├── provision.retry ├── roles ├── tersmitten.htop │ ├── templates │ │ └── empty │ ├── tests │ │ ├── inventory │ │ ├── test.yml │ │ └── vagrant.yml │ ├── vars │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── .gitignore │ ├── files │ │ └── etc │ │ │ └── skel │ │ │ └── .config │ │ │ └── htop │ │ │ └── htoprc │ ├── tasks │ │ └── main.yml │ ├── LICENSE.txt │ ├── README.md │ ├── .travis.yml │ └── Vagrantfile ├── geerlingguy.git │ ├── .gitignore │ ├── vars │ │ └── main.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tests │ │ ├── test-package.yml │ │ ├── Dockerfile.ubuntu-14.04 │ │ ├── test-source.yml │ │ ├── Dockerfile.ubuntu-12.04 │ │ ├── Dockerfile.centos-6 │ │ └── Dockerfile.centos-7 │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ └── install-from-source.yml │ ├── README.md │ └── .travis.yml ├── nginx │ ├── templates │ │ ├── index.php │ │ ├── nginx.conf │ │ └── saveeo.com.j2 │ ├── meta │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── files │ │ └── h5bp │ │ │ ├── directive-only │ │ │ ├── x-ua-compatible.conf │ │ │ ├── ssl-stapling.conf │ │ │ ├── spdy.conf │ │ │ ├── no-transform.conf │ │ │ ├── cross-domain-insecure.conf │ │ │ ├── nginx-optimization.conf │ │ │ ├── cache-file-descriptors.conf │ │ │ ├── extra-security.conf │ │ │ ├── http-optimization.conf │ │ │ ├── gzip-compression.conf │ │ │ └── ssl.conf │ │ │ ├── README.md │ │ │ ├── basic.conf │ │ │ └── location │ │ │ ├── cross-domain-fonts.conf │ │ │ ├── cache-busting.conf │ │ │ ├── protect-system-files.conf │ │ │ └── expires.conf │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── geerlingguy.memcached │ ├── .gitignore │ ├── tests │ │ ├── inventory │ │ └── test.yml │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── setup-RedHat.yml │ │ ├── setup-Debian.yml │ │ └── main.yml │ ├── vars │ │ ├── Debian.yml │ │ └── RedHat.yml │ ├── defaults │ │ └── main.yml │ ├── templates │ │ ├── memcached-RedHat.conf.j2 │ │ └── memcached-Debian.conf.j2 │ ├── .travis.yml │ └── README.md ├── geerlingguy.composer │ ├── tests │ │ ├── inventory │ │ ├── requirements.yml │ │ ├── Dockerfile.ubuntu-14.04 │ │ ├── initctl_faker │ │ ├── test.yml │ │ └── Dockerfile.centos-7 │ ├── templates │ │ ├── composer.sh.j2 │ │ └── auth.json.j2 │ ├── meta │ │ ├── .galaxy_install_info │ │ └── main.yml │ ├── tasks │ │ ├── global-require.yml │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── .travis.yml │ └── README.md └── itcraftsmanpl.php7 │ ├── meta │ ├── .galaxy_install_info │ └── main.yml │ ├── handlers │ └── main.yml │ ├── tasks │ ├── configure.yml │ ├── main.yml │ ├── php-cli.yml │ └── php-fpm.yml │ ├── defaults │ └── main.yml │ ├── LICENSE │ └── README.md ├── provision.yml └── README.md /provision.retry: -------------------------------------------------------------------------------- 1 | 52.208.95.15 2 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/templates/empty: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/.gitignore: -------------------------------------------------------------------------------- 1 | .LSOverride 2 | -------------------------------------------------------------------------------- /roles/nginx/templates/index.php: -------------------------------------------------------------------------------- 1 | /etc/ansible/hosts 12 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/basic.conf: -------------------------------------------------------------------------------- 1 | # Basic h5bp rules 2 | 3 | include h5bp/directive-only/x-ua-compatible.conf; 4 | include h5bp/directive-only/ssl.conf; 5 | include h5bp/directive-only/http-optimization.conf; 6 | include h5bp/directive-only/gzip-compression.conf; 7 | include h5bp/location/expires.conf; 8 | include h5bp/location/cross-domain-fonts.conf; 9 | include h5bp/location/protect-system-files.conf; 10 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tests/test-source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | 4 | vars: 5 | git_install_from_source: true 6 | git_install_from_source_force_update: true 7 | git_version: 2.7.1 8 | 9 | pre_tasks: 10 | - name: Ensure build dependencies are installed (RedHat). 11 | yum: name=which state=present 12 | when: ansible_os_family == 'RedHat' 13 | 14 | roles: 15 | - role_under_test 16 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/spdy.conf: -------------------------------------------------------------------------------- 1 | # Nginx's spdy module is compiled by default from 1.6 2 | # SPDY only works on HTTPS connections 3 | 4 | # Inform browser of SPDY availability 5 | add_header Alternate-Protocol 443:npn-spdy/3; 6 | 7 | # Adjust connection keepalive for SPDY clients: 8 | spdy_keepalive_timeout 300s; # up from 180 secs default 9 | 10 | # enable SPDY header compression 11 | spdy_headers_comp 6; 12 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tests/Dockerfile.ubuntu-12.04: -------------------------------------------------------------------------------- 1 | FROM ubuntu:12.04 2 | RUN apt-get update 3 | 4 | # Install Ansible 5 | RUN apt-get install -y software-properties-common python-software-properties git 6 | RUN apt-add-repository -y ppa:ansible/ansible 7 | RUN apt-get update 8 | RUN apt-get install -y ansible 9 | 10 | # Install Ansible inventory file 11 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 12 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Arkadiusz Kondas 4 | description: Installs and configure PHP 7 on Debian/Ubuntu servers 5 | license: MIT 6 | min_ansible_version: 1.9 7 | platforms: 8 | - name: Ubuntu 9 | versions: 10 | - all 11 | - name: Debian 12 | versions: 13 | - all 14 | galaxy_tags: 15 | - php 16 | - php7 17 | - web 18 | dependencies: [] 19 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/tests/vagrant.yml: -------------------------------------------------------------------------------- 1 | # test file for htop 2 | --- 3 | - hosts: all 4 | remote_user: vagrant 5 | sudo: true 6 | roles: 7 | - ../../ 8 | vars: 9 | htop_htoprc_destinations: 10 | skell: 11 | dest: /etc/skel/.config/htop 12 | current: 13 | dest: "{{ ansible_env.HOME }}/.config/htop" 14 | vagrant: 15 | dest: /home/vagrant/.config/htop 16 | owner: vagrant 17 | group: vagrant 18 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tests/Dockerfile.centos-6: -------------------------------------------------------------------------------- 1 | FROM centos:6 2 | 3 | # Install Ansible 4 | RUN yum -y update; yum clean all; 5 | RUN yum -y install epel-release 6 | RUN yum -y install git ansible sudo 7 | RUN yum clean all 8 | 9 | # Disable requiretty 10 | RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers 11 | 12 | # Install Ansible inventory file 13 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 14 | 15 | CMD ["/usr/sbin/init"] 16 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: Git version control software 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 1.9 10 | platforms: 11 | - name: EL 12 | versions: 13 | - all 14 | - name: Debian 15 | versions: 16 | - all 17 | - name: Ubuntu 18 | versions: 19 | - all 20 | galaxy_tags: 21 | - development 22 | - system 23 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/.gitignore: -------------------------------------------------------------------------------- 1 | # OS generated files # 2 | ###################### 3 | .DS_Store 4 | .DS_Store? 5 | ._* 6 | .Spotlight-V100 7 | .Trashes 8 | Icon? 9 | ehthumbs.db 10 | Thumbs.db 11 | 12 | # IDE files # 13 | ################# 14 | /.settings 15 | /.buildpath 16 | /.project 17 | /nbproject 18 | *.komodoproject 19 | *.kpf 20 | /.idea 21 | 22 | # Vagrant files # 23 | .virtualbox/ 24 | .vagrant/ 25 | vagrant_ansible_inventory_* 26 | ansible.cfg 27 | 28 | # Other files # 29 | ############### 30 | !empty 31 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: Memcached for Linux 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 1.4 10 | platforms: 11 | - name: EL 12 | versions: 13 | - 6 14 | - 7 15 | - name: Ubuntu 16 | versions: 17 | - precise 18 | - trusty 19 | - name: Debian 20 | versions: 21 | - all 22 | categories: 23 | - web 24 | - database 25 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/location/cross-domain-fonts.conf: -------------------------------------------------------------------------------- 1 | # Cross domain webfont access 2 | location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { 3 | include h5bp/directive-only/cross-domain-insecure.conf; 4 | 5 | # Also, set cache rules for webfonts. 6 | # 7 | # See http://wiki.nginx.org/HttpCoreModule#location 8 | # And https://github.com/h5bp/server-configs/issues/85 9 | # And https://github.com/h5bp/server-configs/issues/86 10 | expires 1M; 11 | access_log off; 12 | add_header Cache-Control "public"; 13 | } 14 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add PPA Repository 3 | become: yes 4 | apt_repository: repo={{ php_ppa }} 5 | 6 | - name: Update apt 7 | become: yes 8 | apt: update_cache=yes 9 | 10 | - name: Install PHP 11 | become: yes 12 | apt: pkg=php7.0 state=latest 13 | 14 | - name: Install PHP Packages 15 | become: yes 16 | apt: pkg={{ item }} state=latest 17 | with_items: "{{php_packages}}" 18 | when: php_packages is defined 19 | notify: 20 | - restart php7-fpm 21 | 22 | - include: configure.yml -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tests/Dockerfile.ubuntu-14.04: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | RUN apt-get update 3 | 4 | # Install Ansible 5 | RUN apt-get install -y software-properties-common git 6 | RUN apt-add-repository -y ppa:ansible/ansible 7 | RUN apt-get update 8 | RUN apt-get install -y ansible 9 | 10 | COPY initctl_faker . 