├── .gitignore ├── LICENSE ├── README.md ├── _deprecated_roles ├── brad │ └── tasks │ │ └── main.yml ├── certbot │ └── tasks │ │ └── main.yml ├── elasticsearch │ ├── files │ │ ├── elasticsearch.proxy.conf │ │ ├── elasticsearch.yml │ │ └── elk.list │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── git │ ├── files │ │ └── gitconfig │ └── tasks │ │ └── main.yml ├── hhvm │ ├── files │ │ ├── hhvm.nginx.conf │ │ └── hhvm.php.ini │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── kibana │ ├── files │ │ ├── elk.list │ │ ├── kibana.conf │ │ └── kibana.yml │ ├── tasks │ │ └── main.yml │ └── vars │ │ └── main.yml ├── logstash │ ├── files │ │ ├── elk.list │ │ ├── logstash.conf │ │ └── startup.options │ ├── handlers │ │ └── main.yml │ └── tasks │ │ └── main.yml ├── rsa_pub │ └── tasks │ │ └── main.yml ├── ruby │ └── tasks │ │ └── main.yml ├── supervisor │ ├── files │ │ ├── data.conf.default │ │ └── ghost.conf.default │ └── tasks │ │ └── main.yml └── terminal │ ├── files │ ├── bash_profile │ ├── inputrc │ └── vimrc │ └── tasks │ └── main.yml ├── playbooks ├── frontend_node+mongo.yml ├── frontend_php+mysql.yml ├── mlmmj.yml └── roles └── roles ├── backup ├── files │ ├── backup_rolling.sh │ ├── config │ └── credentials.dist └── tasks │ └── main.yml ├── base ├── files │ └── motd └── tasks │ └── main.yml ├── caddy └── tasks │ └── main.yml ├── maria_db ├── files │ ├── mariadb.cnf │ └── my.cnf └── tasks │ └── main.yml ├── mlmmj ├── files │ ├── groups.proxy.conf │ ├── main.cf │ ├── master.cf │ └── mlmmjweb.service └── tasks │ └── main.yml ├── mongo ├── files │ └── mongod.conf └── tasks │ └── main.yml ├── mosquitto ├── files │ ├── mosquitto.conf │ └── mosquitto.passwd └── tasks │ └── main.yml ├── nginx ├── files │ ├── favicon.robots.conf │ ├── nginx.conf │ └── ssl.conf └── tasks │ └── main.yml ├── node ├── defaults │ └── main.yml └── tasks │ └── main.yml ├── php ├── defaults │ └── main.yml ├── files │ ├── php-fpm.conf │ ├── php.ini │ └── www.conf └── tasks │ └── main.yml ├── postgresql ├── defaults │ └── main.yml └── tasks │ └── main.yml └── yarn └── tasks └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | TODO.todo 2 | .DS_Store 3 | 4 | *.retry 5 | 6 | /roles/backup/files/credentials 7 | 8 | playbooks/private_* 9 | 10 | hosts 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 tchap 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible playbooks 2 | 3 | A simple collection of roles and standard playbooks for deploying a common deployment / front application stack. These are mostly for PHP / Node + Caddy infrastructures, with MariaDB and Mongo database engines. 4 | 5 | > NB : the default inventory file location is `/etc/ansible/hosts` on Linux, and `/usr/local/etc/ansible/hosts` on macOS 6 | > You should include the ansible user to use when loging in, as so: 7 | 8 | ``` 9 | [frontend_server] 10 | my.frontend.server.com ansible_user=ubuntu 11 | my.other.frontend.server.com ansible_user=ubuntu 12 | ``` 13 | 14 | > NB : We use the following groups `[frontend_node]`, `[frontend_php]` in the playbooks. 15 | 16 | ## Roles available 17 | 18 | - #### base 19 | 20 | - Ensures that the server has at least some basics tools like `sudo` and `python-apt` for Ansible to run correctly. 21 | - Updates and upgrades `apt` 22 | 23 | - #### backup 24 | 25 | - Ensures a /var/backups/rolling folder is present 26 | - Creates a DB + files backup script 27 | - Creates a cron task for daily backups and uploads the backup somewhere safe (on a S3 compatible endpoint) 28 | 29 | > NB: You need to copy the `roles/backup/files/credentials.dist` file to `roles/backup/files/credentials` and put your provider credentials there. You might want to change the `region` too in `roles/backup/files/config` if needed. 30 | 31 | - #### caddy 32 | 33 | Ensures that `caddy`, is installed correctly and runs as a service. 34 | 35 | - #### mongo 36 | 37 | Ensures that `mongo-org` is the lastest and that the service is runnning correctly. 38 | 39 | - #### node 40 | 41 | Ensures that `node`, `npm` are installed correctly. 42 | 43 | - #### maria_db 44 | 45 | Ensures that `maria_db` is the lastest and that the service is runnning correctly. Adds a consistent `/root/.my.cnf` file for logging in. 46 | 47 | - #### mlmmj 48 | 49 | Installs postfix along with mlmmj using the configured MX domain. For more info on Mlmmj see [this blog post](http://www.foobarflies.io/a-simple-web-interface-for-mlmmj/) 50 | 51 | - #### nginx 52 | 53 | Ensures that `nginx` is the lastest and that the service is runnning correctly. Also uploads a secured configuration for `nginx`. 54 | 55 | - #### php 56 | 57 | Installs `php7.4` FPM and command line interface with a few standard modules, a sensible configuration file for cli and FPM, and the `composer` package manager. 58 | 59 | - #### yarn 60 | 61 | Ensures that `yarn` is installed correctly. 62 | 63 | ## Playbooks 64 | 65 | The playbooks are rather straightforward. 66 | 67 | > Before deploying a new server, you must make sure that your user has sudo rights, and that your SSH key is authorized for a password-less login 68 | 69 | This done, when deploying a new nodeJS server for instance (on macOS): 70 | 71 | ansible-playbook --inventory=/usr/local/etc/ansible/hosts playbooks/frontend_node.yml 72 | 73 | #### mlmmj 74 | 75 | This role is kind of "standalone". To use it, just play the mlmmj playbook alone, to install node and mlmmj in one go: 76 | 77 | ansible-playbook --inventory=/usr/local/etc/ansible/hosts playbooks/mlmmj.yml 78 | 79 | #### Reminder 80 | 81 | If you want to execute a single shell command : 82 | 83 | # Gets the speed of each cpu 84 | ansible all -m shell -a "cat /proc/cpuinfo | grep MHz" 85 | 86 | ## Licence 87 | 88 | These roles and playbooks are released under the MIT licence. Enjoy !! 89 | -------------------------------------------------------------------------------- /_deprecated_roles/brad/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install brad 3 | git: 4 | repo: git@github.com:tchapi/brad.git 5 | dest: "/home/{{user}}/brad" 6 | accept_hostkey: True 7 | become: no 8 | - name: Gets the configuration 9 | shell: "cd /home/{{user}}/brad/ && curl -L -o brad.conf https://gist.githubusercontent.com/tchapi/30ace54b6a0d66e00c8b/raw" 10 | - name: Creates the log directory 11 | file: 12 | path: /var/log/brad 13 | state: directory 14 | group: adm 15 | owner: root 16 | mode: 0660 -------------------------------------------------------------------------------- /_deprecated_roles/certbot/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure certbot is installed for nginx 3 | apt: 4 | pkg: ['certbot','python-certbot-nginx'] 5 | state: latest 6 | - name: Generate Diffie-Hellman Group (will be long) 7 | shell: "openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048" -------------------------------------------------------------------------------- /_deprecated_roles/elasticsearch/files/elasticsearch.proxy.conf: -------------------------------------------------------------------------------- 1 | upstream elasticsearch { 2 | 3 | server 127.0.0.1:9200; 4 | keepalive 64; 5 | 6 | } 7 | 8 | server { 9 | 10 | listen 8080; 11 | 12 | error_log /var/log/nginx/elasticsearch.proxy.error.log; 13 | access_log off; 14 | 15 | include favicon.robots.conf; 16 | 17 | location /status { 18 | proxy_method HEAD; 19 | proxy_intercept_errors on; 20 | proxy_pass http://elasticsearch; 21 | } 22 | 23 | location / { 24 | 25 | # Deny Nodes Shutdown API 26 | if ($request_filename ~ "_shutdown") { 27 | return 403; 28 | break; 29 | } 30 | 31 | # Pass requests to ElasticSearch 32 | proxy_pass http://elasticsearch; 33 | proxy_redirect off; 34 | proxy_http_version 1.1; 35 | proxy_set_header Connection ""; 36 | 37 | proxy_set_header X-Real-IP $remote_addr; 38 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 39 | proxy_set_header Host $http_host; 40 | 41 | # For CORS Ajax 42 | proxy_pass_header Access-Control-Allow-Origin; 43 | proxy_pass_header Access-Control-Allow-Methods; 44 | proxy_hide_header Access-Control-Allow-Headers; 45 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type'; 46 | add_header Access-Control-Allow-Credentials true; 47 | 48 | # Authorize access 49 | auth_basic "Elastic realm"; 50 | auth_basic_user_file /etc/elasticsearch/elasticsearch.htpasswd; 51 | 52 | } 53 | 54 | } -------------------------------------------------------------------------------- /_deprecated_roles/elasticsearch/files/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | # ======================== Elasticsearch Configuration ========================= 2 | # 3 | # NOTE: Elasticsearch comes with reasonable defaults for most settings. 4 | # Before you set out to tweak and tune the configuration, make sure you 5 | # understand what are you trying to accomplish and the consequences. 6 | # 7 | # The primary way of configuring a node is via this file. This template lists 8 | # the most important settings you may want to configure for a production cluster. 9 | # 10 | # Please consult the documentation for further information on configuration options: 11 | # https://www.elastic.co/guide/en/elasticsearch/reference/index.html 12 | # 13 | # ---------------------------------- Cluster ----------------------------------- 14 | # 15 | # Use a descriptive name for your cluster: 16 | # 17 | cluster.name: monitoring-data-cluster 18 | # 19 | # ------------------------------------ Node ------------------------------------ 20 | # 21 | # Use a descriptive name for the node: 22 | # 23 | node.name: Monitoring 24 | # 25 | # Add custom attributes to the node: 26 | # 27 | #node.attr.rack: r1 28 | # 29 | # ----------------------------------- Paths ------------------------------------ 30 | # 31 | # Path to directory where to store the data (separate multiple locations by comma): 32 | # 33 | #path.data: /path/to/data 34 | # 35 | # Path to log files: 36 | # 37 | #path.logs: /path/to/logs 38 | # 39 | # ----------------------------------- Memory ----------------------------------- 40 | # 41 | # Lock the memory on startup: 42 | # 43 | #bootstrap.memory_lock: true 44 | # 45 | # Make sure that the heap size is set to about half the memory available 46 | # on the system and that the owner of the process is allowed to use this 47 | # limit. 48 | # 49 | # Elasticsearch performs poorly when the system is swapping the memory. 50 | # 51 | # ---------------------------------- Network ----------------------------------- 52 | # 53 | # Set the bind address to a specific IP (IPv4 or IPv6): 54 | # 55 | network.host: 127.0.0.1 56 | # 57 | # Set a custom port for HTTP: 58 | # 59 | #http.port: 9200 60 | # 61 | # For more information, consult the network module documentation. 62 | # 63 | # --------------------------------- Discovery ---------------------------------- 64 | # 65 | # Pass an initial list of hosts to perform discovery when new node is started: 66 | # The default list of hosts is ["127.0.0.1", "[::1]"] 67 | # 68 | #discovery.zen.ping.unicast.hosts: ["host1", "host2"] 69 | # 70 | # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): 71 | # 72 | #discovery.zen.minimum_master_nodes: 3 73 | # 74 | # For more information, consult the zen discovery module documentation. 75 | # 76 | # ---------------------------------- Gateway ----------------------------------- 77 | # 78 | # Block initial recovery after a full cluster restart until N nodes are started: 79 | # 80 | #gateway.recover_after_nodes: 3 81 | # 82 | # For more information, consult the gateway module documentation. 83 | # 84 | # ---------------------------------- Various ----------------------------------- 85 | # 86 | # Require explicit names when deleting indices: 87 | # 88 | #action.destructive_requires_name: true -------------------------------------------------------------------------------- /_deprecated_roles/elasticsearch/files/elk.list: -------------------------------------------------------------------------------- 1 | deb https://artifacts.elastic.co/packages/5.x/apt stable main -------------------------------------------------------------------------------- /_deprecated_roles/elasticsearch/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Restart Nginx 3 | service: 4 | name: nginx 5 | state: restarted 6 | enabled: yes -------------------------------------------------------------------------------- /_deprecated_roles/elasticsearch/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: https://packages.elastic.co/GPG-KEY-elasticsearch 5 | - name: Add repository 6 | copy: 7 | src: elk.list 8 | dest: "/etc/apt/sources.list.d/elk.list" 9 | notify: 10 | - Update apt 11 | - name: Ensure elasticsearch is installed 12 | apt: 13 | pkg: elasticsearch 14 | state: latest 15 | - name: Ensure java (JRE 8) is installed 16 | apt: 17 | pkg: openjdk-8-jre-headless 18 | state: latest 19 | default_release: jessie-backports 20 | - name: Copy elasticsearch configuration 21 | copy: 22 | src: elasticsearch.yml 23 | dest: /etc/elasticsearch/elasticsearch.yml 24 | - name: Copy elasticsearch nginx proxy configuration 25 | copy: 26 | src: elasticsearch.proxy.conf 27 | dest: /etc/nginx/available/elasticsearch.proxy.conf 28 | - name: Ensure the host is correctly written in the conf 29 | lineinfile: 30 | dest: /etc/nginx/available/elasticsearch.proxy.conf 31 | insertafter: " listen 8080;" 32 | line: " server_name {{ monitoring_server }};" 33 | - name: Remove htpasswd file 34 | file: 35 | path: /etc/elasticsearch/elasticsearch.htpasswd 36 | state: absent 37 | - name: Create htpasswd for elasticsearch 38 | htpasswd: 39 | path: /etc/elasticsearch/elasticsearch.htpasswd 40 | name: "{{ user }}" 41 | password: "{{ lookup('password', '/tmp/ansible.password.elasticsearch_proxy length=64 chars=ascii_letters,digits,hexdigits') }}" 42 | owner: root 43 | group: www-data 44 | mode: 0640 45 | notify: 46 | - Restart Nginx 47 | - name: Link Nginx proxy conf 48 | file: 49 | src: /etc/nginx/available/elasticsearch.proxy.conf 50 | dest: /etc/nginx/enabled/elasticsearch.proxy.conf 51 | state: link 52 | - name: Start elasticsearch 53 | service: 54 | name: elasticsearch 55 | state: restarted 56 | enabled: yes 57 | -------------------------------------------------------------------------------- /_deprecated_roles/git/files/gitconfig: -------------------------------------------------------------------------------- 1 | [user] 2 | name = tchapi 3 | email = regbasket@gmail.com 4 | [core] 5 | excludesfile = ~/.gitignore_global 6 | [difftool "sourcetree"] 7 | cmd = opendiff \"$LOCAL\" \"$REMOTE\" 8 | path = 9 | [push] 10 | default = tracking 11 | [alias] 12 | undo = reset --soft HEAD^ 13 | oneline = log --oneline 14 | amend = commit --amend 15 | tree = log --graph --decorate --pretty=oneline --abbrev-commit --all 16 | myhist = !git log --author=\"$(git config user.name)\" --format=%H |xargs git show --name-only --format=-------------%n%Cred%s%Creset%n%Cblue%h%Creset 17 | up = !git fetch && git rebase --autostash FETCH_HEAD 18 | [log] 19 | decorate = short 20 | [color] 21 | ui = auto 22 | interactive = auto 23 | diff = auto 24 | branch = auto 25 | status = auto 26 | [pager] 27 | status = true 28 | show-branch = true 29 | [format] 30 | numbered = auto -------------------------------------------------------------------------------- /_deprecated_roles/git/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure git is installed 3 | apt: 4 | pkg: git 5 | state: latest 6 | - name: Ensure global git config is present 7 | copy: 8 | src: gitconfig 9 | dest: "/home/{{user}}/.gitconfig" 10 | owner: "{{user}}" -------------------------------------------------------------------------------- /_deprecated_roles/hhvm/files/hhvm.nginx.conf: -------------------------------------------------------------------------------- 1 | location ~ \.(php|hh)$ { 2 | fastcgi_keep_conn on; 3 | try_files $uri =404; 4 | fastcgi_split_path_info ^(.+.php)(/.+)$; 5 | include fastcgi_params; 6 | fastcgi_index index.php; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_intercept_errors on; 9 | fastcgi_pass 127.0.0.1:9000; 10 | fastcgi_read_timeout 300; 11 | } -------------------------------------------------------------------------------- /_deprecated_roles/hhvm/files/hhvm.php.ini: -------------------------------------------------------------------------------- 1 | pid = /var/run/hhvm/pid 2 | 3 | ; HHVM Server options 4 | 5 | ; Server 6 | hhvm.server.port = 9000 7 | hhvm.server.type = fastcgi 8 | hhvm.server.default_document = index.php 9 | hhvm.repo.central.path = /var/run/hhvm/hhvm.hhbc 10 | 11 | ; hhvm.source_root = /home/myUser/www/ 12 | 13 | ; Logs 14 | hhvm.log.use_log_file = true 15 | hhvm.log.level = Info 16 | hhvm.log.file = /var/log/hhvm/error.log 17 | hhvm.log.always_log_unhandled_exceptions = true 18 | hhvm.log.runtime_error_reporting_level = 8191 19 | hhvm.log.natives_stack_trace = true 20 | hhvm.log.header = true 21 | 22 | hhvm.debug.full_backtrace = true 23 | hhvm.debug.server_stack_trace = true 24 | hhvm.debug.server_error_message = true 25 | 26 | ; Symlinks 27 | hhvm.check_sym_link = 1 28 | 29 | hhvm.enable_reusable_tc=true 30 | 31 | ; Perf files 32 | hhvm.keep_perf_pid_map = 0 33 | hhvm.perf_pid_map = 0 34 | hhvm.perf_data_map = 0 35 | 36 | ; PHP Options 37 | session.save_handler = files 38 | session.save_path = /var/lib/hhvm/sessions 39 | session.gc_maxlifetime = 1440 40 | hhvm.mysql.typed_results = false 41 | date.timezone = "Europe/Paris" 42 | hhvm.libxml.ext_entity_whitelist = file,http -------------------------------------------------------------------------------- /_deprecated_roles/hhvm/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt 3 | apt: 4 | update_cache: yes 5 | - name: Restart Nginx 6 | service: 7 | name: nginx 8 | state: restarted 9 | enabled: yes -------------------------------------------------------------------------------- /_deprecated_roles/hhvm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure hhvm GPG key is present 3 | apt_key: 4 | url: http://dl.hhvm.com/conf/hhvm.gpg.key 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb http://dl.hhvm.com/debian {{ ansible_distribution_release }} main' 8 | state: present 9 | notify: 10 | - Update apt 11 | - name: Install linux-tools 12 | apt: 13 | name: linux-tools # linux-tools 14 | state: latest 15 | - name: Install libmemcachedutil2 16 | apt: 17 | name: libmemcachedutil2 18 | state: latest 19 | - name: Install HHVM 20 | apt: 21 | name: hhvm 22 | state: latest 23 | - name: Ensure the /var/www folder is here 24 | file: 25 | path: /var/www 26 | state: directory 27 | - name: Ensure the php ini specific hhvm config is ok 28 | copy: 29 | src: hhvm.php.ini 30 | dest: /etc/hhvm/php.ini 31 | - name: Ensure the www directory is correctly written in the conf 32 | lineinfile: 33 | dest: /etc/hhvm/php.ini 34 | insertafter: "; hhvm.source_root = /home/myUser/www/" 35 | line: "hhvm.source_root = /home/{{user}}/www/" 36 | - name: Install Nginx conf for HHVM 37 | copy: 38 | src: hhvm.nginx.conf 39 | dest: /etc/nginx/hhvm.conf 40 | notify: 41 | - Restart Nginx 42 | - name: Ensure HHVM is running 43 | service: 44 | name: hhvm 45 | state: restarted 46 | enabled: yes -------------------------------------------------------------------------------- /_deprecated_roles/kibana/files/elk.list: -------------------------------------------------------------------------------- 1 | deb https://artifacts.elastic.co/packages/5.x/apt stable main -------------------------------------------------------------------------------- /_deprecated_roles/kibana/files/kibana.conf: -------------------------------------------------------------------------------- 1 | upstream kibana { 2 | 3 | server 127.0.0.1:5601; 4 | keepalive 64; 5 | 6 | } 7 | 8 | server { 9 | server_name example.com; 10 | set $app "kibana"; 11 | access_log /var/log/nginx/all.access.log custom; 12 | 13 | auth_basic "Restricted"; 14 | auth_basic_user_file /etc/nginx/available/kibana.htpasswd; 15 | 16 | location / { 17 | proxy_pass http://kibana; 18 | proxy_redirect off; 19 | proxy_http_version 1.1; 20 | proxy_set_header Connection ""; 21 | 22 | proxy_set_header X-Real-IP $remote_addr; 23 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 24 | proxy_set_header Host $http_host; 25 | } 26 | } -------------------------------------------------------------------------------- /_deprecated_roles/kibana/files/kibana.yml: -------------------------------------------------------------------------------- 1 | # Kibana is served by a back end server. This setting specifies the port to use. 2 | #server.port: 5601 3 | 4 | # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. 5 | # The default is 'localhost', which usually means remote machines will not be able to connect. 6 | # To allow connections from remote users, set this parameter to a non-loopback address. 7 | #server.host: "localhost" 8 | 9 | # Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects 10 | # the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests 11 | # to Kibana. This setting cannot end in a slash. 12 | #server.basePath: "" 13 | 14 | # The maximum payload size in bytes for incoming server requests. 15 | #server.maxPayloadBytes: 1048576 16 | 17 | # The Kibana server's name. This is used for display purposes. 18 | #server.name: "your-hostname" 19 | 20 | # The URL of the Elasticsearch instance to use for all your queries. 21 | #elasticsearch.url: "http://localhost:9200" 22 | 23 | # When this setting's value is true Kibana uses the hostname specified in the server.host 24 | # setting. When the value of this setting is false, Kibana uses the hostname of the host 25 | # that connects to this Kibana instance. 26 | #elasticsearch.preserveHost: true 27 | 28 | # Kibana uses an index in Elasticsearch to store saved searches, visualizations and 29 | # dashboards. Kibana creates a new index if the index doesn't already exist. 30 | #kibana.index: ".kibana" 31 | 32 | # The default application to load. 33 | #kibana.defaultAppId: "discover" 34 | 35 | # If your Elasticsearch is protected with basic authentication, these settings provide 36 | # the username and password that the Kibana server uses to perform maintenance on the Kibana 37 | # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which 38 | # is proxied through the Kibana server. 39 | #elasticsearch.username: "user" 40 | #elasticsearch.password: "pass" 41 | 42 | # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. 43 | # These settings enable SSL for outgoing requests from the Kibana server to the browser. 44 | #server.ssl.enabled: false 45 | #server.ssl.certificate: /path/to/your/server.crt 46 | #server.ssl.key: /path/to/your/server.key 47 | 48 | # Optional settings that provide the paths to the PEM-format SSL certificate and key files. 49 | # These files validate that your Elasticsearch backend uses the same key files. 50 | #elasticsearch.ssl.certificate: /path/to/your/client.crt 51 | #elasticsearch.ssl.key: /path/to/your/client.key 52 | 53 | # Optional setting that enables you to specify a path to the PEM file for the certificate 54 | # authority for your Elasticsearch instance. 55 | #elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] 56 | 57 | # To disregard the validity of SSL certificates, change this setting's value to 'none'. 58 | #elasticsearch.ssl.verificationMode: full 59 | 60 | # Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of 61 | # the elasticsearch.requestTimeout setting. 62 | #elasticsearch.pingTimeout: 1500 63 | 64 | # Time in milliseconds to wait for responses from the back end or Elasticsearch. This value 65 | # must be a positive integer. 66 | #elasticsearch.requestTimeout: 30000 67 | 68 | # List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side 69 | # headers, set this value to [] (an empty list). 70 | #elasticsearch.requestHeadersWhitelist: [ authorization ] 71 | 72 | # Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten 73 | # by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. 74 | #elasticsearch.customHeaders: {} 75 | 76 | # Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. 77 | #elasticsearch.shardTimeout: 0 78 | 79 | # Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. 80 | #elasticsearch.startupTimeout: 5000 81 | 82 | # Specifies the path where Kibana creates the process ID file. 83 | #pid.file: /var/run/kibana.pid 84 | 85 | # Enables you specify a file where Kibana stores log output. 86 | #logging.dest: stdout 87 | 88 | # Set the value of this setting to true to suppress all logging output. 89 | #logging.silent: false 90 | 91 | # Set the value of this setting to true to suppress all logging output other than error messages. 92 | #logging.quiet: false 93 | 94 | # Set the value of this setting to true to log all events, including system usage information 95 | # and all requests. 96 | #logging.verbose: false 97 | 98 | # Set the interval in milliseconds to sample system and process performance 99 | # metrics. Minimum is 100ms. Defaults to 5000. 