126 lines
5.5 KiB
YAML
126 lines
5.5 KiB
YAML
---
|
|
time_zone: 'Europe/Rome'
|
|
domain_name: 'isti.cnr.it'
|
|
iptables_default_policy: REJECT
|
|
nagios_enabled: False
|
|
postfix_relay_host: smtp-srv.isti.cnr.it
|
|
postfix_relay_client: False
|
|
postfix_use_letsencrypt: True
|
|
#
|
|
letsencrypt_acme_install: True
|
|
letsencrypt_email: s2i2s@isti.cnr.it
|
|
letsencrypt_acme_email: s2i2s@isti.cnr.it
|
|
letsencrypt_acme_cron_day_of_month: '1-15'
|
|
letsencrypt_acme_sh_explicitly_install_certs: True
|
|
letsencrypt_ocsp_must_staple: True
|
|
letsencrypt_acme_sh_use_ecc: False
|
|
http_port: 80
|
|
https_port: 443
|
|
|
|
resolv_conf_ip:
|
|
- '146.48.80.4'
|
|
- '146.48.80.3'
|
|
|
|
local_postgresql_instance: True
|
|
# phppgadmin wants its own hostname and virtualhost so that we can limit its access.
|
|
local_phppgadmin_instance: False
|
|
|
|
php_app_db_name: app_db
|
|
php_app_db_user: app_db_u
|
|
php_app_db_pwd: '{{ vault_php_app_db_pwd }}'
|
|
psql_db_data:
|
|
- { name: '{{ php_app_db_name }}', encoding: 'UTF8', user: '{{ php_app_db_user }}', roles: 'CREATEDB,NOSUPERUSER', pwd: '{{ php_app_db_pwd }}', managedb: True, allowed_hosts: [ '{{ ansible_fqdn }}', '127.0.0.1/8' ], extensions: [ '' ] }
|
|
|
|
psql_version: 13
|
|
psql_db_host: localhost
|
|
psql_db_port: 5432
|
|
psql_listen_on_ext_int: False
|
|
|
|
php_app_root: /var/www/html
|
|
php_app_servername: '{{ ansible_fqdn }}'
|
|
php_app_user: php_app
|
|
|
|
#
|
|
# Add the users that must have ssh access to the system
|
|
users_system_users:
|
|
- { login: 'user.name', name: "User Name", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ user_name_ssh_key }}', shell: '/bin/bash', admin: True, limited_sudoers_user: False }
|
|
|
|
sshd_enable_sftp_subsystem: True
|
|
sshd_enable_sftp_jail: True
|
|
sshd_sftp_chroot_match_group: '{{ php_app_user }}'
|
|
sshd_sftp_chroot_directory: '{{ php_app_root }}'
|
|
|
|
users_additional_groups:
|
|
- { group: '{{ sshd_sftp_chroot_match_group }}' }
|
|
#
|
|
# Users that can only sftp
|
|
users_system_users_adjunct:
|
|
- { login: 'sftponly.user', group: '{{ sshd_sftp_chroot_match_group }}', name: "Sftponly User", home: '{{ users_home_dir }}', createhome: 'yes', ssh_key: '{{ sftponly_user_ssh_key }}', shell: '/bin/bash', admin: False, limited_sudoers_user: False, log_as_root: False }
|
|
|
|
# Define the users ssh keys here
|
|
user_name_ssh_key:
|
|
|
|
nginx_use_common_virthost: True
|
|
nginx_virthosts: '{{ php_app_nginx_virthost }}'
|
|
|
|
php_app_nginx_virthost:
|
|
- virthost_name: '{{ ansible_fqdn }}'
|
|
server_name: '{{ php_app_servername}}'
|
|
ssl_enabled: True
|
|
ssl_only: True
|
|
ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
|
root: '{{ php_app_root }}'
|
|
server_tokens: 'off'
|
|
index: index.php
|
|
max_body: '{{ nginx_client_max_body_size }}'
|
|
proxy_standard_setup: True
|
|
locations:
|
|
- location: ~ \.php$
|
|
php_target: '{{ phpfpm_default_listen }}'
|
|
|
|
phpfpm_default_user: '{{ php_app_user }}'
|
|
