From b3d82b8848a899e94365ec1bf4bdb687d6c8a8ed Mon Sep 17 00:00:00 2001
From: William <work@suppo.fr>
Date: Wed, 9 Mar 2022 12:05:30 +0100
Subject: [PATCH] Installation de docker.

---
 README.md                    |  7 ++--
 hosts.example.ini            |  3 --
 playbook.yml                 |  5 ++-
 roles/docker/tasks/main.yml  | 45 ++++++++++++++++++++++++++
 roles/mariadb/tasks/main.yml | 27 ----------------
 roles/nginx/tasks/main.yml   | 52 ------------------------------
 roles/php/defaults/main.yml  | 17 ----------
 roles/php/tasks/main.yml     | 62 ------------------------------------
 roles/wwwuser/tasks/main.yml | 30 +++++++++++++++++
 9 files changed, 81 insertions(+), 167 deletions(-)
 create mode 100644 roles/docker/tasks/main.yml
 delete mode 100644 roles/mariadb/tasks/main.yml
 delete mode 100644 roles/nginx/tasks/main.yml
 delete mode 100644 roles/php/defaults/main.yml
 delete mode 100644 roles/php/tasks/main.yml
 create mode 100644 roles/wwwuser/tasks/main.yml

diff --git a/README.md b/README.md
index d733cc1..aed382a 100644
--- a/README.md
+++ b/README.md
@@ -5,8 +5,9 @@ This playbook installs webserver (Nginx, Mariadb, PHP)
 ## Usage
 
 ```shell
-cp hosts.example.ini hosts.ini # change config values
-touch deploy.sub # paste your ssh pub key for www_user
+# copy config file then change values
+cp hosts.example.ini hosts.ini 
 
-ansible-playbook -i hosts.ini playbook.yml # run playbook
+# run playbook
+ansible-playbook -i hosts.ini playbook.yml --extra-vars "ssh_key=id.pub"
 ```
diff --git a/hosts.example.ini b/hosts.example.ini
index 05fbca8..53ad172 100644
--- a/hosts.example.ini
+++ b/hosts.example.ini
@@ -4,9 +4,6 @@
 [web:vars]
 ansible_ssh_user=ubuntu
 ansible_python_interpreter=/usr/bin/python3
-mysql_root_password='motdepasse'
-mysql_old_root_password='motdepasse'
-php_version='8.0'
 www_user=user
 www_group=group
 www_home=/home/user
diff --git a/playbook.yml b/playbook.yml
index e95f0dc..2cb87d2 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -11,6 +11,5 @@
         update_cache: yes
 