11 | RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl 12 | 13 | # Install Ansible inventory file 14 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 15 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/meta/main.yml: -------------------------------------------------------------------------------- 1 | # meta file for htop 2 | --- 3 | galaxy_info: 4 | author: Mischa ter Smitten 5 | company: Oefenweb.nl B.V. 6 | description: Set up htop in Debian-like systems 7 | license: MIT 8 | min_ansible_version: 1.6 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - lucid 13 | - precise 14 | - trusty 15 | - name: Debian 16 | versions: 17 | - squeeze 18 | - wheezy 19 | - jessie 20 | galaxy_tags: 21 | - system 22 | dependencies: [] 23 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/no-transform.conf: -------------------------------------------------------------------------------- 1 | # Prevent mobile network providers from modifying your site 2 | # 3 | # (!) If you are using `ngx_pagespeed`, please note that setting 4 | # the `Cache-Control: no-transform` response header will prevent 5 | # `PageSpeed` from rewriting `HTML` files, and, if 6 | # `pagespeed DisableRewriteOnNoTransform off` is not used, also 7 | # from rewriting other resources. 8 | # 9 | # https://developers.google.com/speed/pagespeed/module/configuration#notransform 10 | 11 | add_header "Cache-Control" "no-transform"; 12 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tests/initctl_faker: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" 3 | 4 | case "$ALIAS_CMD" in 5 | start|stop|restart|reload|status) 6 | exec service $1 $ALIAS_CMD 7 | ;; 8 | esac 9 | 10 | case "$1" in 11 | list ) 12 | exec service --status-all 13 | ;; 14 | reload-configuration ) 15 | exec service $2 restart 16 | ;; 17 | start|stop|restart|reload|status) 18 | exec service $2 $1 19 | ;; 20 | \?) 21 | exit 0 22 | ;; 23 | esac 24 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/location/cache-busting.conf: -------------------------------------------------------------------------------- 1 | # Built-in filename-based cache busting 2 | 3 | # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403 4 | # This will route all requests for /css/style.20120716.css to /css/style.css 5 | # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting 6 | # This is not included by default, because it'd be better if you use the build 7 | # script to manage the file names. 8 | location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ { 9 | try_files $uri $1.$2; 10 | } 11 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/cross-domain-insecure.conf: -------------------------------------------------------------------------------- 1 | # Cross domain AJAX requests 2 | 3 | # http://www.w3.org/TR/cors/#access-control-allow-origin-response-header 4 | 5 | # **Security Warning** 6 | # Do not use this without understanding the consequences. 7 | # This will permit access from any other website. 8 | # 9 | add_header "Access-Control-Allow-Origin" "*"; 10 | 11 | # Instead of using this file, consider using a specific rule such as: 12 | # 13 | # Allow access based on [sub]domain: 14 | # add_header "Access-Control-Allow-Origin" "subdomain.example.com"; 15 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/location/protect-system-files.conf: -------------------------------------------------------------------------------- 1 | # Prevent clients from accessing hidden files (starting with a dot) 2 | # This is particularly important if you store .htpasswd files in the site hierarchy 3 | # Access to `/.well-known/` is allowed. 4 | # https://www.mnot.net/blog/2010/04/07/well-known 5 | # https://tools.ietf.org/html/rfc5785 6 | location ~* /\.(?!well-known\/) { 7 | deny all; 8 | } 9 | 10 | # Prevent clients from accessing to backup/config/source files 11 | location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { 12 | deny all; 13 | } 14 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/tasks/php-cli.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure timezone is set in cli php.ini 3 | lineinfile: dest=/etc/php/7.0/cli/php.ini 4 | regexp='date.timezone =' 5 | line='date.timezone = {{ php_timezone }}' 6 | 7 | - name: disabling opcache cli 8 | lineinfile: dest=/etc/php/7.0/cli/php.ini 9 | regexp='opcache.enable_cli=' 10 | line='opcache.enable_cli=0' 11 | 12 | # Removes the Zend Opcache 13 | 14 | - name: Remove Redudant OpCache Symlink 15 | become: yes 16 | file: dest=/etc/php/7.0/cli/conf.d/20-opcache.ini state=absent 17 | 18 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | 5 | vars: 6 | php_enablerepo: "remi,remi-php70" 7 | php_enable_webserver: false 8 | 9 | # Test a global requirement. 10 | composer_global_packages: 11 | - { name: phpunit/phpunit, release: "@stable" } 12 | 13 | pre_tasks: 14 | - name: Add repository for PHP 7.0. 15 | apt_repository: repo='ppa:ondrej/php' 16 | when: ansible_os_family == 'Debian' 17 | 18 | roles: 19 | - { role: geerlingguy.repo-remi, when: ansible_os_family == 'RedHat' } 20 | - geerlingguy.php 21 | - role_under_test 22 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tasks/global-require.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install configured globally-required packages. 3 | become: yes 4 | become_user: "{{ composer_home_owner }}" 5 | shell: > 6 | COMPOSER_HOME={{ composer_home_path }} 7 | {{ composer_path }} global require {{ item.name }}:{{ item.release | default('@stable') }} --no-progress 8 | creates={{ composer_home_path }}/vendor/{{ item.name }} 9 | register: composer_global_require_result 10 | with_items: "{{ composer_global_packages }}" 11 | 12 | - name: Add composer_home_path bin directory to global $PATH. 13 | template: 14 | src: composer.sh.j2 15 | dest: /etc/profile.d/composer.sh 16 | mode: 0644 17 | when: composer_add_to_path 18 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | composer_path: /usr/local/bin/composer 3 | composer_keep_updated: false 4 | composer_version: '' 5 | 6 | # The directory where global packages will be installed. 7 | composer_home_path: '~/.composer' 8 | composer_home_owner: root 9 | composer_home_group: root 10 | 11 | # A list of packages to install globally. See commented examples below for 12 | # usage; the 'release' is optional, and defaults to '@stable'. 13 | composer_global_packages: [] 14 | # - { name: phpunit/phpunit, release: "4.7.x" } 15 | # - { name: phpunit/phpunit, release: "@stable" } 16 | 17 | composer_add_to_path: true 18 | 19 | # GitHub OAuth token (used to help overcome API rate limits). 20 | composer_github_oauth_token: '' 21 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/files/etc/skel/.config/htop/htoprc: -------------------------------------------------------------------------------- 1 | # Beware! This file is rewritten by htop when settings are changed in the interface. 2 | # The parser is also very primitive, and not human-friendly. 3 | fields=0 48 17 18 38 39 40 2 46 47 49 1 4 | sort_key=46 5 | sort_direction=1 6 | hide_threads=0 7 | hide_kernel_threads=1 8 | hide_userland_threads=0 9 | shadow_other_users=0 10 | show_thread_names=0 11 | highlight_base_name=1 12 | highlight_megabytes=1 13 | highlight_threads=1 14 | tree_view=0 15 | header_margin=1 16 | detailed_cpu_time=0 17 | cpu_count_from_zero=0 18 | color_scheme=0 19 | delay=15 20 | left_meters=LeftCPUs2 Memory Swap 21 | left_meter_modes=1 1 1 22 | right_meters=RightCPUs2 Tasks LoadAverage Uptime Clock Hostname 23 | right_meter_modes=1 2 2 2 2 2 24 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | php_ppa: "ppa:ondrej/php" 3 | php_packages: 4 | - php7.0-common 5 | - php7.0-cli 6 | - php7.0-intl 7 | - php7.0-curl 8 | - php7.0-cgi 9 | - php7.0-fpm 10 | - php7.0-mysql 11 | - php7.0-gd 12 | - php7.0-mbstring 13 | - php7.0-mcrypt 14 | - php7.0-memcached 15 | - php7.0-apcu 16 | - php7.0-xml 17 | php_timezone: Europe/London 18 | php_upload_max_filesize: "20M" 19 | php_post_max_size: "20M" 20 | php_memory_limit: "1024M" 21 | php_max_execution_time: 60 22 | 23 | php_opcache_enable: 1 24 | php_opcache_revalidate_freq: 2592000 25 | php_opcache_opcache_validate_timestamps: 1 26 | php_opcache_max_accelerated_files: 20000 27 | php_opcache_memory_consumption: 192 28 | php_opcache_interned_strings_buffer: 16 29 | php_opcache_fast_shutdown: 1 30 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | workspace: /root 3 | 4 | # If git_install_from_source is set to false, these two variables define whether 5 | # to use an additional repo for the package installation, and which git packages 6 | # will be installed. 7 | git_enablerepo: "" 8 | git_packages: 9 | - git 10 | - git-svn 11 | 12 | # If set to TRUE, git will be installed from source, using the version set with 13 | # the 'git_version' variable instead of using a package. 14 | git_install_from_source: false 15 | git_install_path: "/usr" 16 | git_version: "2.7.1" 17 | 18 | # If git is already installed at and older version, force a new source build. 19 | # Only applies if git_install_from_source is `true`. 20 | git_install_from_source_force_update: false 21 | 22 | # Leave this at it's default. 23 | git_reinstall_from_source: false 24 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure git is installed (RedHat). 3 | yum: 4 | name: "{{ item }}" 5 | state: installed 6 | enablerepo: "{{ git_enablerepo }}" 7 | with_items: "{{ git_packages }}" 8 | when: (git_install_from_source == false) and (ansible_os_family == 'RedHat') 9 | 10 | - name: Update apt cache (Debian). 11 | apt: update_cache=yes cache_valid_time=86400 12 | when: ansible_os_family == 'Debian' 13 | 14 | - name: Ensure git is installed (Debian). 