Initial project commit

First project commit from inside the VM

Vagrantfile

@@ -0,0 +1,47 @@
+##################################################
+# Generated on phansible.com
+# Curated by Mmekut
+##################################################
+
+Vagrant.configure("2") do |config|
+
+    config.vm.define "ubuntu" do |u|
+
+        u.vm.provider :virtualbox do |v|
+            v.name = "Ubuntu-Cosmic"
+            v.customize [
+                "modifyvm", :id,
+                "--name", "Cosmic",
+                "--memory", 1024,
+                "--natdnshostresolver1", "on",
+                "--cpus", 1,
+            ]
+        end
+
+        # Will download box from vagrant cloud...
+        #...if it hasn't been downloaded manually
+        u.vm.box = "bento/ubuntu-18.10"
+
+        # Sets VM boot timeouts
+        # Vagrant will timeout if VM takes longer than this value to
+        # complete booting but you can still ssh into the machine after a while
+        u.vm.boot_timeout = 600
+
+        u.vm.network :private_network, ip: "192.168.56.10"
+        u.ssh.forward_agent = true
+
+
+        #Installs ansible locally and provisions inside the VM
+        u.vm.provision "ansible_local" do |ansible|
+            ansible.playbook = "ansible/playbook.yml"
+            ansible.inventory_path = "ansible/inventories/dev"
+            ansible.galaxy_role_file = 'ansible/requirements.yml'
+
+            ansible.galaxy_roles_path = '/vagrant/ansible/roles'
+            ansible.galaxy_command = 'sudo ansible-galaxy install --role-file=%{role_file} --roles-path=%{roles_path}'
+        end
+
+        #syncronized folders in host and guest
+        u.vm.synced_folder "projects", "/var/www/rising"
+    end
+end

ansible/files/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key

ansible/files/risingstar.conf

@@ -0,0 +1,44 @@
+server{
+    listen 80 default_server;
+    #
+    server_name risingstar.local;
+    return 301 https://$host$request_uri;
+}
+
+server{
+    listen 443 ssl http2;
+    server_name risingstar.local;
+
+    root /var/www/rising;
+    index index.html index.php;
+
+    # Ubuntu default testing SSL certificate
+    # ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+    # ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+    ssl_certificate     /etc/ssl/risingstar/chain.crt;
+    ssl_certificate_key /etc/ssl/risingstar/private.pem;
+    ssl_dhparam         /etc/ssl/risingstar/dhparams.pem;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+    # ssl_stapling        on;
+
+    keepalive_timeout   100;
+
+    location ~ [^/]\.php(/|$) {
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+        if (!-f $document_root$fastcgi_script_name) {
+            return 404;
+        }
+
+        fastcgi_param HTTP_PROXY "";
+        fastcgi_pass  unix:/run/php/php7.3-fpm.sock;
+        fastcgi_index index.php;
+
+        include fastcgi_params;
+
+        # this param not found in /etc/nginx/fastcgi_params file
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}

ansible/inventories/dev

@@ -0,0 +1,2 @@
+[risingStar]
+ubuntu ansible_connection=local

ansible/playbook.yml

@@ -0,0 +1,23 @@
+---
+- hosts: all
+  become: yes
+  vars_files:
+    - vars/all.yml
+  roles:
+    - risingstar.config
+    - geerlingguy.pip
+    - geerlingguy.git
+    - geerlingguy.nodejs
+    - geerlingguy.mysql
+    - geerlingguy.postgresql
+    - geerlingguy.memcached
+    - geerlingguy.redis
+    - risingstar.openssl
+    - nginxinc.nginx
+    - geerlingguy.php
+    - geerlingguy.php-xdebug
+    - geerlingguy.composer
+    - geerlingguy.drush
+    - geerlingguy.adminer
+    - geerlingguy.security
+    - geerlingguy.firewall

ansible/requirements.yml

@@ -0,0 +1,17 @@
+---
+#Roles from Ansible Galaxy
+- src: geerlingguy.pip
+- src: geerlingguy.git
+- src: geerlingguy.nodejs
+- src: geerlingguy.mysql
+- src: geerlingguy.postgresql
+- src: geerlingguy.memcached
+- src: geerlingguy.redis
+- src: nginxinc.nginx
+- src: geerlingguy.php
+- src: geerlingguy.php-xdebug
+- src: geerlingguy.composer
+- src: geerlingguy.drush
+- src: geerlingguy.adminer
+- src: geerlingguy.security
+- src: geerlingguy.firewall

ansible/roles/risingstar.config/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Upgrading System Packages
+  become: yes
+  apt: 
+    update_cache: yes
+    upgrade: dist
+    autoclean: yes
+
+
+- name: Installing Utility Packages
+  apt: 
+    name: "{{server.packages}}"
+    only_upgrade: yes
+    state: latest
+
+- name: Setting timezone
+  timezone:
+    name: "{{server.timezone}}"
+
+- name: Set default locale
+  shell: localectl set-locale LANG={{server.locale}}
+
+- name: Add ondrej PHP Repo
+  apt_repository: 
+    repo: ppa:ondrej/php
+    state: present
+
+- name: Set the hostname in /etc/hostname
+  shell: echo {{ server.hostname }} > /etc/hostname
+  when: server.hostname is defined
+
+- name: Set the hostname
+  shell: hostname {{ server.hostname }}
+  when: server.hostname is defined
+
+- name: Update /etc/hosts
+  lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost {{ server.hostname }}' owner=root group=root mode=0644

ansible/roles/risingstar.config/templates/timezone.tpl

@@ -0,0 +1 @@
+{{server.timezone}}

ansible/roles/risingstar.openssl/defaults/main.yml

@@ -0,0 +1,4 @@
+
+certificate:
+    host: risingstar
+    domain: risingstar.local

