nc_dir: /var/www/nextcloud
+
+# Nextcloud Database Settings
+nc_db_host: localhost
+nc_db_name: nextcloud
+nc_db_user: nextcloud_user
+nc_db_pass: Password1
+
+# Nextcloud Admin
+nc_admin: admin
+nc_admin_pass: Password1
+

roles/ansible/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: 'Install Ansible dependency: python-apt'
+  shell: 'apt-get update && apt-get install python-apt -y'
+  args:
+    creates: /usr/lib/python2.7/dist-packages/apt
+    warn: false
+
+- name: 'Install Ansible dependency: aptitude'
+  apt:
+    name: 'aptitude'
+    state: present
+    force_apt_get: true
+
+- name: 'Install Ansible dependency: python-docker'
+  apt:
+    name: python-docker
+    state: present
+
+- name: Create Ansible's temporary directory
+  file:
+    path: /root/.ansible/tmp
+    state: directory
+    mode: '0700'

roles/docker/defaults/main.yml

@@ -1,3 +0,0 @@
-docker_compose_root: /var/lib/compose
-docker_compose: /usr/bin/docker-compose
-docker_compose_service: compose

roles/docker/tasks/main.yml

@@ -1,25 +0,0 @@
-- name: Install Docker
-  ansible.builtin.apt:
-    name: ['docker.io', 'docker-compose']
-    state: present
-    update_cache: true
-
-- name: Create docker-compose root
-  ansible.builtin.file:
-    path: "{{ docker_compose_root }}"
-    state: directory
-    mode: 0600
-
-- name: Add users to docker group
-  ansible.builtin.user:
-    name: "{{ item }}"
-    groups: docker
-    append: true
-  loop: "{{ docker_users }}"
-  when: docker_users is defined
-
-- name: Start Docker and enable on boot
-  ansible.builtin.service:
-    name: docker
-    state: started
-    enabled: true

roles/mediawiki/tasks/main.yml

@@ -0,0 +1,90 @@
+- name: Install MySQL Support for Python
+  apt:
+    name: python-pymysql
+    state: present
+
+- name: Create Database
+  mysql_db:
+    name: "{{ mw_db_name }}"
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Create Database User
+  mysql_user:
+    name: "{{ mw_db_user }}"
+    password: "{{ mw_db_pass }}"
+    priv: "{{ mw_db_name }}.*:ALL,GRANT"
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Install PHP Modules
+  apt:
+    name: ['php-xml', 'php-mbstring']
+    state: present
+  notify: Reload Apache2
+
+- name: Create Public HTML Directory
+  file:
+    path: "{{ mw_dir }}/public_html"
+    state: directory
+
+# https://www.mediawiki.org/wiki/Manual:Short_URL#Moving_a_wiki_from_/wiki_to_/w
+- name: Create Directory /w for Short URLs
+  file:
+    path: "{{ mw_dir }}/public_html/w"
+    state: directory
+
+- name: Create Logs Directory
+  file:
+    path: "{{ mw_dir }}/logs"
+    state: directory
+
+- name: Download MediaWiki
+  get_url:
+    url: "https://releases.wikimedia.org/mediawiki/\
+          {{ mw_version | regex_replace('\\.\\d+$', '') }}/\
+          mediawiki-{{ mw_version }}.tar.gz"
+    dest: /tmp/mediawiki-{{ mw_version }}.tar.gz
+
+- name: Extract MediaWiki
+  unarchive:
+    src: /tmp/mediawiki-{{ mw_version }}.tar.gz
+    dest: "{{ mw_dir }}/public_html/w"
+    owner: www-data
+    group: www-data
+    extra_opts: [--strip-components=1]
+    remote_src: yes
+
+- name: Install MediaWiki
+  command: |
+    php maintenance/install.php --server="http://{{ mw_domain }}/" \
+    --dbname="{{ mw_db_name }}" --dbuser="{{ mw_db_user }}" \
+    --dbpass="{{ mw_db_pass }}" --pass="{{ mw_admin_pass }}" \
+    --scriptpath="/w" "{{ mw_namespace }}" "{{ mw_admin }}"
+  args:
+    chdir: "{{ mw_dir }}/public_html/w"
+    creates: "{{ mw_dir }}/public_html/w/LocalSettings.php"
+
+- name: Set MediaWiki Article Path
+  lineinfile:
+    path: "{{ mw_dir }}/public_html/w/LocalSettings.php"
+    regexp: '^\$wgArticlePath'
+    insertafter: '^\$wgScriptPath'
+    line: '$wgArticlePath = "/wiki/$1";'
+
+- name: "Enable Apache Module: rewrite"
+  apache2_module:
+    name: rewrite
+    state: present
+
+- name: Apply Apache Configuration
+  template:
+    src: mediawiki.conf.j2
+    dest: /etc/apache2/sites-available/{{ mw_domain }}.conf
+  notify: Reload Apache2
+
+- name: Enable Apache Website
+  shell: a2ensite {{ mw_domain }}
+  args:
+    creates: /etc/apache2/sites-enabled/{{ mw_domain }}.conf
+  notify: Reload Apache2

