Merge pull request 'Made project more public-facing friendly' (#1) from develop into main
Reviewed-on: #1
This commit is contained in:
commit
13857d6dce
29
README.md
Normal file
29
README.md
Normal file
@ -0,0 +1,29 @@
|
||||
# Cloudflare
|
||||
|
||||
Note: this project assumes the use of Cloudflare Tunnels with a tunnel already running.
|
||||
|
||||
# Terraform
|
||||
|
||||
[Terraform](./terraform) setup MUST be [run](./terraform/run.sh) first to generate TLS certificates
|
||||
|
||||
# Ansible
|
||||
|
||||
Set your ansible_user appropriately in [hosts.yml](hosts.yml)
|
||||
|
||||
Set your host [hosts.yml](hosts.yml) to your server name in ssh_config.
|
||||
|
||||
Example ssh config:
|
||||
|
||||
```
|
||||
Host server1
|
||||
HostName <host-ip-address>
|
||||
IdentityFile <path-to-ssh-certs>
|
||||
```
|
||||
|
||||
[Run Ansible](run.sh)
|
||||
|
||||
## Ansible-Vault
|
||||
|
||||
Required variables:
|
||||
* flarum_db_pass: The password for the Flarum MySQL user.
|
||||
* server1_become_pass: The sudo password for ansible_user.
|
||||
@ -3,7 +3,5 @@ all:
|
||||
hosts:
|
||||
server1:
|
||||
ansible_become_pass: "{{ server1_become_pass }}"
|
||||
server2:
|
||||
ansible_become_pass: "{{ server2_become_pass }}"
|
||||
vars:
|
||||
ansible_user: zoe
|
||||
|
||||
@ -24,68 +24,22 @@
|
||||
- name: Install PHP
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81
|
||||
state: latest
|
||||
- name: Install PHP-FPM
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-fpm
|
||||
state: latest
|
||||
- name: Install PHP OpenSSL
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-openssl
|
||||
state: latest
|
||||
- name: Install PHP Phar
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-phar
|
||||
state: latest
|
||||
- name: Install PHP iconv
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-iconv
|
||||
state: latest
|
||||
- name: Install PHP mbstring
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-mbstring
|
||||
state: latest
|
||||
- name: Install PHP PDO
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-pdo
|
||||
state: latest
|
||||
- name: Install PHP FileInfo
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-fileinfo
|
||||
state: latest
|
||||
- name: Install PHP DOM
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-dom
|
||||
state: latest
|
||||
- name: Install PHP Curl
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-curl
|
||||
state: latest
|
||||
- name: Install PHP GD
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-gd
|
||||
state: latest
|
||||
- name: Install PHP pdo_mysql
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-mysql
|
||||
state: latest
|
||||
- name: Install PHP tokenizer
|
||||
become: yes
|
||||
zypper:
|
||||
name: php81-tokenizer
|
||||
name: "{{ item }}"
|
||||
state: latest
|
||||
loop:
|
||||
- php81
|
||||
- php81-fpm
|
||||
- php81-openssl
|
||||
- php81-phar
|
||||
- php81-iconv
|
||||
- php81-mbstring
|
||||
- php81-pdo
|
||||
- php81-fileinfo
|
||||
- php81-dom
|
||||
- php81-curl
|
||||
- php81-gd
|
||||
- php81-mysql
|
||||
- php81-tokenizer
|
||||
- name: Install Composer
|
||||
become: yes
|
||||
script:
|
||||
@ -93,9 +47,9 @@
|
||||
- name: Update sudoers
|
||||
become: yes
|
||||
community.general.sudoers:
|
||||
name: zoe-do-as-flarum
|
||||
name: do-as-flarum
|
||||
state: present
|
||||
user: zoe
|
||||
user: "{{ ansible_user }}"
|
||||
runas: flarum
|
||||
commands: ALL
|
||||
- name: Create Flarum project
|
||||
|
||||
@ -2,9 +2,9 @@
|
||||
- name: Update sudoers
|
||||
become: yes
|
||||
community.general.sudoers:
|
||||
name: zoe-do-as-mysql
|
||||
name: do-as-mysql
|
||||
state: present
|
||||
user: zoe
|
||||
user: "{{ ansible_user }}"
|
||||
runas: mysql
|
||||
commands: ALL
|
||||
- name: Install MariaDB Server
|
||||
|
||||
@ -26,13 +26,13 @@ resource "tls_private_key" "private_key" {
|
||||
|
||||
resource "acme_registration" "reg" {
|
||||
account_key_pem = tls_private_key.private_key.private_key_pem
|
||||
email_address = "admin@bubblesthebunny.com"
|
||||
email_address = var.acme_reg_email
|
||||
}
|
||||
|
||||
resource "acme_certificate" "certificate" {
|
||||
account_key_pem = acme_registration.reg.account_key_pem
|
||||
common_name = "bubblesthebunny.com"
|
||||
subject_alternative_names = ["flarum.bubblesthebunny.com"]
|
||||
common_name = var.domain_name
|
||||
subject_alternative_names = [var.fqdn]
|
||||
|
||||
dns_challenge {
|
||||
provider = "cloudflare"
|
||||
|
||||
@ -17,3 +17,18 @@ variable "cname_record" {
|
||||
type = string
|
||||
description = "The CNAME record used by the Cloudflared tunnel"
|
||||
}
|
||||
|
||||
variable "acme_reg_email" {
|
||||
type = string
|
||||
description = "The registration email for the TLS certificates"
|
||||
}
|
||||
|
||||
variable "domain_name" {
|
||||
type = string
|
||||
description = "The domain name (common name) for the TLS certificates ex. example.com"
|
||||
}
|
||||
|
||||
variable "fqdn" {
|
||||
type = string
|
||||
description = "The Fully Qualified Domain Name (alt name) ex. subdomain.example.com"
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user