100 | #ops.interval: 5000 -------------------------------------------------------------------------------- /_deprecated_roles/kibana/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: https://packages.elastic.co/GPG-KEY-elasticsearch 5 | - name: Add repository 6 | copy: 7 | src: elk.list 8 | dest: "/etc/apt/sources.list.d/elk.list" 9 | notify: 10 | - Update apt 11 | - name: Ensure kibana is installed 12 | apt: 13 | pkg: kibana 14 | state: latest 15 | - name: Ensure kibana is reloaded 16 | service: 17 | name: kibana 18 | state: restarted 19 | - name: Ensure kibana starts at boot 20 | service: 21 | name: kibana 22 | enabled: yes 23 | - name: Write /etc/kibana/kibana.yml 24 | copy: 25 | src: kibana.yml 26 | dest: "/etc/kibana/kibana.yml" 27 | - name: Ensure kibana nginx conf is here 28 | copy: 29 | src: kibana.conf 30 | dest: /etc/nginx/available/kibana.conf 31 | - name: Write server_name 32 | lineinfile: 33 | dest: /etc/nginx/available/kibana.conf 34 | state: present 35 | regexp: ' server_name ' 36 | line: " server_name {{ monitoring_server }};" 37 | - name: Ensure kibana nginx conf is enabled 38 | file: 39 | src: "/etc/nginx/available/kibana.conf" 40 | dest: "/etc/nginx/enabled/kibana.conf" 41 | state: link 42 | - name: Ensure python-passlib is installed 43 | apt: 44 | name: python-passlib 45 | state: present 46 | - name: Create htpasswd 47 | htpasswd: 48 | path: /etc/nginx/available/kibana.htpasswd 49 | name: "{{ user }}" 50 | password: "{{ htpasswd }}" 51 | owner: root 52 | group: www-data 53 | mode: 0640 -------------------------------------------------------------------------------- /_deprecated_roles/kibana/vars/main.yml: -------------------------------------------------------------------------------- 1 | $ANSIBLE_VAULT;1.1;AES256 2 | 64393338336532323639623664393966323433343838373531313734343835613532386231383231 3 | 3435343061623530313234303263623630396332356265370a363763333730373836613633326564 4 | 62646361306536376436666261643934333236376635336139313162306535323338373831346532 5 | 6235616230666533350a306263366562333130366563343130386664643637653735383430303333 6 | 64656461333131623533336439633438306534326364316364633366393031636134 7 | -------------------------------------------------------------------------------- /_deprecated_roles/logstash/files/elk.list: -------------------------------------------------------------------------------- 1 | deb https://artifacts.elastic.co/packages/5.x/apt stable main -------------------------------------------------------------------------------- /_deprecated_roles/logstash/files/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | # Syslog 3 | file { 4 | path => "/var/log/messages" 5 | type => "syslog" 6 | sincedb_path => "/var/run/logstash_sincedb" 7 | stat_interval => 10 8 | } 9 | file { 10 | path => "/var/log/syslog" 11 | type => "syslog" 12 | sincedb_path => "/var/run/logstash_sincedb" 13 | stat_interval => 10 14 | } 15 | # Nginx access 16 | file { 17 | path => "/var/log/nginx/all.access.log" 18 | type => "nginx_access" 19 | sincedb_path => "/var/run/logstash_sincedb" 20 | stat_interval => 10 21 | } 22 | # Nginx error 23 | file { 24 | path => "/var/log/nginx/*.error.log" 25 | type => "nginx_error" 26 | sincedb_path => "/var/run/logstash_sincedb" 27 | stat_interval => 10 28 | } 29 | # PHP-FPM error 30 | file { 31 | path => "/var/log/php-fpm/error.log" 32 | type => "php_error" 33 | sincedb_path => "/var/run/logstash_sincedb" 34 | stat_interval => 10 35 | } 36 | # HHVM error 37 | file { 38 | path => "/var/log/hhvm/error.log" 39 | type => "php_error" 40 | sincedb_path => "/var/run/logstash_sincedb" 41 | stat_interval => 10 42 | } 43 | # Maria DB Slow queries 44 | file { 45 | path => "/var/log/mysql/mariadb-slow.log" 46 | type => "mysql-slow" 47 | sincedb_path => "/var/run/logstash_sincedb" 48 | 49 | # Key breaking the log up on the # User@Host line, this will mean 50 | # sometimes a # Time line from the next entry will be incorrectly 51 | # included but since that isn't consistently present it can't be 52 | # keyed off of 53 | # 54 | # Due to the way the multiline codec works, previous must be used 55 | # to collect everything which isn't the User line up. Since 56 | # queries can be multiline the User line can't be pushed forward 57 | # as it would only collect the first line of the actual query 58 | # data. 59 | # 60 | # logstash will always be one slow query behind because it needs 61 | # the User line to trigger that it is done with the previous entry. 62 | # A periodic "SELECT SLEEP(1);" where 1 is above the slow query 63 | # threshold can be used to "flush" these events through at the 64 | # expense of having spurious log entries (see the drop filter) 65 | codec => multiline { 66 | pattern => "^# User@Host:" 67 | negate => true 68 | what => previous 69 | } 70 | } 71 | # Energy Monitor 72 | file { 73 | path => "/var/log/energy/energy.log" 74 | type => "energy" 75 | sincedb_path => "/var/run/logstash_sincedb" 76 | stat_interval => 10 77 | } 78 | } 79 | 80 | filter { 81 | 82 | if [type] == "nginx_access" { 83 | grok { 84 | match => { "message" => "%{COMBINEDAPACHELOG} \"(?[a-zA-Z0-9._-]+)\"" } 85 | } 86 | } 87 | 88 | if [type] == "bradlog" { 89 | grok { 90 | match => { "message" => "(?%{YEAR}/%{MONTHNUM:month}/%{MONTHDAY:day} %{TIME}) %{IPORHOST:host} %{WORD:action}\[%{WORD:app}@%{WORD:env}\] : (%{WORD:user}) %{GREEDYDATA:brad_message}" } 91 | } 92 | } 93 | 94 | if [type] == "energy" { 95 | # Extracts the values 96 | grok { 97 | match => { "message" => "(?%{YEAR}/%{MONTHNUM:month}/%{MONTHDAY:day} %{TIME}) %{NUMBER:temperature:float} %{NUMBER:power:float} %{NUMBER:heap:int}" } 98 | } 99 | } 100 | if [type] == "nginx_error" { 101 | grok { 102 | match => { "message" => "(?%{YEAR}/%{MONTHNUM:month}/%{MONTHDAY:day} %{TIME}) \[%{WORD:class}\] %{GREEDYDATA:errmsg}, client: %{IPORHOST:clientip}, server: %{IPORHOST:server}, request: \"%{WORD:verb} %{URIPATHPARAM:request} (?:HTTP/%{NUMBER:httpversion})?|-\", host: \"%{IPORHOST:host}\"" } 103 | match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:app}.error.log" } 104 | break_on_match => false 105 | add_field => [ "response", "50X" ] 106 | } 107 | } 108 | if [type] == "php_error" { 109 | grok { 110 | match => { "message" => "\[%{GREEDYDATA}\] \[%{WORD:app}\] \[%{GREEDYDATA}\] \[\] (\\n)?%{GREEDYDATA:message}" } 111 | overwrite => [ "message" ] 112 | break_on_match => false 113 | } 114 | } 115 | 116 | if [type] == "syslog" { 117 | grok { 118 | match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:source_host} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" } 119 | } 120 | syslog_pri { } 121 | } 122 | 123 | } 124 | 125 | output { 126 | elasticsearch { 127 | # host here 128 | template_overwrite => true 129 | } 130 | } 131 | -------------------------------------------------------------------------------- /_deprecated_roles/logstash/files/startup.options: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # These settings are ONLY used by $LS_HOME/bin/system-install to create a custom 3 | # startup script for Logstash. It should automagically use the init system 4 | # (systemd, upstart, sysv, etc.) that your Linux distribution uses. 5 | # 6 | # After changing anything here, you need to re-run $LS_HOME/bin/system-install 7 | # as root to push the changes to the init script. 8 | ################################################################################ 9 | 10 | # Override Java location 11 | JAVACMD=/usr/bin/java 12 | 13 | # Set a home directory 14 | LS_HOME=/usr/share/logstash 15 | 16 | # logstash settings directory, the path which contains logstash.yml 17 | LS_SETTINGS_DIR=/etc/logstash 18 | 19 | # Arguments to pass to logstash 20 | LS_OPTS="--path.settings ${LS_SETTINGS_DIR}" 21 | 22 | # Arguments to pass to java 23 | LS_JAVA_OPTS="" 24 | 25 | # pidfiles aren't used the same way for upstart and systemd; this is for sysv users. 26 | LS_PIDFILE=/var/run/logstash.pid 27 | 28 | # user and group id to be invoked as 29 | LS_USER=logstash 30 | LS_GROUP=adm 31 | 32 | # Enable GC logging by uncommenting the appropriate lines in the GC logging 33 | # section in jvm.options 34 | LS_GC_LOG_FILE=/var/log/logstash/gc.log 35 | 36 | # Open file limit 37 | LS_OPEN_FILES=16384 38 | 39 | # Nice level 40 | LS_NICE=19 41 | 42 | # Change these to have the init script named and described differently 43 | # This is useful when running multiple instances of Logstash on the same 44 | # physical box or vm 45 | SERVICE_NAME="logstash" 46 | SERVICE_DESCRIPTION="logstash" 47 | 48 | # If you need to run a command or script before launching Logstash, put it 49 | # between the lines beginning with `read` and `EOM`, and uncomment those lines. 50 | ### 51 | ## read -r -d '' PRESTART << EOM 52 | ## EOM -------------------------------------------------------------------------------- /_deprecated_roles/logstash/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt 3 | apt: 4 | update_cache: yes -------------------------------------------------------------------------------- /_deprecated_roles/logstash/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: https://packages.elastic.co/GPG-KEY-elasticsearch 5 | - name: Add repository 6 | copy: 7 | src: elk.list 8 | dest: "/etc/apt/sources.list.d/elk.list" 9 | notify: 10 | - Update apt 11 | - name: Update apt 12 | apt: 13 | update_cache: yes 14 | - name: Ensure java (JRE 8) is installed 15 | apt: 16 | pkg: openjdk-8-jre-headless 17 | state: latest 18 | default_release: jessie-backports 19 | - name: Ensure logstash is installed 20 | apt: 21 | pkg: logstash 22 | state: latest 23 | - name: Ensure the logstash config is ok 24 | copy: 25 | src: logstash.conf 26 | dest: /etc/logstash/conf.d/logstash.conf 27 | - name: Use the adm group for reading logs 28 | copy: 29 | src: startup.options 30 | dest: /etc/logstash/startup.options 31 | - name: Re-run system-install 32 | shell: /usr/share/logstash/bin/system-install 33 | become: true 34 | become_user: root 35 | - name: Ensure the host is correctly written in the conf 36 | lineinfile: 37 | dest: /etc/logstash/conf.d/logstash.conf 38 | insertafter: " # host here" 39 | line: | 40 | hosts => ['{{ monitoring_server }}:8080'] 41 | user => {{ user }} 42 | password => "{{ lookup('file', '/tmp/ansible.password.elasticsearch_proxy') }}" 43 | - name: Modify logstash to run as adm group to read logs 44 | lineinfile: 45 | dest: /etc/default/logstash 46 | insertafter: "#LS_USER" 47 | line: "LS_GROUP=adm" 48 | - name: Ensure logstash is running 49 | service: 50 | name: logstash 51 | state: restarted 52 | enabled: yes -------------------------------------------------------------------------------- /_deprecated_roles/rsa_pub/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the SSH directory. 3 | file: 4 | state: directory 5 | path: "/home/{{user}}/.ssh/" 6 | - name: Add this computer's RSA key to the remote host 7 | authorized_key: 8 | user: "{{user}}" 9 | key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" -------------------------------------------------------------------------------- /_deprecated_roles/ruby/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure ruby and YUI are installed 3 | apt: 4 | pkg: "{{item}}" 5 | state: latest 6 | with_items: 7 | - ruby 8 | - ruby-dev 9 | - yui-compressor 10 | - name: Ensure SASS / COMPASS / LESS etc ... are here 11 | become: yes 12 | gem: 13 | name: "{{item}}" 14 | state: latest 15 | with_items: 16 | - chunky_png 17 | - multi_json 18 | - rb-fsevent 19 | - compass-core 20 | - compass-import-once 21 | - compass 22 | - sass 23 | - less -------------------------------------------------------------------------------- /_deprecated_roles/supervisor/files/data.conf.default: -------------------------------------------------------------------------------- 1 | [program:data] 2 | command = node /home/myUser/www/data/prod/index.js 3 | directory = /home/myUser/www/data/prod/ 4 | user = myUser 5 | autostart = true 6 | autorestart = true 7 | stdout_logfile = /var/log/supervisor/data.log 8 | stderr_logfile = /var/log/supervisor/data_err.log 9 | environment = NODE_ENV="production" -------------------------------------------------------------------------------- /_deprecated_roles/supervisor/files/ghost.conf.default: -------------------------------------------------------------------------------- 1 | [program:ghost] 2 | command = node /home/myUser/www/ghost/prod/index.js 3 | directory = /home/myUser/www/ghost/prod/ 4 | user = myUser 5 | autostart = true 6 | autorestart = true 7 | stdout_logfile = /var/log/supervisor/ghost.log 8 | stderr_logfile = /var/log/supervisor/ghost_err.log 9 | environment = NODE_ENV="production" -------------------------------------------------------------------------------- /_deprecated_roles/supervisor/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure supervisor is at the latest version 3 | apt: 4 | pkg: supervisor 5 | state: latest 6 | # - name: Remove supervisor lock 7 | # file: 8 | # path: /run/supervisord.lock 9 | # state: absent 10 | # - name: Remove supervisor sock file 11 | # become: yes 12 | # file: 13 | # path: /var/run/supervisor.sock 14 | # state: absent 15 | - name: Ensure specific supervisor conf is here 16 | file: 17 | path: /etc/supervisor/conf.d 18 | state: directory 19 | # stop does not wait for supervisor to be really stopped and subsequent start fails then 20 | # - name: Ensure supervisor is restarted 21 | # service: 22 | # name: supervisor 23 | # state: restarted 24 | # become: yes 25 | - name: Copy default Ghost configuration 26 | copy: 27 | src: ghost.conf.default 28 | dest: /etc/supervisor/conf.d/ghost.conf.default 29 | - name: Copy default data configuration 30 | copy: 31 | src: data.conf.default 32 | dest: /etc/supervisor/conf.d/data.conf.default -------------------------------------------------------------------------------- /_deprecated_roles/terminal/files/bash_profile: -------------------------------------------------------------------------------- 1 | # base-files version 3.7-1 2 | 3 | # Shell Options 4 | # ############# 5 | 6 | # See man bash for more options... 7 | 8 | # Don't wait for job termination notification 9 | # set -o notify 10 | 11 | # Don't use ^D to exit 12 | # set -o ignoreeof 13 | 14 | if [ -f "$HOME/.bashrc" ]; then 15 | . "$HOME/.bashrc" 16 | fi 17 | 18 | # Completion options 19 | # ################## 20 | 21 | # These completion tuning parameters change the default behavior of bash_completion: 22 | 23 | # Define to access remotely checked-out files over passwordless ssh for CVS 24 | # COMP_CVS_REMOTE=1 25 | 26 | # Define to avoid stripping description in --option=description of './configure --help' 27 | # COMP_CONFIGURE_HINTS=1 28 | 29 | # Define to avoid flattening internal contents of tar files 30 | # COMP_TAR_INTERNAL_PATHS=1 31 | 32 | # If this shell is interactive, turn on programmable completion enhancements. 33 | # Any completions you add in ~/.bash_completion are sourced last. 34 | # case $- in 35 | # *i*) [[ -f /etc/bash_completion ]] && . /etc/bash_completion ;; 36 | # esac 37 | 38 | export PATH="/usr/local/bin:/usr/local/mysql/bin:$PATH" 39 | 40 | # History Options 41 | # ############### 42 | 43 | # Don't put duplicate lines in the history. 44 | export HISTCONTROL="ignoredups" 45 | 46 | # Ignore some controlling instructions 47 | export HISTIGNORE="[ ]*:&:bg:fg:exit" 48 | 49 | # Whenever displaying the prompt, write the previous line to disk 50 | export PROMPT_COMMAND="history -a" 51 | 52 | # Colors 53 | 54 | YEL='\[\033[0;33m\]' 55 | RED='\[\033[0;31m\]' 56 | GREN='\[\033[0;32m\]' 57 | BLUE='\[\033[0;36m\]' 58 | DEF='\[\033[00m\]' 59 | 60 | # Aliases 61 | # ####### 62 | 63 | # Some example alias instructions 64 | # If these are enabled they will be used instead of any instructions 65 | # they may mask. For example, alias rm='rm -i' will mask the rm 66 | # application. To override the alias instruction use a \ before, ie 67 | # \rm will call the real rm not the alias. 68 | 69 | # Interactive operation... 70 | #alias rm='rm -i' 71 | #alias cp='cp -i' 72 | #alias mv='mv -i' 73 | 74 | # Default to human readable figures 75 | alias df='df -h' 76 | alias du='du -h' 77 | 78 | # Misc :) 79 | # alias less='less -r' # raw control characters 80 | # alias whence='type -a' # where, of a sort 81 | # alias grep='grep --color' # show differences in colour 82 | 83 | # Goes into WWW 84 | alias cdw="cd ~/www" 85 | 86 | # Git aliases 87 | alias gs="git status -sb" 88 | alias gc="git commit" 89 | alias ga="git add ." 90 | alias gp="git push" 91 | alias gck="git checkout" 92 | alias gd="git diff" 93 | alias gds="git diff --staged" 94 | alias gb="git branch -a" 95 | alias glive="gck live && git merge master && gck master" 96 | alias gstaging="gck staging && git merge dev && gck dev" 97 | alias gdiff='git log|grep commit|cut -d " " -f2|head -n 2|xargs -n 2 git diff -R|sublime' 98 | 99 | # Some shortcuts for different directory listings 100 | alias ls='ls -GhF' # classify files in colour 101 | alias dir='ls -G --format=vertical' 102 | alias vdir='ls -G --format=long' 103 | alias ll='ls -lG' # long list 104 | alias la='ls -lGhA' # all but . and .. 105 | alias l='ls -lGh' 106 | alias mv='mv -v' 107 | alias cp='cp -v' 108 | alias rm='rm -v' 109 | alias c="clear" 110 | 111 | function mkcd() { 112 | mkdir $1; 113 | cd $1; 114 | } 115 | 116 | # Functions 117 | # ######### 118 | 119 | # Adds git status to PS1 120 | function parse_git_branch_and_add_brackets { 121 | BACK_RED='\033[0;41m' 122 | DEF='\033[00m' 123 | 124 | test_repo=$(git status 2> /dev/null) || return 125 | branch_name=$(git symbolic-ref -q HEAD 2> /dev/null) 126 | branch_name=${branch_name##refs/heads/} 127 | branch_name=${branch_name:-DETACHED HEAD} 128 | if [ "${branch_name}" = "DETACHED HEAD" ]; then 129 | echo -e " "${BACK_RED}"["${branch_name}"]"${DEF} 130 | else 131 | echo " ["${branch_name}"]" 132 | fi 133 | } 134 | 135 | PS1="($YEL\t$DEF) - ${GREN}\u$DEF@${BLUE}\h $YEL\w$RED\$(parse_git_branch_and_add_brackets)$DEF \`RETVAL=\$?; 136 | if [ \$RETVAL -eq 0 ]; 137 | then echo -n '\[\033[0;32m\]'; echo -n \$RETVAL; echo -n '\[\033[00m\]'; 138 | else echo -n '\[\033[0;31m\]'; echo -n \$RETVAL; echo -n '\[\033[00m\]'; fi\` 139 | $RED\$ $DEF" 140 | 141 | # Editor : VIM (yeah) 142 | export SVN_EDITOR=vi 143 | EDITOR=vi 144 | 145 | # set PATH so it includes user's private bin if it exists 146 | if [ -d "$HOME/.local/bin" ] ; then 147 | PATH="$HOME/.local/bin:$PATH" 148 | fi 149 | 150 | # PATH 151 | export PATH=/usr/local/bin:/usr/local/mysql/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec 152 | 153 | -------------------------------------------------------------------------------- /_deprecated_roles/terminal/files/inputrc: -------------------------------------------------------------------------------- 1 | "\e[A": history-search-backward 2 | "\e[B": history-search-forward 3 | set show-all-if-ambiguous on 4 | set completion-ignore-case on -------------------------------------------------------------------------------- /_deprecated_roles/terminal/files/vimrc: -------------------------------------------------------------------------------- 1 | " File : maroloccio.vim 2 | " Description : An easy-on-the-eyes dark background colour scheme for Vim 3 | " Scheme : maroloccio 4 | " Maintainer : Marco Ippolito 5 | " Version : v0.3.1, originally inspired by watermark.vim 6 | " Date : 12 March 2010 7 | " Licence : Feel free to use as you wish provided you keep this header. 8 | " Feedback : Any feedback welcome! Especially re: how to make it better! 9 | " Note : Works well in GUI mode, less in console mode (still worth a try) 10 | " Online at : http://sites.google.com/site/maroloccio/ 11 | " 12 | " History: 13 | " 14 | " 0.3.1 Added licensing terms and invitation to provide improvement suggestions 15 | " 0.3.0 Greatly improved cterm colours when t_Co=256 thanks to Kyle and CSApprox 16 | " 0.2.9 Improved readability of cterm searches for dark backgrounds 17 | " 0.2.8 Added VimDiff colouring 18 | " 0.2.7 Further improved readability of cterm colours 19 | " 0.2.6 Improved readability of cterm colours on different terminals 20 | " 0.2.5 Reinstated minimal cterm support 21 | " 0.2.4 Added full colour descriptions and reinstated minimal cterm support 22 | " 0.2.3 Added FoldColumn to the list of hlights as per David Hall's suggestion 23 | " 0.2.2 Removed cterm support, changed visual highlight, fixed bolds 24 | " 0.2.1 Changed search highlight 25 | " 0.2.0 Removed italics 26 | " 0.1.9 Improved search and menu highlighting 27 | " 0.1.8 Added minimal cterm support 28 | " 0.1.7 Uploaded to vim.org 29 | " 0.1.6 Removed redundant highlight definitions 30 | " 0.1.5 Improved display of folded sections 31 | " 0.1.4 Removed linked sections for improved compatibility, more Python friendly 32 | " 0.1.3 Removed settings which usually belong to .vimrc (as in 0.1.1) 33 | " 0.1.2 Fixed versioning system, added .vimrc -like commands 34 | " 0.1.1 Corrected typo in header comments, changed colour for Comment 35 | " 0.1.0 Inital upload to vim.org 36 | 37 | " Allow saving of files as sudo when I forgot to start vim using sudo. 38 | cmap w!! w !sudo tee > /dev/null % 39 | 40 | syntax on 41 | 42 | hi clear 43 | if exists("syntax_on") 44 | syntax reset 45 | endif 46 | let g:colors_name="maroloccio" 47 | 48 | " --- GUI section 49 | " 50 | hi Normal guifg=#8b9aaa guibg=#1a202a gui=none " watermark-foreground on watermark-background 51 | hi Constant guifg=#82ade0 guibg=bg gui=none " cyan on background 52 | hi Boolean guifg=#82ade0 guibg=bg gui=none " cyan on background 53 | hi Character guifg=#82ade0 guibg=bg gui=none " cyan on background 54 | hi Float guifg=#82ade0 guibg=bg gui=none " cyan on background 55 | hi Comment guifg=#006666 guibg=bg gui=none " teal on background 56 | hi Type guifg=#ffcc00 guibg=bg gui=none " yellow on background 57 | hi Typedef guifg=#ffcc00 guibg=bg gui=none " yellow on background 58 | hi Structure guifg=#ffcc00 guibg=bg gui=none " yellow on background 59 | hi Function guifg=#ffcc00 guibg=bg gui=none " yellow on background 60 | hi StorageClass guifg=#ffcc00 guibg=bg gui=none " yellow on background 61 | hi Conditional guifg=#ff9900 guibg=bg gui=none " orange on background 62 | hi Repeat guifg=#78ba42 guibg=bg gui=none " light green on background 63 | hi Visual guifg=fg guibg=#3741ad gui=none " foreground on blue 64 | hi DiffChange guifg=fg guibg=#3741ad gui=none " foreground on blue 65 | if version>= 700 66 | hi Pmenu guifg=fg guibg=#3741ad gui=none " foreground on blue 67 | endif 68 | hi String guifg=#4c4cad guibg=bg gui=none " violet on background 69 | hi Folded guifg=fg guibg=#333366 gui=none " foreground on dark violet 70 | hi VertSplit guifg=fg guibg=#333366 gui=none " foreground on dark violet 71 | if version>= 700 72 | hi PmenuSel guifg=fg guibg=#333366 gui=none " foreground on dark violet 73 | endif 74 | hi Search guifg=#78ba42 guibg=#107040 gui=none " light green on green 75 | hi DiffAdd guifg=#78ba42 guibg=#107040 gui=none " light green on green 76 | hi Exception guifg=#8f3231 guibg=bg gui=none " red on background 77 | hi Title guifg=#8f3231 guibg=bg gui=none " red on background 78 | hi Error guifg=fg guibg=#8f3231 gui=none " foreground on red 79 | hi DiffDelete guifg=fg guibg=#8f3231 gui=none " foreground on red 80 | hi Todo guifg=#8f3231 guibg=#0e1219 gui=bold,undercurl guisp=#cbc32a " red on dark grey 81 | hi LineNr guifg=#2c3138 guibg=#0e1219 gui=none " grey on dark grey 82 | hi Statement guifg=#9966cc guibg=bg gui=none " lavender on background 83 | hi Underlined gui=bold,underline " underline 84 | if version>= 700 85 | hi CursorLine guibg=#0e1219 gui=none " foreground on dark grey 86 | hi CursorColumn guibg=#0e1219 gui=none " foreground on dark grey 87 | endif 88 | hi Include guifg=#107040 guibg=bg gui=none " green on background 89 | hi Define guifg=#107040 guibg=bg gui=none " green on background 90 | hi Macro guifg=#107040 guibg=bg gui=none " green on background 91 | hi PreProc guifg=#107040 guibg=bg gui=none " green on background 92 | hi PreCondit guifg=#107040 guibg=bg gui=none " green on background 93 | hi StatusLineNC guifg=#2c3138 guibg=black gui=none " grey on black 94 | hi StatusLine guifg=fg guibg=black gui=none " foreground on black 95 | hi WildMenu guifg=fg guibg=#0e1219 gui=none " foreground on dark grey 96 | hi FoldColumn guifg=#333366 guibg=#0e1219 gui=none " dark violet on dark grey 97 | hi IncSearch guifg=#0e1219 guibg=#82ade0 gui=bold " dark grey on cyan 98 | hi DiffText guifg=#0e1219 guibg=#82ade0 gui=bold " dark grey on cyan 99 | hi Label guifg=#7e28a9 guibg=bg gui=none " purple on background 100 | hi Operator guifg=#6d5279 guibg=bg gui=none " pink on background 101 | hi Number guifg=#8b8b00 guibg=bg gui=none " dark yellow on background 102 | if version>= 700 103 | hi MatchParen guifg=#0e1219 guibg=#78ba42 gui=none " dark grey on light green 104 | endif 105 | hi SpecialKey guifg=#333366 guibg=bg gui=none " metal on background 106 | 107 | hi Cursor guifg=#0e1219 guibg=#8b9aaa gui=none " dark grey on foreground 108 | hi TabLine guifg=fg guibg=black gui=none " foreground on black 109 | hi NonText guifg=#333366 guibg=bg gui=none " metal on background 110 | hi Tag guifg=#3741ad guibg=bg gui=none " blue on background 111 | hi Delimiter guifg=#3741ad guibg=bg gui=none " blue on background 112 | hi Special guifg=#3741ad guibg=bg gui=none " blue on background 113 | hi SpecialChar guifg=#3741ad guibg=bg gui=none " blue on background 114 | hi SpecialComment guifg=#2680af guibg=bg gui=none " blue2 on background 115 | 116 | " --- CTerm8 section 117 | if &t_Co == 8 118 | 119 | " --- CTerm8 (Dark) 120 | if &background == "dark" 121 | "hi Normal ctermfg=Grey "ctermbg=DarkGrey 122 | hi Constant ctermfg=DarkGreen 123 | hi Boolean ctermfg=DarkGreen 124 | hi Character ctermfg=DarkGreen 125 | hi Float ctermfg=DarkGreen 126 | hi Comment ctermfg=DarkCyan 127 | hi Type ctermfg=Brown 128 | hi Typedef ctermfg=Brown 129 | hi Structure ctermfg=Brown 130 | hi Function ctermfg=Brown 131 | hi StorageClass ctermfg=Brown 132 | hi Conditional ctermfg=Brown 133 | hi Repeat ctermfg=Brown 134 | hi Visual ctermfg=Brown ctermbg=Black 135 | hi DiffChange ctermfg=Grey ctermbg=DarkBlue 136 | if version>= 700 137 | hi Pmenu ctermfg=Grey ctermbg=DarkBlue 138 | endif 139 | hi String ctermfg=DarkGreen 140 | hi Folded ctermfg=DarkGrey ctermbg=Black 141 | hi VertSplit ctermfg=DarkGrey ctermbg=DarkGrey 142 | if version>= 700 143 | hi PmenuSel ctermfg=DarkBlue ctermbg=Grey 144 | endif 145 | hi Search ctermfg=Black ctermbg=Brown 146 | hi DiffAdd ctermfg=Black ctermbg=DarkGreen 147 | hi Exception ctermfg=Brown 148 | hi Title ctermfg=DarkRed 149 | hi Error ctermfg=Brown ctermbg=DarkRed 150 | hi DiffDelete ctermfg=Brown ctermbg=DarkRed 151 | hi Todo ctermfg=Brown ctermbg=DarkRed 152 | hi LineNr ctermfg=DarkGrey 153 | hi Statement ctermfg=Brown 154 | hi Underlined cterm=Underline 155 | if version>= 700 156 | hi CursorLine ctermbg=Black cterm=Underline 157 | hi CursorColumn ctermfg=Grey