15 | apt: 16 | name: "{{ item }}" 17 | state: installed 18 | with_items: "{{ git_packages }}" 19 | when: (git_install_from_source == false) and (ansible_os_family == 'Debian') 20 | 21 | # Install git from source when git_install_from_source is true. 22 | - include: install-from-source.yml 23 | when: git_install_from_source == true 24 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/templates/memcached-RedHat.conf.j2: -------------------------------------------------------------------------------- 1 | # Default connection port is 11211 2 | PORT="{{ memcached_port }}" 3 | 4 | # The user to run memcached as. 5 | USER="{{ memcached_user }}" 6 | 7 | # Limit the number of simultaneous incoming connections. The daemon default is 1024. 8 | MAXCONN="{{ memcached_connections }}" 9 | 10 | # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default 11 | # Note that the daemon will grow to this size, but does not start out holding this much 12 | # memory 13 | CACHESIZE="{{ memcached_memory_limit }}" 14 | 15 | # Extra options: 16 | # -l Specify which IP address to listen on. The default is to listen on all IP addresses 17 | # This parameter is one of the only security measures that memcached has, so make sure 18 | # it's listening on a firewalled interface. 19 | OPTIONS="-l {{ memcached_listen_ip }} {{ memcached_log_verbosity }} >> {{ memcached_log_file }} 2>&1" 20 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/nginx-optimization.conf: -------------------------------------------------------------------------------- 1 | # Sets the worker threads to the number of CPU cores available in the system for best performance. 2 | # Should be > the number of CPU cores. 3 | # Maximum number of connections = worker_processes * worker_connections 4 | worker_processes auto; 5 | 6 | # Maximum number of open files per worker process. 7 | # Should be > worker_connections. 8 | worker_rlimit_nofile 8192; 9 | 10 | events { 11 | # If you need more connections than this, you start optimizing your OS. 12 | # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. 13 | # Should be < worker_rlimit_nofile. 14 | worker_connections 8000; 15 | use epoll; 16 | 17 | # Accept as many connections as possible, after nginx gets notification about a new connection. 18 | # May flood worker_connections, if that option is set too low. 19 | multi_accept on; 20 | } 21 | 22 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependencies: [] 3 | 4 | galaxy_info: 5 | author: geerlingguy 6 | description: Composer PHP Dependency Manager 7 | company: "Midwestern Mac, LLC" 8 | license: "license (BSD, MIT)" 9 | min_ansible_version: 1.9 10 | platforms: 11 | - name: EL 12 | versions: 13 | - all 14 | - name: GenericUNIX 15 | versions: 16 | - all 17 | - name: Fedora 18 | versions: 19 | - all 20 | - name: opensuse 21 | versions: 22 | - all 23 | - name: GenericBSD 24 | versions: 25 | - all 26 | - name: FreeBSD 27 | versions: 28 | - all 29 | - name: Ubuntu 30 | versions: 31 | - all 32 | - name: SLES 33 | versions: 34 | - all 35 | - name: GenericLinux 36 | versions: 37 | - all 38 | - name: Debian 39 | versions: 40 | - all 41 | galaxy_tags: 42 | - packaging 43 | - web 44 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # tasks file for htop 2 | --- 3 | - name: install 4 | apt: 5 | name: htop 6 | state: latest 7 | update_cache: true 8 | cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}" 9 | tags: [configuration, htop, htop-install] 10 | 11 | - name: create configuration directory 12 | file: 13 | path: "{{ item.value.dest }}" 14 | state: directory 15 | with_dict: "{{ htop_htoprc_destinations }}" 16 | tags: [configuration, htop, htop-configuration] 17 | 18 | - name: create configuration file 19 | copy: 20 | src: etc/skel/.config/htop/htoprc 21 | dest: "{{ item.value.dest }}/htoprc" 22 | owner: "{{ item.value.owner | default('root') }}" 23 | group: "{{ item.value.group | default(item.value.owner) | default('root') }}" 24 | mode: "{{ item.value.mode | default('0644') }}" 25 | force: "{{ 'yes' if htop_replace_htoprc else 'no' }}" 26 | with_dict: "{{ htop_htoprc_destinations }}" 27 | tags: [configuration, htop, htop-configuration] 28 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Include variables and define needed variables. 3 | - name: Include OS-specific variables. 4 | include_vars: "{{ ansible_os_family }}.yml" 5 | 6 | - name: Define memcached_user. 7 | set_fact: 8 | memcached_user: "{{ __memcached_user }}" 9 | when: memcached_user is not defined 10 | 11 | # Setup/install tasks. 12 | - include: setup-RedHat.yml 13 | when: ansible_os_family == 'RedHat' 14 | 15 | - include: setup-Debian.yml 16 | when: ansible_os_family == 'Debian' 17 | 18 | # Configure Memcached. 19 | - name: Copy Memcached configuration. 20 | template: 21 | src: memcached-{{ ansible_os_family }}.conf.j2 22 | dest: "{{ memcached_config_file }}" 23 | owner: root 24 | group: root 25 | mode: 0644 26 | notify: restart memcached 27 | 28 | - name: Ensure Memcached is started and set to run on startup. 29 | service: name=memcached state=started enabled=yes 30 | 31 | - name: Install libmemcached-tools 32 | apt: pkg=libmemcached-tools state=latest update_cache=true 33 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | env: 6 | - SITE=test.yml 7 | 8 | before_install: 9 | - sudo apt-get update -qq 10 | - sudo apt-get install -y curl 11 | 12 | install: 13 | # Install Ansible. 14 | - pip install ansible 15 | 16 | # Add ansible.cfg to pick up roles path. 17 | - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" 18 | 19 | script: 20 | # Check the role/playbook's syntax. 21 | - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" 22 | 23 | # Run the role/playbook with ansible-playbook. 24 | - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" 25 | 26 | # Run the role/playbook again, checking to make sure it's idempotent. 27 | - > 28 | ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo 29 | | grep -q 'changed=0.*failed=0' 30 | && (echo 'Idempotence test: pass' && exit 0) 31 | || (echo 'Idempotence test: fail' && exit 1) 32 | 33 | # Check the version of Memcached (if this output fails, it's not running). 34 | - memcached -h | head -1 35 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/cache-file-descriptors.conf: -------------------------------------------------------------------------------- 1 | # This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc. 2 | # 3 | # The upside of this is that Nginx can immediately begin sending data when a popular file is requested, 4 | # and will also know to immediately send a 404 if a file is missing on disk, and so on. 5 | # 6 | # However, it also means that the server won't react immediately to changes on disk, which may be undesirable. 7 | # 8 | # In the below configuration, inactive files are released from the cache after 20 seconds, whereas 9 | # active (recently requested) files are re-validated every 30 seconds. 10 | # 11 | # Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time). 12 | # 13 | # A maximum of the 1000 most recently used file descriptors can be cached at any time. 14 | # 15 | # Production servers with stable file collections will definitely want to enable the cache. 16 | open_file_cache max=1000 inactive=20s; 17 | open_file_cache_valid 30s; 18 | open_file_cache_min_uses 2; 19 | open_file_cache_errors on; 20 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/templates/memcached-Debian.conf.j2: -------------------------------------------------------------------------------- 1 | # Run memcached as a daemon. This command is implied, and is not needed for the 2 | # daemon to run. 3 | -d 4 | 5 | # Log memcached's output to /var/log/memcached 6 | logfile {{ memcached_log_file }} 7 | {{ memcached_log_verbosity }} 8 | 9 | # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default 10 | # Note that the daemon will grow to this size, but does not start out holding this much 11 | # memory 12 | -m {{ memcached_memory_limit }} 13 | 14 | # Default connection port is 11211 15 | -p {{ memcached_port }} 16 | 17 | # Run the daemon as root. The start-memcached will default to running as root if no 18 | # -u command is present in this config file 19 | -u {{ memcached_user }} 20 | 21 | # Specify which IP address to listen on. The default is to listen on all IP addresses 22 | # This parameter is one of the only security measures that memcached has, so make sure 23 | # it's listening on a firewalled interface. 24 | -l {{ memcached_listen_ip }} 25 | 26 | # Limit the number of simultaneous incoming connections. The daemon default is 1024 27 | -c {{ memcached_connections }} 28 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/extra-security.conf: -------------------------------------------------------------------------------- 1 | # The X-Frame-Options header indicates whether a browser should be allowed 2 | # to render a page within a frame or iframe. 3 | add_header X-Frame-Options SAMEORIGIN; 4 | 5 | # MIME type sniffing security protection 6 | # There are very few edge cases where you wouldn't want this enabled. 7 | add_header X-Content-Type-Options nosniff; 8 | 9 | # The X-XSS-Protection header is used by Internet Explorer version 8+ 10 | # The header instructs IE to enable its inbuilt anti-cross-site scripting filter. 