phpfpm_default_pool_name: php_app
|
|
|
|
php_version: 7.4
|
|
|
|
php_app_php_required_packages:
|
|
- 'php{{ php_version }}-gd'
|
|
- 'php{{ php_version }}-json'
|
|
- 'php{{ php_version }}-pgsql'
|
|
- 'php{{ php_version }}-xml'
|
|
- 'php{{ php_version }}-mbstring'
|
|
- 'php{{ php_version }}-intl'
|
|
- 'php{{ php_version }}-curl'
|
|
- 'php{{ php_version }}-zip'
|
|
- 'php{{ php_version }}-bz2'
|
|
- 'php{{ php_version }}-gmp'
|
|
# - 'php{{ php_version }}-ldap'
|
|
# - 'php-imagick'
|
|
# - 'php-redis'
|
|
# - 'php-apcu'
|
|
|
|
php_app_php_global_settings:
|
|
- { option: 'always_populate_raw_post_data', value: '-1' }
|
|
- { option: 'allow_url_fopen', value: 'on' }
|
|
- { option: 'max_execution_time', value: '240' }
|
|
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
|
|
- { option: 'max_input_vars', value: '1400' }
|
|
- { option: 'post_max_size', value: '32M' }
|
|
- { option: 'upload_max_filesize', value: '32M' }
|
|
# - { option: 'opcache.enable', value: '1' }
|
|
# - { option: 'opcache.enable_cli', value: '1' }
|
|
# - { option: 'opcache.interned_strings_buffer', value: '8' }
|
|
# - { option: 'opcache.max_accelerated_files', value: '10000' }
|
|
# - { option: 'opcache.memory_consumption', value: '128' }
|
|
# - { option: 'opcache.save_comments', value: '1' }
|
|
# - { option: 'opcache.revalidate_freq', value: '1' }
|
|
|
|
php_required_packages: '{{ php_app_php_required_packages }}'
|
|
php_global_settings: '{{ php_app_php_global_settings }}'
|
|
php_cli_global_settings: '{{ php_global_settings }}'
|
|
php_app_phpfpm_pools:
|
|
- { pool_name: '{{ phpfpm_default_pool_name }}', app_context: '{{ phpfpm_default_context }}', user: '{{ phpfpm_default_user }}', group: '{{ phpfpm_default_group }}', listen: '{{ phpfpm_default_listen }}', allowed_clients: '{{ phpfpm_default_allowed_clients }}', pm: '{{ phpfpm_default_pm }}', pm_max_children: '{{ phpfpm_default_pm_max_children }}', pm_start_servers: '{{ phpfpm_default_pm_start_servers }}', pm_min_spare: '{{ phpfpm_default_pm_min_spare_servers }}', pm_max_spare: '{{ phpfpm_default_pm_max_spare_servers }}', pm_max_requests: '{{ phpfpm_default_pm_max_requests }}', pm_status_enabled: '{{ phpfpm_default_pm_status_enabled }}', pm_status_path: '{{ phpfpm_default_pm_status_path }}', ping_enabled: '{{ phpfpm_default_ping_enabled }}', ping_path: '{{ phpfpm_default_ping_path }}', ping_response: '{{ phpfpm_default_ping_response }}', display_errors: '{{ phpfpm_default_display_errors }}', log_errors: '{{ phpfpm_default_log_errors }}', memory_limit: '{{ phpfpm_default_memory_limit }}', slowlog_timeout: '{{ phpfpm_default_slowlog_timeout }}', rlimit_files: '{{ phpfpm_default_rlimit_files }}', php_extensions: '{{ phpfpm_default_extensions }}', define_custom_variables: '{{ phpfpm_default_define_custom_variables }}', doc_root: '{{ php_app_root }}', req_term_timeout: '240s', virthost: '{{ php_app_servername }}', nginx_servername: '{{ php_app_servername }}' }
|
|
|
|
phpfpm_pools:
|
|
- '{{ php_app_phpfpm_pools }}'
|