ctermbg=Black 158 | endif 159 | hi Include ctermfg=DarkMagenta 160 | hi Define ctermfg=DarkMagenta 161 | hi Macro ctermfg=DarkMagenta 162 | hi PreProc ctermfg=DarkMagenta 163 | hi PreCondit ctermfg=DarkMagenta 164 | hi StatusLineNC ctermfg=DarkGrey ctermbg=Black 165 | hi StatusLine ctermfg=Grey ctermbg=DarkGrey 166 | hi WildMenu ctermfg=Grey ctermbg=DarkGrey 167 | hi FoldColumn ctermfg=DarkGrey 168 | hi IncSearch ctermfg=DarkCyan ctermbg=Black 169 | hi DiffText ctermfg=DarkBlue ctermbg=Grey 170 | hi Label ctermfg=Brown 171 | hi Operator ctermfg=Brown 172 | hi Number ctermfg=DarkGreen 173 | if version>= 700 174 | hi MatchParen ctermfg=Grey ctermbg=Green 175 | endif 176 | hi SpecialKey ctermfg=DarkRed 177 | 178 | hi Cursor ctermfg=Black ctermbg=Grey 179 | hi Delimiter ctermfg=Brown 180 | hi NonText ctermfg=DarkRed 181 | hi Special ctermfg=Brown 182 | hi SpecialChar ctermfg=Brown 183 | hi SpecialComment ctermfg=DarkCyan 184 | hi TabLine ctermfg=DarkGrey ctermbg=Grey 185 | hi Tag ctermfg=Brown 186 | 187 | " --- CTerm8 (Light) 188 | elseif &background == "light" 189 | hi Normal ctermfg=Black ctermbg=White 190 | hi Constant ctermfg=DarkCyan 191 | hi Boolean ctermfg=DarkCyan 192 | hi Character ctermfg=DarkCyan 193 | hi Float ctermfg=DarkCyan 194 | hi Comment ctermfg=DarkGreen 195 | hi Type ctermfg=DarkBlue 196 | hi Typedef ctermfg=DarkBlue 197 | hi Structure ctermfg=DarkBlue 198 | hi Function ctermfg=DarkBlue 199 | hi StorageClass ctermfg=DarkBlue 200 | hi Conditional ctermfg=DarkBlue 201 | hi Repeat ctermfg=DarkBlue 202 | hi Visual ctermfg=Brown ctermbg=Black 203 | hi DiffChange ctermfg=Grey ctermbg=DarkBlue 204 | if version>= 700 205 | hi Pmenu ctermfg=Grey ctermbg=DarkBlue 206 | endif 207 | hi String ctermfg=DarkRed 208 | hi Folded ctermfg=Black ctermbg=DarkCyan 209 | hi VertSplit ctermfg=Grey ctermbg=Black 210 | if version>= 700 211 | hi PmenuSel ctermfg=DarkBlue ctermbg=Grey 212 | endif 213 | hi Search ctermfg=Grey ctermbg=DarkGreen 214 | hi DiffAdd ctermfg=Black ctermbg=DarkGreen 215 | hi Exception ctermfg=DarkBlue 216 | hi Title ctermfg=DarkRed 217 | hi Error ctermfg=Brown ctermbg=DarkRed 218 | hi DiffDelete ctermfg=Brown ctermbg=DarkRed 219 | hi Todo ctermfg=Brown ctermbg=DarkRed 220 | hi LineNr ctermfg=Black ctermbg=Grey 221 | hi Statement ctermfg=DarkBlue 222 | hi Underlined cterm=Underline 223 | if version>= 700 224 | hi CursorLine ctermbg=Grey cterm=Underline 225 | hi CursorColumn ctermfg=Black ctermbg=Grey 226 | endif 227 | hi Include ctermfg=DarkMagenta 228 | hi Define ctermfg=DarkMagenta 229 | hi Macro ctermfg=DarkMagenta 230 | hi PreProc ctermfg=DarkMagenta 231 | hi PreCondit ctermfg=DarkMagenta 232 | hi StatusLineNC ctermfg=Grey ctermbg=DarkBlue 233 | hi StatusLine ctermfg=Grey ctermbg=Black 234 | hi WildMenu ctermfg=Grey ctermbg=DarkBlue 235 | hi FoldColumn ctermfg=Black ctermbg=Grey 236 | hi IncSearch ctermfg=Brown ctermbg=Black 237 | hi DiffText ctermfg=DarkBlue ctermbg=Grey 238 | hi Label ctermfg=DarkBlue 239 | hi Operator ctermfg=DarkBlue 240 | hi Number ctermfg=DarkCyan 241 | if version>= 700 242 | hi MatchParen ctermfg=Grey ctermbg=Green 243 | endif 244 | hi SpecialKey ctermfg=Red 245 | 246 | hi Cursor ctermfg=Black ctermbg=Grey 247 | hi Delimiter ctermfg=DarkBlue 248 | hi NonText ctermfg=Red 249 | hi Special ctermfg=DarkBlue 250 | hi SpecialChar ctermfg=DarkBlue 251 | hi SpecialComment ctermfg=DarkGreen 252 | hi TabLine ctermfg=DarkBlue ctermbg=Grey 253 | hi Tag ctermfg=DarkBlue 254 | endif 255 | 256 | " --- CTerm256 section 257 | elseif &t_Co == 256 258 | 259 | if v:version < 700 260 | command! -nargs=+ CSAHi exe "hi" substitute(substitute(, "undercurl", "underline", "g"), "guisp\\S\\+", "", "g") 261 | else 262 | command! -nargs=+ CSAHi exe "hi" 263 | endif 264 | if has("gui_running") || (&t_Co == 256 && (&term ==# "xterm" || &term =~# "^screen") && exists("g:CSApprox_konsole") && g:CSApprox_konsole) || &term =~? "^konsole" 265 | CSAHi Normal ctermbg=59 ctermfg=145 266 | CSAHi Constant term=underline ctermbg=59 ctermfg=146 267 | CSAHi Boolean ctermbg=59 ctermfg=146 268 | CSAHi Character ctermbg=59 ctermfg=146 269 | CSAHi Float ctermbg=59 ctermfg=146 270 | CSAHi Comment term=bold ctermbg=59 ctermfg=30 271 | CSAHi Type term=underline ctermbg=59 ctermfg=220 272 | CSAHi Typedef ctermbg=59 ctermfg=220 273 | CSAHi Structure ctermbg=59 ctermfg=220 274 | CSAHi Function ctermbg=59 ctermfg=220 275 | CSAHi StorageClass ctermbg=59 ctermfg=220 276 | CSAHi Conditional ctermbg=59 ctermfg=214 277 | CSAHi Repeat ctermbg=59 ctermfg=113 278 | CSAHi Visual term=reverse ctermbg=61 ctermfg=white 279 | CSAHi DiffChange term=bold ctermbg=61 ctermfg=white 280 | CSAHi Pmenu ctermbg=61 ctermfg=white 281 | CSAHi String ctermbg=59 ctermfg=61 282 | CSAHi Folded ctermbg=61 ctermfg=black 283 | CSAHi VertSplit term=reverse ctermbg=black ctermfg=61 284 | CSAHi PmenuSel ctermbg=220 ctermfg=black 285 | CSAHi Search term=reverse ctermbg=29 ctermfg=113 286 | CSAHi DiffAdd term=bold ctermbg=29 ctermfg=113 287 | CSAHi Exception ctermbg=59 ctermfg=red 288 | CSAHi Title term=bold ctermbg=59 ctermfg=red 289 | CSAHi Error term=reverse ctermbg=red ctermfg=white 290 | CSAHi DiffDelete term=bold ctermbg=red ctermfg=white 291 | CSAHi Todo cterm=bold,undercurl ctermbg=black ctermfg=red 292 | CSAHi LineNr term=underline ctermbg=black ctermfg=61 293 | CSAHi Statement term=bold ctermbg=59 ctermfg=140 294 | CSAHi Underlined term=underline cterm=bold,underline ctermfg=147 295 | CSAHi CursorLine term=underline cterm=underline ctermbg=black 296 | CSAHi CursorColumn term=reverse ctermfg=white ctermbg=30 297 | CSAHi Include ctermbg=59 ctermfg=97 298 | CSAHi Define ctermbg=59 ctermfg=97 299 | CSAHi Macro ctermbg=59 ctermfg=97 300 | CSAHi PreProc term=underline ctermbg=59 ctermfg=97 301 | CSAHi PreCondit ctermbg=59 ctermfg=97 302 | CSAHi StatusLineNC term=reverse ctermbg=16 ctermfg=61 303 | CSAHi StatusLine term=reverse,bold ctermbg=16 ctermfg=220 304 | CSAHi WildMenu ctermbg=16 ctermfg=145 305 | CSAHi FoldColumn ctermbg=16 ctermfg=61 306 | CSAHi IncSearch term=reverse cterm=bold ctermbg=146 ctermfg=16 307 | CSAHi DiffText term=reverse cterm=bold ctermbg=146 ctermfg=16 308 | CSAHi Label ctermbg=59 ctermfg=140 309 | CSAHi Operator ctermbg=59 ctermfg=142 310 | CSAHi Number ctermbg=59 ctermfg=146 311 | CSAHi MatchParen term=reverse ctermbg=113 ctermfg=16 312 | CSAHi SpecialKey term=bold ctermbg=59 ctermfg=97 313 | 314 | CSAHi Cursor ctermbg=145 ctermfg=16 315 | CSAHi lCursor ctermbg=145 ctermfg=59 316 | CSAHi Delimiter ctermbg=59 ctermfg=61 317 | CSAHi Directory term=bold ctermfg=39 318 | CSAHi ErrorMsg ctermbg=160 ctermfg=231 319 | CSAHi Identifier term=underline ctermfg=87 320 | CSAHi Ignore ctermfg=59 321 | CSAHi ModeMsg term=bold cterm=bold 322 | CSAHi MoreMsg term=bold cterm=bold ctermfg=72 323 | CSAHi NonText term=bold ctermbg=59 ctermfg=60 324 | CSAHi PmenuSbar ctermbg=250 325 | CSAHi PmenuThumb ctermbg=145 ctermfg=59 326 | CSAHi Question cterm=bold ctermfg=28 327 | CSAHi SignColumn ctermbg=250 ctermfg=39 328 | CSAHi Special term=bold ctermbg=59 ctermfg=61 329 | CSAHi SpecialChar ctermbg=59 ctermfg=61 330 | CSAHi SpecialComment ctermbg=59 ctermfg=73 331 | CSAHi SpellBad term=reverse cterm=undercurl ctermfg=196 332 | CSAHi SpellCap term=reverse cterm=undercurl ctermfg=21 333 | CSAHi SpellLocal term=underline cterm=undercurl ctermfg=51 334 | CSAHi SpellRare term=reverse cterm=undercurl ctermfg=201 335 | CSAHi TabLine term=underline ctermbg=16 ctermfg=145 336 | CSAHi TabLineFill term=reverse ctermbg=145 ctermfg=59 337 | CSAHi TabLineSel term=bold cterm=bold 338 | CSAHi Tag ctermbg=59 ctermfg=61 339 | CSAHi VisualNOS term=bold,underline cterm=bold,underline 340 | CSAHi WarningMsg ctermfg=160 341 | CSAHi htmlBold term=bold cterm=bold 342 | CSAHi htmlBoldItalic term=bold,italic cterm=bold 343 | CSAHi htmlBoldUnderline term=bold,underline cterm=bold,underline 344 | CSAHi htmlBoldUnderlineItalic term=bold,italic,underline cterm=bold,underline 345 | CSAHi htmlItalic term=italic 346 | CSAHi htmlUnderline term=underline cterm=underline 347 | CSAHi htmlUnderlineItalic term=italic,underline cterm=underline 348 | elseif has("gui_running") || (&t_Co == 256 && (&term ==# "xterm" || &term =~# "^screen") && exists("g:CSApprox_eterm") && g:CSApprox_eterm) || &term =~? "^eterm" 349 | CSAHi Normal ctermbg=59 ctermfg=152 350 | CSAHi Constant term=underline ctermbg=59 ctermfg=153 351 | CSAHi Boolean ctermbg=59 ctermfg=153 352 | CSAHi Character ctermbg=59 ctermfg=153 353 | CSAHi Float ctermbg=59 ctermfg=153 354 | CSAHi Comment term=bold ctermbg=59 ctermfg=30 355 | CSAHi Type term=underline ctermbg=59 ctermfg=226 356 | CSAHi Typedef ctermbg=59 ctermfg=226 357 | CSAHi Structure ctermbg=59 ctermfg=226 358 | CSAHi Function ctermbg=59 ctermfg=226 359 | CSAHi StorageClass ctermbg=59 ctermfg=226 360 | CSAHi Conditional ctermbg=59 ctermfg=220 361 | CSAHi Repeat ctermbg=59 ctermfg=150 362 | CSAHi Visual term=reverse ctermbg=68 ctermfg=white 363 | CSAHi DiffChange term=bold ctermbg=68 ctermfg=white 364 | CSAHi Pmenu ctermbg=68 ctermfg=white 365 | CSAHi String ctermbg=59 ctermfg=104 366 | CSAHi Folded ctermbg=104 ctermfg=black 367 | CSAHi VertSplit term=reverse ctermbg=black ctermfg=104 368 | CSAHi PmenuSel ctermbg=226 ctermfg=black 369 | CSAHi Search term=reverse ctermbg=36 ctermfg=150 370 | CSAHi DiffAdd term=bold ctermbg=36 ctermfg=150 371 | CSAHi Exception ctermbg=59 ctermfg=red 372 | CSAHi Title term=bold ctermbg=59 ctermfg=red 373 | CSAHi Error term=reverse ctermbg=red ctermfg=white 374 | CSAHi DiffDelete term=bold ctermbg=red ctermfg=white 375 | CSAHi Todo cterm=bold,undercurl ctermbg=black ctermfg=red 376 | CSAHi LineNr term=underline ctermbg=black ctermfg=104 377 | CSAHi Statement term=bold ctermbg=59 ctermfg=177 378 | CSAHi Underlined term=underline cterm=bold,underline ctermfg=153 379 | CSAHi CursorLine term=underline cterm=underline ctermbg=black 380 | CSAHi CursorColumn term=reverse ctermfg=white ctermbg=30 381 | CSAHi Include ctermbg=59 ctermfg=134 382 | CSAHi Define ctermbg=59 ctermfg=134 383 | CSAHi Macro ctermbg=59 ctermfg=134 384 | CSAHi PreProc term=underline ctermbg=59 ctermfg=134 385 | CSAHi PreCondit ctermbg=59 ctermfg=134 386 | CSAHi StatusLineNC term=reverse ctermbg=16 ctermfg=104 387 | CSAHi StatusLine term=reverse,bold ctermbg=16 ctermfg=226 388 | CSAHi WildMenu ctermbg=17 ctermfg=152 389 | CSAHi FoldColumn ctermbg=17 ctermfg=104 390 | CSAHi IncSearch term=reverse cterm=bold ctermbg=153 ctermfg=17 391 | CSAHi DiffText term=reverse cterm=bold ctermbg=153 ctermfg=17 392 | CSAHi Label ctermbg=59 ctermfg=177 393 | CSAHi Operator ctermbg=59 ctermfg=142 394 | CSAHi Number ctermbg=59 ctermfg=153 395 | CSAHi MatchParen term=reverse ctermbg=150 ctermfg=17 396 | CSAHi SpecialKey term=bold ctermbg=59 ctermfg=134 397 | 398 | CSAHi Cursor ctermbg=152 ctermfg=17 399 | CSAHi lCursor ctermbg=152 ctermfg=59 400 | CSAHi TabLine term=underline ctermbg=16 ctermfg=152 401 | CSAHi Ignore ctermfg=59 402 | CSAHi NonText term=bold ctermbg=59 ctermfg=60 403 | CSAHi Directory term=bold ctermfg=45 404 | CSAHi ErrorMsg ctermbg=196 ctermfg=255 405 | CSAHi MoreMsg term=bold cterm=bold ctermfg=72 406 | CSAHi ModeMsg term=bold cterm=bold 407 | CSAHi htmlBoldUnderline term=bold,underline cterm=bold,underline 408 | CSAHi htmlBoldItalic term=bold,italic cterm=bold 409 | CSAHi htmlBold term=bold cterm=bold 410 | CSAHi htmlBoldUnderlineItalic term=bold,italic,underline cterm=bold,underline 411 | CSAHi PmenuSbar ctermbg=250 412 | CSAHi PmenuThumb ctermbg=152 ctermfg=59 413 | CSAHi TabLineSel term=bold cterm=bold 414 | CSAHi TabLineFill term=reverse ctermbg=152 ctermfg=59 415 | CSAHi Question cterm=bold ctermfg=28 416 | CSAHi VisualNOS term=bold,underline cterm=bold,underline 417 | CSAHi WarningMsg ctermfg=196 418 | CSAHi htmlUnderlineItalic term=italic,underline cterm=underline 419 | CSAHi htmlUnderline term=underline cterm=underline 420 | CSAHi Special term=bold ctermbg=59 ctermfg=68 421 | CSAHi Identifier term=underline ctermfg=123 422 | CSAHi Tag ctermbg=59 ctermfg=68 423 | CSAHi SpecialChar ctermbg=59 ctermfg=68 424 | CSAHi Delimiter ctermbg=59 ctermfg=68 425 | CSAHi SpecialComment ctermbg=59 ctermfg=74 426 | CSAHi SignColumn ctermbg=250 ctermfg=45 427 | CSAHi SpellBad term=reverse cterm=undercurl ctermfg=196 428 | CSAHi SpellCap term=reverse cterm=undercurl ctermfg=21 429 | CSAHi SpellRare term=reverse cterm=undercurl ctermfg=201 430 | CSAHi SpellLocal term=underline cterm=undercurl ctermfg=51 431 | CSAHi htmlItalic term=italic 432 | elseif has("gui_running") || &t_Co == 256 433 | CSAHi Normal ctermbg=16 ctermfg=103 434 | CSAHi Constant term=underline ctermbg=16 ctermfg=110 435 | CSAHi Boolean ctermbg=16 ctermfg=110 436 | CSAHi Character ctermbg=16 ctermfg=110 437 | CSAHi Float ctermbg=16 ctermfg=110 438 | CSAHi Comment term=bold ctermbg=16 ctermfg=23 439 | CSAHi Type term=underline ctermbg=16 ctermfg=220 440 | CSAHi Typedef ctermbg=16 ctermfg=220 441 | CSAHi Structure ctermbg=16 ctermfg=220 442 | CSAHi Function ctermbg=16 ctermfg=220 443 | CSAHi StorageClass ctermbg=16 ctermfg=220 444 | CSAHi Conditional ctermbg=16 ctermfg=208 445 | CSAHi Repeat ctermbg=16 ctermfg=107 446 | CSAHi Visual term=reverse ctermbg=61 ctermfg=white 447 | CSAHi DiffChange term=bold ctermbg=61 ctermfg=white 448 | CSAHi Pmenu ctermbg=61 ctermfg=white 449 | CSAHi String ctermbg=16 ctermfg=61 450 | CSAHi Folded ctermbg=61 ctermfg=black 451 | CSAHi VertSplit term=reverse ctermbg=black ctermfg=61 452 | CSAHi PmenuSel ctermbg=220 ctermfg=black 453 | CSAHi Search term=reverse ctermbg=23 ctermfg=107 454 | CSAHi DiffAdd term=bold ctermbg=23 ctermfg=107 455 | CSAHi Exception ctermbg=16 ctermfg=red 456 | CSAHi Title term=bold ctermbg=16 ctermfg=red 457 | CSAHi Error term=reverse ctermbg=red ctermfg=white 458 | CSAHi DiffDelete term=bold ctermbg=red ctermfg=white 459 | CSAHi Todo cterm=bold,undercurl ctermbg=black ctermfg=red 460 | CSAHi LineNr term=underline ctermbg=black ctermfg=61 461 | CSAHi Statement term=bold ctermbg=16 ctermfg=98 462 | CSAHi Underlined term=underline cterm=bold,underline ctermfg=111 463 | CSAHi CursorLine term=underline cterm=underline ctermbg=black 464 | CSAHi CursorColumn term=reverse ctermbg=103 ctermfg=16 465 | CSAHi Include ctermbg=16 ctermfg=91 466 | CSAHi Define ctermbg=16 ctermfg=91 467 | CSAHi Macro ctermbg=16 ctermfg=91 468 | CSAHi PreProc term=underline ctermbg=16 ctermfg=91 469 | CSAHi PreCondit ctermbg=16 ctermfg=91 470 | CSAHi StatusLineNC term=reverse ctermbg=16 ctermfg=61 471 | CSAHi StatusLine term=reverse,bold ctermbg=16 ctermfg=220 472 | CSAHi WildMenu ctermbg=16 ctermfg=103 473 | CSAHi FoldColumn ctermbg=16 ctermfg=61 474 | CSAHi IncSearch term=reverse cterm=bold ctermbg=110 ctermfg=16 475 | CSAHi DiffText term=reverse cterm=bold ctermbg=110 ctermfg=16 476 | CSAHi Label ctermbg=16 ctermfg=98 477 | CSAHi Operator ctermbg=16 ctermfg=100 478 | CSAHi Number ctermbg=16 ctermfg=110 479 | CSAHi MatchParen term=reverse ctermbg=107 ctermfg=16 480 | CSAHi SpecialKey term=bold ctermbg=16 ctermfg=91 481 | 482 | CSAHi Cursor ctermbg=103 ctermfg=16 483 | CSAHi lCursor ctermbg=103 ctermfg=16 484 | CSAHi Delimiter ctermbg=16 ctermfg=61 485 | CSAHi Directory term=bold ctermfg=38 486 | CSAHi ErrorMsg ctermbg=160 ctermfg=231 487 | CSAHi Identifier term=underline ctermfg=87 488 | CSAHi Ignore ctermfg=16 489 | CSAHi ModeMsg term=bold cterm=bold 490 | CSAHi MoreMsg term=bold cterm=bold ctermfg=29 491 | CSAHi NonText term=bold ctermbg=16 ctermfg=59 492 | CSAHi PmenuSbar ctermbg=250 493 | CSAHi PmenuThumb ctermbg=103 ctermfg=16 494 | CSAHi Question cterm=bold ctermfg=22 495 | CSAHi SignColumn ctermbg=250 ctermfg=38 496 | CSAHi Special term=bold ctermbg=16 ctermfg=61 497 | CSAHi SpecialChar ctermbg=16 ctermfg=61 498 | CSAHi SpecialComment ctermbg=16 ctermfg=31 499 | CSAHi SpellBad term=reverse cterm=undercurl ctermfg=196 500 | CSAHi SpellCap term=reverse cterm=undercurl ctermfg=21 501 | CSAHi SpellLocal term=underline cterm=undercurl ctermfg=51 502 | CSAHi SpellRare term=reverse cterm=undercurl ctermfg=201 503 | CSAHi TabLine term=underline ctermbg=16 ctermfg=103 504 | CSAHi TabLineFill term=reverse ctermbg=103 ctermfg=16 505 | CSAHi TabLineSel term=bold cterm=bold 506 | CSAHi Tag ctermbg=16 ctermfg=61 507 | CSAHi VisualNOS term=bold,underline cterm=bold,underline 508 | CSAHi WarningMsg ctermfg=160 509 | CSAHi htmlBold term=bold cterm=bold 510 | CSAHi htmlBoldItalic term=bold,italic cterm=bold 511 | CSAHi htmlBoldUnderline term=bold,underline cterm=bold,underline 512 | CSAHi htmlBoldUnderlineItalic term=bold,italic,underline cterm=bold,underline 513 | CSAHi htmlItalic term=italic 514 | CSAHi htmlUnderline term=underline cterm=underline 515 | CSAHi htmlUnderlineItalic term=italic,underline cterm=underline 516 | elseif has("gui_running") || &t_Co == 88 517 | CSAHi Normal ctermbg=80 ctermfg=37 518 | CSAHi Constant term=underline ctermbg=80 ctermfg=42 519 | CSAHi Boolean ctermbg=80 ctermfg=42 520 | CSAHi Character ctermbg=80 ctermfg=42 521 | CSAHi Float ctermbg=80 ctermfg=42 522 | CSAHi Comment term=bold ctermbg=80 ctermfg=21 523 | CSAHi Type term=underline ctermbg=80 ctermfg=72 524 | CSAHi Typedef ctermbg=80 ctermfg=72 525 | CSAHi Structure ctermbg=80 ctermfg=72 526 | CSAHi Function ctermbg=80 ctermfg=72 527 | CSAHi StorageClass ctermbg=80 ctermfg=72 528 | CSAHi Conditional ctermbg=80 ctermfg=68 529 | CSAHi Repeat ctermbg=80 ctermfg=40 530 | CSAHi Visual term=reverse ctermbg=18 ctermfg=white 531 | CSAHi DiffChange term=bold ctermbg=18 ctermfg=white 532 | CSAHi Pmenu ctermbg=18 ctermfg=white 533 | CSAHi String ctermbg=80 ctermfg=38 534 | CSAHi Folded ctermbg=38 ctermfg=black 535 | CSAHi VertSplit term=reverse ctermbg=black ctermfg=38 536 | CSAHi PmenuSel ctermbg=72 ctermfg=black 537 | CSAHi Search term=reverse ctermbg=20 ctermfg=40 538 | CSAHi DiffAdd term=bold ctermbg=20 ctermfg=40 539 | CSAHi Exception ctermbg=80 ctermfg=red 540 | CSAHi Title term=bold ctermbg=80 ctermfg=red 541 | CSAHi Error term=reverse ctermbg=red ctermfg=white 542 | CSAHi DiffDelete term=bold ctermbg=red ctermfg=white 543 | CSAHi Todo cterm=bold,undercurl ctermbg=black ctermfg=white 544 | CSAHi LineNr term=underline ctermbg=black ctermfg=38 545 | CSAHi Statement term=bold ctermbg=80 ctermfg=38 546 | CSAHi Underlined term=underline cterm=bold,underline ctermfg=39 547 | CSAHi CursorLine term=underline ctermbg=black 548 | CSAHi CursorColumn term=reverse ctermbg=21 ctermfg=white 549 | CSAHi Include ctermbg=80 ctermfg=33 550 | CSAHi Define ctermbg=80 ctermfg=33 551 | CSAHi Macro ctermbg=80 ctermfg=33 552 | CSAHi PreProc term=underline ctermbg=80 ctermfg=33 553 | CSAHi PreCondit ctermbg=80 ctermfg=33 554 | CSAHi StatusLineNC term=reverse ctermbg=16 ctermfg=38 555 | CSAHi StatusLine term=reverse,bold ctermbg=16 ctermfg=72 556 | CSAHi WildMenu ctermbg=16 ctermfg=37 557 | CSAHi FoldColumn ctermbg=16 ctermfg=38 558 | CSAHi IncSearch term=reverse cterm=bold ctermbg=42 ctermfg=16 559 | CSAHi DiffText term=reverse cterm=bold ctermbg=42 ctermfg=16 560 | CSAHi Label ctermbg=80 ctermfg=38 561 | CSAHi Operator ctermbg=80 ctermfg=36 562 | CSAHi Number ctermbg=80 ctermfg=42 563 | CSAHi MatchParen term=reverse ctermbg=40 ctermfg=16 564 | CSAHi SpecialKey term=bold ctermbg=80 ctermfg=33 565 | 566 | CSAHi Cursor ctermbg=37 ctermfg=16 567 | CSAHi lCursor ctermbg=37 ctermfg=80 568 | CSAHi Delimiter ctermbg=80 ctermfg=18 569 | CSAHi Directory term=bold ctermfg=23 570 | CSAHi ErrorMsg ctermbg=48 ctermfg=79 571 | CSAHi Identifier term=underline ctermfg=31 572 | CSAHi Ignore ctermfg=80 573 | CSAHi ModeMsg term=bold cterm=bold 574 | CSAHi MoreMsg term=bold cterm=bold ctermfg=21 575 | CSAHi NonText term=bold ctermbg=80 ctermfg=17 576 | CSAHi PmenuSbar ctermbg=85 577 | CSAHi PmenuThumb ctermbg=37 ctermfg=80 578 | CSAHi Question cterm=bold ctermfg=20 579 | CSAHi SignColumn ctermbg=85 ctermfg=23 580 | CSAHi Special term=bold ctermbg=80 ctermfg=18 581 | CSAHi SpecialChar ctermbg=80 ctermfg=18 582 | CSAHi SpecialComment ctermbg=80 ctermfg=22 583 | CSAHi SpellBad term=reverse cterm=undercurl ctermfg=64 584 | CSAHi SpellCap term=reverse cterm=undercurl ctermfg=19 585 | CSAHi SpellLocal term=underline cterm=undercurl ctermfg=31 586 | CSAHi SpellRare term=reverse cterm=undercurl ctermfg=67 587 | CSAHi TabLine term=underline ctermbg=16 ctermfg=37 588 | CSAHi TabLineFill term=reverse ctermbg=37 ctermfg=80 589 | CSAHi TabLineSel term=bold cterm=bold 590 | CSAHi Tag ctermbg=80 ctermfg=18 591 | CSAHi VisualNOS term=bold,underline cterm=bold,underline 592 | CSAHi WarningMsg ctermfg=48 593 | CSAHi htmlBold term=bold cterm=bold 594 | CSAHi htmlBoldItalic term=bold,italic cterm=bold 595 | CSAHi htmlBoldUnderline term=bold,underline cterm=bold,underline 596 | CSAHi htmlBoldUnderlineItalic term=bold,italic,underline cterm=bold,underline 597 | CSAHi htmlItalic term=italic 598 | CSAHi htmlUnderline term=underline cterm=underline 599 | CSAHi htmlUnderlineItalic term=italic,underline cterm=underline 600 | endif 601 | delcommand CSAHi 602 | 603 | endif 604 | -------------------------------------------------------------------------------- /_deprecated_roles/terminal/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy a correct .bash_profile 3 | copy: 4 | src: bash_profile 5 | dest: "/home/{{user}}/.bash_profile" 6 | owner: "{{user}}" 7 | - name: Copy a correct .vim_rc 8 | copy: 9 | src: vimrc 10 | dest: "/home/{{user}}/.vimrc" 11 | owner: "{{user}}" 12 | - name: Copy a correct .inputrc 13 | copy: 14 | src: inputrc 15 | dest: "/home/{{user}}/.inputrc" 16 | owner: "{{user}}" -------------------------------------------------------------------------------- /playbooks/frontend_node+mongo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Provision NodeJS frontend servers 3 | hosts: frontend_node 4 | become: yes 5 | 6 | roles: 7 | - base 8 | - caddy 9 | - node 10 | - yarn 11 | - mongo 12 | - backup 13 | 14 | tasks: 15 | - name: Ensure the web folder is here 16 | file: 17 | path: "/var/www" 18 | state: directory 19 | group: "{{ ansible_user }}" 20 | owner: "{{ ansible_user }}" 21 | 22 | ## 23 | ## Cleans up 24 | ## 25 | - name: Cleans up password files 26 | hosts: 127.0.0.1 27 | connection: local 28 | become: false 29 | 30 | tasks: 31 | - name: Delete tmp passwords 32 | shell: "rm -f /tmp/ansible.password.*" 33 | ignore_errors: true 34 | -------------------------------------------------------------------------------- /playbooks/frontend_php+mysql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Provision PHP frontend servers 3 | hosts: frontend_php 4 | become: yes 5 | 6 | roles: 7 | - base 8 | - caddy 9 | - php 10 | - maria_db 11 | - backup 12 | 13 | tasks: 14 | - name: Ensure the web folder is here 15 | file: 16 | path: "/var/www" 17 | state: directory 18 | group: "{{ ansible_user }}" 19 | owner: "{{ ansible_user }}" 20 | 21 | ## 22 | ## Cleans up 23 | ## 24 | - name: Cleans up password files 25 | hosts: 127.0.0.1 26 | connection: local 27 | become: false 28 | 29 | tasks: 30 | - name: Delete tmp passwords 31 | shell: "rm -f /tmp/ansible.password.*" 32 | ignore_errors: true 33 | -------------------------------------------------------------------------------- /playbooks/mlmmj.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Deploys Postfix configuration for mlmmj on the MX instances 3 | hosts: mx-servers 4 | remote_user: "{{user}}" 5 | become: true 6 | become_user: root 7 | 8 | roles: 9 | - node # for mlmmj-interface 10 | - mlmmj -------------------------------------------------------------------------------- /playbooks/roles: -------------------------------------------------------------------------------- 1 | ../roles -------------------------------------------------------------------------------- /roles/backup/files/backup_rolling.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BUCKET_NAME="servers.backup" 3 | S3_ENDPOINT="https://s3.fr-par.scw.cloud/" 4 | BACKUP_DIR="/var/backups/rolling" 5 | 6 | # Create a dir for each rolling day 7 | THIS_BACKUP_DIR="$BACKUP_DIR/day$(date +%w)" 8 | mkdir -p "$THIS_BACKUP_DIR" 9 | 10 | # Folders that need to be gzipped and backuped. Separated by new line or space 11 | # in a file called ugc.list 12 | folders=$(<"$BACKUP_DIR/ugc.list") 13 | 14 | # Dump Mysql 15 | echo "Backing up MySQL ..." 16 | if type mysql >/dev/null 2>&1; then 17 | mysqldump --single-transaction --routines --default-character-set=utf8 --hex-blob --force --opt --all-databases | gzip --best > $THIS_BACKUP_DIR/db.sql.gz 18 | echo " - $THIS_BACKUP_DIR/db.sql.gz" 19 | else 20 | echo " ↳ No MySQL instance, skipping." 21 | fi 22 | 23 | echo "Backing up MongoDB ..." 24 | if type mongodump >/dev/null 2>&1; then 25 | # We need to retrieve the password since mongodump does not use .mongorc.js :sigh: 26 | MONGODB_PASS=$(grep -oP "(?<=db\.auth\('admin', ').*(?='\);)" /home/debian/.mongoshrc.js) 27 | mongodump -u admin -p "$MONGODB_PASS" --gzip --archive=$THIS_BACKUP_DIR/db.mongo.gz 28 | MONGODB_PASS=null # for safety 29 | echo " - $THIS_BACKUP_DIR/db.mongo.gz" 30 | else 31 | echo " ↳ No Mongo instance, skipping." 32 | fi 33 | 34 | echo "Backing up ugc folders ..." 35 | for folder in $folders; do 36 | printf " - $folder .. " 37 | FOLDER_SANE=${folder//\//_} 38 | if [ "$(find $folder -type f | wc -l)" -gt 0 ]; then 39 | find $folder -type d -o -size -512M -print0 | xargs -0 tar -cPzvf $THIS_BACKUP_DIR/ugc.$FOLDER_SANE.tar > /dev/null 40 | echo "→ ugc.$FOLDER_SANE.tar" 41 | else 42 | echo "empty, not backing up." 43 | fi 44 | done 45 | 46 | if [ `ls $THIS_BACKUP_DIR | wc -l` -gt 0 ]; then 47 | # Now make a big archive of the day (but without zipping it, no need to) 48 | TIMESTAMP=$(date +"%F_%s") 49 | ARCHIVE="$HOSTNAME.