11 | add_header X-XSS-Protection "1; mode=block"; 12 | 13 | # with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy), 14 | # you can tell the browser that it can only download content from the domains you explicitly allow 15 | # CSP can be quite difficult to configure, and cause real issues if you get it wrong 16 | # There is website that helps you generate a policy here http://cspisawesome.com/ 17 | # add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;"; 18 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tests/Dockerfile.centos-7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | # Install systemd -- See https://hub.docker.com/_/centos/ 4 | RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs 5 | RUN yum -y update; yum clean all; \ 6 | (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 7 | rm -f /lib/systemd/system/multi-user.target.wants/*; \ 8 | rm -f /etc/systemd/system/*.wants/*; \ 9 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 11 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 12 | rm -f /lib/systemd/system/basic.target.wants/*; \ 13 | rm -f /lib/systemd/system/anaconda.target.wants/*; 14 | 15 | # Install Ansible 16 | RUN yum -y install epel-release 17 | RUN yum -y install git ansible sudo 18 | RUN yum clean all 19 | 20 | # Disable requiretty 21 | RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers 22 | 23 | # Install Ansible inventory file 24 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 25 | 26 | VOLUME ["/sys/fs/cgroup"] 27 | CMD ["/usr/sbin/init"] 28 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) Oefenweb.nl 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is furnished 8 | to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tests/Dockerfile.centos-7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | # Install systemd -- See https://hub.docker.com/_/centos/ 4 | RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs 5 | RUN yum -y update; yum clean all; \ 6 | (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 7 | rm -f /lib/systemd/system/multi-user.target.wants/*; \ 8 | rm -f /etc/systemd/system/*.wants/*; \ 9 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 11 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 12 | rm -f /lib/systemd/system/basic.target.wants/*; \ 13 | rm -f /lib/systemd/system/anaconda.target.wants/*; 14 | 15 | # Install Ansible 16 | RUN yum -y install epel-release 17 | RUN yum -y install git ansible sudo 18 | RUN yum clean all 19 | 20 | # Disable requiretty 21 | RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers 22 | 23 | # Install Ansible inventory file 24 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 25 | 26 | VOLUME ["/sys/fs/cgroup"] 27 | CMD ["/usr/sbin/init"] 28 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Arkadiusz Kondas 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add Nginx Repository 3 | apt_repository: repo='ppa:nginx/stable' state=present 4 | register: ppastable 5 | 6 | - name: Install Nginx 7 | apt: pkg=nginx state=latest update_cache=true 8 | when: ppastable|success 9 | register: nginxinstalled 10 | notify: 11 | - Start Nginx 12 | 13 | - name: Add H5BP Config 14 | copy: src=h5bp dest=/etc/nginx owner=root group=root 15 | 16 | - name: Disable Default Config 17 | file: dest=/etc/nginx/sites-enabled/default state=absent 18 | notify: 19 | - Reload Nginx 20 | 21 | - name: Replace Parent Nginx Config 22 | copy: dest=/etc/nginx/nginx.conf src=templates/nginx.conf owner=root group=root mode=644 backup=yes 23 | notify: 24 | - Reload Nginx 25 | 26 | - name: Add Site Config 27 | when: nginxinstalled|success 28 | template: src={{ domain }}.j2 dest=/etc/nginx/sites-available/{{ domain }} owner=root group=root 29 | 30 | - name: Enable Site Config 31 | file: src=/etc/nginx/sites-available/{{ domain }} dest=/etc/nginx/sites-enabled/{{ domain }} state=link 32 | notify: 33 | - Reload Nginx 34 | 35 | - name: Create Application Directory 36 | file: path=/var/www/{{ domain }} state=directory mode=775 owner=www-data group=www-data recurse=yes 37 | 38 | - name: Install Unzip 39 | apt: pkg=unzip state=latest update_cache=true -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: PHP7 2 | 3 | An Ansible role that installs and configure PHP 7 on Debian/Ubuntu servers. 4 | 5 | Current PHP7 version: **7.0.5** 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `defaults/main.yml`): 14 | 15 | php_ppa: "ppa:ondrej/php" 16 | php_packages: 17 | - php7.0-common 18 | - php7.0-cli 19 | - php7.0-intl 20 | - php7.0-curl 21 | - php7.0-cgi 22 | - php7.0-fpm 23 | - php7.0-mysql 24 | - php7.0-gd 25 | - php7.0-mbstring 26 | - php7.0-mcrypt 27 | php_timezone: Europe/Warsaw 28 | php_upload_max_filesize: "20M" 29 | php_post_max_size: "20M" 30 | php_memory_limit: "1024M" 31 | php_max_execution_time: 60 32 | 33 | php_opcache_enable: 1 34 | php_opcache_revalidate_freq: 2592000 35 | php_opcache_opcache_validate_timestamps: 1 36 | php_opcache_max_accelerated_files: 20000 37 | php_opcache_memory_consumption: 192 38 | php_opcache_interned_strings_buffer: 16 39 | php_opcache_fast_shutdown: 1 40 | 41 | ## Dependencies 42 | 43 | None. 44 | 45 | ## Example Playbook 46 | 47 | - hosts: webservers 48 | roles: 49 | - { role: itcraftsmanpl.php7 } 50 | 51 | ## License 52 | 53 | MIT 54 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/location/expires.conf: -------------------------------------------------------------------------------- 1 | # Expire rules for static content 2 | 3 | # No default expire rule. This config mirrors that of apache as outlined in the 4 | # html5-boilerplate .htaccess file. However, nginx applies rules by location, 5 | # the apache rules are defined by type. A consequence of this difference is that 6 | # if you use no file extension in the url and serve html, with apache you get an 7 | # expire time of 0s, with nginx you'd get an expire header of one month in the 8 | # future (if the default expire rule is 1 month). Therefore, do not use a 9 | # default expire rule with nginx unless your site is completely static 10 | 11 | # cache.appcache, your document html and data 12 | location ~* \.(?:manifest|appcache|html?|xml|json)$ { 13 | expires -1; 14 | } 15 | 16 | # Feed 17 | location ~* \.(?:rss|atom)$ { 18 | expires 1h; 19 | } 20 | 21 | # Media: images, icons, video, audio, HTC 22 | location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { 23 | expires 1M; 24 | access_log off; 25 | add_header Cache-Control "public"; 26 | } 27 | 28 | # CSS and Javascript 29 | location ~* \.(?:css|js)$ { 30 | expires 1y; 31 | access_log off; 32 | } 33 | 34 | # WebFonts 35 | # If you are NOT using cross-domain-fonts.conf, uncomment the following directive 36 | # location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { 37 | # expires 1M; 38 | # access_log off; 39 | # } 40 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/README.md: -------------------------------------------------------------------------------- 1 | ## htop 2 | 3 | [![Build Status](https://travis-ci.org/Oefenweb/ansible-htop.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-htop) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-htop-blue.svg)](https://galaxy.ansible.com/list#/roles/1412) 4 | 5 | Set up htop in Debian-like systems. 6 | 7 | #### Requirements 8 | 9 | None 10 | 11 | #### Variables 12 | 13 | * `htop_htoprc_destinations` [default: `{skell: dest: /etc/skel/.config/htop, current: dest: "{{ ansible_env.HOME }}/.config/htop"}`]: Destinations to copy the htoprc file to 14 | * `htop_htoprc_destinations.key`: The identifier of the file (e.g. `skel`) 15 | * `htop_htoprc_destinations.key.dest`: The remote path of the file to copy (e.g. `/etc/skel`) 16 | * `htop_htoprc_destinations.key.owner`: The name of the user that should own the file (optional, default `root`) 17 | * `htop_htoprc_destinations.key.group`: The name of the group that should own the file (optional, default `owner`, then `root`) 18 | * `htop_htoprc_destinations.key.mode`: The mode of the file, such as 0644 (optional, default `0644`) 19 | 20 | * `htop_replace_htoprc`: [default: `true`]: Whether or not to overwrite existing htoprc files 21 | 22 | ## Dependencies 23 | 24 | None 25 | 26 | #### Example 27 | 28 | ```yaml 29 | --- 30 | - hosts: all 31 | roles: 32 | - htop 33 | ``` 34 | 35 | #### License 36 | 37 | MIT 38 | 39 | #### Author Information 40 | 41 | Mischa ter Smitten 42 | 43 | #### Feedback, bug-reports, requests, ... 44 | 45 | Are [welcome](https://github.com/Oefenweb/ansible-htop/issues)! 46 | -------------------------------------------------------------------------------- /roles/geerlingguy.memcached/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: Memcached 2 | 3 | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-memcached.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-memcached) 4 | 5 | An Ansible Role that installs Memcached on RedHat/CentOS or Debian/Ubuntu Linux. 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `defaults/main.yml`): 14 | 15 | memcached_user: memcache 16 | 17 | The user under which the Memcached daemon will run. 18 | 19 | memcached_port: 11211 20 | memcached_listen_ip: 127.0.0.1 21 | 22 | The port and IP address (127.0.0.1 for localhost) on which Memcached will listen for requests. 23 | 24 | memcached_memory_limit: 64 25 | memcached_connections: 1024 26 | 27 | Memcached limits. The maximum amount of RAM `memcached` will consume (64MB is the default), and the maximum number of simultaneous connections memcached will handle. 28 | 29 | memcached_log_file: /var/log/memcached.log 30 | 31 | The location of the memcached log file. 32 | 33 | memcached_log_verbosity: "" 34 | 35 | Normally memcached does not log anything. Change to "-v" to enable logging or to "-vv" for debug logging. 36 | 37 | ## Dependencies 38 | 39 | None. 40 | 41 | ## Example Playbook 42 | 43 | - hosts: cache 44 | roles: 45 | - { role: geerlingguy.memcached } 46 | 47 | ## License 48 | 49 | MIT / BSD 50 | 51 | ## Author Information 52 | 53 | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). 54 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/http-optimization.conf: -------------------------------------------------------------------------------- 1 | # How long to allow each connection to stay idle. 2 | # Longer values are better for each individual client, particularly for SSL, 3 | # but means that worker connections are tied up longer. 