ansible/roles/risingstar.openssl/tasks/main.yml

@@ -0,0 +1,33 @@
+# Generate self-signed Openssl certificate 
+---
+- name: Ensure directory exists for local self-signed TLS certs
+  file:
+    path: /etc/ssl/{{ certificate.host }}
+    state: directory
+    mode: 0644
+
+- name: Generate an OpenSSL private key
+  openssl_privatekey:
+    path: /etc/ssl/{{ certificate.host }}/private.pem
+
+- name: Generate an OpenSSL CSR
+  openssl_csr:
+    path: /etc/ssl/{{ certificate.host }}/{{ certificate.host }}.csr
+    privatekey_path: /etc/ssl/{{ certificate.host }}/private.pem
+    common_name: "{{ certificate.domain }}"
+    organization_name: OPEN MIND
+    country_name: NG
+    #ocsp_must_staple: yes
+
+- name: Generate a Self Signed OpenSSL certificate
+  openssl_certificate:
+    path: /etc/ssl/{{ certificate.host }}/chain.crt
+    privatekey_path: /etc/ssl/{{ certificate.host }}/private.pem
+    csr_path: /etc/ssl/{{ certificate.host }}/{{ certificate.host }}.csr
+    provider: selfsigned
+    selfsigned_not_after: "+365d"
+
+- name: Generate Diffie-Hellman parameters with 2048 bits
+  openssl_dhparam:
+    path: /etc/ssl/{{ certificate.host }}/dhparams.pem
+    size: 2048

ansible/vars/all.yml

@@ -0,0 +1,105 @@
+---
+# Server Utility Packages
+server:
+    packages: [vim, htop, wget, iotop, curl, bash-completion, libssl-dev, software-properties-common]
+    timezone: Europe/Amsterdam
+    locale: en_US.utf8
+    hostname: risingStar
+
+
+
+# pip packages for OpenSSL cert generation
+pip_package: python3-pip
+pip_install_packages:
+    - name: pyOpenSSL
+    - name: cryptography
+
+
+# Install git from source
+git_install_from_source: true
+git_install_from_source_force_update: true
+git_version: "2.21.0"
+
+
+# mysql role settings -- installs Mysql on Ubuntu
+mysql_root_password: TOTALELFFINA
+mysql_databases:
+    - name: general
+mysql_users:
+    - name: mme
+      host: "127.0.0.1"
+      password: mmekut2019
+      priv: "general.*:ALL"
+
+# postgresql role settings
+postgresql_databases:
+    - name: general
+postgresql_users:
+    - name: mme
+      password: mmekut2019
+
+
+# LetsEncrypt doesn't generate cert for local private domains
+# So OpenSSL self-signed is used
+
+# Official NGINX role settings
+nginx_unit_enable: true
+nginx_unit_modules:
+      - unit-dev
+      - unit-php
+nginx_modules:
+  njs: true
+  image_filter: true
+  rtmp: true
+nginx_cleanup_config: true
+nginx_http_upload_enable: true
+# full path worked like charm
+nginx_http_upload_src: /vagrant/ansible/files/*.conf
+
+
+# php role settings for Debian/Ubuntu
+php_default_version_debian: "7.3"
+php_enable_php_fpm: true
+# php-fpm doesn't require unix: prefix when specifying socket file it'll listen
+php_fpm_listen: "/run/php/php7.3-fpm.sock"
+php_fpm_pm_start_servers: 2
+php_fpm_pm_min_spare_servers: 1
+php_upload_max_filesize: "256M"
+php_post_max_size: "96M"
+php_date_timezone: "Europe/Amsterdam"
+php_display_errors: "On"
+php_packages_extra:
+        - php{{ php_default_version_debian }}-intl
+        - php{{ php_default_version_debian }}-pdo
+        - php{{ php_default_version_debian }}-geoip
+        - php{{ php_default_version_debian }}-memcached
+        - php{{ php_default_version_debian }}-mysql
+        - php{{ php_default_version_debian }}-pgsql
+        - php{{ php_default_version_debian }}-redis
+        - php{{ php_default_version_debian }}-imagick
+        - php{{ php_default_version_debian }}-exif
+        - php{{ php_default_version_debian }}-yaml
+        - php{{ php_default_version_debian }}-oauth
+
+php_fpm_pool_user: nginx
+php_fpm_pool_group: nginx
+php_webserver_daemon: "nginx"
+
+#adminer role settings
+adminer_install_dir: /var/www/rising/adminer
+
+#Xdebug role settings
+php_xdebug_version: 2.7.1
+php_xdebug_remote_enable: "true"
+
+#composer variables
+composer_global_packages:
+    - { name: phpunit/phpunit, release: "8.*" }
+
+#drush variables
+drush_launcher_install: false
+drush_composer_global_install: true
+
+#security role
+security_sudoers_passwordless:
+      - vagrant

projects/html/index.php

@@ -0,0 +1,13 @@
+<html>
+    <head>
+        <title>
+            Nginx-PHP Test
+        </title>
+    </head>
+    <body>
+        <h1>
+            <?=$_SERVER['SERVER_NAME'] ?> is Awake
+        </h1>
+        <h3>Using <?=$_SERVER['GATEWAY_INTERFACE']?> Specification</h3>
+    </body>
+</html>

projects/index.html

@@ -0,0 +1,13 @@
+<html>
+    <head>
+        <title>
+            Nginx Server Test
+        </title>
+    </head>
+    <body>
+        <h1>
+            RisingStar is Here
+        </h1>
+        <a href="info.php">php-config</a>
+    </body>
+</html>

projects/info.php

@@ -0,0 +1,3 @@
+<?php
+    phpinfo();
+?>