$TIMESTAMP.tar" 50 | echo "Consolidating latest backups to $ARCHIVE :" 51 | tar -cPvf $BACKUP_DIR/$ARCHIVE $THIS_BACKUP_DIR 52 | 53 | # Upload to vault with description 54 | echo "Sending to S3-compatible endpoint" 55 | echo "$ARCHIVE → $BUCKET_NAME, upload started on $(date)" >> $BACKUP_DIR/log_backup.log 56 | /usr/local/bin/aws s3 cp $BACKUP_DIR/$ARCHIVE s3://$BUCKET_NAME/$HOSTNAME/$ARCHIVE --endpoint-url=$S3_ENDPOINT 2>&1 >> $BACKUP_DIR/log_backup.log 57 | 58 | # Now remove the local consolidated archive that we don't need 59 | echo "Removing consolidated archive" 60 | rm -rf $BACKUP_DIR/$ARCHIVE 61 | 62 | echo "Backed up. Exiting." 63 | else 64 | rm $THIS_BACKUP_DIR 65 | echo "Nothing to backup or to upload. Exiting." 66 | fi 67 | -------------------------------------------------------------------------------- /roles/backup/files/config: -------------------------------------------------------------------------------- 1 | [default] 2 | output=json 3 | region = fr-par 4 | -------------------------------------------------------------------------------- /roles/backup/files/credentials.dist: -------------------------------------------------------------------------------- 1 | [default] 2 | aws_access_key_id=EXAMPLE_KEY 3 | aws_secret_access_key=EXAMPLE-SECRET-KEY 4 | -------------------------------------------------------------------------------- /roles/backup/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure that the backup folder is here 3 | file: 4 | path: /var/backups/rolling 5 | state: directory 6 | owner: "{{ ansible_user }}" 7 | group: "{{ ansible_user }}" 8 | - name: Get AWS cli source 9 | unarchive: 10 | src: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip 11 | dest: /tmp 12 | remote_src: yes 13 | - name: Install the AWS cli 14 | command: /tmp/aws/install --update 15 | become: yes 16 | - name: Ensure that the .aws folder is here 17 | file: 18 | path: /root/.aws 19 | state: directory 20 | owner: root 21 | group: root 22 | - name: Writes the config file for AWS cli 23 | copy: 24 | src: config 25 | dest: /root/.aws/config 26 | - name: Writes the credentials file for AWS cli 27 | copy: 28 | src: credentials 29 | dest: /root/.aws/credentials 30 | - name: Writes the backup script 31 | copy: 32 | src: backup_rolling.sh 33 | dest: /var/backups/rolling/backup.sh 34 | mode: a+x 35 | force: yes 36 | - name: Ensure the backup folder list is here (empty, but here) 37 | file: 38 | path: /var/backups/rolling/ugc.list 39 | state: touch 40 | # Those exports are automatically rotating from day0 to day6 so you 41 | # always have a backup of the last 7 days on the server, and the rest 42 | # on AWS, stored with the date and server. 43 | - name: Add daily backups for 7 days, rotating 44 | cron: 45 | name: "Backup: UGC + db, daily, then to AWS S3 or equivalent" 46 | minute: "0" 47 | hour: "4" 48 | user: "root" 49 | job: "/var/backups/rolling/backup.sh" 50 | cron_file: backup_daily 51 | -------------------------------------------------------------------------------- /roles/base/files/motd: -------------------------------------------------------------------------------- 1 | 2 | ▟██████████████████████████████████████████████████████▙ 3 |   4 |  ⚠️  5 |  THIS SERVER IS MANAGED VIA ANSIBLE  6 |  DO NOT INSTALL ANYTHING MANUALLY  7 |   8 | ▜██████████████████████████████████████████████████████▛ 9 | -------------------------------------------------------------------------------- /roles/base/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Refresh apt keys 3 | shell: apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com 4 | become: yes 5 | become_user: root 6 | - name: Update apt 7 | apt: 8 | update_cache: yes 9 | - name: Upgrade apt 10 | apt: 11 | upgrade: full 12 | # - name: Install sudo package 13 | # apt: 14 | # pkg: sudo 15 | # update_cache: yes 16 | # state: present 17 | # - name: Add debian to sudo group 18 | # user: 19 | # name: debian 20 | # groups: sudo 21 | # append: yes 22 | # - name: Allow sudo for debian 23 | # copy: 24 | # content: "debian ALL=(ALL) NOPASSWD: ALL" 25 | # dest: /etc/sudoers.d/debian 26 | # mode: 0600 27 | - name: Install base packages 28 | apt: 29 | pkg: ['unzip', 'tar', 'sed', 'curl', 'file', 'vim', 'wget', 'ntp', 'rsync', 'tmux', 'cron', 'fail2ban', 'build-essential', 'htop', 'git', 'apt-transport-https', 'lsb-release', 'ca-certificates'] 30 | state: present 31 | - name: Set correct timezone 32 | shell: timedatectl set-timezone 'Europe/Paris' 33 | - name: Lower swappiness to 10 # For hosts hosting databases 34 | sysctl: 35 | name: vm.swappiness 36 | value: '10' 37 | state: present 38 | - name: Limit journald size 39 | lineinfile: 40 | dest: /etc/systemd/journald.conf 41 | regexp: '^#SystemMaxUse' 42 | line: SystemMaxUse=100M 43 | - name: Restart journald 44 | systemd: 45 | name: systemd-journald 46 | state: restarted 47 | enabled: yes 48 | - name: Check if Ansible warning is present 49 | register: ansible_warning_msg 50 | shell: "grep -i 'THIS SERVER IS MANAGED VIA' /etc/motd" 51 | check_mode: no 52 | ignore_errors: yes 53 | changed_when: no 54 | - name: Insert a warning block at the start of /etc/motd 55 | lineinfile: 56 | line: "{{ lookup('file', 'motd') }}" 57 | dest: /etc/motd 58 | insertbefore: BOF 59 | when: ansible_warning_msg.rc == 1 60 | -------------------------------------------------------------------------------- /roles/caddy/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add repository 3 | apt_repository: 4 | repo: 'deb [trusted=yes] https://apt.fury.io/caddy/ /' 5 | state: present 6 | filename: caddy 7 | - name: Ensure Caddy is installed 8 | apt: 9 | pkg: 'caddy' 10 | state: latest 11 | - name: Ensure caddy etc directory exists 12 | file: 13 | path: /etc/caddy 14 | state: directory 15 | - name: Ensure Caddyfile is here 16 | file: 17 | path: /etc/caddy/Caddyfile 18 | state: touch 19 | - name: Reread Systemd config 20 | systemd: 21 | daemon_reload: yes 22 | - name: Start Caddy service 23 | systemd: 24 | name: caddy 25 | state: started 26 | enabled: yes 27 | -------------------------------------------------------------------------------- /roles/maria_db/files/mariadb.cnf: -------------------------------------------------------------------------------- 1 | # MariaDB-specific config file. 2 | # Read by /etc/mysql/my.cnf 3 | 4 | [client] 5 | # Default is Latin1, if you need UTF-8 set this (also in server section) 6 | default-character-set = utf8 7 | 8 | [mysqld] 9 | # Useful for PDO session handlers 10 | binlog_format = 'MIXED' 11 | 12 | key_buffer_size = 32M 13 | 14 | innodb_buffer_pool_size = 2G # (adjust value here, 50%-70% of total RAM) 15 | innodb_log_file_size = 256M 16 | innodb_flush_log_at_trx_commit = 0 # => flush to disk every second, not every transaction 17 | innodb_flush_method = O_DIRECT 18 | 19 | # Default is Latin1, if you need UTF-8 set all this (also in client section) 20 | character-set-server = utf8 21 | collation-server = utf8_general_ci 22 | -------------------------------------------------------------------------------- /roles/maria_db/files/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | user=root 3 | -------------------------------------------------------------------------------- /roles/maria_db/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | id: "0xF1656F24C74CD1D8" 5 | keyserver: keyserver.ubuntu.com 6 | - name: Add repository 7 | apt_repository: 8 | repo: 'deb http://mirrors.dotsrc.org/mariadb/repo/10.6/debian {{ ansible_distribution_release }} main' 9 | state: present 10 | filename: "maria_db" 11 | - name: Ensure mariadb is installed (along with ansible tools for mysql_user) 12 | apt: 13 | pkg: ['mariadb-server', 'python3-mysqldb'] 14 | state: latest 15 | - name: Writes the UTF-8 version of the configuration 16 | copy: 17 | src: mariadb.cnf 18 | dest: /etc/mysql/conf.d/mariadb.cnf 19 | force: no 20 | - name: Remove TokuDB config file 21 | file: 22 | path: /etc/mysql/conf.d/tokudb.cnf 23 | state: absent 24 | - name: Ensure mariadb is running 25 | service: 26 | name: mysql 27 | state: started 28 | enabled: yes 29 | - name: Upgrade mysql if needed 30 | shell: mysql_upgrade 31 | - name: Sets the root password 32 | mysql_user: 33 | name: root 34 | password: "{{ lookup('password', '/tmp/ansible.password.mysql_root_' + inventory_hostname + ' length=64') }}" 35 | state: present 36 | no_log: yes 37 | - name: Writes /root/.my.cnf 38 | copy: 39 | src: my.cnf 40 | dest: /root/.my.cnf 41 | mode: 0600 42 | owner: root 43 | group: root 44 | - name: Add root password to .my.cnf 45 | lineinfile: 46 | dest: /root/.my.cnf 47 | insertafter: "user=root" 48 | line: "password={{ lookup('file', '/tmp/ansible.password.mysql_root_' + inventory_hostname) }}" 49 | no_log: yes 50 | - name: Remove test database 51 | mysql_db: 52 | db: 'test' 53 | state: 'absent' 54 | no_log: yes 55 | 56 | -------------------------------------------------------------------------------- /roles/mlmmj/files/groups.proxy.conf: -------------------------------------------------------------------------------- 1 | upstream mlmmjweb { 2 | 3 | server 127.0.0.1:4792; 4 | keepalive 64; 5 | 6 | } 7 | 8 | server { 9 | 10 | listen 80; 11 | server_name #groups; 12 | 13 | error_log /var/log/nginx/groups.proxy.error.log; 14 | access_log off; 15 | 16 | include favicon.robots.conf; 17 | 18 | location / { 19 | 20 | # Pass requests to Node.js 21 | proxy_pass http://mlmmjweb; 22 | proxy_redirect off; 23 | proxy_http_version 1.1; 24 | proxy_set_header Connection ""; 25 | 26 | proxy_set_header X-Real-IP $remote_addr; 27 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 28 | proxy_set_header Host $http_host; 29 | 30 | } 31 | } -------------------------------------------------------------------------------- /roles/mlmmj/files/main.cf: -------------------------------------------------------------------------------- 1 | 2 | mydomain = #mydomain.fr 3 | myorigin = $mydomain 4 | mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 5 | 6 | # MLMMJ 7 | alias_maps = hash:/etc/postfix/mlmmj.aliases 8 | alias_database = hash:/etc/postfix/mlmmj.aliases 9 | 10 | virtual_alias_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/mlmmj.lists.reg 11 | transport_maps = regexp:/etc/postfix/mlmmj.transport.reg 12 | 13 | # Verp 14 | smtpd_authorized_verp_clients = 127.0.0.1,localhost 15 | 16 | # Spam filters 17 | smtpd_helo_required = yes 18 | disable_vrfy_command = yes 19 | strict_rfc821_envelopes = yes 20 | invalid_hostname_reject_code = 554 21 | multi_recipient_bounce_reject_code = 554 22 | non_fqdn_reject_code = 554 23 | relay_domains_reject_code = 554 24 | unknown_address_reject_code = 554 25 | unknown_client_reject_code = 554 26 | unknown_hostname_reject_code = 554 27 | unknown_local_recipient_reject_code = 554 28 | unknown_relay_recipient_reject_code = 554 29 | unknown_sender_reject_code = 554 30 | unknown_virtual_alias_reject_code = 554 31 | unknown_virtual_mailbox_reject_code = 554 32 | unverified_recipient_reject_code = 554 33 | unverified_sender_reject_code = 554 34 | 35 | smtpd_recipient_restrictions = 36 | reject_invalid_hostname, 37 | reject_unknown_recipient_domain, 38 | reject_unauth_pipelining, 39 | permit_mynetworks, 40 | permit_sasl_authenticated, 41 | reject_unauth_destination, 42 | # reject_rbl_client multi.uribl.com, 43 | reject_rbl_client dsn.rfc-ignorant.org, 44 | # reject_rbl_client dul.dnsbl.sorbs.net, 45 | # reject_rbl_client list.dsbl.org, 46 | reject_rbl_client sbl-xbl.spamhaus.org, 47 | reject_rbl_client bl.spamcop.net, 48 | # reject_rbl_client dnsbl.sorbs.net, 49 | reject_rbl_client cbl.abuseat.org, 50 | reject_rbl_client ix.dnsbl.manitu.net, 51 | reject_rbl_client combined.rbl.msrbl.net, 52 | reject_rbl_client rabl.nuclearelephant.com, 53 | permit -------------------------------------------------------------------------------- /roles/mlmmj/files/master.cf: -------------------------------------------------------------------------------- 1 | # 2 | # Postfix master process configuration file. For details on the format 3 | # of the file, see the master(5) manual page (command: "man 5 master"). 4 | # 5 | # Do not forget to execute "postfix reload" after editing this file. 6 | # 7 | # ========================================================================== 8 | # service type private unpriv chroot wakeup maxproc command + args 9 | # (yes) (yes) (yes) (never) (100) 10 | # ========================================================================== 11 | smtp inet n - - - - smtpd 12 | #smtp inet n - - - 1 postscreen 13 | #smtpd pass - - - - - smtpd 14 | #dnsblog unix - - - - 0 dnsblog 15 | #tlsproxy unix - - - - 0 tlsproxy 16 | #submission inet n - - - - smtpd 17 | # -o syslog_name=postfix/submission 18 | # -o smtpd_tls_security_level=encrypt 19 | # -o smtpd_sasl_auth_enable=yes 20 | # -o smtpd_client_restrictions=permit_sasl_authenticated,reject 21 | # -o milter_macro_daemon_name=ORIGINATING 22 | #smtps inet n - - - - smtpd 23 | # -o syslog_name=postfix/smtps 24 | # -o smtpd_tls_wrappermode=yes 25 | # -o smtpd_sasl_auth_enable=yes 26 | # -o smtpd_client_restrictions=permit_sasl_authenticated,reject 27 | # -o milter_macro_daemon_name=ORIGINATING 28 | #628 inet n - - - - qmqpd 29 | pickup fifo n - - 60 1 pickup 30 | cleanup unix n - - - 0 cleanup 31 | qmgr fifo n - n 300 1 qmgr 32 | #qmgr fifo n - n 300 1 oqmgr 33 | tlsmgr unix - - - 1000? 1 tlsmgr 34 | rewrite unix - - - - - trivial-rewrite 35 | bounce unix - - - - 0 bounce 36 | defer unix - - - - 0 bounce 37 | trace unix - - - - 0 bounce 38 | verify unix - - - - 1 verify 39 | flush unix n - - 1000? 0 flush 40 | proxymap unix - - n - - proxymap 41 | proxywrite unix - - n - 1 proxymap 42 | smtp unix - - - - - smtp 43 | relay unix - - - - - smtp 44 | # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 45 | showq unix n - - - - showq 46 | error unix - - - - - error 47 | retry unix - - - - - error 48 | discard unix - - - - - discard 49 | local unix - n n - - local 50 | virtual unix - n n - - virtual 51 | lmtp unix - - - - - lmtp 52 | anvil unix - - - - 1 anvil 53 | scache unix - - - - 1 scache 54 | # 55 | # ==================================================================== 56 | # Interfaces to non-Postfix software. Be sure to examine the manual 57 | # pages of the non-Postfix software to find out what options it wants. 58 | # 59 | # Many of the following services use the Postfix pipe(8) delivery 60 | # agent. See the pipe(8) man page for information about ${recipient} 61 | # and other message envelope options. 62 | # ==================================================================== 63 | # 64 | # maildrop. See the Postfix MAILDROP_README file for details. 65 | # Also specify in main.cf: maildrop_destination_recipient_limit=1 66 | # 67 | maildrop unix - n n - - pipe 68 | flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} 69 | # 70 | # ==================================================================== 71 | # 72 | # Recent Cyrus versions can use the existing "lmtp" master.cf entry. 73 | # 74 | # Specify in cyrus.conf: 75 | # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 76 | # 77 | # Specify in main.cf one or more of the following: 78 | # mailbox_transport = lmtp:inet:localhost 79 | # virtual_transport = lmtp:inet:localhost 80 | # 81 | # ==================================================================== 82 | # 83 | # Cyrus 2.1.5 (Amos Gouaux) 84 | # Also specify in main.cf: cyrus_destination_recipient_limit=1 85 | # 86 | #cyrus unix - n n - - pipe 87 | # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} 88 | # 89 | # ==================================================================== 90 | # Old example of delivery via Cyrus. 91 | # 92 | #old-cyrus unix - n n - - pipe 93 | # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} 94 | # 95 | # ==================================================================== 96 | # 97 | # See the Postfix UUCP_README file for configuration details. 98 | # 99 | uucp unix - n n - - pipe 100 | flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 101 | # 102 | # Other external delivery methods. 103 | # 104 | ifmail unix - n n - - pipe 105 | flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) 106 | bsmtp unix - n n - - pipe 107 | flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient 108 | scalemail-backend unix - n n - 2 pipe 109 | flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} 110 | mailman unix - n n - - pipe 111 | flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 112 | ${nexthop} ${user} 113 | mlmmj unix - n n - - pipe 114 | flags=DORhu user=list argv=/usr/bin/mlmmj-receive -F -L /var/spool/mlmmj/${nexthop} -------------------------------------------------------------------------------- /roles/mlmmj/files/mlmmjweb.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=This script provides a simple wrapper for mlmmjweb 3 | After=syslog.target network.target 4 | 5 | [Service] 6 | ExecStart=/usr/bin/node /home/tchap/groups/index.js 7 | WorkingDirectory=/home/tchap/groups 8 | Restart=always 9 | StandardOutput=syslog 10 | StandardError=syslog 11 | SyslogIdentifier=mlmmjweb 12 | User=list 13 | Group=list 14 | Environment=NODE_ENV=production 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | -------------------------------------------------------------------------------- /roles/mlmmj/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure dependencies are installed 3 | apt: 4 | pkg: "{{item}}" 5 | state: latest 6 | with_items: 7 | - postfix 8 | - mlmmj 9 | # Configure postfix 10 | - name: Ensure postfix config is here 11 | copy: 12 | src: main.cf 13 | dest: /etc/postfix/main.cf 14 | - name: Adds MX domain 15 | lineinfile: 16 | dest: /etc/postfix/main.cf 17 | state: present 18 | regexp: 'mydomain = ' 19 | line: "mydomain = {{ mx_domain }}" 20 | - name: Ensure mlmmj service file is here 21 | copy: 22 | src: mlmmj.service 23 | dest: /etc/systemd/system/mlmmj.service 24 | mode: 0755 25 | - name: enable service for mlmmj 26 | systemd: 27 | name: mlmmj 28 | enabled: yes 29 | - name: Ensure mlmmjweb service file is here 30 | copy: 31 | src: mlmmjweb.service 32 | dest: /etc/systemd/system/mlmmjweb.service 33 | mode: 0755 34 | - name: enable service for mlmmjweb 35 | systemd: 36 | name: mlmmjweb 37 | enabled: yes 38 | - name: Ensure mlmmjweb nginx config is here 39 | copy: 40 | src: groups.proxy.conf 41 | dest: /etc/nginx/available/groups.proxy.conf 42 | - name: Adds groups nginx domain 43 | lineinfile: 44 | dest: /etc/nginx/available/groups.proxy.conf 45 | state: present 46 | regexp: 'server_name #groups;' 47 | line: "server_name groups.{{ mx_domain }};" 48 | - name: Ensure mlmmjweb nginx conf is enabled 49 | file: 50 | src: "/etc/nginx/available/groups.proxy.conf" 51 | dest: "/etc/nginx/enabled/groups.proxy.conf" 52 | state: link 53 | - name: Ensure postfix master config is here 54 | copy: 55 | src: master.cf 56 | dest: /etc/postfix/master.cf 57 | - name: Ensure mlmmj aliases config is here 58 | copy: 59 | src: mlmmj.aliases 60 | dest: /etc/postfix/mlmmj.aliases 61 | - name: Ensure mlmmj lists config is here 62 | copy: 63 | src: mlmmj.lists.reg 64 | dest: /etc/postfix/mlmmj.lists.reg 65 | - name: Ensure mlmmj transport config is here 66 | copy: 67 | src: mlmmj.transport.reg 68 | dest: /etc/postfix/mlmmj.transport.reg 69 | - name: Ensure virtuals is here 70 | copy: 71 | src: virtual 72 | dest: /etc/postfix/virtual 73 | - name: Create maps 74 | shell: "postmap /etc/postfix/virtual" 75 | - name: Create hashes 76 | shell: "postalias /etc/postfix/mlmmj.aliases" 77 | - name : "Restart postfix" 78 | service: 79 | name: "postfix" 80 | state: "restarted" 81 | - name : "Restart mlmmj" 82 | service: 83 | name: "mlmmj" 84 | state: "restarted" -------------------------------------------------------------------------------- /roles/mongo/files/mongod.conf: -------------------------------------------------------------------------------- 1 | # mongod.conf 2 | 3 | # for documentation of all options, see: 4 | # http://docs.mongodb.org/manual/reference/configuration-options/ 5 | 6 | # Where and how to store data. 7 | storage: 8 | dbPath: /var/lib/mongodb 9 | journal: 10 | enabled: true 11 | # engine: 12 | # mmapv1: 13 | # wiredTiger: 14 | 15 | # where to write logging data. 16 | systemLog: 17 | destination: file 18 | logAppend: true 19 | path: /var/log/mongodb/mongod.log 20 | 21 | # network interfaces 22 | net: 23 | port: 27017 24 | bindIp: 127.0.0.1 25 | 26 | # how the process runs 27 | processManagement: 28 | timeZoneInfo: /usr/share/zoneinfo 29 | 30 | security: 31 | authorization: 'enabled' 32 | 33 | #operationProfiling: 34 | 35 | #replication: 36 | 37 | #sharding: 38 | -------------------------------------------------------------------------------- /roles/mongo/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: https://www.mongodb.org/static/pgp/server-5.0.asc 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb http://repo.mongodb.org/apt/debian {{ ansible_distribution_release }}/mongodb-org/5.0 main' 8 | state: present 9 | filename: mongodb 10 | - name: Ensure mongo and necessary python packages for managing users are installed 11 | apt: 12 | pkg: ["mongodb-org", "python-setuptools", "python3-pip"] 13 | state: latest 14 | - name: Install pymongo 15 | pip: 16 | name: pymongo 17 | - name: Reread Systemd config 18 | systemd: 19 | daemon_reload: yes 20 | - name: Start Mongo service 21 | systemd: 22 | name: mongod 23 | state: started 24 | enabled: yes 25 | - name: Add admin user if it does not already exist 26 | mongodb_user: 27 | user: "admin" 28 | database: "admin" 29 | password: "{{ lookup('password', '/tmp/ansible.password.mongo_root_' + inventory_hostname + ' length=64') }}" 30 | state: present 31 | roles: "root" 32 | no_log: yes 33 | ignore_errors: true 34 | - name: Add root password to .mongoshrc.js 35 | copy: 36 | dest: "/home/{{ ansible_user }}/.mongoshrc.js" 37 | force: no 38 | content: | 39 | db = connect('localhost:27017/admin'); 40 | db.auth('admin', '{{ lookup('file', '/tmp/ansible.password.mongo_root_' + inventory_hostname) }}'); 41 | no_log: yes 42 | - name: Copy correct conf file 43 | copy: 44 | src: mongod.conf 45 | dest: /etc/mongod.conf 46 | - name: Restart Mongo service with auth (from conf) 47 | systemd: 48 | name: mongod 49 | state: restarted 50 | - name: Lower dirty ratio 51 | sysctl: 52 | name: vm.dirty_ratio 53 | value: '15' 54 | state: present 55 | - name: Lower dirty background ratio 56 | sysctl: 57 | name: vm.dirty_background_ratio 58 | value: '5' 59 | state: present 60 | -------------------------------------------------------------------------------- /roles/mosquitto/files/mosquitto.conf: -------------------------------------------------------------------------------- 1 | bind_address broker.tchap.me 2 | port 1884 3 | 4 | listener 9884 5 | protocol websockets 6 | 7 | allow_anonymous false 8 | password_file /etc/mosquitto/passwd 9 | 10 | log_dest file /var/log/mosquitto.log 11 | 12 | autosave_on_changes true 13 | persistence true 14 | persistence_file mosquitto.db 15 | #persistence_location /var/lib/mosquitto/ -------------------------------------------------------------------------------- /roles/mosquitto/files/mosquitto.passwd: -------------------------------------------------------------------------------- 1 | tchap:$6$IautS4oh5mIotW27$6wWsxGbhYU/nVMCHG1RoNibmVFyuYw7+w+SQmL0mLOaTZtcYG+8ro6ZHiYMl6rqyERXCmTOIJHkbosDFeRaSgA== 2 | data:$6$GNxT0Y+P+WTYayk3$LCuc0lv5vS0O7oCIRt/0tTpFyc1HbH8OXFWirH+hBY/W3EIwE1bYuSsGaTWqSoXog1t9NVjKShvakNdoGRZGCg== 3 | -------------------------------------------------------------------------------- /roles/mosquitto/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Update apt 3 | apt: 4 | update_cache: yes 5 | - name: Install mosquitto 6 | apt: 7 | name: mosquitto 8 | state: latest 9 | - name: Ensure the mosquitto config is present 10 | copy: 11 | src: mosquitto.conf 12 | dest: /etc/mosquitto/conf.d/mosquitto.conf 13 | - name: Ensure the passwd_file is good 14 | copy: 15 | src: mosquitto.passwd 16 | dest: /etc/mosquitto/passwd 17 | - name: Ensure mosquitto is running 18 | service: 19 | name: mosquitto 20 | state: restarted 21 | enabled: yes 22 | -------------------------------------------------------------------------------- /roles/nginx/files/favicon.robots.conf: -------------------------------------------------------------------------------- 1 | location = /favicon.ico { 2 | log_not_found off; 3 | access_log off; 4 | try_files $uri = 204; 5 | } 6 | 7 | location = /robots.txt { 8 | allow all; 9 | log_not_found off; 10 | access_log off; 11 | } -------------------------------------------------------------------------------- /roles/nginx/files/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes auto; 3 | pid /var/run/nginx.pid; 4 | 5 | # provides the configuration file context in which the directives that affect connection processing are specified. 6 | 7 | events { 8 | worker_connections 768; 9 | 10 | # optimized to serve many clients with each thread, essential for linux 11 | use epoll; 12 | 13 | # accept as many connections as possible, may flood worker connections if set too low 14 | # multi_accept on; 15 | } 16 | 17 | http { 18 | 19 | # copies data between one FD and other from within the kernel 20 | # faster then read() + write() 21 | sendfile on; 22 | 23 | # send headers in one piece, it's better then sending them one by one 24 | tcp_nopush on; 25 | 26 | # don't buffer data sent, good for small data bursts in real time 27 | tcp_nodelay on; 28 | 29 | # server will close connection after this time 30 | keepalive_timeout 30; 31 | 32 | # number of requests client can make over keep-alive -- for testing 33 | keepalive_requests 100000; 34 | 35 | # allow the server to close connection on non responding client, this will free up memory 36 | reset_timedout_connection on; 37 | 38 | # request timed out -- default 60 39 | client_body_timeout 30; 40 | 41 | # if client stop responding, free up memory -- default 60 42 | send_timeout 10; 43 | 44 | types_hash_max_size 2048; 45 | 46 | # cache informations about FDs, frequently accessed files 47 | # can boost performance, but you need to test those values 48 | open_file_cache max=200000 inactive=20s; 49 | open_file_cache_valid 30s; 50 | open_file_cache_min_uses 2; 51 | open_file_cache_errors on; 52 | 53 | # http://tautt.com/best-nginx-configuration-for-security/ 54 | ######################################################### 55 | 56 | # don't send the nginx version number in error pages and Server header 57 | server_tokens off; 58 | 59 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, 60 | # to disable content-type sniffing on some browsers. 