   roles:
-    - mariadb
-    - nginx
-    - php
+    - wwwuser
+    - docker
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..0dc5efe
--- /dev/null
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- name: install
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - software-properties-common
+    state: present
+    update_cache: yes
+
+- name: add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: add Docker Repository
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/{{ ansible_system | lower }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    state: present
+
+- name: update apt and install docker-ce
+  apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+    state: latest
+    update_cache: yes
+
+- name: add the Python client for Docker
+  pip:
+    name: docker-py
+
+- name: install docker-compose
+  get_url:
+    url : https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
+    dest: /usr/local/bin/docker-compose
+    mode: 'u+x,g+x'
+    group: docker
+
+- name: add admin to docker group
+  user:
+    name: "{{ www_user }}"
+    groups: docker
+    append: yes
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
deleted file mode 100644
index f421279..0000000
--- a/roles/mariadb/tasks/main.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-- name: install
-  apt:
-    name:
-      - mariadb-server
-      - libmysqlclient-dev
-    state: present
-    update_cache: yes
-
-- name: install python client
-  pip:
-    name: mysqlclient
-    state: present
-
-- name: ensure service is start
-  service:
-    name: mysql
-    state: started
-    enabled: yes
-
-- name: change root password
-  mysql_user:
-    name: root
-    password: '{{ mysql_root_password }}'
-    host: 'localhost'
-    login_user: root
-    login_password: '{{ mysql_old_root_password }}'
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
deleted file mode 100644
index 9af280d..0000000
--- a/roles/nginx/tasks/main.yml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-- name: install
-  apt:
-    name:
-      - nginx
-      - letsencrypt
-      - python3-certbot-nginx
-    state: present
-    update_cache: yes
-
-- name: create wwwuser group
-  group:
-    name: "{{ www_group }}"
-    state: present
-    system: true
-
-- name: create wwwuser user
-  user:
-    name: "{{ www_user }}"
-    group: "{{ www_group }}"
-    comment: "Web user"
-    shell: /bin/bash
-    home: "{{ www_home }}"
-    system: true
-    state: present
-
-- name: authorize deployer ssh key to wwwuser
-  authorized_key:
-    user: "{{ www_user }}"
-    state: present
-    key: "{{ lookup('file', '../../../deploy.pub') }}"
-
-- name: define wwwuser as nginx's user
-  replace:
-    path: /etc/nginx/nginx.conf
-    regexp: '^user (.+);$'
-    replace: "user {{ www_user }};"
-
-- name: restart nginx
-  service:
-    name: nginx
-    state: restarted
-
-- name: create letsencrypt's challenge directory
-  file:
-    name: /var/www/letsencrypt
-    state: directory
-
-- name: generate letsencrypt's dhparams
-  shell: openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048
-  args:
-    creates: /etc/letsencrypt/ssl-dhparams.pem
diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml
deleted file mode 100644
index 9937ac7..0000000
--- a/roles/php/defaults/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-php_version: 8.0
-
-php_packages:
-  - php{{ php_version }}-common
-  - php{{ php_version }}-zip
-  - php{{ php_version }}-pdo
-  - php{{ php_version }}-mbstring
-  - php{{ php_version }}-tokenizer
-  - php{{ php_version }}-xml
-  - php{{ php_version }}-opcache
-  - php{{ php_version }}-mysql
-  - php{{ php_version }}-imap
-  - php{{ php_version }}-curl
-  - php{{ php_version }}-memcached
-  - php{{ php_version }}-intl
-  - php{{ php_version }}-gd
-  - php{{ php_version }}-bcmath
diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml
deleted file mode 100644
index 62adc67..0000000
--- a/roles/php/tasks/main.yml
+++ /dev/null
@@ -1,62 +0,0 @@
----
-- name: add gpg key (debian)
-  apt_key:
-    url: "https://packages.sury.org/php/apt.gpg"
-    state: present
-  when: ansible_distribution == 'Debian'
-
-- name: add repository (debian)
-  apt_repository:
-    repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
-    state: present
-    update_cache: yes
-  when: ansible_distribution == 'Debian'
-
-- name: add repository (ubuntu)
-  apt_repository:
-    repo: ppa:ondrej/php
-    state: present
-    update_cache: yes
-  when: ansible_distribution == 'Ubuntu'
-
-- name: install
-  apt:
-    name: "php{{ php_version }}-fpm"
-    state: present
-    update_cache: yes
-    install_recommends: no
-
-- name: install packages
-  apt:
-    name: "{{ php_packages | list }}"
-    state: present
-    install_recommends: no
-
-- name: change default version
-  alternatives:
-    name: php
-    path: /usr/bin/php{{ php_version }}
-
-- name: define wwwuser as php-fpm's user
-  replace:
-    path: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
-    regexp: '{{ item.from }}'
-    replace: "{{ item.to }}"
-  with_items:
-    - {from: '^user = (.+)$', to: 'user = {{ www_user }}'}
-    - {from: '^group = (.+)$', to: 'group = {{ www_group }}'}
-    - {from: '^listen.owner = (.+)$', to: 'listen.owner = {{ www_user }}'}
-    - {from: '^listen.group = (.+)$', to: 'listen.group = {{ www_group }}'}
-
-- name: add permission to wwwuser to reload php-fpm
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^{{ www_user }} ALL=NOPASSWD: /usr/sbin/service php{{ php_version }}-fpm reload$'
-    line: '{{ www_user }} ALL=NOPASSWD: /usr/sbin/service php{{ php_version }}-fpm reload'
-    validate: 'visudo -cf %s'
-
-- name: restart php-fpm
-  service:
-    name: php{{ php_version }}-fpm
-    state: restarted
diff --git a/roles/wwwuser/tasks/main.yml b/roles/wwwuser/tasks/main.yml
new file mode 100644
index 0000000..8c30735
--- /dev/null
+++ b/roles/wwwuser/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: create wwwuser group
+  group:
+    name: "{{ www_group }}"
+    state: present
+    system: true
+
+- name: create wwwuser user
+  user:
+    name: "{{ www_user }}"
+    group: "{{ www_group }}"
+    comment: "Web user"
+    shell: /bin/bash
+    home: "{{ www_home }}"
+    system: true
+    state: present
+
+- name: authorize ssh key to wwwuser
+  authorized_key:
+    user: "{{ www_user }}"
+    state: present
+    key: "{{ lookup('file', ssh_key) }}"
+  when: ssh_key is defined
+
+- name: create app's directory
+  file:
+    path: "{{ www_home }}/apps"
+    state: directory
+    owner: "{{ www_user }}"
+    group: "{{ www_group }}"