4 | # keepalive_timeout 20s; 5 | client_body_timeout 12; 6 | 7 | client_header_timeout 12; 8 | send_timeout 10; 9 | 10 | # Speed up file transfers by using sendfile() to copy directly 11 | # between descriptors rather than using read()/write(). 12 | # For performance reasons, on FreeBSD systems w/ ZFS 13 | # this option should be disabled as ZFS's ARC caches 14 | # frequently used files in RAM by default. 15 | sendfile on; 16 | 17 | # Don't send out partial frames; this increases throughput 18 | # since TCP frames are filled up before being sent out. 19 | tcp_nopush on; 20 | 21 | # don't buffer data-sends (disable Nagle algorithm). Good for sending frequent small bursts of data in real time. 22 | tcp_nodelay on; 23 | 24 | # client_body_buffer_size: This handles the client buffer size, meaning any POST actions sent to Nginx. POST actions 25 | # are typically form submissions. 26 | client_body_buffer_size 128K; 27 | 28 | # client_header_buffer_size: Similar to the previous directive, only instead it handles the client header size. For all 29 | # intents and purposes, 1K is usually a decent size for this directive. 30 | client_header_buffer_size 1k; 31 | 32 | # client_max_body_size: The maximum allowed size for a client request. If the maximum size is exceeded, then Nginx will 33 | # spit out a 413 error or Request Entity Too Large. 34 | client_max_body_size 20m; 35 | 36 | # large_client_header_buffers: The maximum number and size of buffers for large client headers. 37 | large_client_header_buffers 2 1k; 38 | -------------------------------------------------------------------------------- /roles/nginx/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | pid /run/nginx.pid; 3 | include h5bp/directive-only/nginx-optimization.conf; 4 | 5 | 6 | http { 7 | 8 | ## 9 | # Basic Settings 10 | ## 11 | 12 | sendfile on; 13 | tcp_nopush on; 14 | tcp_nodelay on; 15 | keepalive_timeout 65; 16 | types_hash_max_size 2048; 17 | # server_tokens off; 18 | 19 | # server_names_hash_bucket_size 64; 20 | # server_name_in_redirect off; 21 | 22 | include /etc/nginx/mime.types; 23 | default_type application/octet-stream; 24 | 25 | ## 26 | # SSL Settings 27 | ## 28 | 29 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE 30 | ssl_prefer_server_ciphers on; 31 | 32 | ## 33 | # Logging Settings 34 | ## 35 | 36 | access_log /var/log/nginx/access.log; 37 | error_log /var/log/nginx/error.log; 38 | 39 | ## 40 | # Gzip Settings 41 | ## 42 | 43 | gzip on; 44 | gzip_disable "msie6"; 45 | 46 | # gzip_vary on; 47 | # gzip_proxied any; 48 | # gzip_comp_level 6; 49 | # gzip_buffers 16 8k; 50 | # gzip_http_version 1.1; 51 | # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; 52 | 53 | ## 54 | # Virtual Host Configs 55 | ## 56 | 57 | include /etc/nginx/conf.d/*.conf; 58 | include /etc/nginx/sites-enabled/*; 59 | } 60 | 61 | 62 | #mail { 63 | # # See sample authentication script at: 64 | # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript 65 | # 66 | # # auth_http localhost/auth.php; 67 | # # pop3_capabilities "TOP" "USER"; 68 | # # imap_capabilities "IMAP4rev1" "UIDPLUS"; 69 | # 70 | # server { 71 | # listen localhost:110; 72 | # protocol pop3; 73 | # proxy on; 74 | # } 75 | # 76 | # server { 77 | # listen localhost:143; 78 | # protocol imap; 79 | # proxy on; 80 | # } 81 | #} 82 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set php_executable variable to a default if not defined. 3 | set_fact: 4 | php_executable: php 5 | when: php_executable is not defined 6 | 7 | - name: Check if Composer is installed. 8 | stat: "path={{ composer_path }}" 9 | register: composer_bin 10 | 11 | - name: Download Composer installer. 12 | get_url: 13 | url: https://getcomposer.org/installer 14 | dest: /tmp/composer-installer.php 15 | mode: 0755 16 | when: not composer_bin.stat.exists 17 | 18 | - name: Run Composer installer. 19 | command: > 20 | {{ php_executable }} composer-installer.php {% if composer_version != '' %} --version={{ composer_version }}{% endif %} 21 | chdir=/tmp 22 | when: not composer_bin.stat.exists 23 | 24 | - name: Move Composer into globally-accessible location. 25 | shell: > 26 | mv /tmp/composer.phar {{ composer_path }} 27 | creates={{ composer_path }} 28 | when: not composer_bin.stat.exists 29 | 30 | - name: Update Composer to latest version (if configured). 31 | shell: > 32 | {{ php_executable }} {{ composer_path }} self-update 33 | register: composer_update 34 | changed_when: "'Updating to version' in composer_update.stdout" 35 | when: composer_keep_updated 36 | 37 | - name: Ensure composer directory exists. 38 | file: 39 | path: "{{ composer_home_path }}" 40 | owner: "{{ composer_home_owner }}" 41 | group: "{{ composer_home_group }}" 42 | state: directory 43 | 44 | - name: Add GitHub OAuth token for Composer (if configured). 45 | template: 46 | src: "auth.json.j2" 47 | dest: "{{ composer_home_path }}/auth.json" 48 | owner: "{{ composer_home_owner }}" 49 | group: "{{ composer_home_group }}" 50 | when: composer_github_oauth_token != '' 51 | 52 | - include: global-require.yml 53 | when: composer_global_packages|length > 0 54 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | 4 | env: 5 | - distribution: centos 6 | version: 7 7 | init: /usr/lib/systemd/systemd 8 | run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" 9 | - distribution: ubuntu 10 | version: 14.04 11 | init: /sbin/init 12 | run_opts: "" 13 | 14 | services: 15 | - docker 16 | 17 | before_install: 18 | # - sudo apt-get update 19 | # Pull container 20 | - 'sudo docker pull ${distribution}:${version}' 21 | # Customize container 22 | - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' 23 | 24 | script: 25 | - container_id=$(mktemp) 26 | # Run container in detached state 27 | - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' 28 | 29 | # Install dependencies. 30 | - 'sudo docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' 31 | 32 | # Ansible syntax check. 33 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' 34 | 35 | # Test role. 36 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' 37 | 38 | # Test role idempotence. 39 | - > 40 | sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml 41 | | grep -q 'changed=0.*failed=0' 42 | && (echo 'Idempotence test: pass' && exit 0) 43 | || (echo 'Idempotence test: fail' && exit 1) 44 | 45 | # Ensure Composer is installed and working. 46 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm composer' 47 | 48 | # Clean up 49 | - 'sudo docker stop "$(cat ${container_id})"' 50 | 51 | notifications: 52 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 53 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/tasks/install-from-source.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure git's dependencies are installed (RedHat). 3 | yum: "pkg={{ item }} state=installed" 4 | with_items: 5 | - gettext-devel 6 | - expat-devel 7 | - curl-devel 8 | - zlib-devel 9 | - perl-devel 10 | - openssl-devel 11 | - subversion-perl 12 | - make 13 | - gcc 14 | when: ansible_os_family == 'RedHat' 15 | 16 | - name: Ensure git's dependencies are installed (Debian). 17 | apt: "pkg={{ item }} state=installed" 18 | with_items: 19 | - libcurl4-gnutls-dev 20 | - libexpat1-dev 21 | - gettext 22 | - libssl-dev 23 | - build-essential 24 | - gcc 25 | when: ansible_os_family == 'Debian' 26 | 27 | - name: Get installed version 28 | command: git --version 29 | changed_when: false 30 | failed_when: false 31 | # Ansible 1.8 feature. 32 | # warn: no 33 | register: git_installed_version 34 | 35 | - name: Force git install if the version numbers do not match 36 | set_fact: 37 | git_reinstall_from_source: true 38 | when: 'git_install_from_source_force_update and (git_installed_version|success and (git_installed_version.stdout | regex_replace("^.*?([0-9\.]+)$", "\\1") | version_compare(git_version, operator="!=")))' 39 | 40 | - name: Download git. 41 | get_url: 42 | url: "https://www.kernel.org/pub/software/scm/git/git-{{ git_version }}.tar.gz" 43 | dest: "{{ workspace }}/git-{{ git_version }}.tar.gz" 44 | when: git_installed_version|failed or git_reinstall_from_source 45 | 46 | - name: Expand git archive. 47 | unarchive: 48 | src: "{{ workspace }}/git-{{ git_version }}.tar.gz" 49 | dest: "{{ workspace }}" 50 | creates: "{{ workspace }}/git-{{ git_version }}/README" 51 | copy: no 52 | when: git_installed_version|failed or git_reinstall_from_source 53 | 54 | - name: Build git. 55 | command: > 56 | make prefix={{ git_install_path }} {{ item }} 57 | chdir={{ workspace }}/git-{{ git_version }} 58 | with_items: 59 | - all 60 | - install 61 | when: git_installed_version|failed or git_reinstall_from_source 62 | become: yes 63 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: Git 2 | 3 | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-git.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-git) 4 | 5 | Installs Git, a distributed version control system, on any RHEL/CentOS or Debian/Ubuntu Linux system. 6 | 7 | ## Requirements 8 | 9 | None. 10 | 11 | ## Role Variables 12 | 13 | Available variables are listed below, along with default values (see `defaults/main.yml`): 14 | 15 | workspace: /root 16 | 17 | Where certain files will be downloaded and adjusted prior to git installation, if needed. 18 | 19 | git_enablerepo: "" 20 | 21 | This variable, a well as `git_packages`, will be used to install git via a particular `yum` repo if `git_install_from_source` is false (CentOS only). Any additional repositories you have installed that you would like to use for a newer/different Git version. 22 | 23 | git_packages: 24 | - git 25 | - git-svn 26 | 27 | The specific Git packages that will be installed. By default, `git-svn` is included, but you can easily add this variable to your playbook's variables and remove `git-svn` if desired. 