61 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 62 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx 63 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx 64 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 65 | add_header X-Content-Type-Options nosniff; 66 | 67 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. 68 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 69 | # this particular website if it was disabled by the user. 70 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers 71 | add_header X-XSS-Protection "1; mode=block"; 72 | 73 | # Simple DDoS Defense 74 | ##################### 75 | 76 | # limit the number of connections per single IP 77 | limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; 78 | 79 | # limit the number of requests for a given session 80 | limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; 81 | 82 | # zone which we want to limit by upper values, we want limit whole server 83 | server { 84 | limit_conn conn_limit_per_ip 10; 85 | limit_req zone=req_limit_per_ip burst=10 nodelay; 86 | } 87 | 88 | client_max_body_size 32M; 89 | 90 | # if the request body size is more than the buffer size, then the entire (or partial) request body is written into a temporary file 91 | client_body_buffer_size 128k; 92 | 93 | # headerbuffer size for the request header from client, its set for testing purpose 94 | client_header_buffer_size 3m; 95 | 96 | # maximum number and size of buffers for large headers to read from client request 97 | large_client_header_buffers 4 256k; 98 | 99 | # how long to wait for the client to send a request header, its set for testing purpose 100 | client_header_timeout 3m; 101 | 102 | # server_names_hash_bucket_size 64; 103 | # server_name_in_redirect off; 104 | 105 | include /etc/nginx/mime.types; 106 | default_type application/octet-stream; 107 | 108 | ## 109 | # Logging Settings 110 | ## 111 | 112 | # to boost IO on HDD we can disable access logs 113 | access_log off; 114 | 115 | # only log critical errors 116 | error_log /var/log/nginx/error.log crit; 117 | 118 | ## 119 | # Gzip Settings 120 | ## 121 | 122 | # reduce the data that needs to be sent over network 123 | gzip on; 124 | gzip_min_length 10240; 125 | gzip_proxied expired no-cache no-store private auth; 126 | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 127 | 128 | ## 129 | # Virtual Host Configs 130 | ## 131 | 132 | include /etc/nginx/enabled/*; 133 | } 134 | -------------------------------------------------------------------------------- /roles/nginx/files/ssl.conf: -------------------------------------------------------------------------------- 1 | listen 443 ssl; 2 | 3 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 4 | ssl_prefer_server_ciphers on; 5 | ssl_dhparam /etc/ssl/certs/dhparam.pem; 6 | ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 7 | ssl_session_timeout 1d; 8 | ssl_session_cache shared:SSL:50m; 9 | ssl_stapling on; 10 | ssl_stapling_verify on; 11 | add_header Strict-Transport-Security max-age=15768000; -------------------------------------------------------------------------------- /roles/nginx/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: http://nginx.org/keys/nginx_signing.key 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb http://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx' 8 | state: present 9 | - name: Ensure nginx is at the latest version 10 | apt: 11 | pkg: nginx 12 | state: latest 13 | - name: Ensure the enabled folder is here 14 | file: 15 | path: /etc/nginx/enabled 16 | state: directory 17 | - name: Ensure the available folder is here 18 | file: 19 | path: /etc/nginx/available 20 | state: directory 21 | - name: Removes the conf.d directory 22 | file: 23 | path: /etc/nginx/conf.d 24 | state: absent 25 | - name: Writes the secured version of the configuration 26 | copy: 27 | src: nginx.conf 28 | dest: /etc/nginx/nginx.conf 29 | - name: Writes the favicon/robots configuration 30 | copy: 31 | src: favicon.robots.conf 32 | dest: /etc/nginx/favicon.robots.conf 33 | - name: Writes the ssl configuration 34 | copy: 35 | src: ssl.conf 36 | dest: /etc/nginx/ssl.conf 37 | - name: Ensure nginx is running 38 | service: 39 | name: nginx 40 | state: started 41 | enabled: yes 42 | 43 | -------------------------------------------------------------------------------- /roles/node/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | node_version: "18" -------------------------------------------------------------------------------- /roles/node/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure apt-transport-https is installed 3 | apt: 4 | pkg: 'apt-transport-https' 5 | state: latest 6 | - name: Ensure the key is present 7 | apt_key: 8 | url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key 9 | - name: Add repository 10 | apt_repository: 11 | repo: "deb https://deb.nodesource.com/node_{{ node_version }}.x {{ ansible_distribution_release }} main" 12 | state: present 13 | filename: "nodesource" 14 | - name: Add repository (SRC) 15 | apt_repository: 16 | repo: "deb-src https://deb.nodesource.com/node_{{ node_version }}.x {{ ansible_distribution_release }} main" 17 | state: present 18 | filename: "nodesource" 19 | - name: Ensure nodejs is installed as root 20 | apt: 21 | pkg: 'nodejs' 22 | state: latest 23 | - name: Ensure pm2 is present globally 24 | npm: 25 | name: pm2@latest 26 | global: yes 27 | - name: Install pm2 completion 28 | shell: pm2 completion install -------------------------------------------------------------------------------- /roles/php/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | php_version: "8.2" -------------------------------------------------------------------------------- /roles/php/files/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix (/usr). This prefix can be dynamically changed by using the 7 | ; '-p' argument from the command line. 8 | 9 | ;;;;;;;;;;;;;;;;;; 10 | ; Global Options ; 11 | ;;;;;;;;;;;;;;;;;; 12 | 13 | [global] 14 | ; Pid file 15 | ; Note: the default prefix is /var 16 | ; Default Value: none 17 | pid = /run/php/php7.4-fpm.pid 18 | 19 | ; Error log file 20 | ; If it's set to "syslog", log is sent to syslogd instead of being written 21 | ; in a local file. 22 | ; Note: the default prefix is /var 23 | ; Default Value: log/php-fpm.log 24 | error_log = /var/log/php7.4-fpm.log 25 | 26 | ; syslog_facility is used to specify what type of program is logging the 27 | ; message. This lets syslogd specify that messages from different facilities 28 | ; will be handled differently. 29 | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) 30 | ; Default Value: daemon 31 | ;syslog.facility = daemon 32 | 33 | ; syslog_ident is prepended to every message. If you have multiple FPM 34 | ; instances running on the same server, you can change the default value 35 | ; which must suit common needs. 36 | ; Default Value: php-fpm 37 | ;syslog.ident = php-fpm 38 | 39 | ; Log level 40 | ; Possible Values: alert, error, warning, notice, debug 41 | ; Default Value: notice 42 | ;log_level = notice 43 | 44 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 45 | ; interval set by emergency_restart_interval then FPM will restart. A value 46 | ; of '0' means 'Off'. 47 | ; Default Value: 0 48 | ;emergency_restart_threshold = 0 49 | 50 | ; Interval of time used by emergency_restart_interval to determine when 51 | ; a graceful restart will be initiated. This can be useful to work around 52 | ; accidental corruptions in an accelerator's shared memory. 53 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 54 | ; Default Unit: seconds 55 | ; Default Value: 0 56 | ;emergency_restart_interval = 0 57 | 58 | ; Time limit for child processes to wait for a reaction on signals from master. 59 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 60 | ; Default Unit: seconds 61 | ; Default Value: 0 62 | ;process_control_timeout = 0 63 | 64 | ; The maximum number of processes FPM will fork. This has been design to control 65 | ; the global number of processes when using dynamic PM within a lot of pools. 66 | ; Use it with caution. 67 | ; Note: A value of 0 indicates no limit 68 | ; Default Value: 0 69 | ; process.max = 128 70 | 71 | ; Specify the nice(2) priority to apply to the master process (only if set) 72 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 73 | ; Note: - It will only work if the FPM master process is launched as root 74 | ; - The pool process will inherit the master process priority 75 | ; unless it specified otherwise 76 | ; Default Value: no set 77 | ; process.priority = -19 78 | 79 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 80 | ; Default Value: yes 81 | ;daemonize = yes 82 | 83 | ; Set open file descriptor rlimit for the master process. 84 | ; Default Value: system defined value 85 | ;rlimit_files = 1024 86 | 87 | ; Set max core size rlimit for the master process. 88 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 89 | ; Default Value: system defined value 90 | ;rlimit_core = 0 91 | 92 | ; Specify the event mechanism FPM will use. The following is available: 93 | ; - select (any POSIX os) 94 | ; - poll (any POSIX os) 95 | ; - epoll (linux >= 2.5.44) 96 | ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) 97 | ; - /dev/poll (Solaris >= 7) 98 | ; - port (Solaris >= 10) 99 | ; Default Value: not set (auto detection) 100 | ;events.mechanism = epoll 101 | 102 | ; When FPM is build with systemd integration, specify the interval, 103 | ; in second, between health report notification to systemd. 104 | ; Set to 0 to disable. 105 | ; Available Units: s(econds), m(inutes), h(ours) 106 | ; Default Unit: seconds 107 | ; Default value: 10 108 | ;systemd_interval = 10 109 | 110 | ;;;;;;;;;;;;;;;;;;;; 111 | ; Pool Definitions ; 112 | ;;;;;;;;;;;;;;;;;;;; 113 | 114 | ; Multiple pools of child processes may be started with different listening 115 | ; ports and different management options. The name of the pool will be 116 | ; used in logs and stats. There is no limitation on the number of pools which 117 | ; FPM can handle. Your system will tell you anyway :) 118 | 119 | ; To configure the pools it is recommended to have one .conf file per 120 | ; pool in the following directory: 121 | include=/etc/php/7.4/fpm/pool.d/*.conf 122 | -------------------------------------------------------------------------------- /roles/php/files/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;; 4 | ; About php.ini ; 5 | ;;;;;;;;;;;;;;;;;;; 6 | ; PHP's initialization file, generally called php.ini, is responsible for 7 | ; configuring many of the aspects of PHP's behavior. 8 | 9 | ; PHP attempts to find and load this configuration from a number of locations. 10 | ; The following is a summary of its search order: 11 | ; 1. SAPI module specific location. 12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0) 13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) 14 | ; 4. Current working directory (except CLI) 15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP 16 | ; (otherwise in Windows) 17 | ; 6. The directory from the --with-config-file-path compile time option, or the 18 | ; Windows directory (C:\windows or C:\winnt) 19 | ; See the PHP docs for more specific information. 20 | ; http://php.net/configuration.file 21 | 22 | ; The syntax of the file is extremely simple. Whitespace and lines 23 | ; beginning with a semicolon are silently ignored (as you probably guessed). 24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though 25 | ; they might mean something in the future. 26 | 27 | ; Directives following the section heading [PATH=/www/mysite] only 28 | ; apply to PHP files in the /www/mysite directory. Directives 29 | ; following the section heading [HOST=www.example.com] only apply to 30 | ; PHP files served from www.example.com. Directives set in these 31 | ; special sections cannot be overridden by user-defined INI files or 32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under 33 | ; CGI/FastCGI. 34 | ; http://php.net/ini.sections 35 | 36 | ; Directives are specified using the following syntax: 37 | ; directive = value 38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. 39 | ; Directives are variables used to configure PHP or PHP extensions. 40 | ; There is no name validation. If PHP can't find an expected 41 | ; directive because it is not set or is mistyped, a default value will be used. 42 | 43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one 44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression 45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a 46 | ; previously set variable or directive (e.g. ${foo}) 47 | 48 | ; Expressions in the INI file are limited to bitwise operators and parentheses: 49 | ; | bitwise OR 50 | ; ^ bitwise XOR 51 | ; & bitwise AND 52 | ; ~ bitwise NOT 53 | ; ! boolean NOT 54 | 55 | ; Boolean flags can be turned on using the values 1, On, True or Yes. 56 | ; They can be turned off using the values 0, Off, False or No. 57 | 58 | ; An empty string can be denoted by simply not writing anything after the equal 59 | ; sign, or by using the None keyword: 60 | 61 | ; foo = ; sets foo to an empty string 62 | ; foo = None ; sets foo to an empty string 63 | ; foo = "None" ; sets foo to the string 'None' 64 | 65 | ; If you use constants in your value, and these constants belong to a 66 | ; dynamically loaded extension (either a PHP extension or a Zend extension), 67 | ; you may only use these constants *after* the line that loads the extension. 68 | 69 | ;;;;;;;;;;;;;;;;;;; 70 | ; About this file ; 71 | ;;;;;;;;;;;;;;;;;;; 72 | ; PHP comes packaged with two INI files. One that is recommended to be used 73 | ; in production environments and one that is recommended to be used in 74 | ; development environments. 75 | 76 | ; php.ini-production contains settings which hold security, performance and 77 | ; best practices at its core. But please be aware, these settings may break 78 | ; compatibility with older or less security conscience applications. We 79 | ; recommending using the production ini in production and testing environments. 80 | 81 | ; php.ini-development is very similar to its production variant, except it is 82 | ; much more verbose when it comes to errors. We recommend using the 83 | ; development version only in development environments, as errors shown to 84 | ; application users can inadvertently leak otherwise secure information. 85 | 86 | ; This is php.ini-production INI file. 87 | 88 | ;;;;;;;;;;;;;;;;;;; 89 | ; Quick Reference ; 90 | ;;;;;;;;;;;;;;;;;;; 91 | ; The following are all the settings which are different in either the production 92 | ; or development versions of the INIs with respect to PHP's default behavior. 93 | ; Please see the actual settings later in the document for more details as to why 94 | ; we recommend these changes in PHP's behavior. 95 | 96 | ; display_errors 97 | ; Default Value: On 98 | ; Development Value: On 99 | ; Production Value: Off 100 | 101 | ; display_startup_errors 102 | ; Default Value: Off 103 | ; Development Value: On 104 | ; Production Value: Off 105 | 106 | ; error_reporting 107 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 108 | ; Development Value: E_ALL 109 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 110 | 111 | ; html_errors 112 | ; Default Value: On 113 | ; Development Value: On 114 | ; Production value: On 115 | 116 | ; log_errors 117 | ; Default Value: Off 118 | ; Development Value: On 119 | ; Production Value: On 120 | 121 | ; max_input_time 122 | ; Default Value: -1 (Unlimited) 123 | ; Development Value: 60 (60 seconds) 124 | ; Production Value: 60 (60 seconds) 125 | 126 | ; output_buffering 127 | ; Default Value: Off 128 | ; Development Value: 4096 129 | ; Production Value: 4096 130 | 131 | ; register_argc_argv 132 | ; Default Value: On 133 | ; Development Value: Off 134 | ; Production Value: Off 135 | 136 | ; request_order 137 | ; Default Value: None 138 | ; Development Value: "GP" 139 | ; Production Value: "GP" 140 | 141 | ; session.gc_divisor 142 | ; Default Value: 100 143 | ; Development Value: 1000 144 | ; Production Value: 1000 145 | 146 | ; session.hash_bits_per_character 147 | ; Default Value: 4 148 | ; Development Value: 5 149 | ; Production Value: 5 150 | 151 | ; short_open_tag 152 | ; Default Value: On 153 | ; Development Value: Off 154 | ; Production Value: Off 155 | 156 | ; track_errors 157 | ; Default Value: Off 158 | ; Development Value: On 159 | ; Production Value: Off 160 | 161 | ; url_rewriter.tags 162 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 163 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 164 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 165 | 166 | ; variables_order 167 | ; Default Value: "EGPCS" 168 | ; Development Value: "GPCS" 169 | ; Production Value: "GPCS" 170 | 171 | ;;;;;;;;;;;;;;;;;;;; 172 | ; php.ini Options ; 173 | ;;;;;;;;;;;;;;;;;;;; 174 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 175 | ;user_ini.filename = ".user.ini" 176 | 177 | ; To disable this feature set this option to empty value 178 | ;user_ini.filename = 179 | 180 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 181 | ;user_ini.cache_ttl = 300 182 | 183 | ;;;;;;;;;;;;;;;;;;;; 184 | ; Language Options ; 185 | ;;;;;;;;;;;;;;;;;;;; 186 | 187 | ; Enable the PHP scripting language engine under Apache. 188 | ; http://php.net/engine 189 | engine = On 190 | 191 | ; This directive determines whether or not PHP will recognize code between 192 | ; tags as PHP source which should be processed as such. It is 193 | ; generally recommended that should be used and that this feature 194 | ; should be disabled, as enabling it may result in issues when generating XML 195 | ; documents, however this remains supported for backward compatibility reasons. 196 | ; Note that this directive does not control the would work. 308 | ; http://php.net/syntax-highlighting 309 | ;highlight.string = #DD0000 310 | ;highlight.comment = #FF9900 311 | ;highlight.keyword = #007700 312 | ;highlight.default = #0000BB 313 | ;highlight.html = #000000 314 | 315 | ; If enabled, the request will be allowed to complete even if the user aborts 316 | ; the request. Consider enabling it if executing long requests, which may end up 317 | ; being interrupted by the user or a browser timing out. PHP's default behavior 318 | ; is to disable this feature. 319 | ; http://php.net/ignore-user-abort 320 | ;ignore_user_abort = On 321 | 322 | ; Determines the size of the realpath cache to be used by PHP. This value should 323 | ; be increased on systems where PHP opens many files to reflect the quantity of 324 | ; the file operations performed. 325 | ; http://php.net/realpath-cache-size 326 | ;realpath_cache_size = 4096k 327 | 328 | ; Duration of time, in seconds for which to cache realpath information for a given 329 | ; file or directory. For systems with rarely changing files, consider increasing this 330 | ; value. 331 | ; http://php.net/realpath-cache-ttl 332 | ;realpath_cache_ttl = 120 333 | 334 | ; Enables or disables the circular reference collector. 335 | ; http://php.net/zend.enable-gc 336 | zend.enable_gc = On 337 | 338 | ; If enabled, scripts may be written in encodings that are incompatible with 339 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such 340 | ; encodings. To use this feature, mbstring extension must be enabled. 341 | ; Default: Off 342 | ;zend.multibyte = Off 343 | 344 | ; Allows to set the default encoding for the scripts. This value will be used 345 | ; unless "declare(encoding=...)" directive appears at the top of the script. 346 | ; Only affects if zend.multibyte is set. 347 | ; Default: "" 348 | ;zend.script_encoding = 349 | 350 | ;;;;;;;;;;;;;;;;; 351 | ; Miscellaneous ; 352 | ;;;;;;;;;;;;;;;;; 353 | 354 | ; Decides whether PHP may expose the fact that it is installed on the server 355 | ; (e.g. by adding its signature to the Web server header). It is no security 356 | ; threat in any way, but it makes it possible to determine whether you use PHP 357 | ; on your server or not. 358 | ; http://php.net/expose-php 359 | expose_php = Off 360 | 361 | ;;;;;;;;;;;;;;;;;;; 362 | ; Resource Limits ; 363 | ;;;;;;;;;;;;;;;;;;; 364 | 365 | ; Maximum execution time of each script, in seconds 366 | ; http://php.net/max-execution-time 367 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 368 | max_execution_time = 30 369 | 370 | ; Maximum amount of time each script may spend parsing request data. It's a good 371 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 372 | ; long running scripts. 373 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 374 | ; Default Value: -1 (Unlimited) 375 | ; Development Value: 60 (60 seconds) 376 | ; Production Value: 60 (60 seconds) 377 | ; http://php.net/max-input-time 378 | max_input_time = 60 379 | 380 | ; Maximum input variable nesting level 381 | ; http://php.net/max-input-nesting-level 382 | ;max_input_nesting_level = 64 383 | 384 | ; How many GET/POST/COOKIE input variables may be accepted 385 | ; max_input_vars = 1000 386 | 387 | ; Maximum amount of memory a script may consume (128MB) 388 | ; http://php.net/memory-limit 389 | memory_limit = 128M 390 | 391 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 392 | ; Error handling and logging ; 393 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 394 | 395 | ; This directive informs PHP of which errors, warnings and notices you would like 396 | ; it to take action for. The recommended way of setting values for this 397 | ; directive is through the use of the error level constants and bitwise 398 | ; operators. The error level constants are below here for convenience as well as 399 | ; some common settings and their meanings. 400 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 401 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 402 | ; recommended coding standards in PHP. For performance reasons, this is the 403 | ; recommend error reporting setting. Your production server shouldn't be wasting 404 | ; resources complaining about best practices and coding standards. That's what 405 | ; development servers and development settings are for. 406 | ; Note: The php.ini-development file has this setting as E_ALL. This 407 | ; means it pretty much reports everything which is exactly what you want during 408 | ; development and early testing. 409 | ; 410 | ; Error Level Constants: 411 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) 412 | ; E_ERROR - fatal run-time errors 413 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 414 | ; E_WARNING - run-time warnings (non-fatal errors) 415 | ; E_PARSE - compile-time parse errors 416 | ; E_NOTICE - run-time notices (these are warnings which often result 417 | ; from a bug in your code, but it's possible that it was 418 | ; intentional (e.g., using an uninitialized variable and 419 | ; relying on the fact it is automatically initialized to an 420 | ; empty string) 421 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 422 | ; to your code which will ensure the best interoperability 423 | ; and forward compatibility of your code 424 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 425 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 426 | ; initial startup 427 | ; E_COMPILE_ERROR - fatal compile-time errors 428 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 429 | ; E_USER_ERROR - user-generated error message 430 | ; E_USER_WARNING - user-generated warning message 431 | ; E_USER_NOTICE - user-generated notice message 432 | ; E_DEPRECATED - warn about code that will not work in future versions 433 | ; of PHP 434 | ; E_USER_DEPRECATED - user-generated deprecation warnings 435 | ; 436 | ; Common Values: 437 | ; E_ALL (Show all errors, warnings and notices including coding standards.) 438 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices) 439 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) 440 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 441 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 442 | ; Development Value: E_ALL 443 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 444 | ; http://php.net/error-reporting 445 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 446 | 447 | ; This directive controls whether or not and where PHP will output errors, 448 | ; notices and warnings too. Error output is very useful during development, but 449 | ; it could be very dangerous in production environments. Depending on the code 450 | ; which is triggering the error, sensitive information could potentially leak 451 | ; out of your application such as database usernames and passwords or worse. 452 | ; For production environments, we recommend logging errors rather than 453 | ; sending them to STDOUT. 454 | ; Possible Values: 455 | ; Off = Do not display any errors 456 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 457 | ; On or stdout = Display errors to STDOUT 458 | ; Default Value: On 459 | ; Development Value: On 460 | ; Production Value: Off 461 | ; http://php.net/display-errors 462 | display_errors = Off 463 | 464 | ; The display of errors which occur during PHP's startup sequence are handled 465 | ; separately from display_errors. PHP's default behavior is to suppress those 466 | ; errors from clients. Turning the display of startup errors on can be useful in 467 | ; debugging configuration problems. We strongly recommend you 468 | ; set this to 'off' for production servers. 