roles/mediawiki/templates/mediawiki.conf.j2

@@ -0,0 +1,15 @@
+<VirtualHost *:80>
+  ServerName {{ mw_domain }}
+
+  ServerAdmin {{ mw_admin_email }}
+  DocumentRoot {{ mw_dir }}/public_html
+
+  RewriteEngine On
+  RewriteRule ^/?wiki(/.*)?$ %{DOCUMENT_ROOT}/w/index.php [L]
+  RewriteRule ^/?$ %{DOCUMENT_ROOT}/w/index.php [L]
+
+  ErrorLog {{ mw_dir }}/logs/error.log
+  CustomLog {{ mw_dir }}/logs/access.log combined
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

roles/webserver/defaults/main.yml

@@ -1 +0,0 @@
-webserver_root: "{{ docker_compose_root }}/webserver"

roles/webserver/files/docker-compose.yml

@@ -1,57 +0,0 @@
-version: '3.5'
-
-volumes:
-  wordpress:
-
-networks:
-  traefik:
-    name: traefik
-
-services:
-  traefik:
-    image: traefik:${TRAEFIK_VERSION:-latest}
-    restart: always
-    command:
-      - --api.dashboard=${TRAEFIK_DASHBOARD:-true}
-      - --api.debug=${TRAEFIK_DEBUG:-false}
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=${TRAEFIK_EXPOSED_DEFAULT:-false}
-      - --entrypoints.web.address=:80
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      - --entrypoints.web.http.redirections.entrypoint.permanent=true
-      - --entrypoints.websecure.address=:443
-      - --entrypoints.local.address=:8443
-    ports:
-      - 80:80
-      - 443:443
-      - "127.0.0.1:8443:8443"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-    labels:
-      traefik.http.routers.api.rule: Host(`${TRAEFIK_DOMAIN:-traefik.local.freeitathens.org}`)
-      traefik.http.routers.api.entrypoints: local
-      traefik.http.routers.api.service: api@internal
-      traefik.http.routers.api.tls: true
-      traefik.enable: true
-    networks:
-      - traefik
-
-  wordpress:
-    image: wordpress:${WORDPRESS_VERSION:-latest}
-    restart: always
-    environment:
-      WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST:-host.docker.internal}
-      WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME-wordpress}
-      WORDPRESS_DB_USER: ${WORDPRESS_DB_USER:-wordpress}
-      WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
-    labels:
-      traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`)
-      traefik.http.routers.wordpress.entrypoints: websecure
-      traefik.http.routers.wordpress.tls.certresolver: letsencrypt
-      traefik.docker.network: traefik
-      traefik.enable: true
-    volumes:
-      - wordpress:/var/www/html
-    extra_hosts:
-      - host.docker.internal:host-gateway

roles/webserver/handlers/main.yml

@@ -1,5 +1,18 @@
-- name: Compose up on webserver stack
+# Copyright (C) 2019  Free I.T. Athens
-  ansible.builtin.command: "docker-compose up -d"
+#
-  args:
+# This program is free software: you can redistribute it and/or modify
-    chdir: "{{ webserver_root }}"
+# it under the terms of the GNU General Public License as published by
-  listen: composeup_webserver
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+- name: Reload Apache2
+  service: name=apache2 state=reloaded
+

roles/webserver/tasks/main.yml

@@ -1,47 +1,40 @@
+# Copyright (C) 2019  Free I.T. Athens
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+- name: Install Apache2 Web Server
+  apt:
+    name: apache2
+    state: present
+
+- name: Start Apache2 Web Server
+  service:
+    name: apache2
+    state: started
+
+- name: Install PHP
+  apt:
+    name: php
+    state: present
+
+- name: Install PHP MySQL Extension
+  apt:
+    name: php-mysql
+    state: present
+  notify: Reload Apache2
+
 - name: Install MariaDB Server
-  ansible.builtin.apt:
+  apt:
     name: mariadb-server
     state: present
-
-- name: Install MySQL Support for Python 3
-  ansible.builtin.apt:
-    name: python3-pymysql
-    state: present
-
-- name: Create MariaDB databases
-  community.mysql.mysql_db:
-    name: "{{ item.name }}"
-    state: present
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-  loop: "{{ databases }}"
-  no_log: "{{ item.pass is defined }}"
-
-- name: Create MariaDB users
-  community.mysql.mysql_user:
-    name: "{{ item.name }}"
-    password: "{{ item.pass }}"
-    priv: "{{ item.name }}.*:ALL,GRANT"
-    state: present
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-  loop: "{{ databases }}"
-  no_log: "{{ item.pass is defined }}"
-
-- name: Create webserver docker-compose directory
-  ansible.builtin.file:
-    path: "{{ webserver_root }}"
-    state: directory
-    mode: 0600
-
-- name: Install webserver docker-compose.yml
-  ansible.builtin.copy:
-    src: docker-compose.yml
-    dest: "{{ webserver_root }}/docker-compose.yml"
-    mode: 0600
-  notify: composeup_webserver
-
-- name: Install docker-compose .env
-  ansible.builtin.template:
-    src: compose-env.j2
-    dest: "{{ webserver_root }}/.env"
-    mode: 0600
-  notify: composeup_webserver

roles/webserver/templates/compose-env.j2

@@ -1,4 +0,0 @@
-# {{ ansible_managed }}
-{% for key, value in webserver.items() %}
-{{ key }}={{ value }}
-{% endfor %}

webserver.yml

@@ -1,6 +1,25 @@
+# Copyright (C) 2019  Free I.T. Athens
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
 - name: Install FRITA Web Server
   hosts: all
-  become: true
+  become: yes
   roles:
-    - docker
+    - ansible
     - webserver
+    #- wordpress
+    #- nextcloud
+    #- timetrex
+    - mediawiki