From 77314cd5b23b8de0c4f08827978907fb5fb8e151 Mon Sep 17 00:00:00 2001
From: Dak Thompson <dthompson@dakthompson.com>
Date: Mon, 11 Mar 2024 07:55:31 -0500
Subject: [PATCH] Made project more public-facing friendly

---
 README.md                            | 29 ++++++++++
 hosts.yml                            |  2 -
 roles/flarum/tasks/main.yml          | 80 ++++++----------------------
 roles/flarum/tasks/setup_mariadb.yml |  4 +-
 terraform/main.tf                    |  6 +--
 terraform/variables.tf               | 15 ++++++
 6 files changed, 66 insertions(+), 70 deletions(-)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..4339791
--- /dev/null
+++ b/README.md
@@ -0,0 +1,29 @@
+# Cloudflare
+
+Note: this project assumes the use of Cloudflare Tunnels with a tunnel already running.
+
+# Terraform
+
+[Terraform](./terraform) setup MUST be [run](./terraform/run.sh) first to generate TLS certificates
+
+# Ansible
+
+Set your ansible_user appropriately in [hosts.yml](hosts.yml)
+
+Set your host [hosts.yml](hosts.yml) to your server name in ssh_config.
+
+Example ssh config:
+
+```
+Host server1
+    HostName <host-ip-address>
+    IdentityFile <path-to-ssh-certs>
+```
+
+[Run Ansible](run.sh)
+
+## Ansible-Vault
+
+Required variables:
+* flarum_db_pass: The password for the Flarum MySQL user.
+* server1_become_pass: The sudo password for ansible_user.
diff --git a/hosts.yml b/hosts.yml
index 4b8ff5f..b61a92e 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -3,7 +3,5 @@ all:
   hosts:
     server1:
       ansible_become_pass: "{{ server1_become_pass }}"
-    server2:
-      ansible_become_pass: "{{ server2_become_pass }}"
   vars:
     ansible_user: zoe
diff --git a/roles/flarum/tasks/main.yml b/roles/flarum/tasks/main.yml
index e4c2910..ed02ae2 100644
--- a/roles/flarum/tasks/main.yml
+++ b/roles/flarum/tasks/main.yml
@@ -24,68 +24,22 @@
 - name: Install PHP
   become: yes
   zypper:
-    name: php81
-    state: latest
-- name: Install PHP-FPM
-  become: yes
-  zypper:
-    name: php81-fpm
-    state: latest
-- name: Install PHP OpenSSL
-  become: yes
-  zypper:
-    name: php81-openssl
-    state: latest
-- name: Install PHP Phar
-  become: yes
-  zypper:
-    name: php81-phar
-    state: latest
-- name: Install PHP iconv
-  become: yes
-  zypper:
-    name: php81-iconv
-    state: latest
-- name: Install PHP mbstring
-  become: yes
-  zypper:
-    name: php81-mbstring
-    state: latest
-- name: Install PHP PDO
-  become: yes
-  zypper:
-    name: php81-pdo
-    state: latest
-- name: Install PHP FileInfo
-  become: yes
-  zypper:
-    name: php81-fileinfo
-    state: latest
-- name: Install PHP DOM
-  become: yes
-  zypper:
-    name: php81-dom
-    state: latest
-- name: Install PHP Curl
-  become: yes
-  zypper:
-    name: php81-curl
-    state: latest
-- name: Install PHP GD
-  become: yes
-  zypper:
-    name: php81-gd
-    state: latest
-- name: Install PHP pdo_mysql
-  become: yes
-  zypper:
-    name: php81-mysql
-    state: latest
-- name: Install PHP tokenizer
-  become: yes
-  zypper:
-    name: php81-tokenizer
+    name: "{{ item }}"
     state: latest
+  loop:
+  - php81
+  - php81-fpm
+  - php81-openssl
+  - php81-phar
+  - php81-iconv
+  - php81-mbstring
+  - php81-pdo
+  - php81-fileinfo
+  - php81-dom
+  - php81-curl
+  - php81-gd
+  - php81-mysql
+  - php81-tokenizer
 - name: Install Composer
   become: yes
   script:
@@ -93,9 +47,9 @@
 - name: Update sudoers
   become: yes
   community.general.sudoers:
-    name: zoe-do-as-flarum
+    name: do-as-flarum
     state: present
-    user: zoe
+    user: "{{ ansible_user }}"
     runas: flarum
     commands: ALL
 - name: Create Flarum project
diff --git a/roles/flarum/tasks/setup_mariadb.yml b/roles/flarum/tasks/setup_mariadb.yml
index 40cb14f..205075e 100644
--- a/roles/flarum/tasks/setup_mariadb.yml
+++ b/roles/flarum/tasks/setup_mariadb.yml
@@ -2,9 +2,9 @@
 - name: Update sudoers
   become: yes
   community.general.sudoers:
-    name: zoe-do-as-mysql
+    name: do-as-mysql
     state: present
-    user: zoe
+    user: "{{ ansible_user }}"
     runas: mysql
     commands: ALL
 - name: Install MariaDB Server
diff --git a/terraform/main.tf b/terraform/main.tf
index 186cb70..52ac211 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -26,13 +26,13 @@ resource "tls_private_key" "private_key" {
 
 resource "acme_registration" "reg" {
   account_key_pem = tls_private_key.private_key.private_key_pem
-  email_address   = "admin@bubblesthebunny.com"
+  email_address   = var.acme_reg_email
 }
 
 resource "acme_certificate" "certificate" {
   account_key_pem           = acme_registration.reg.account_key_pem
-  common_name               = "bubblesthebunny.com"
-  subject_alternative_names = ["flarum.bubblesthebunny.com"]
+  common_name               = var.domain_name
+  subject_alternative_names = [var.fqdn]
 
   dns_challenge {
     provider = "cloudflare"
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 376e7e8..2db6356 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -17,3 +17,18 @@ variable "cname_record" {
   type        = string
   description = "The CNAME record used by the Cloudflared tunnel"
 }
+
+variable "acme_reg_email" {
+  type        = string
+  description = "The registration email for the TLS certificates"
+}
+
+variable "domain_name" {
+  type        = string
+  description = "The domain name (common name) for the TLS certificates ex. example.com"
+}
+
+variable "fqdn" {
+  type        = string
+  description = "The Fully Qualified Domain Name (alt name) ex. subdomain.example.com"
+}