469 | ; Default Value: Off 470 | ; Development Value: On 471 | ; Production Value: Off 472 | ; http://php.net/display-startup-errors 473 | display_startup_errors = Off 474 | 475 | ; Besides displaying errors, PHP can also log errors to locations such as a 476 | ; server-specific log, STDERR, or a location specified by the error_log 477 | ; directive found below. While errors should not be displayed on productions 478 | ; servers they should still be monitored and logging is a great way to do that. 479 | ; Default Value: Off 480 | ; Development Value: On 481 | ; Production Value: On 482 | ; http://php.net/log-errors 483 | log_errors = On 484 | 485 | ; Set maximum length of log_errors. In error_log information about the source is 486 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 487 | ; http://php.net/log-errors-max-len 488 | log_errors_max_len = 1024 489 | 490 | ; Do not log repeated messages. Repeated errors must occur in same file on same 491 | ; line unless ignore_repeated_source is set true. 492 | ; http://php.net/ignore-repeated-errors 493 | ignore_repeated_errors = Off 494 | 495 | ; Ignore source of message when ignoring repeated messages. When this setting 496 | ; is On you will not log errors with repeated messages from different files or 497 | ; source lines. 498 | ; http://php.net/ignore-repeated-source 499 | ignore_repeated_source = Off 500 | 501 | ; If this parameter is set to Off, then memory leaks will not be shown (on 502 | ; stdout or in the log). This has only effect in a debug compile, and if 503 | ; error reporting includes E_WARNING in the allowed list 504 | ; http://php.net/report-memleaks 505 | report_memleaks = On 506 | 507 | ; This setting is on by default. 508 | ;report_zend_debug = 0 509 | 510 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 511 | ; to On can assist in debugging and is appropriate for development servers. It should 512 | ; however be disabled on production servers. 513 | ; Default Value: Off 514 | ; Development Value: On 515 | ; Production Value: Off 516 | ; http://php.net/track-errors 517 | track_errors = Off 518 | 519 | ; Turn off normal error reporting and emit XML-RPC error XML 520 | ; http://php.net/xmlrpc-errors 521 | ;xmlrpc_errors = 0 522 | 523 | ; An XML-RPC faultCode 524 | ;xmlrpc_error_number = 0 525 | 526 | ; When PHP displays or logs an error, it has the capability of formatting the 527 | ; error message as HTML for easier reading. This directive controls whether 528 | ; the error message is formatted as HTML or not. 529 | ; Note: This directive is hardcoded to Off for the CLI SAPI 530 | ; Default Value: On 531 | ; Development Value: On 532 | ; Production value: On 533 | ; http://php.net/html-errors 534 | html_errors = On 535 | 536 | ; If html_errors is set to On *and* docref_root is not empty, then PHP 537 | ; produces clickable error messages that direct to a page describing the error 538 | ; or function causing the error in detail. 539 | ; You can download a copy of the PHP manual from http://php.net/docs 540 | ; and change docref_root to the base URL of your local copy including the 541 | ; leading '/'. You must also specify the file extension being used including 542 | ; the dot. PHP's default behavior is to leave these settings empty, in which 543 | ; case no links to documentation are generated. 544 | ; Note: Never use this feature for production boxes. 545 | ; http://php.net/docref-root 546 | ; Examples 547 | ;docref_root = "/phpmanual/" 548 | 549 | ; http://php.net/docref-ext 550 | ;docref_ext = .html 551 | 552 | ; String to output before an error message. PHP's default behavior is to leave 553 | ; this setting blank. 554 | ; http://php.net/error-prepend-string 555 | ; Example: 556 | ;error_prepend_string = "" 557 | 558 | ; String to output after an error message. PHP's default behavior is to leave 559 | ; this setting blank. 560 | ; http://php.net/error-append-string 561 | ; Example: 562 | ;error_append_string = "" 563 | 564 | ; Log errors to specified file. PHP's default behavior is to leave this value 565 | ; empty. 566 | ; http://php.net/error-log 567 | ; Example: 568 | ;error_log = php_errors.log 569 | ; Log errors to syslog (Event Log on Windows). 570 | ;error_log = syslog 571 | 572 | ;windows.show_crt_warning 573 | ; Default value: 0 574 | ; Development value: 0 575 | ; Production value: 0 576 | 577 | ;;;;;;;;;;;;;;;;; 578 | ; Data Handling ; 579 | ;;;;;;;;;;;;;;;;; 580 | 581 | ; The separator used in PHP generated URLs to separate arguments. 582 | ; PHP's default setting is "&". 583 | ; http://php.net/arg-separator.output 584 | ; Example: 585 | ;arg_separator.output = "&" 586 | 587 | ; List of separator(s) used by PHP to parse input URLs into variables. 588 | ; PHP's default setting is "&". 589 | ; NOTE: Every character in this directive is considered as separator! 590 | ; http://php.net/arg-separator.input 591 | ; Example: 592 | ;arg_separator.input = ";&" 593 | 594 | ; This directive determines which super global arrays are registered when PHP 595 | ; starts up. G,P,C,E & S are abbreviations for the following respective super 596 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty 597 | ; paid for the registration of these arrays and because ENV is not as commonly 598 | ; used as the others, ENV is not recommended on productions servers. You 599 | ; can still get access to the environment variables through getenv() should you 600 | ; need to. 601 | ; Default Value: "EGPCS" 602 | ; Development Value: "GPCS" 603 | ; Production Value: "GPCS"; 604 | ; http://php.net/variables-order 605 | variables_order = "GPCS" 606 | 607 | ; This directive determines which super global data (G,P & C) should be 608 | ; registered into the super global array REQUEST. If so, it also determines 609 | ; the order in which that data is registered. The values for this directive 610 | ; are specified in the same manner as the variables_order directive, 611 | ; EXCEPT one. Leaving this value empty will cause PHP to use the value set 612 | ; in the variables_order directive. It does not mean it will leave the super 613 | ; globals array REQUEST empty. 614 | ; Default Value: None 615 | ; Development Value: "GP" 616 | ; Production Value: "GP" 617 | ; http://php.net/request-order 618 | request_order = "GP" 619 | 620 | ; This directive determines whether PHP registers $argv & $argc each time it 621 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 622 | ; is invoked. $argc contains an integer representing the number of arguments 623 | ; that were passed when the script was invoked. These arrays are extremely 624 | ; useful when running scripts from the command line. When this directive is 625 | ; enabled, registering these variables consumes CPU cycles and memory each time 626 | ; a script is executed. For performance reasons, this feature should be disabled 627 | ; on production servers. 628 | ; Note: This directive is hardcoded to On for the CLI SAPI 629 | ; Default Value: On 630 | ; Development Value: Off 631 | ; Production Value: Off 632 | ; http://php.net/register-argc-argv 633 | register_argc_argv = Off 634 | 635 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're 636 | ; first used (Just In Time) instead of when the script starts. If these 637 | ; variables are not used within a script, having this directive on will result 638 | ; in a performance gain. The PHP directive register_argc_argv must be disabled 639 | ; for this directive to have any affect. 640 | ; http://php.net/auto-globals-jit 641 | auto_globals_jit = On 642 | 643 | ; Whether PHP will read the POST data. 644 | ; This option is enabled by default. 645 | ; Most likely, you won't want to disable this option globally. It causes $_POST 646 | ; and $_FILES to always be empty; the only way you will be able to read the 647 | ; POST data will be through the php://input stream wrapper. This can be useful 648 | ; to proxy requests or to process the POST data in a memory efficient fashion. 649 | ; http://php.net/enable-post-data-reading 650 | ;enable_post_data_reading = Off 651 | 652 | ; Maximum size of POST data that PHP will accept. 653 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 654 | ; is disabled through enable_post_data_reading. 655 | ; http://php.net/post-max-size 656 | post_max_size = 32M 657 | 658 | ; Automatically add files before PHP document. 659 | ; http://php.net/auto-prepend-file 660 | auto_prepend_file = 661 | 662 | ; Automatically add files after PHP document. 663 | ; http://php.net/auto-append-file 664 | auto_append_file = 665 | 666 | ; By default, PHP will output a media type using the Content-Type header. To 667 | ; disable this, simply set it to be empty. 668 | ; 669 | ; PHP's built-in default media type is set to text/html. 670 | ; http://php.net/default-mimetype 671 | default_mimetype = "text/html" 672 | 673 | ; PHP's default character set is set to UTF-8. 674 | ; http://php.net/default-charset 675 | default_charset = "UTF-8" 676 | 677 | ; PHP internal character encoding is set to empty. 678 | ; If empty, default_charset is used. 679 | ; http://php.net/internal-encoding 680 | ;internal_encoding = 681 | 682 | ; PHP input character encoding is set to empty. 683 | ; If empty, default_charset is used. 684 | ; http://php.net/input-encoding 685 | ;input_encoding = 686 | 687 | ; PHP output character encoding is set to empty. 688 | ; If empty, default_charset is used. 689 | ; See also output_buffer. 690 | ; http://php.net/output-encoding 691 | ;output_encoding = 692 | 693 | ;;;;;;;;;;;;;;;;;;;;;;;;; 694 | ; Paths and Directories ; 695 | ;;;;;;;;;;;;;;;;;;;;;;;;; 696 | 697 | ; UNIX: "/path1:/path2" 698 | ;include_path = ".:/usr/share/php" 699 | ; 700 | ; Windows: "\path1;\path2" 701 | ;include_path = ".;c:\php\includes" 702 | ; 703 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 704 | ; http://php.net/include-path 705 | 706 | ; The root of the PHP pages, used only if nonempty. 707 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 708 | ; if you are running php as a CGI under any web server (other than IIS) 709 | ; see documentation for security issues. The alternate is to use the 710 | ; cgi.force_redirect configuration below 711 | ; http://php.net/doc-root 712 | doc_root = 713 | 714 | ; The directory under which PHP opens the script using /~username used only 715 | ; if nonempty. 716 | ; http://php.net/user-dir 717 | user_dir = 718 | 719 | ; Directory in which the loadable extensions (modules) reside. 720 | ; http://php.net/extension-dir 721 | ; extension_dir = "./" 722 | ; On windows: 723 | ; extension_dir = "ext" 724 | 725 | ; Directory where the temporary files should be placed. 726 | ; Defaults to the system default (see sys_get_temp_dir) 727 | ; sys_temp_dir = "/tmp" 728 | 729 | ; Whether or not to enable the dl() function. The dl() function does NOT work 730 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 731 | ; disabled on them. 732 | ; http://php.net/enable-dl 733 | enable_dl = Off 734 | 735 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 736 | ; most web servers. Left undefined, PHP turns this on by default. You can 737 | ; turn it off here AT YOUR OWN RISK 738 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 739 | ; http://php.net/cgi.force-redirect 740 | ;cgi.force_redirect = 1 741 | 742 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 743 | ; every request. PHP's default behavior is to disable this feature. 744 | ;cgi.nph = 1 745 | 746 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 747 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 748 | ; will look for to know it is OK to continue execution. Setting this variable MAY 749 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 750 | ; http://php.net/cgi.redirect-status-env 751 | ;cgi.redirect_status_env = 752 | 753 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 754 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 755 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 756 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 757 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 758 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 759 | ; http://php.net/cgi.fix-pathinfo 760 | ;cgi.fix_pathinfo=1 761 | 762 | ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside 763 | ; of the web tree and people will not be able to circumvent .htaccess security. 764 | ; http://php.net/cgi.dicard-path 765 | ;cgi.discard_path=1 766 | 767 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 768 | ; security tokens of the calling client. This allows IIS to define the 769 | ; security context that the request runs under. mod_fastcgi under Apache 770 | ; does not currently support this feature (03/17/2002) 771 | ; Set to 1 if running under IIS. Default is zero. 772 | ; http://php.net/fastcgi.impersonate 773 | ;fastcgi.impersonate = 1 774 | 775 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 776 | ; this feature. 777 | ;fastcgi.logging = 0 778 | 779 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 780 | ; use when sending HTTP response code. If set to 0, PHP sends Status: header that 781 | ; is supported by Apache. When this option is set to 1, PHP will send 782 | ; RFC2616 compliant header. 783 | ; Default is zero. 784 | ; http://php.net/cgi.rfc2616-headers 785 | ;cgi.rfc2616_headers = 0 786 | 787 | ; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! 788 | ; (shebang) at the top of the running script. This line might be needed if the 789 | ; script support running both as stand-alone script and via PHP CGI<. PHP in CGI 790 | ; mode skips this line and ignores its content if this directive is turned on. 791 | ; http://php.net/cgi.check-shebang-line 792 | ;cgi.check_shebang_line=1 793 | 794 | ;;;;;;;;;;;;;;;; 795 | ; File Uploads ; 796 | ;;;;;;;;;;;;;;;; 797 | 798 | ; Whether to allow HTTP file uploads. 799 | ; http://php.net/file-uploads 800 | file_uploads = On 801 | 802 | ; Temporary directory for HTTP uploaded files (will use system default if not 803 | ; specified). 804 | ; http://php.net/upload-tmp-dir 805 | ;upload_tmp_dir = 806 | 807 | ; Maximum allowed size for uploaded files. 808 | ; http://php.net/upload-max-filesize 809 | upload_max_filesize = 32M 810 | 811 | ; Maximum number of files that can be uploaded via a single request 812 | max_file_uploads = 20 813 | 814 | ;;;;;;;;;;;;;;;;;; 815 | ; Fopen wrappers ; 816 | ;;;;;;;;;;;;;;;;;; 817 | 818 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 819 | ; http://php.net/allow-url-fopen 820 | allow_url_fopen = On 821 | 822 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 823 | ; http://php.net/allow-url-include 824 | allow_url_include = Off 825 | 826 | ; Define the anonymous ftp password (your email address). PHP's default setting 827 | ; for this is empty. 828 | ; http://php.net/from 829 | ;from="john@doe.com" 830 | 831 | ; Define the User-Agent string. PHP's default setting for this is empty. 832 | ; http://php.net/user-agent 833 | ;user_agent="PHP" 834 | 835 | ; Default timeout for socket based streams (seconds) 836 | ; http://php.net/default-socket-timeout 837 | default_socket_timeout = 60 838 | 839 | ; If your scripts have to deal with files from Macintosh systems, 840 | ; or you are running on a Mac and need to deal with files from 841 | ; unix or win32 systems, setting this flag will cause PHP to 842 | ; automatically detect the EOL character in those files so that 843 | ; fgets() and file() will work regardless of the source of the file. 844 | ; http://php.net/auto-detect-line-endings 845 | ;auto_detect_line_endings = Off 846 | 847 | ;;;;;;;;;;;;;;;;;;;;;; 848 | ; Dynamic Extensions ; 849 | ;;;;;;;;;;;;;;;;;;;;;; 850 | 851 | ; If you wish to have an extension loaded automatically, use the following 852 | ; syntax: 853 | ; 854 | ; extension=modulename.extension 855 | ; 856 | ; For example, on Windows: 857 | ; 858 | ; extension=msql.dll 859 | ; 860 | ; ... or under UNIX: 861 | ; 862 | ; extension=msql.so 863 | ; 864 | ; ... or with a path: 865 | ; 866 | ; extension=/path/to/extension/msql.so 867 | ; 868 | ; If you only provide the name of the extension, PHP will look for it in its 869 | ; default extension directory. 870 | ; 871 | ; Windows Extensions 872 | ; Note that ODBC support is built in, so no dll is needed for it. 873 | ; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5+) 874 | ; extension folders as well as the separate PECL DLL download (PHP 5+). 875 | ; Be sure to appropriately set the extension_dir directive. 876 | ; 877 | ;extension=php_bz2.dll 878 | ;extension=php_curl.dll 879 | ;extension=php_fileinfo.dll 880 | ;extension=php_ftp.dll 881 | ;extension=php_gd2.dll 882 | ;extension=php_gettext.dll 883 | ;extension=php_gmp.dll 884 | ;extension=php_intl.dll 885 | ;extension=php_imap.dll 886 | ;extension=php_interbase.dll 887 | ;extension=php_ldap.dll 888 | ;extension=php_mbstring.dll 889 | ;extension=php_exif.dll ; Must be after mbstring as it depends on it 890 | ;extension=php_mysqli.dll 891 | ;extension=php_oci8_12c.dll ; Use with Oracle Database 12c Instant Client 892 | ;extension=php_openssl.dll 893 | ;extension=php_pdo_firebird.dll 894 | ;extension=php_pdo_mysql.dll 895 | ;extension=php_pdo_oci.dll 896 | ;extension=php_pdo_odbc.dll 897 | ;extension=php_pdo_pgsql.dll 898 | ;extension=php_pdo_sqlite.dll 899 | ;extension=php_pgsql.dll 900 | ;extension=php_shmop.dll 901 | 902 | ; The MIBS data available in the PHP distribution must be installed. 903 | ; See http://www.php.net/manual/en/snmp.installation.php 904 | ;extension=php_snmp.dll 905 | 906 | ;extension=php_soap.dll 907 | ;extension=php_sockets.dll 908 | ;extension=php_sqlite3.dll 909 | ;extension=php_tidy.dll 910 | ;extension=php_xmlrpc.dll 911 | ;extension=php_xsl.dll 912 | 913 | ;;;;;;;;;;;;;;;;;;; 914 | ; Module Settings ; 915 | ;;;;;;;;;;;;;;;;;;; 916 | 917 | [CLI Server] 918 | ; Whether the CLI web server uses ANSI color coding in its terminal output. 919 | cli_server.color = On 920 | 921 | [Date] 922 | ; Defines the default timezone used by the date functions 923 | ; http://php.net/date.timezone 924 | date.timezone = "Europe/Paris" 925 | 926 | ; http://php.net/date.default-latitude 927 | ;date.default_latitude = 31.7667 928 | 929 | ; http://php.net/date.default-longitude 930 | ;date.default_longitude = 35.2333 931 | 932 | ; http://php.net/date.sunrise-zenith 933 | ;date.sunrise_zenith = 90.583333 934 | 935 | ; http://php.net/date.sunset-zenith 936 | ;date.sunset_zenith = 90.583333 937 | 938 | [filter] 939 | ; http://php.net/filter.default 940 | ;filter.default = unsafe_raw 941 | 942 | ; http://php.net/filter.default-flags 943 | ;filter.default_flags = 944 | 945 | [iconv] 946 | ; Use of this INI entry is deprecated, use global input_encoding instead. 947 | ; If empty, default_charset or input_encoding or iconv.input_encoding is used. 948 | ; The precedence is: default_charset < intput_encoding < iconv.input_encoding 949 | ;iconv.input_encoding = 950 | 951 | ; Use of this INI entry is deprecated, use global internal_encoding instead. 952 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. 953 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding 954 | ;iconv.internal_encoding = 955 | 956 | ; Use of this INI entry is deprecated, use global output_encoding instead. 957 | ; If empty, default_charset or output_encoding or iconv.output_encoding is used. 958 | ; The precedence is: default_charset < output_encoding < iconv.output_encoding 959 | ; To use an output encoding conversion, iconv's output handler must be set 960 | ; otherwise output encoding conversion cannot be performed. 961 | ;iconv.output_encoding = 962 | 963 | [intl] 964 | ;intl.default_locale = 965 | ; This directive allows you to produce PHP errors when some error 966 | ; happens within intl functions. The value is the level of the error produced. 967 | ; Default is 0, which does not produce any errors. 968 | ;intl.error_level = E_WARNING 969 | ;intl.use_exceptions = 0 970 | 971 | [sqlite3] 972 | ;sqlite3.extension_dir = 973 | 974 | [Pcre] 975 | ;PCRE library backtracking limit. 976 | ; http://php.net/pcre.backtrack-limit 977 | ;pcre.backtrack_limit=100000 978 | 979 | ;PCRE library recursion limit. 980 | ;Please note that if you set this value to a high number you may consume all 981 | ;the available process stack and eventually crash PHP (due to reaching the 982 | ;stack size limit imposed by the Operating System). 983 | ; http://php.net/pcre.recursion-limit 984 | ;pcre.recursion_limit=100000 985 | 986 | ;Enables or disables JIT compilation of patterns. This requires the PCRE 987 | ;library to be compiled with JIT support. 988 | ;pcre.jit=1 989 | 990 | [Pdo] 991 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 992 | ; http://php.net/pdo-odbc.connection-pooling 993 | ;pdo_odbc.connection_pooling=strict 994 | 995 | ;pdo_odbc.db2_instance_name 996 | 997 | [Pdo_mysql] 998 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 999 | ; http://php.net/pdo_mysql.cache_size 1000 | pdo_mysql.cache_size = 2000 1001 | 1002 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1003 | ; MySQL defaults. 1004 | ; http://php.net/pdo_mysql.default-socket 1005 | pdo_mysql.default_socket= 1006 | 1007 | [Phar] 1008 | ; http://php.net/phar.readonly 1009 | ;phar.readonly = On 1010 | 1011 | ; http://php.net/phar.require-hash 1012 | ;phar.require_hash = On 1013 | 1014 | ;phar.cache_list = 1015 | 1016 | [mail function] 1017 | ; For Win32 only. 1018 | ; http://php.net/smtp 1019 | SMTP = localhost 1020 | ; http://php.net/smtp-port 1021 | smtp_port = 25 1022 | 1023 | ; For Win32 only. 1024 | ; http://php.net/sendmail-from 1025 | ;sendmail_from = me@example.com 1026 | 1027 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 1028 | ; http://php.net/sendmail-path 1029 | ;sendmail_path = 1030 | 1031 | ; Force the addition of the specified parameters to be passed as extra parameters 1032 | ; to the sendmail binary. These parameters will always replace the value of 1033 | ; the 5th parameter to mail(). 1034 | ;mail.force_extra_parameters = 1035 | 1036 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 1037 | mail.add_x_header = On 1038 | 1039 | ; The path to a log file that will log all mail() calls. Log entries include 1040 | ; the full path of the script, line number, To address and headers. 1041 | ;mail.log = 1042 | ; Log mail to syslog (Event Log on Windows). 1043 | ;mail.log = syslog 1044 | 1045 | [SQL] 1046 | ; http://php.net/sql.safe-mode 1047 | sql.safe_mode = Off 1048 | 1049 | [ODBC] 1050 | ; http://php.net/odbc.default-db 1051 | ;odbc.default_db = Not yet implemented 1052 | 1053 | ; http://php.net/odbc.default-user 1054 | ;odbc.default_user = Not yet implemented 1055 | 1056 | ; http://php.net/odbc.default-pw 1057 | ;odbc.default_pw = Not yet implemented 1058 | 1059 | ; Controls the ODBC cursor model. 1060 | ; Default: SQL_CURSOR_STATIC (default). 1061 | ;odbc.default_cursortype 1062 | 1063 | ; Allow or prevent persistent links. 1064 | ; http://php.net/odbc.allow-persistent 1065 | odbc.allow_persistent = On 1066 | 1067 | ; Check that a connection is still valid before reuse. 1068 | ; http://php.net/odbc.check-persistent 1069 | odbc.check_persistent = On 1070 | 1071 | ; Maximum number of persistent links. -1 means no limit. 1072 | ; http://php.net/odbc.max-persistent 1073 | odbc.max_persistent = -1 1074 | 1075 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1076 | ; http://php.net/odbc.max-links 1077 | odbc.max_links = -1 1078 | 1079 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 1080 | ; passthru. 1081 | ; http://php.net/odbc.defaultlrl 1082 | odbc.defaultlrl = 4096 1083 | 1084 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 1085 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 1086 | ; of odbc.defaultlrl and odbc.defaultbinmode 1087 | ; http://php.net/odbc.defaultbinmode 1088 | odbc.defaultbinmode = 1 1089 | 1090 | ;birdstep.max_links = -1 1091 | 1092 | [Interbase] 1093 | ; Allow or prevent persistent links. 1094 | ibase.allow_persistent = 1 1095 | 1096 | ; Maximum number of persistent links. -1 means no limit. 1097 | ibase.max_persistent = -1 1098 | 1099 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1100 | ibase.max_links = -1 1101 | 1102 | ; Default database name for ibase_connect(). 1103 | ;ibase.default_db = 1104 | 1105 | ; Default username for ibase_connect(). 1106 | ;ibase.default_user = 1107 | 1108 | ; Default password for ibase_connect(). 1109 | ;ibase.default_password = 1110 | 1111 | ; Default charset for ibase_connect(). 1112 | ;ibase.default_charset = 1113 | 1114 | ; Default timestamp format. 1115 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 1116 | 1117 | ; Default date format. 1118 | ibase.dateformat = "%Y-%m-%d" 1119 | 1120 | ; Default time format. 1121 | ibase.timeformat = "%H:%M:%S" 1122 | 1123 | [MySQLi] 1124 | 1125 | ; Maximum number of persistent links. -1 means no limit. 1126 | ; http://php.net/mysqli.max-persistent 1127 | mysqli.max_persistent = -1 1128 | 1129 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1130 | ; http://php.net/mysqli.allow_local_infile 1131 | ;mysqli.allow_local_infile = On 1132 | 1133 | ; Allow or prevent persistent links. 1134 | ; http://php.net/mysqli.allow-persistent 1135 | mysqli.allow_persistent = On 1136 | 1137 | ; Maximum number of links. -1 means no limit. 1138 | ; http://php.net/mysqli.max-links 1139 | mysqli.max_links = -1 1140 | 1141 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1142 | ; http://php.net/mysqli.cache_size 1143 | mysqli.cache_size = 2000 1144 | 1145 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1146 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1147 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1148 | ; at MYSQL_PORT. 1149 | ; http://php.net/mysqli.default-port 1150 | mysqli.default_port = 3306 1151 | 1152 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1153 | ; MySQL defaults. 