28 | 29 | git_install_from_source: false 30 | git_install_path: "/usr" 31 | git_version: "2.1.0" 32 | 33 | Whether to install Git from source; if set to `true`, `git_version` is required and will be used to install a particular version of git (see all available versions here: https://www.kernel.org/pub/software/scm/git/), and `git_install_path` defines where git should be installed. 34 | 35 | git_install_from_source_force_update: false 36 | 37 | If git is already installed at and older version, force a new source build. Only applies if `git_install_from_source` is `true`. 38 | 39 | ## Dependencies 40 | 41 | None. 42 | 43 | ## Example Playbook 44 | 45 | - hosts: servers 46 | roles: 47 | - { role: geerlingguy.git } 48 | 49 | ## License 50 | 51 | MIT / BSD 52 | 53 | ## Author Information 54 | 55 | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). 56 | -------------------------------------------------------------------------------- /roles/nginx/templates/saveeo.com.j2: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name *.{{ domain }}; 4 | return 301 https://{{ domain }}; 5 | } 6 | 7 | server { 8 | 9 | # disable below line to only listen on 80 10 | # listen 80 default_server; 11 | listen 443 ssl default_server; 12 | 13 | ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; 14 | ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; 15 | 16 | root /var/www/{{ domain }}/public; 17 | index index.php index.html index.html; 18 | 19 | access_log off; 20 | log_not_found off; 21 | error_log /var/log/nginx/{{ domain }}-error.log error; 22 | 23 | server_name {{ domain }}; 24 | charset utf-8; 25 | include h5bp/basic.conf; 26 | 27 | location /favicon.ico { log_not_found off; access_log off;} 28 | location /robots.txt { log_not_found off; access_log off;} 29 | 30 | location / { 31 | try_files $uri $uri/ /index.php?$query_string; 32 | } 33 | 34 | location /js { 35 | location ~* .(js)$ { 36 | deny all; 37 | return 403; 38 | } 39 | } 40 | 41 | location ~ \.php$ { 42 | try_files $uri =404; 43 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 44 | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; 45 | fastcgi_index index.php; 46 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 47 | include fastcgi_params; 48 | } 49 | 50 | location /nginx_status { 51 | # Turn on nginx stats 52 | stub_status on; 53 | # I do not need logs for stats 54 | access_log off; 55 | # Security: Only allow access from 192.168.1.100 IP # 56 | # allow 192.168.1.100; 57 | # Send rest of the world to /dev/null # 58 | # deny all; 59 | } 60 | 61 | location ~ ^/(fpm_status|fpm_ping)$ { 62 | access_log off; 63 | #allow 127.0.0.1; 64 | #allow 1.2.3.4#your-ip; 65 | #deny all; 66 | fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; 67 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 68 | include fastcgi_params; 69 | 70 | } 71 | 72 | 73 | } 74 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/gzip-compression.conf: -------------------------------------------------------------------------------- 1 | # Enable gzip compression. 2 | gzip on; 3 | 4 | # Compression level (1-9). 5 | # 5 is a perfect compromise between size and CPU usage, offering about 6 | # 75% reduction for most ASCII files (almost identical to level 9). 7 | gzip_comp_level 5; 8 | 9 | # Don't compress anything that's already small and unlikely to shrink much 10 | # if at all (the default is 20 bytes, which is bad as that usually leads to 11 | # larger files after gzipping). 12 | gzip_min_length 256; 13 | 14 | # Compress data even for clients that are connecting to us via proxies, 15 | # identified by the "Via" header (required for CloudFront). 16 | gzip_proxied any; 17 | 18 | # Tell proxies to cache both the gzipped and regular version of a resource 19 | # whenever the client's Accept-Encoding capabilities header varies; 20 | # Avoids the issue where a non-gzip capable client (which is extremely rare 21 | # today) would display gibberish if their proxy gave them the gzipped version. 22 | gzip_vary on; 23 | 24 | # Compress all output labeled with one of the following MIME-types. 25 | gzip_types 26 | application/atom+xml 27 | application/javascript 28 | application/json 29 | application/ld+json 30 | application/manifest+json 31 | application/rss+xml 32 | application/vnd.geo+json 33 | application/vnd.ms-fontobject 34 | application/x-font-ttf 35 | application/x-web-app-manifest+json 36 | application/xhtml+xml 37 | application/xml 38 | font/opentype 39 | image/bmp 40 | image/svg+xml 41 | image/x-icon 42 | text/cache-manifest 43 | text/css 44 | text/plain 45 | text/vcard 46 | text/vnd.rim.location.xloc 47 | text/vtt 48 | text/x-component 49 | text/x-cross-domain-policy; 50 | # text/html is always compressed by gzip module 51 | 52 | # This should be turned on if you are going to have pre-compressed copies (.gz) of 53 | # static files available. If not it should be left off as it will cause extra I/O 54 | # for the check. It is best if you enable this in a location{} block for 55 | # a specific directory, or on an individual server{} level. 56 | # gzip_static on; -------------------------------------------------------------------------------- /roles/tersmitten.htop/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | dist: trusty 4 | 5 | language: python 6 | python: "2.7" 7 | 8 | env: 9 | - ANSIBLE_VERSION=latest 10 | - ANSIBLE_VERSION=2.0.2.0 11 | - ANSIBLE_VERSION=2.0.1.0 12 | - ANSIBLE_VERSION=2.0.0.2 13 | - ANSIBLE_VERSION=2.0.0.1 14 | - ANSIBLE_VERSION=2.0.0.0 15 | - ANSIBLE_VERSION=1.9.6 16 | - ANSIBLE_VERSION=1.9.5 17 | - ANSIBLE_VERSION=1.9.4 18 | - ANSIBLE_VERSION=1.9.3 19 | - ANSIBLE_VERSION=1.9.2 20 | - ANSIBLE_VERSION=1.9.1 21 | - ANSIBLE_VERSION=1.9.0.1 22 | - ANSIBLE_VERSION=1.8.4 23 | - ANSIBLE_VERSION=1.8.3 24 | - ANSIBLE_VERSION=1.8.2 25 | - ANSIBLE_VERSION=1.8.1 26 | - ANSIBLE_VERSION=1.8 27 | - ANSIBLE_VERSION=1.7.2 28 | - ANSIBLE_VERSION=1.7.1 29 | - ANSIBLE_VERSION=1.7 30 | - ANSIBLE_VERSION=1.6.9 31 | - ANSIBLE_VERSION=1.6.8 32 | - ANSIBLE_VERSION=1.6.7 33 | - ANSIBLE_VERSION=1.6.6 34 | - ANSIBLE_VERSION=1.6.5 35 | - ANSIBLE_VERSION=1.6.4 36 | - ANSIBLE_VERSION=1.6.3 37 | - ANSIBLE_VERSION=1.6.2 38 | - ANSIBLE_VERSION=1.6.10 39 | - ANSIBLE_VERSION=1.6.1 40 | - ANSIBLE_VERSION=1.6 41 | 42 | branches: 43 | only: 44 | - master 45 | 46 | before_install: 47 | - sudo apt-get update -qq 48 | 49 | # Remove htop 50 | - sudo apt-get remove --purge --yes htop 51 | 52 | install: 53 | # Install Ansible. 54 | - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install --no-binary ansible ansible; else pip install --no-binary ansible ansible==$ANSIBLE_VERSION; fi 55 | 56 | script: 57 | # Check the role/playbook's syntax. 58 | - ansible-playbook -i tests/inventory tests/test.yml --syntax-check 59 | 60 | # Run the role/playbook with ansible-playbook. 61 | - ansible-playbook -i tests/inventory tests/test.yml -vvvv 62 | 63 | # Run the role/playbook again, checking to make sure it's idempotent. 64 | - > 65 | ansible-playbook -i tests/inventory tests/test.yml 66 | | grep -q 'changed=0.*failed=0' 67 | && (echo 'Idempotence test: pass' && exit 0) 68 | || (echo 'Idempotence test: fail' && exit 1) 69 | 70 | notifications: 71 | email: false 72 | hipchat: 73 | rooms: 74 | secure: l5UYzdHkL4Ec2luCwA0gcbKL52x7wY8dSj2K2NYCxZFNwOH7p04l7eAtackqn/t73TL1DvjtOPLAEO2hRDQzLSHPbGXiNS30nbOIG0IkuHQoatPSa9gcV1NfwMHU/bj3TU1NiAjAOoew0KKrhN1H+5UpfzMcqDM0Scgf/uiVGHo= 75 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 76 | -------------------------------------------------------------------------------- /roles/tersmitten.htop/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby ts=2 sw=2 tw=0 et : 3 | 4 | role = File.basename(File.expand_path(File.dirname(__FILE__))) 5 | 6 | boxes = [ 7 | { 8 | :name => "ubuntu-1004", 9 | :box => "opscode-ubuntu-10.04", 10 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-10.04_chef-provisionerless.box", 11 | :ip => '10.0.0.10', 12 | :cpu => "50", 13 | :ram => "256" 14 | }, 15 | { 16 | :name => "ubuntu-1204", 17 | :box => "opscode-ubuntu-12.04", 18 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-12.04_chef-provisionerless.box", 19 | :ip => '10.0.0.11', 20 | :cpu => "50", 21 | :ram => "256" 22 | }, 23 | { 24 | :name => "ubuntu-1404", 25 | :box => "opscode-ubuntu-14.04", 26 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box", 27 | :ip => '10.0.0.12', 28 | :cpu => "50", 29 | :ram => "256" 30 | }, 31 | { 32 | :name => "debian-6010", 33 | :box => "opscode-debian-6.0.10", 34 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box", 35 | :ip => '10.0.0.13', 36 | :cpu => "50", 37 | :ram => "256" 38 | }, 39 | { 40 | :name => "debian-79", 41 | :box => "opscode-debian-7.9", 42 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.9_chef-provisionerless.box", 43 | :ip => '10.0.0.14', 44 | :cpu => "50", 45 | :ram => "256" 46 | }, 47 | { 48 | :name => "debian-83", 49 | :box => "opscode-debian-8.3", 50 | :url => "http://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.3_chef-provisionerless.box", 51 | :ip => '10.0.0.15', 52 | :cpu => "50", 53 | :ram => "256" 54 | }, 55 | ] 56 | 57 | Vagrant.configure("2") do |config| 58 | boxes.each do |box| 59 | config.vm.define box[:name] do |vms| 60 | vms.vm.box = box[:box] 61 | vms.vm.box_url = box[:url] 62 | vms.vm.hostname = "ansible-#{role}-#{box[:name]}" 63 | 64 | vms.vm.provider "virtualbox" do |v| 65 | v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]] 66 | v.customize ["modifyvm", :id, "--memory", box[:ram]] 67 | end 68 | 69 | vms.vm.network :private_network, ip: box[:ip] 70 | 71 | vms.vm.provision :ansible do |ansible| 72 | ansible.playbook = "tests/vagrant.yml" 73 | ansible.verbose = "vv" 74 | end 75 | end 76 | end 77 | end 78 | -------------------------------------------------------------------------------- /roles/geerlingguy.git/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | sudo: required 3 | 4 | env: 5 | # Only test source install on latest supported OSes. 6 | # - distribution: centos 7 | # version: 7 8 | # init: /usr/lib/systemd/systemd 9 | # run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" 10 | # SITE: source 11 | # GIT_VERSION: 2.7.1 12 | - distribution: ubuntu 13 | version: 14.04 14 | init: /sbin/init 15 | run_opts: "" 16 | SITE: source 17 | GIT_VERSION: 2.7.1 18 | 19 | # Test package install on all supported OSes. 20 | - distribution: centos 21 | version: 6 22 | init: /sbin/init 23 | run_opts: "" 24 | SITE: package 25 | GIT_VERSION: 1.7.1 26 | - distribution: centos 27 | version: 7 28 | init: /usr/lib/systemd/systemd 29 | run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" 30 | SITE: package 31 | GIT_VERSION: 1.8.3.1 32 | - distribution: ubuntu 33 | version: 14.04 34 | init: /sbin/init 35 | run_opts: "" 36 | SITE: package 37 | GIT_VERSION: 1.9.1 38 | - distribution: ubuntu 39 | version: 12.04 40 | init: /sbin/init 41 | run_opts: "" 42 | SITE: package 43 | GIT_VERSION: 1.7.9.5 44 | 45 | services: 46 | - docker 47 | 48 | before_install: 49 | # - sudo apt-get update 50 | # Pull container 51 | - 'sudo docker pull ${distribution}:${version}' 52 | # Customize container 53 | - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' 54 | 55 | script: 56 | - container_id=$(mktemp) 57 | # Run container in detached state 58 | - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' 59 | 60 | # Ansible syntax check. 61 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml --syntax-check' 62 | 63 | # Test role. 64 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml' 65 | 66 | # Test role idempotence. 67 | - > 68 | sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test-${SITE}.yml 69 | | grep -q 'changed=0.*failed=0' 70 | && (echo 'Idempotence test: pass' && exit 0) 71 | || (echo 'Idempotence test: fail' && exit 1) 72 | 73 | # Ensure Git is installed and at the right version. 74 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm which git' 75 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm test -x /usr/bin/git' 76 | 77 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm git --version' 78 | - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm /usr/bin/git --version | grep -qF "$GIT_VERSION"' 79 | 80 | # Clean up 81 | - 'sudo docker stop "$(cat ${container_id})"' 82 | 83 | notifications: 84 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 85 | -------------------------------------------------------------------------------- /roles/geerlingguy.composer/README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: Composer 2 | 3 | [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-composer.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-composer) 4 | 5 | Installs Composer, the PHP Dependency Manager, on any Linux or UNIX system. 6 | 7 | ## Requirements 8 | 9 | - `php` (version 5.4+) should be installed and working (you can use the `geerlingguy.php` role to install). 10 | - `git` should be installed and working (you can use the `geerlingguy.git` role to install). 11 | 12 | ## Role Variables 13 | 14 | Available variables are listed below, along with default values (see `defaults/main.yml`): 15 | 16 | composer_path: /usr/local/bin/composer 17 | 18 | The path where composer will be installed and available to your system. Should be in your user's `$PATH` so you can run commands simply with `composer` instead of the full path. 19 | 20 | composer_keep_updated: false 21 | 22 | Set this to `true` to update Composer to the latest release every time the playbook is run. 23 | 24 | composer_home_path: '~/.composer' 25 | composer_home_owner: root 26 | composer_home_group: root 27 | 28 | The `COMPOSER_HOME` path and directory ownership; this is the directory where global packages will be installed. 29 | 30 | composer_version: '' 31 | 32 | You can install a specific release of Composer, e.g. `composer_version: '1.0.0-alpha11'`. If left empty the latest development version will be installed. Note that `composer_keep_updated` will override this variable, as it will always install the latest development version. 33 | 34 | composer_global_packages: {} 35 | 36 | A list of packages to install globally (using `composer global require`). If you want to install any packages globally, add a list item with a dictionary with the `name` of the package and a `release`, e.g. `- { name: phpunit/phpunit, release: "4.7.*" }`. The 'release' is optional, and defaults to `@stable`. 37 | 38 | composer_add_to_path: true 39 | 40 | If `true`, and if there are any configured `composer_global_packages`, the `vendor/bin` directory inside `composer_home_path` will be added to the system's default `$PATH` (for all users). 41 | 42 | composer_github_oauth_token: '' 43 | 44 | GitHub OAuth token, used to avoid GitHub API rate limiting errors when building and rebuilding applications using Composer. Follow GitHub's directions to [Create a personal access token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) if you run into these rate limit errors. 45 | 46 | php_executable: php 47 | 48 | The executable name or full path to the PHP executable. This is defaulted to `php` if you don't override the variable. 49 | 50 | ## Dependencies 51 | 52 | None (but make sure you've installed PHP; the `geerlingguy.php` role is recommended). 53 | 54 | ## Example Playbook 55 | 56 | - hosts: servers 57 | roles: 58 | - geerlingguy.composer 59 | 60 | After the playbook runs, `composer` will be placed in `/usr/local/bin/composer` (this location is configurable), and will be accessible via normal system accounts. 61 | 62 | ## License 63 | 64 | MIT / BSD 65 | 66 | ## Author Information 67 | 68 | This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). 69 | -------------------------------------------------------------------------------- /roles/nginx/files/h5bp/directive-only/ssl.conf: -------------------------------------------------------------------------------- 1 | # Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add 2 | # SSLv3 to the list of protocols below. 3 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 4 | 5 | # Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx 6 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; 7 | ssl_prefer_server_ciphers on; 8 | 9 | # Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. 10 | # The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection. 11 | # By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state. 12 | # Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS. 13 | ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions 14 | ssl_session_timeout 24h; 15 | 16 | # SSL buffer size was added in 1.5.9 17 | #ssl_buffer_size 1400; # 1400 bytes to fit in one MTU 18 | 19 | # Session tickets appeared in version 1.5.9 20 | # 21 | # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and 22 | # when a restart is performed the previous key is lost, which resets all previous 23 | # sessions. The fix for this is to setup a manual rotation mechanism: 24 | # http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx 25 | # 26 | # Note that you'll have to define and rotate the keys securely by yourself. In absence 27 | # of such infrastructure, consider turning off session tickets: 28 | #ssl_session_tickets off; 29 | 30 | # Use a higher keepalive timeout to reduce the need for repeated handshakes 31 | keepalive_timeout 300s; # up from 75 secs default 32 | 33 | # HSTS (HTTP Strict Transport Security) 34 | # This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS. 35 | #add_header Strict-Transport-Security "max-age=31536000;"; 36 | # This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS 37 | #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;"; 38 | # This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS 39 | # Recommend is also to use preload service 40 | #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"; 41 | 42 | # This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication). 43 | # Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors. 44 | #ssl_certificate /etc/nginx/default_ssl.crt; 45 | #ssl_certificate_key /etc/nginx/default_ssl.key; 46 | 47 | # Consider using OCSP Stapling as shown in ssl-stapling.conf 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Ansible Playbooks for Laravel 5 2 | --- 3 | Minimalistic and performant setup for your apps 4 | --- 5 | 6 | ##### Note 7 | 8 | This does not include mysql-server as I use RDS but you can easily update `provision.yml` to include a mysql installation using `ansible-galaxy`. Also, SSL is enabled, but you can disable it by commenting out a few lines. Also, in theory, this setup should work just fine for **Symfony, Yii, CodeIgniter or any PHP framework**. 9 | 10 | ##### Motive 11 | 12 | Taylor Otwell has done a great job with Laravel Forge, but provisioning boxes yourself is my personal preference. As I have embarked upon this journey of learning DevOps, I find that Ansible gives you a very clean API to control how to build a production level box. 13 | 14 | The primary advantage of building your box is this: you learn how things work and you get to ensure only the necessary components for your application are provisioned with idempotence. You can add complexity as you grow, which is better than starting with a complex setup. 