1154 | ; http://php.net/mysqli.default-socket 1155 | mysqli.default_socket = 1156 | 1157 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1158 | ; http://php.net/mysqli.default-host 1159 | mysqli.default_host = 1160 | 1161 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1162 | ; http://php.net/mysqli.default-user 1163 | mysqli.default_user = 1164 | 1165 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1166 | ; Note that this is generally a *bad* idea to store passwords in this file. 1167 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1168 | ; and reveal this password! And of course, any users with read access to this 1169 | ; file will be able to reveal the password as well. 1170 | ; http://php.net/mysqli.default-pw 1171 | mysqli.default_pw = 1172 | 1173 | ; Allow or prevent reconnect 1174 | mysqli.reconnect = Off 1175 | 1176 | [mysqlnd] 1177 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1178 | ; used to tune and monitor MySQL operations. 1179 | ; http://php.net/mysqlnd.collect_statistics 1180 | mysqlnd.collect_statistics = On 1181 | 1182 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1183 | ; used to tune and monitor MySQL operations. 1184 | ; http://php.net/mysqlnd.collect_memory_statistics 1185 | mysqlnd.collect_memory_statistics = Off 1186 | 1187 | ; Records communication from all extensions using mysqlnd to the specified log 1188 | ; file. 1189 | ; http://php.net/mysqlnd.debug 1190 | ;mysqlnd.debug = 1191 | 1192 | ; Defines which queries will be logged. 1193 | ; http://php.net/mysqlnd.log_mask 1194 | ;mysqlnd.log_mask = 0 1195 | 1196 | ; Default size of the mysqlnd memory pool, which is used by result sets. 1197 | ; http://php.net/mysqlnd.mempool_default_size 1198 | ;mysqlnd.mempool_default_size = 16000 1199 | 1200 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1201 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1202 | ;mysqlnd.net_cmd_buffer_size = 2048 1203 | 1204 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1205 | ; bytes. 1206 | ; http://php.net/mysqlnd.net_read_buffer_size 1207 | ;mysqlnd.net_read_buffer_size = 32768 1208 | 1209 | ; Timeout for network requests in seconds. 1210 | ; http://php.net/mysqlnd.net_read_timeout 1211 | ;mysqlnd.net_read_timeout = 31536000 1212 | 1213 | ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA 1214 | ; key. 1215 | ; http://php.net/mysqlnd.sha256_server_public_key 1216 | ;mysqlnd.sha256_server_public_key = 1217 | 1218 | [OCI8] 1219 | 1220 | ; Connection: Enables privileged connections using external 1221 | ; credentials (OCI_SYSOPER, OCI_SYSDBA) 1222 | ; http://php.net/oci8.privileged-connect 1223 | ;oci8.privileged_connect = Off 1224 | 1225 | ; Connection: The maximum number of persistent OCI8 connections per 1226 | ; process. Using -1 means no limit. 1227 | ; http://php.net/oci8.max-persistent 1228 | ;oci8.max_persistent = -1 1229 | 1230 | ; Connection: The maximum number of seconds a process is allowed to 1231 | ; maintain an idle persistent connection. Using -1 means idle 1232 | ; persistent connections will be maintained forever. 1233 | ; http://php.net/oci8.persistent-timeout 1234 | ;oci8.persistent_timeout = -1 1235 | 1236 | ; Connection: The number of seconds that must pass before issuing a 1237 | ; ping during oci_pconnect() to check the connection validity. When 1238 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables 1239 | ; pings completely. 1240 | ; http://php.net/oci8.ping-interval 1241 | ;oci8.ping_interval = 60 1242 | 1243 | ; Connection: Set this to a user chosen connection class to be used 1244 | ; for all pooled server requests with Oracle 11g Database Resident 1245 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to 1246 | ; the same string for all web servers running the same application, 1247 | ; the database pool must be configured, and the connection string must 1248 | ; specify to use a pooled server. 1249 | ;oci8.connection_class = 1250 | 1251 | ; High Availability: Using On lets PHP receive Fast Application 1252 | ; Notification (FAN) events generated when a database node fails. The 1253 | ; database must also be configured to post FAN events. 1254 | ;oci8.events = Off 1255 | 1256 | ; Tuning: This option enables statement caching, and specifies how 1257 | ; many statements to cache. Using 0 disables statement caching. 1258 | ; http://php.net/oci8.statement-cache-size 1259 | ;oci8.statement_cache_size = 20 1260 | 1261 | ; Tuning: Enables statement prefetching and sets the default number of 1262 | ; rows that will be fetched automatically after statement execution. 1263 | ; http://php.net/oci8.default-prefetch 1264 | ;oci8.default_prefetch = 100 1265 | 1266 | ; Compatibility. Using On means oci_close() will not close 1267 | ; oci_connect() and oci_new_connect() connections. 1268 | ; http://php.net/oci8.old-oci-close-semantics 1269 | ;oci8.old_oci_close_semantics = Off 1270 | 1271 | [PostgreSQL] 1272 | ; Allow or prevent persistent links. 1273 | ; http://php.net/pgsql.allow-persistent 1274 | pgsql.allow_persistent = On 1275 | 1276 | ; Detect broken persistent links always with pg_pconnect(). 1277 | ; Auto reset feature requires a little overheads. 1278 | ; http://php.net/pgsql.auto-reset-persistent 1279 | pgsql.auto_reset_persistent = Off 1280 | 1281 | ; Maximum number of persistent links. -1 means no limit. 1282 | ; http://php.net/pgsql.max-persistent 1283 | pgsql.max_persistent = -1 1284 | 1285 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1286 | ; http://php.net/pgsql.max-links 1287 | pgsql.max_links = -1 1288 | 1289 | ; Ignore PostgreSQL backends Notice message or not. 1290 | ; Notice message logging require a little overheads. 1291 | ; http://php.net/pgsql.ignore-notice 1292 | pgsql.ignore_notice = 0 1293 | 1294 | ; Log PostgreSQL backends Notice message or not. 1295 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1296 | ; http://php.net/pgsql.log-notice 1297 | pgsql.log_notice = 0 1298 | 1299 | [bcmath] 1300 | ; Number of decimal digits for all bcmath functions. 1301 | ; http://php.net/bcmath.scale 1302 | bcmath.scale = 0 1303 | 1304 | [browscap] 1305 | ; http://php.net/browscap 1306 | ;browscap = extra/browscap.ini 1307 | 1308 | [Session] 1309 | ; Handler used to store/retrieve data. 1310 | ; http://php.net/session.save-handler 1311 | session.save_handler = files 1312 | 1313 | ; Argument passed to save_handler. In the case of files, this is the path 1314 | ; where data files are stored. Note: Windows users have to change this 1315 | ; variable in order to use PHP's session functions. 1316 | ; 1317 | ; The path can be defined as: 1318 | ; 1319 | ; session.save_path = "N;/path" 1320 | ; 1321 | ; where N is an integer. Instead of storing all the session files in 1322 | ; /path, what this will do is use subdirectories N-levels deep, and 1323 | ; store the session data in those directories. This is useful if 1324 | ; your OS has problems with many files in one directory, and is 1325 | ; a more efficient layout for servers that handle many sessions. 1326 | ; 1327 | ; NOTE 1: PHP will not create this directory structure automatically. 1328 | ; You can use the script in the ext/session dir for that purpose. 1329 | ; NOTE 2: See the section on garbage collection below if you choose to 1330 | ; use subdirectories for session storage 1331 | ; 1332 | ; The file storage module creates files using mode 600 by default. 1333 | ; You can change that by using 1334 | ; 1335 | ; session.save_path = "N;MODE;/path" 1336 | ; 1337 | ; where MODE is the octal representation of the mode. Note that this 1338 | ; does not overwrite the process's umask. 1339 | ; http://php.net/session.save-path 1340 | ;session.save_path = "/var/lib/php/sessions" 1341 | 1342 | ; Whether to use strict session mode. 1343 | ; Strict session mode does not accept uninitialized session ID and regenerate 1344 | ; session ID if browser sends uninitialized session ID. Strict mode protects 1345 | ; applications from session fixation via session adoption vulnerability. It is 1346 | ; disabled by default for maximum compatibility, but enabling it is encouraged. 1347 | ; https://wiki.php.net/rfc/strict_sessions 1348 | session.use_strict_mode = 0 1349 | 1350 | ; Whether to use cookies. 1351 | ; http://php.net/session.use-cookies 1352 | session.use_cookies = 1 1353 | 1354 | ; http://php.net/session.cookie-secure 1355 | ;session.cookie_secure = 1356 | 1357 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1358 | ; the session id. We encourage this operation as it's very helpful in combating 1359 | ; session hijacking when not specifying and managing your own session id. It is 1360 | ; not the be-all and end-all of session hijacking defense, but it's a good start. 1361 | ; http://php.net/session.use-only-cookies 1362 | session.use_only_cookies = 1 1363 | 1364 | ; Name of the session (used as cookie name). 1365 | ; http://php.net/session.name 1366 | session.name = PHPSESSID 1367 | 1368 | ; Initialize session on request startup. 1369 | ; http://php.net/session.auto-start 1370 | session.auto_start = 0 1371 | 1372 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1373 | ; http://php.net/session.cookie-lifetime 1374 | session.cookie_lifetime = 0 1375 | 1376 | ; The path for which the cookie is valid. 1377 | ; http://php.net/session.cookie-path 1378 | session.cookie_path = / 1379 | 1380 | ; The domain for which the cookie is valid. 1381 | ; http://php.net/session.cookie-domain 1382 | session.cookie_domain = 1383 | 1384 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1385 | ; http://php.net/session.cookie-httponly 1386 | session.cookie_httponly = 1387 | 1388 | ; Handler used to serialize data. php is the standard serializer of PHP. 1389 | ; http://php.net/session.serialize-handler 1390 | session.serialize_handler = php 1391 | 1392 | ; Defines the probability that the 'garbage collection' process is started 1393 | ; on every session initialization. The probability is calculated by using 1394 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1395 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1396 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1397 | ; the gc will run on any give request. 1398 | ; Default Value: 1 1399 | ; Development Value: 1 1400 | ; Production Value: 1 1401 | ; http://php.net/session.gc-probability 1402 | session.gc_probability = 0 1403 | 1404 | ; Defines the probability that the 'garbage collection' process is started on every 1405 | ; session initialization. The probability is calculated by using the following equation: 1406 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1407 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1408 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1409 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1410 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1411 | ; this is a more efficient approach. 1412 | ; Default Value: 100 1413 | ; Development Value: 1000 1414 | ; Production Value: 1000 1415 | ; http://php.net/session.gc-divisor 1416 | session.gc_divisor = 1000 1417 | 1418 | ; After this number of seconds, stored data will be seen as 'garbage' and 1419 | ; cleaned up by the garbage collection process. 1420 | ; http://php.net/session.gc-maxlifetime 1421 | session.gc_maxlifetime = 1440 1422 | 1423 | ; NOTE: If you are using the subdirectory option for storing session files 1424 | ; (see session.save_path above), then garbage collection does *not* 1425 | ; happen automatically. You will need to do your own garbage 1426 | ; collection through a shell script, cron entry, or some other method. 1427 | ; For example, the following script would is the equivalent of 1428 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1429 | ; find /path/to/sessions -cmin +24 -type f | xargs rm 1430 | 1431 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1432 | ; HTTP_REFERER has to contain this substring for the session to be 1433 | ; considered as valid. 1434 | ; http://php.net/session.referer-check 1435 | session.referer_check = 1436 | 1437 | ; How many bytes to read from the file. 1438 | ; http://php.net/session.entropy-length 1439 | ;session.entropy_length = 32 1440 | 1441 | ; Specified here to create the session id. 1442 | ; http://php.net/session.entropy-file 1443 | ; Defaults to /dev/urandom 1444 | ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom 1445 | ; If neither are found at compile time, the default is no entropy file. 1446 | ; On windows, setting the entropy_length setting will activate the 1447 | ; Windows random source (using the CryptoAPI) 1448 | ;session.entropy_file = /dev/urandom 1449 | 1450 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1451 | ; or leave this empty to avoid sending anti-caching headers. 1452 | ; http://php.net/session.cache-limiter 1453 | session.cache_limiter = nocache 1454 | 1455 | ; Document expires after n minutes. 1456 | ; http://php.net/session.cache-expire 1457 | session.cache_expire = 180 1458 | 1459 | ; trans sid support is disabled by default. 1460 | ; Use of trans sid may risk your users' security. 1461 | ; Use this option with caution. 1462 | ; - User may send URL contains active session ID 1463 | ; to other person via. email/irc/etc. 1464 | ; - URL that contains active session ID may be stored 1465 | ; in publicly accessible computer. 1466 | ; - User may access your site with the same session ID 1467 | ; always using URL stored in browser's history or bookmarks. 1468 | ; http://php.net/session.use-trans-sid 1469 | session.use_trans_sid = 0 1470 | 1471 | ; Select a hash function for use in generating session ids. 1472 | ; Possible Values 1473 | ; 0 (MD5 128 bits) 1474 | ; 1 (SHA-1 160 bits) 1475 | ; This option may also be set to the name of any hash function supported by 1476 | ; the hash extension. A list of available hashes is returned by the hash_algos() 1477 | ; function. 1478 | ; http://php.net/session.hash-function 1479 | session.hash_function = 0 1480 | 1481 | ; Define how many bits are stored in each character when converting 1482 | ; the binary hash data to something readable. 1483 | ; Possible values: 1484 | ; 4 (4 bits: 0-9, a-f) 1485 | ; 5 (5 bits: 0-9, a-v) 1486 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1487 | ; Default Value: 4 1488 | ; Development Value: 5 1489 | ; Production Value: 5 1490 | ; http://php.net/session.hash-bits-per-character 1491 | session.hash_bits_per_character = 5 1492 | 1493 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1494 | ; form/fieldset are special; if you include them here, the rewriter will 1495 | ; add a hidden field with the info which is otherwise appended 1496 | ; to URLs. If you want XHTML conformity, remove the form entry. 1497 | ; Note that all valid entries require a "=", even if no value follows. 1498 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 1499 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1500 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1501 | ; http://php.net/url-rewriter.tags 1502 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 1503 | 1504 | ; Enable upload progress tracking in $_SESSION 1505 | ; Default Value: On 1506 | ; Development Value: On 1507 | ; Production Value: On 1508 | ; http://php.net/session.upload-progress.enabled 1509 | ;session.upload_progress.enabled = On 1510 | 1511 | ; Cleanup the progress information as soon as all POST data has been read 1512 | ; (i.e. upload completed). 1513 | ; Default Value: On 1514 | ; Development Value: On 1515 | ; Production Value: On 1516 | ; http://php.net/session.upload-progress.cleanup 1517 | ;session.upload_progress.cleanup = On 1518 | 1519 | ; A prefix used for the upload progress key in $_SESSION 1520 | ; Default Value: "upload_progress_" 1521 | ; Development Value: "upload_progress_" 1522 | ; Production Value: "upload_progress_" 1523 | ; http://php.net/session.upload-progress.prefix 1524 | ;session.upload_progress.prefix = "upload_progress_" 1525 | 1526 | ; The index name (concatenated with the prefix) in $_SESSION 1527 | ; containing the upload progress information 1528 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" 1529 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" 1530 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" 1531 | ; http://php.net/session.upload-progress.name 1532 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" 1533 | 1534 | ; How frequently the upload progress should be updated. 1535 | ; Given either in percentages (per-file), or in bytes 1536 | ; Default Value: "1%" 1537 | ; Development Value: "1%" 1538 | ; Production Value: "1%" 1539 | ; http://php.net/session.upload-progress.freq 1540 | ;session.upload_progress.freq = "1%" 1541 | 1542 | ; The minimum delay between updates, in seconds 1543 | ; Default Value: 1 1544 | ; Development Value: 1 1545 | ; Production Value: 1 1546 | ; http://php.net/session.upload-progress.min-freq 1547 | ;session.upload_progress.min_freq = "1" 1548 | 1549 | ; Only write session data when session data is changed. Enabled by default. 1550 | ; http://php.net/session.lazy-write 1551 | ;session.lazy_write = On 1552 | 1553 | [Assertion] 1554 | ; Switch whether to compile assertions at all (to have no overhead at run-time) 1555 | ; -1: Do not compile at all 1556 | ; 0: Jump over assertion at run-time 1557 | ; 1: Execute assertions 1558 | ; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) 1559 | ; Default Value: 1 1560 | ; Development Value: 1 1561 | ; Production Value: -1 1562 | ; http://php.net/zend.assertions 1563 | zend.assertions = -1 1564 | 1565 | ; Assert(expr); active by default. 1566 | ; http://php.net/assert.active 1567 | ;assert.active = On 1568 | 1569 | ; Throw an AssertationException on failed assertions 1570 | ; http://php.net/assert.exception 1571 | ;assert.exception = On 1572 | 1573 | ; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) 1574 | ; http://php.net/assert.warning 1575 | ;assert.warning = On 1576 | 1577 | ; Don't bail out by default. 1578 | ; http://php.net/assert.bail 1579 | ;assert.bail = Off 1580 | 1581 | ; User-function to be called if an assertion fails. 1582 | ; http://php.net/assert.callback 1583 | ;assert.callback = 0 1584 | 1585 | ; Eval the expression with current error_reporting(). Set to true if you want 1586 | ; error_reporting(0) around the eval(). 1587 | ; http://php.net/assert.quiet-eval 1588 | ;assert.quiet_eval = 0 1589 | 1590 | [COM] 1591 | ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs 1592 | ; http://php.net/com.typelib-file 1593 | ;com.typelib_file = 1594 | 1595 | ; allow Distributed-COM calls 1596 | ; http://php.net/com.allow-dcom 1597 | ;com.allow_dcom = true 1598 | 1599 | ; autoregister constants of a components typlib on com_load() 1600 | ; http://php.net/com.autoregister-typelib 1601 | ;com.autoregister_typelib = true 1602 | 1603 | ; register constants casesensitive 1604 | ; http://php.net/com.autoregister-casesensitive 1605 | ;com.autoregister_casesensitive = false 1606 | 1607 | ; show warnings on duplicate constant registrations 1608 | ; http://php.net/com.autoregister-verbose 1609 | ;com.autoregister_verbose = true 1610 | 1611 | ; The default character set code-page to use when passing strings to and from COM objects. 1612 | ; Default: system ANSI code page 1613 | ;com.code_page= 1614 | 1615 | [mbstring] 1616 | ; language for internal character representation. 1617 | ; This affects mb_send_mail() and mbstring.detect_order. 1618 | ; http://php.net/mbstring.language 1619 | ;mbstring.language = Japanese 1620 | 1621 | ; Use of this INI entry is deprecated, use global internal_encoding instead. 1622 | ; internal/script encoding. 1623 | ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) 1624 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. 1625 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding 1626 | ;mbstring.internal_encoding = 1627 | 1628 | ; Use of this INI entry is deprecated, use global input_encoding instead. 1629 | ; http input encoding. 1630 | ; mbstring.encoding_traslation = On is needed to use this setting. 1631 | ; If empty, default_charset or input_encoding or mbstring.input is used. 1632 | ; The precedence is: default_charset < intput_encoding < mbsting.http_input 1633 | ; http://php.net/mbstring.http-input 1634 | ;mbstring.http_input = 1635 | 1636 | ; Use of this INI entry is deprecated, use global output_encoding instead. 1637 | ; http output encoding. 1638 | ; mb_output_handler must be registered as output buffer to function. 1639 | ; If empty, default_charset or output_encoding or mbstring.http_output is used. 1640 | ; The precedence is: default_charset < output_encoding < mbstring.http_output 1641 | ; To use an output encoding conversion, mbstring's output handler must be set 1642 | ; otherwise output encoding conversion cannot be performed. 1643 | ; http://php.net/mbstring.http-output 1644 | ;mbstring.http_output = 1645 | 1646 | ; enable automatic encoding translation according to 1647 | ; mbstring.internal_encoding setting. Input chars are 1648 | ; converted to internal encoding by setting this to On. 1649 | ; Note: Do _not_ use automatic encoding translation for 1650 | ; portable libs/applications. 1651 | ; http://php.net/mbstring.encoding-translation 1652 | ;mbstring.encoding_translation = Off 1653 | 1654 | ; automatic encoding detection order. 1655 | ; "auto" detect order is changed according to mbstring.language 1656 | ; http://php.net/mbstring.detect-order 1657 | ;mbstring.detect_order = auto 1658 | 1659 | ; substitute_character used when character cannot be converted 1660 | ; one from another 1661 | ; http://php.net/mbstring.substitute-character 1662 | ;mbstring.substitute_character = none 1663 | 1664 | ; overload(replace) single byte functions by mbstring functions. 1665 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1666 | ; etc. Possible values are 0,1,2,4 or combination of them. 1667 | ; For example, 7 for overload everything. 1668 | ; 0: No overload 1669 | ; 1: Overload mail() function 1670 | ; 2: Overload str*() functions 1671 | ; 4: Overload ereg*() functions 1672 | ; http://php.net/mbstring.func-overload 1673 | ;mbstring.func_overload = 0 1674 | 1675 | ; enable strict encoding detection. 1676 | ; Default: Off 1677 | ;mbstring.strict_detection = On 1678 | 1679 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1680 | ; is activated. 1681 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1682 | ;mbstring.http_output_conv_mimetype= 1683 | 1684 | [gd] 1685 | ; Tell the jpeg decode to ignore warnings and try to create 1686 | ; a gd image. The warning will then be displayed as notices 1687 | ; disabled by default 1688 | ; http://php.net/gd.jpeg-ignore-warning 1689 | ;gd.jpeg_ignore_warning = 0 1690 | 1691 | [exif] 1692 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1693 | ; With mbstring support this will automatically be converted into the encoding 1694 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1695 | ; is used. For the decode settings you can distinguish between motorola and 1696 | ; intel byte order. A decode setting cannot be empty. 1697 | ; http://php.net/exif.encode-unicode 1698 | ;exif.encode_unicode = ISO-8859-15 1699 | 1700 | ; http://php.net/exif.decode-unicode-motorola 1701 | ;exif.decode_unicode_motorola = UCS-2BE 1702 | 1703 | ; http://php.net/exif.decode-unicode-intel 1704 | ;exif.decode_unicode_intel = UCS-2LE 1705 | 1706 | ; http://php.net/exif.encode-jis 1707 | ;exif.encode_jis = 1708 | 1709 | ; http://php.net/exif.decode-jis-motorola 1710 | ;exif.decode_jis_motorola = JIS 1711 | 1712 | ; http://php.net/exif.decode-jis-intel 1713 | ;exif.decode_jis_intel = JIS 1714 | 1715 | [Tidy] 1716 | ; The path to a default tidy configuration file to use when using tidy 1717 | ; http://php.net/tidy.default-config 1718 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1719 | 1720 | ; Should tidy clean and repair output automatically? 1721 | ; WARNING: Do not use this option if you are generating non-html content 1722 | ; such as dynamic images 1723 | ; http://php.net/tidy.clean-output 1724 | tidy.clean_output = Off 1725 | 1726 | [soap] 1727 | ; Enables or disables WSDL caching feature. 1728 | ; http://php.net/soap.wsdl-cache-enabled 1729 | soap.wsdl_cache_enabled=1 1730 | 1731 | ; Sets the directory name where SOAP extension will put cache files. 1732 | ; http://php.net/soap.wsdl-cache-dir 1733 | soap.wsdl_cache_dir="/tmp" 1734 | 1735 | ; (time to live) Sets the number of second while cached file will be used 1736 | ; instead of original one. 1737 | ; http://php.net/soap.wsdl-cache-ttl 1738 | soap.wsdl_cache_ttl=86400 1739 | 1740 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1741 | soap.wsdl_cache_limit = 5 1742 | 1743 | [sysvshm] 1744 | ; A default size of the shared memory segment 1745 | ;sysvshm.init_mem = 10000 1746 | 1747 | [ldap] 1748 | ; Sets the maximum number of open links or -1 for unlimited. 1749 | ldap.max_links = -1 1750 | 1751 | [mcrypt] 1752 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1753 | 1754 | ; Directory where to load mcrypt algorithms 1755 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1756 | ;mcrypt.algorithms_dir= 1757 | 1758 | ; Directory where to load mcrypt modes 1759 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1760 | ;mcrypt.modes_dir= 1761 | 1762 | [dba] 1763 | ;dba.default_handler= 1764 | 1765 | [opcache] 1766 | ; Determines if Zend OPCache is enabled 1767 | ;opcache.enable=0 1768 | 1769 | ; Determines if Zend OPCache is enabled for the CLI version of PHP 1770 | ;opcache.enable_cli=0 1771 | 1772 | ; The OPcache shared memory storage size. 1773 | ;opcache.memory_consumption=64 1774 | 1775 | ; The amount of memory for interned strings in Mbytes. 1776 | ;opcache.interned_strings_buffer=4 1777 | 1778 | ; The maximum number of keys (scripts) in the OPcache hash table. 1779 | ; Only numbers between 200 and 100000 are allowed. 1780 | ;opcache.max_accelerated_files=2000 1781 | 1782 | ; The maximum percentage of "wasted" memory until a restart is scheduled. 1783 | ;opcache.max_wasted_percentage=5 1784 | 1785 | ; When this directive is enabled, the OPcache appends the current working 1786 | ; directory to the script key, thus eliminating possible collisions between 1787 | ; files with the same name (basename). Disabling the directive improves 1788 | ; performance, but may break existing applications. 1789 | ;opcache.use_cwd=1 1790 | 1791 | ; When disabled, you must reset the OPcache manually or restart the 1792 | ; webserver for changes to the filesystem to take effect. 1793 | ;opcache.validate_timestamps=1 1794 | 1795 | ; How often (in seconds) to check file timestamps for changes to the shared 1796 | ; memory storage allocation. ("1" means validate once per second, but only 1797 | ; once per request. "0" means always validate) 1798 | ;opcache.revalidate_freq=2 1799 | 1800 | ; Enables or disables file search in include_path optimization 1801 | ;opcache.revalidate_path=0 1802 | 1803 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 1804 | ; size of the optimized code. 1805 | ;opcache.save_comments=1 1806 | 1807 | ; If enabled, a fast shutdown sequence is used for the accelerated code 1808 | ; Depending on the used Memory Manager this may cause some incompatibilities. 1809 | ;opcache.fast_shutdown=0 1810 | 1811 | ; Allow file existence override (file_exists, etc.) performance feature. 1812 | ;opcache.enable_file_override=0 1813 | 1814 | ; A bitmask, where each bit enables or disables the appropriate OPcache 1815 | ; passes 1816 | ;opcache.optimization_level=0xffffffff 1817 | 1818 | ;opcache.inherited_hack=1 1819 | ;opcache.dups_fix=0 1820 | 1821 | ; The location of the OPcache blacklist file (wildcards allowed). 1822 | ; Each OPcache blacklist file is a text file that holds the names of files 1823 | ; that should not be accelerated. The file format is to add each filename 1824 | ; to a new line. The filename may be a full path or just a file prefix 1825 | ; (i.e., /var/www/x blacklists all the files and directories in /var/www 1826 | ; that start with 'x'). Line starting with a ; are ignored (comments). 1827 | ;opcache.blacklist_filename= 1828 | 1829 | ; Allows exclusion of large files from being cached. By default all files 1830 | ; are cached. 1831 | ;opcache.max_file_size=0 1832 | 1833 | ; Check the cache checksum each N requests. 1834 | ; The default value of "0" means that the checks are disabled. 1835 | ;opcache.consistency_checks=0 1836 | 1837 | ; How long to wait (in seconds) for a scheduled restart to begin if the cache 1838 | ; is not being accessed. 1839 | ;opcache.force_restart_timeout=180 1840 | 1841 | ; OPcache error_log file name. Empty string assumes "stderr". 1842 | ;opcache.error_log= 1843 | 1844 | ; All OPcache errors go to the Web server log. 1845 | ; By default, only fatal errors (level 0) or errors (level 1) are logged. 1846 | ; You can also enable warnings (level 2), info messages (level 3) or 1847 | ; debug messages (level 4). 1848 | ;opcache.log_verbosity_level=1 1849 | 1850 | ; Preferred Shared Memory back-end. Leave empty and let the system decide. 1851 | ;opcache.preferred_memory_model= 1852 | 1853 | ; Protect the shared memory from unexpected writing during script execution. 1854 | ; Useful for internal debugging only. 1855 | ;opcache.protect_memory=0 1856 | 1857 | ; Allows calling OPcache API functions only from PHP scripts which path is 1858 | ; started from specified string. The default "" means no restriction 1859 | ;opcache.restrict_api= 1860 | 1861 | ; Mapping base of shared memory segments (for Windows only). All the PHP 1862 | ; processes have to map shared memory into the same address space. This 1863 | ; directive allows to manually fix the "Unable to reattach to base address" 1864 | ; errors. 1865 | ;opcache.mmap_base= 1866 | 1867 | ; Enables and sets the second level cache directory. 1868 | ; It should improve performance when SHM memory is full, at server restart or 1869 | ; SHM reset. The default "" disables file based caching. 1870 | ;opcache.file_cache= 1871 | 1872 | ; Enables or disables opcode caching in shared memory. 1873 | ;opcache.file_cache_only=0 1874 | 1875 | ; Enables or disables checksum validation when script loaded from file cache. 1876 | ;opcache.file_cache_consistency_checks=1 1877 | 1878 | ; Implies opcache.file_cache_only=1 for a certain process that failed to 1879 | ; reattach to the shared memory (for Windows only). Explicitly enabled file 1880 | ; cache is required. 1881 | ;opcache.file_cache_fallback=1 1882 | 1883 | ; Enables or disables copying of PHP code (text segment) into HUGE PAGES. 1884 | ; This should improve performance, but requires appropriate OS configuration. 1885 | ;opcache.huge_code_pages=1 1886 | 1887 | ; Validate cached file permissions. 1888 | ; opcache.validate_permission=0 1889 | 1890 | ; Prevent name collisions in chroot'ed environment. 1891 | ; opcache.validate_root=0 1892 | 1893 | [curl] 1894 | ; A default value for the CURLOPT_CAINFO option. This is required to be an 1895 | ; absolute path. 1896 | ;curl.cainfo = 1897 | 1898 | [openssl] 1899 | ; The location of a Certificate Authority (CA) file on the local filesystem 1900 | ; to use when verifying the identity of SSL/TLS peers. Most users should 1901 | ; not specify a value for this directive as PHP will attempt to use the 1902 | ; OS-managed cert stores in its absence. If specified, this value may still 1903 | ; be overridden on a per-stream basis via the "cafile" SSL stream context 1904 | ; option. 1905 | ;openssl.cafile= 1906 | 1907 | ; If openssl.cafile is not specified or if the CA file is not found, the 1908 | ; directory pointed to by openssl.capath is searched for a suitable 1909 | ; certificate. This value must be a correctly hashed certificate directory. 1910 | ; Most users should not specify a value for this directive as PHP will 1911 | ; attempt to use the OS-managed cert stores in its absence. If specified, 1912 | ; this value may still be overridden on a per-stream basis via the "capath" 1913 | ; SSL stream context option. 1914 | ;openssl.capath= 1915 | 1916 | ; Local Variables: 1917 | ; tab-width: 4 1918 | ; End: -------------------------------------------------------------------------------- /roles/php/files/www.conf: -------------------------------------------------------------------------------- 1 | ; Start a new pool named 'www'. 2 | [www] 3 | 4 | ;prefix = /path/to/pools/$pool 5 | 6 | ; Unix user/group of processes 7 | user = www-data 8 | group = www-data 9 | 10 | ; The address on which to accept FastCGI requests. 11 | listen = 127.0.0.1:8000 12 | 13 | ; Set permissions for unix socket, if one is used. 14 | listen.owner = www-data 15 | listen.group = www-data 16 | ;listen.mode = 0660 17 | 18 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect. 19 | ;listen.allowed_clients = 127.0.0.1 20 | 21 | ; Specify the nice(2) priority to apply to the pool processes (only if set) 22 | ; process.priority = -19 23 | 24 | ; Choose how the process manager will control the number of child processes. 25 | pm = dynamic 26 | 27 | ; The number of child processes to be created when pm is set to 'static' and the 28 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 29 | ; This value sets the limit on the number of simultaneous requests that will be 30 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 31 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 32 | ; CGI. The below defaults are based on a server without much resources. Don't 33 | ; forget to tweak pm.* to fit your needs. 34 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 35 | ; Note: This value is mandatory. 36 | pm.max_children = 10 37 | 38 | ; The number of child processes created on startup. 39 | ; Note: Used only when pm is set to 'dynamic' 40 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 41 | pm.start_servers = 2 42 | 43 | ; The desired minimum number of idle server processes. 44 | ; Note: Used only when pm is set to 'dynamic' 45 | ; Note: Mandatory when pm is set to 'dynamic' 46 | pm.min_spare_servers = 1 47 | 48 | ; The desired maximum number of idle server processes. 49 | ; Note: Used only when pm is set to 'dynamic' 50 | ; Note: Mandatory when pm is set to 'dynamic' 51 | pm.max_spare_servers = 3 52 | 53 | ; The number of seconds after which an idle process will be killed. 54 | ; Note: Used only when pm is set to 'ondemand' 55 | ; Default Value: 10s 56 | ;pm.process_idle_timeout = 10s; 57 | 58 | ; The number of requests each child process should execute before respawning. 59 | ; This can be useful to work around memory leaks in 3rd party libraries. For 60 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 61 | ; Default Value: 0 62 | pm.max_requests = 5000 63 | 64 | ; The URI to view the FPM status page. If this value is not set, no URI will be 65 | ; recognized as a status page. It shows the following informations: 66 | ; pool - the name of the pool; 67 | ; process manager - static, dynamic or ondemand; 68 | ; start time - the date and time FPM has started; 69 | ; start since - number of seconds since FPM has started; 70 | ; accepted conn - the number of request accepted by the pool; 71 | ; listen queue - the number of request in the queue of pending 72 | ; connections (see backlog in listen(2)); 73 | ; max listen queue - the maximum number of requests in the queue 74 | ; of pending connections since FPM has started; 75 | ; listen queue len - the size of the socket queue of pending connections; 76 | ; idle processes - the number of idle processes; 77 | ; active processes - the number of active processes; 78 | ; total processes - the number of idle + active processes; 79 | ; max active processes - the maximum number of active processes since FPM 80 | ; has started; 81 | ; max children reached - number of times, the process limit has been reached, 82 | ; when pm tries to start more children (works only for 83 | ; pm 'dynamic' and 'ondemand'); 84 | ; Value are updated in real time. 85 | ; Example output: 86 | ; pool: www 87 | ; process manager: static 88 | ; start time: 01/Jul/2011:17:53:49 +0200 89 | ; start since: 62636 90 | ; accepted conn: 190460 91 | ; listen queue: 0 92 | ; max listen queue: 1 93 | ; listen queue len: 42 94 | ; idle processes: 4 95 | ; active processes: 11 96 | ; total processes: 15 97 | ; max active processes: 12 98 | ; max children reached: 0 99 | ; 100 | ; By default the status page output is formatted as text/plain. Passing either 101 | ; 'html', 'xml' or 'json' in the query string will return the corresponding 102 | ; output syntax. Example: 103 | ; http://www.foo.bar/status 104 | ; http://www.foo.bar/status?json 105 | ; http://www.foo.bar/status?html 106 | ; http://www.foo.bar/status?xml 107 | ; 108 | ; By default the status page only outputs short status. Passing 'full' in the 109 | ; query string will also return status for each pool process. 110 | ; Example: 111 | ; http://www.foo.bar/status?full 112 | ; http://www.foo.bar/status?json&full 113 | ; http://www.foo.bar/status?html&full 114 | ; http://www.foo.bar/status?xml&full 115 | ; The Full status returns for each process: 116 | ; pid - the PID of the process; 117 | ; state - the state of the process (Idle, Running, ...); 118 | ; start time - the date and time the process has started; 119 | ; start since - the number of seconds since the process has started; 120 | ; requests - the number of requests the process has served; 121 | ; request duration - the duration in µs of the requests; 122 | ; request method - the request method (GET, POST, ...); 123 | ; request URI - the request URI with the query string; 124 | ; content length - the content length of the request (only with POST); 125 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); 126 | ; script - the main script called (or '-' if not set); 127 | ; last request cpu - the %cpu the last request consumed 128 | ; it's always 0 if the process is not in Idle state 129 | ; because CPU calculation is done when the request 130 | ; processing has terminated; 131 | ; last request memory - the max amount of memory the last request consumed 132 | ; it's always 0 if the process is not in Idle state 133 | ; because memory calculation is done when the request 134 | ; processing has terminated; 135 | ; If the process is in Idle state, then informations are related to the 136 | ; last request the process has served. Otherwise informations are related to 137 | ; the current request being served. 138 | ; Example output: 139 | ; ************************ 140 | ; pid: 31330 141 | ; state: Running 142 | ; start time: 01/Jul/2011:17:53:49 +0200 143 | ; start since: 63087 144 | ; requests: 12808 145 | ; request duration: 1250261 146 | ; request method: GET 147 | ; request URI: /test_mem.php?N=10000 148 | ; content length: 0 149 | ; user: - 150 | ; script: /home/fat/web/docs/php/test_mem.php 151 | ; last request cpu: 0.00 152 | ; last request memory: 0 153 | ; 154 | ; Note: There is a real-time FPM status monitoring sample web page available 155 | ; It's available in: ${prefix}/share/fpm/status.html 156 | ; 157 | ; Note: The value must start with a leading slash (/). The value can be 158 | ; anything, but it may not be a good idea to use the .php extension or it 159 | ; may conflict with a real PHP file. 160 | ; Default Value: not set 161 | ;pm.status_path = /status 162 | 163 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 164 | ; URI will be recognized as a ping page. This could be used to test from outside 165 | ; that FPM is alive and responding, or to 166 | ; - create a graph of FPM availability (rrd or such); 167 | ; - remove a server from a group if it is not responding (load balancing); 168 | ; - trigger alerts for the operating team (24/7). 169 | ; Note: The value must start with a leading slash (/). The value can be 170 | ; anything, but it may not be a good idea to use the .php extension or it 171 | ; may conflict with a real PHP file. 172 | ; Default Value: not set 173 | ;ping.path = /ping 174 | 175 | ; This directive may be used to customize the response of a ping request. The 176 | ; response is formatted as text/plain with a 200 response code. 177 | ; Default Value: pong 178 | ;ping.response = pong 179 | 180 | ; The access log file 181 | ; Default: not set 182 | ;access.log = log/php-fpm/$pool.access.log 183 | 184 | ; The access log format. 185 | ; The following syntax is allowed 186 | ; %%: the '%' character 187 | ; %C: %CPU used by the request 188 | ; it can accept the following format: 189 | ; - %{user}C for user CPU only 190 | ; - %{system}C for system CPU only 191 | ; - %{total}C for user + system CPU (default) 192 | ; %d: time taken to serve the request 193 | ; it can accept the following format: 194 | ; - %{seconds}d (default) 195 | ; - %{miliseconds}d 196 | ; - %{mili}d 197 | ; - %{microseconds}d 198 | ; - %{micro}d 199 | ; %e: an environment variable (same as $_ENV or $_SERVER) 200 | ; it must be associated with embraces to specify the name of the env 201 | ; variable. Some exemples: 202 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e 203 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e 204 | ; %f: script filename 205 | ; %l: content-length of the request (for POST request only) 206 | ; %m: request method 207 | ; %M: peak of memory allocated by PHP 208 | ; it can accept the following format: 209 | ; - %{bytes}M (default) 210 | ; - %{kilobytes}M 211 | ; - %{kilo}M 212 | ; - %{megabytes}M 213 | ; - %{mega}M 214 | ; %n: pool name 215 | ; %o: output header 216 | ; it must be associated with embraces to specify the name of the header: 217 | ; - %{Content-Type}o 218 | ; - %{X-Powered-By}o 219 | ; - %{Transfert-Encoding}o 220 | ; - .... 221 | ; %p: PID of the child that serviced the request 222 | ; %P: PID of the parent of the child that serviced the request 223 | ; %q: the query string 224 | ; %Q: the '?' character if query string exists 225 | ; %r: the request URI (without the query string, see %q and %Q) 226 | ; %R: remote IP address 227 | ; %s: status (response code) 228 | ; %t: server time the request was received 229 | ; it can accept a strftime(3) format: 230 | ; %d/%b/%Y:%H:%M:%S %z (default) 231 | ; %T: time the log has been written (the request has finished) 232 | ; it can accept a strftime(3) format: 233 | ; %d/%b/%Y:%H:%M:%S %z (default) 234 | ; %u: remote user 235 | ; 236 | ; Default: "%R - %u %t \"%m %r\" %s" 237 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" 238 | 239 | ; The log file for slow requests 240 | ; Default Value: not set 241 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 242 | slowlog = log/$pool.log.slow 243 | 244 | ; The timeout for serving a single request after which a PHP backtrace will be 245 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 246 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 247 | ; Default Value: 0 248 | ;request_slowlog_timeout = 0 249 | 250 | ; The timeout for serving a single request after which the worker process will 251 | ; be killed. This option should be used when the 'max_execution_time' ini option 252 | ; does not stop script execution for some reason. A value of '0' means 'off'. 253 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 254 | ; Default Value: 0 255 | ;request_terminate_timeout = 0 256 | 257 | ; Set open file descriptor rlimit. 258 | ; Default Value: system defined value 259 | ;rlimit_files = 1024 260 | 261 | ; Set max core size rlimit. 262 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 263 | ; Default Value: system defined value 264 | ;rlimit_core = 0 265 | 266 | ; Chroot to this directory at the start. This value must be defined as an 267 | ; absolute path. When this value is not set, chroot is not used. 268 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one 269 | ; of its subdirectories. If the pool prefix is not set, the global prefix 270 | ; will be used instead. 271 | ; Note: chrooting is a great security feature and should be used whenever 272 | ; possible. However, all PHP paths will be relative to the chroot 273 | ; (error_log, sessions.save_path, ...). 274 | ; Default Value: not set 275 | ;chroot = 276 | 277 | ; Chdir to this directory at the start. 278 | ; Note: relative path can be used. 279 | ; Default Value: current directory or / when chroot 280 | chdir = / 281 | 282 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 283 | ; stderr will be redirected to /dev/null according to FastCGI specs. 284 | ; Note: on highloaded environement, this can cause some delay in the page 285 | ; process time (several ms). 286 | ; Default Value: no 287 | ;catch_workers_output = yes 288 | 289 | ; Ensure worker stdout and stderr are sent to the main error log 290 | catch_workers_output = yes 291 | decorate_workers_output = no 292 | 293 | ; Clear environment in FPM workers 294 | ; Prevents arbitrary environment variables from reaching FPM worker processes 295 | ; by clearing the environment in workers before env vars specified in this 296 | ; pool configuration are added. 297 | ; Setting to "no" will make all environment variables available to PHP code 298 | ; via getenv(), $_ENV and $_SERVER. 299 | ; Default Value: yes 300 | ;clear_env = no 301 | 302 | ; Limits the extensions of the main script FPM will allow to parse. This can 303 | ; prevent configuration mistakes on the web server side. You should only limit 304 | ; FPM to .php extensions to prevent malicious users to use other extensions to 305 | ; exectute php code. 306 | ; Note: set an empty value to allow all extensions. 307 | ; Default Value: .php 308 | ;security.limit_extensions = .php .php3 .php4 .php5 309 | 310 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 311 | ; the current environment. 312 | ; Default Value: clean env 313 | ;env[HOSTNAME] = $HOSTNAME 314 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 315 | ;env[TMP] = /tmp 316 | ;env[TMPDIR] = /tmp 317 | ;env[TEMP] = /tmp 318 | 319 | ; Additional php.ini defines, specific to this pool of workers. These settings 320 | ; overwrite the values previously defined in the php.ini. The directives are the 321 | ; same as the PHP SAPI: 322 | ; php_value/php_flag - you can set classic ini defines which can 323 | ; be overwritten from PHP call 'ini_set'. 324 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 325 | ; PHP call 'ini_set' 326 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 327 | 328 | ; Defining 'extension' will load the corresponding shared extension from 329 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 330 | ; overwrite previously defined php.ini values, but will append the new value 331 | ; instead. 332 | 333 | ; Note: path INI options can be relative and will be expanded with the prefix 334 | ; (pool, global or /usr) 335 | 336 | ; Default Value: nothing is defined by default except the values in php.ini and 337 | ; specified at startup with the -d argument 338 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 339 | ;php_flag[display_errors] = off 340 | ;php_admin_value[error_log] = /var/log/fpm-php.www.log 341 | ;php_admin_flag[log_errors] = on 342 | ;php_admin_value[memory_limit] = 32M -------------------------------------------------------------------------------- /roles/php/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure php GPG key is present (Ondrej Sury) 3 | apt_key: 4 | url: https://packages.sury.org/php/apt.gpg 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' 8 | state: present 9 | filename: "php{{ php_version }}" 10 | - name: Ensure php-fpm + libs is installed 11 | apt: 12 | pkg: ["php{{ php_version }}", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-mysql", "php{{ php_version }}-pgsql", "php{{ php_version }}-intl", "php{{ php_version }}-curl", "php{{ php_version }}-gd", "php{{ php_version }}-mbstring", "php{{ php_version }}-xml", "php{{ php_version }}-bcmath", "php{{ php_version }}-zip", "php{{ php_version }}-imagick"] 13 | state: latest 14 | - name: "[PHP 7.X ONLY] Install legacy packages" 15 | apt: 16 | pkg: ["php{{ php_version }}-json"] 17 | state: latest 18 | when: "php_version.startswith('7.')" 19 | - name: Writes the correct version of the ini configuration (fpm) 20 | copy: 21 | src: php.ini 22 | dest: "/etc/php/{{ php_version }}/fpm/php.ini" 23 | - name: Add correct timezone (cli) 24 | lineinfile: 25 | dest: /etc/php/{{ php_version }}/cli/php.ini 26 | line: 'date.timezone = "Europe/Paris"' 27 | state: present 28 | insertafter: "^[Date]" 29 | - name: Writes the correct version of the configuration 30 | copy: 31 | src: php-fpm.conf 32 | dest: "/etc/php/{{ php_version }}/fpm/php-fpm.conf" 33 | - name: Replaces the version of php in the configuration file 34 | replace: 35 | path: "/etc/php/{{ php_version }}/fpm/php-fpm.conf" 36 | regexp: '7\.4' 37 | replace: "{{ php_version }}" 38 | - name: Ensure the log folder is here 39 | file: 40 | path: /var/log/php-fpm 41 | state: directory 42 | owner: root 43 | group: adm 44 | - name: Writes the correct version of the pool 45 | copy: 46 | src: www.conf 47 | dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf" 48 | - name: Start php-fpm 49 | service: 50 | name: "php{{ php_version }}-fpm" 51 | state: restarted 52 | daemon_reload: yes 53 | enabled: yes 54 | - name: Add debian to www-data group 55 | user: 56 | name: debian 57 | groups: www-data 58 | append: yes 59 | - name: Download composer 60 | get_url: 61 | url: https://getcomposer.org/installer 62 | dest: /tmp/installer 63 | - name: Install composer 64 | shell: cat /tmp/installer | php -- --install-dir=/usr/local/bin 65 | args: 66 | creates: /usr/local/bin/composer 67 | - name: Rename composer.phar to composer 68 | shell: mv /usr/local/bin/composer.phar /usr/local/bin/composer 69 | args: 70 | creates: /usr/local/bin/composer 71 | - name: Make composer executable 72 | file: 73 | path: /usr/local/bin/composer 74 | mode: a+x 75 | state: file 76 | -------------------------------------------------------------------------------- /roles/postgresql/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | postgresql_version: "14" -------------------------------------------------------------------------------- /roles/postgresql/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure php GPG key is present 3 | apt_key: 4 | url: https://www.postgresql.org/media/keys/ACCC4CF8.asc 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main' 8 | state: present 9 | filename: "postgresql" 10 | - name: "[Debian <= 10] Install legacy python-psycopg2 packages" 11 | apt: 12 | pkg: ['python-psycopg2'] 13 | state: latest 14 | when: "ansible_distribution_release.startswith('buster')" 15 | - name: Ensure PostgreSQL is installed 16 | apt: 17 | # We need acl for become_user for an unprivileged user 18 | pkg: ['postgresql-{{ postgresql_version }}', 'postgresql-client-{{ postgresql_version }}', 'python3-psycopg2', 'acl'] 19 | state: latest 20 | - name: Ensure PostgreSQL is running 21 | systemd: 22 | name: postgresql 23 | state: restarted 24 | daemon_reload: yes 25 | enabled: yes 26 | - name: Sets the root password 27 | become: true 28 | become_user: postgres 29 | postgresql_user: 30 | name: postgres 31 | password: "{{ lookup('password', '/tmp/ansible.password.pgsql_root_' + inventory_hostname + ' length=64') }}" 32 | no_log: yes 33 | - name: Writes /root/.pgpass 34 | copy: 35 | dest: /root/.pgpass 36 | mode: 0600 37 | owner: root 38 | group: root 39 | content: "localhost:*:*:postgres:{{ lookup('file', '/tmp/ansible.password.pgsql_root_' + inventory_hostname) }}" 40 | no_log: yes 41 | -------------------------------------------------------------------------------- /roles/yarn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Ensure the key is present 3 | apt_key: 4 | url: https://dl.yarnpkg.com/debian/pubkey.gpg 5 | - name: Add repository 6 | apt_repository: 7 | repo: 'deb https://dl.yarnpkg.com/debian/ stable main' 8 | state: present 9 | filename: "yarn" 10 | - name: Update apt 11 | apt: 12 | update_cache: yes 13 | - name: Install Yarn 14 | apt: 15 | pkg: 'yarn' 16 | state: present 17 | install_recommends: no 18 | --------------------------------------------------------------------------------