15 | 16 | _I hope you will find this repository useful and I recommend you star it as I will update it with more improvements._ 17 | 18 | ##### Requirements 19 | 20 | * python 2.7 must be installed on your server [A] 21 | * ansible must be installed from where you are executing playbooks (watch video enclosed below) 22 | * linux instance (e.g. _ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20160610 (ami-0ae77879)_) 23 | 24 | ##### Ansible 25 | 26 | Ansible is a great tool for provisioning servers using an agentless form. So you can do the following: 27 | 28 | 1. Use a vagrant box on your local machine and control your fleet of servers. 29 | 2. Use a t2.micro instance on Amazon and use it to control your fleet of servers. 30 | 31 | I would recommend [this](https://serversforhackers.com/video/ansible-installation-and-basics) guide to install Ansible. 32 | 33 | ##### Running 34 | 35 | _Please watch the video in the earlier step to understand Ansible, especially if you're a beginner._. 36 | 37 | Once you've set Ansible up, you must update your domain name in `/roles/nginx/vars/main.yml`. 38 | 39 | Then run the provisioner using the following command from the `ansible-playbooks-laravel-5/` directory: 40 | 41 | `ansible-playbook --private-key=~/.ssh/your-web-server.pem provision.yml` 42 | 43 | This installs the following software on your standard Linux box. 44 | 45 | * php7 with batteries 46 | * nginx 47 | * git 48 | * composer 49 | * memcached 50 | * htop 51 | * unzip 52 | * libmemcached-tools 53 | 54 | Well done, you've just done a hell lot of work in 10 seconds. 55 | 56 | Now, cd into your webroot by `cd /var/www/domain.com/` & download your app using: 57 | 58 | `sudo git clone your-github-repository-url.git .` The `.` in the end is important. 59 | 60 | Then, do `sudo touch .env` and add in your production environment variables. 61 | 62 | Next, run `sudo composer install`. 63 | 64 | Finally, enter these two commands to establish the correct permissions on your `cache` and `storage` folders. 65 | 66 | ``` 67 | sudo chgrp -R www-data storage bootstrap/cache 68 | sudo chmod -R ug+rwx storage bootstrap/cache 69 | ``` 70 | 71 | You should now be able to access your app at `domain.com`. 72 | 73 | 74 | ##### Brief 75 | 76 | Ideally suitable for Laravel setups, this Ansible provision recipe does a lot more than you might think. The configurations includes the industry standard optimizations so you can run a high traffic site out of the box. 77 | 78 | The php7.0 'batteries included' build by Ondrej Sury comes with all the necessary extensions to satisfy major framework requirements. See the list below to marvel at the range of goodies. 79 | 80 | 81 | * php7.0-common 82 | * php7.0-cli 83 | * php7.0-intl 84 | * php7.0-curl 85 | * php7.0-cgi 86 | * php7.0-fpm 87 | * php7.0-mysql 88 | * php7.0-gd 89 | * php7.0-mbstring 90 | * php7.0-mcrypt 91 | * php7.0-memcached 92 | * php7.0-apcu [B] 93 | * php7.0-xml 94 | 95 | In addition to the facilities for php above, there's nginx, with which, I am supplying optimizations such as ready-to-go gzip compression, advanced nginx setup and more. 96 | 97 | You can peek into `/roles/nginx/files/h5bp/directive-only` and observe the 3 custom `.conf` files I have added: `gzip-compression.conf`, `nginx-optimization.conf` and `http-optimization.conf`. You can read the comments on top of each configuration line to learn. 98 | 99 | Furthermore, once you provision, you will have `htop` support on your server. Invoking `htop` on the command line lets you monitor system usage. A nice to have tool for DevOps. 100 | 101 | ##### Apendices 102 | 103 | ###### A | _You can do this easily by running `sudo apt-get update` and then `sudo apt-get install python`_. 104 | 105 | ###### B | _APCU is included to make Opcode caching even better. Opcode comes with PHP 7 built-in by default_. 106 | -------------------------------------------------------------------------------- /roles/itcraftsmanpl.php7/tasks/php-fpm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set permissions on socket - owner 3 | lineinfile: "dest=/etc/php/7.0/fpm/pool.d/www.conf state=present regexp='^;?listen.owner' line='listen.owner = www-data'" 4 | 5 | - name: Set permissions on socket - group 6 | lineinfile: "dest=/etc/php/7.0/fpm/pool.d/www.conf state=present regexp='^;?listen.group' line='listen.group = www-data'" 7 | 8 | - name: Set permissions on socket - mode 9 | lineinfile: "dest=/etc/php/7.0/fpm/pool.d/www.conf state=present regexp='^;?listen.mode' line='listen.mode = 0660'" 10 | notify: restart php7-fpm 11 | 12 | - name: Set php-fpm status page - active 13 | lineinfile: "dest=/etc/php/7.0/fpm/pool.d/www.conf state=present regexp='^;?pm.status_path' line='pm.status_path = /fpm_status'" 14 | notify: restart php7-fpm 15 | 16 | - name: Set php-fpm ping page - active 17 | lineinfile: "dest=/etc/php/7.0/fpm/pool.d/www.conf state=present regexp='^;?ping.path' line='ping.path = /fpm_ping'" 18 | notify: restart php7-fpm 19 | 20 | - name: Ensure timezone is set in fpm php.ini 21 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 22 | regexp='date.timezone =' 23 | line='date.timezone = {{ php_timezone }}' 24 | 25 | - name: Enabling opcache 26 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 27 | regexp='^#?opcache.enable=' 28 | line='opcache.enable=1' 29 | 30 | - name: Opcache - changing revalidate frequency to 0 31 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 32 | regexp='opcache.revalidate_freq=' 33 | line='opcache.revalidate_freq=0' 34 | tags: [ development ] 35 | 36 | - name: Set session.cookie_httponly to `true` 37 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 38 | regexp='session.cookie_httponly(\s)?=' 39 | line='session.cookie_httponly=1' 40 | notify: restart php7-fpm 41 | 42 | - name: Enable session strict mode 43 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 44 | regexp='session.use_strict_mode(\s)?=' 45 | line='session.use_strict_mode = 1' 46 | notify: restart php7-fpm 47 | 48 | - name: Disable url fopen 49 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 50 | regexp='allow_url_fopen(\s)?=' 51 | line='allow_url_fopen = Off' 52 | notify: restart php7-fpm 53 | 54 | - name: Change soap.wsdl_cache_dir to new directory 55 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 56 | regexp='soap.wsdl_cache_dir(\s)?=' 57 | line='soap.wsdl_cache_dir=/php/cache/wsdl' 58 | notify: restart php7-fpm 59 | 60 | - name: Change upload_tmp_dir path 61 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 62 | regexp='upload_tmp_dir(\s)?=' 63 | line='upload_tmp_dir=/php/cache/upload_tmp' 64 | notify: restart php7-fpm 65 | 66 | - name: Exclude potentially harmfull php functions 67 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 68 | regexp='disable_functions(\s)?=' 69 | line='disable_functions=exec,passthru,shell_exec,system,proc_open,popen' 70 | notify: restart php7-fpm 71 | 72 | - name: Set post_max_size 73 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 74 | regexp='post_max_size(\s)?=' 75 | line='post_max_size = {{ php_post_max_size }}' 76 | notify: restart php7-fpm 77 | 78 | - name: Set upload_max_filesize 79 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 80 | regexp='upload_max_filesize(\s)?=' 81 | line='upload_max_filesize = {{ php_upload_max_filesize }}' 82 | create=yes 83 | notify: restart php7-fpm 84 | 85 | - name: Set memory_limit 86 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 87 | regexp='memory_limit(\s)?=' 88 | line='memory_limit = {{ php_memory_limit }}' 89 | notify: restart php7-fpm 90 | 91 | - name: Set max_execution_time 92 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 93 | regexp='max_execution_time(\s)?=' 94 | line='max_execution_time = {{ php_max_execution_time }}' 95 | notify: restart php7-fpm 96 | 97 | - name: enabling opcache 98 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 99 | regexp='opcache.enable=' 100 | line='opcache.enable={{ php_opcache_enable }}' 101 | insertafter="^[opcache]" 102 | notify: restart php7-fpm 103 | 104 | - name: opcache - changing revalidate frequency 105 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 106 | regexp='opcache.revalidate_freq=' 107 | line='opcache.revalidate_freq={{ php_opcache_revalidate_freq }}' 108 | insertafter="^[opcache]" 109 | notify: restart php7-fpm 110 | 111 | - name: opcache - changing validate timestamps 112 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 113 | regexp='opcache.validate_timestamps=' 114 | line='opcache.validate_timestamps={{ php_opcache_opcache_validate_timestamps }}' 115 | insertafter="^[opcache]" 116 | notify: restart php7-fpm 117 | 118 | - name: opcache - changing max accelerated files 119 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 120 | regexp='opcache.max_accelerated_files=' 121 | line='opcache.validate_timestamps={{ php_opcache_max_accelerated_files }}' 122 | insertafter="^[opcache]" 123 | notify: restart php7-fpm 124 | 125 | - name: opcache - memory consumption 126 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 127 | regexp='opcache.memory_consumption=' 128 | line='opcache.memory_consumption={{ php_opcache_memory_consumption }}' 129 | insertafter="^[opcache]" 130 | notify: restart php7-fpm 131 | 132 | - name: opcache - interned strings buffer 133 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 134 | regexp='opcache.interned_strings_buffer=' 135 | line='opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }}' 136 | insertafter="^[opcache]" 137 | notify: restart php7-fpm 138 | 139 | - name: opcache - fast shutdown 140 | lineinfile: dest=/etc/php/7.0/fpm/php.ini 141 | regexp='opcache.fast_shutdown=' 142 | line='opcache.fast_shutdown={{ php_opcache_fast_shutdown }}' 143 | insertafter="^[opcache]" 144 | notify: 145 | - restart php7-fpm 146 | - Reload Nginx 147 | --------------------------------------------------------------------------------