Merge pull request 'Made project more public-facing friendly' (#1) from develop into main

Reviewed-on: #1

README.md

@@ -0,0 +1,29 @@
+# Cloudflare
+
+Note: this project assumes the use of Cloudflare Tunnels with a tunnel already running.
+
+# Terraform
+
+[Terraform](./terraform) setup MUST be [run](./terraform/run.sh) first to generate TLS certificates
+
+# Ansible
+
+Set your ansible_user appropriately in [hosts.yml](hosts.yml)
+
+Set your host [hosts.yml](hosts.yml) to your server name in ssh_config.
+
+Example ssh config:
+
+```
+Host server1
+    HostName <host-ip-address>
+    IdentityFile <path-to-ssh-certs>
+```
+
+[Run Ansible](run.sh)
+
+## Ansible-Vault
+
+Required variables:
+* flarum_db_pass: The password for the Flarum MySQL user.
+* server1_become_pass: The sudo password for ansible_user.

hosts.yml

@@ -3,7 +3,5 @@ all:
   hosts:
     server1:
       ansible_become_pass: "{{ server1_become_pass }}"
-    server2:
-      ansible_become_pass: "{{ server2_become_pass }}"
   vars:
     ansible_user: zoe

roles/flarum/tasks/main.yml

@@ -24,68 +24,22 @@
 - name: Install PHP
   become: yes
   zypper:
-    name: php81
+    name: "{{ item }}"
-    state: latest
-- name: Install PHP-FPM
-  become: yes
-  zypper:
-    name: php81-fpm
-    state: latest
-- name: Install PHP OpenSSL
-  become: yes
-  zypper:
-    name: php81-openssl
-    state: latest
-- name: Install PHP Phar
-  become: yes
-  zypper:
-    name: php81-phar
-    state: latest
-- name: Install PHP iconv
-  become: yes
-  zypper:
-    name: php81-iconv
-    state: latest
-- name: Install PHP mbstring
-  become: yes
-  zypper:
-    name: php81-mbstring
-    state: latest
-- name: Install PHP PDO
-  become: yes
-  zypper:
-    name: php81-pdo
-    state: latest
-- name: Install PHP FileInfo
-  become: yes
-  zypper:
-    name: php81-fileinfo
-    state: latest
-- name: Install PHP DOM
-  become: yes
-  zypper:
-    name: php81-dom
-    state: latest
-- name: Install PHP Curl
-  become: yes
-  zypper:
-    name: php81-curl
-    state: latest
-- name: Install PHP GD
-  become: yes
-  zypper:
-    name: php81-gd
-    state: latest
-- name: Install PHP pdo_mysql
-  become: yes
-  zypper:
-    name: php81-mysql
-    state: latest
-- name: Install PHP tokenizer
-  become: yes
-  zypper:
-    name: php81-tokenizer
     state: latest
+  loop:
+  - php81
+  - php81-fpm
+  - php81-openssl
+  - php81-phar
+  - php81-iconv
+  - php81-mbstring
+  - php81-pdo
+  - php81-fileinfo
+  - php81-dom
+  - php81-curl
+  - php81-gd
+  - php81-mysql
+  - php81-tokenizer
 - name: Install Composer
   become: yes
   script:
@@ -93,9 +47,9 @@
 - name: Update sudoers
   become: yes
   community.general.sudoers:
-    name: zoe-do-as-flarum
+    name: do-as-flarum
     state: present
-    user: zoe
+    user: "{{ ansible_user }}"
     runas: flarum
     commands: ALL
 - name: Create Flarum project

roles/flarum/tasks/setup_mariadb.yml

@@ -2,9 +2,9 @@
 - name: Update sudoers
   become: yes
   community.general.sudoers:
-    name: zoe-do-as-mysql
+    name: do-as-mysql
     state: present
-    user: zoe
+    user: "{{ ansible_user }}"
     runas: mysql
     commands: ALL
 - name: Install MariaDB Server

terraform/main.tf

@@ -26,13 +26,13 @@ resource "tls_private_key" "private_key" {
 
 resource "acme_registration" "reg" {
   account_key_pem = tls_private_key.private_key.private_key_pem
-  email_address   = "admin@bubblesthebunny.com"
+  email_address   = var.acme_reg_email
 }
 
 resource "acme_certificate" "certificate" {
   account_key_pem           = acme_registration.reg.account_key_pem
-  common_name               = "bubblesthebunny.com"
+  common_name               = var.domain_name
-  subject_alternative_names = ["flarum.bubblesthebunny.com"]
+  subject_alternative_names = [var.fqdn]
 
   dns_challenge {
     provider = "cloudflare"

terraform/variables.tf

@@ -17,3 +17,18 @@ variable "cname_record" {
   type        = string
   description = "The CNAME record used by the Cloudflared tunnel"
 }
+
+variable "acme_reg_email" {
+  type        = string
+  description = "The registration email for the TLS certificates"
+}
+
+variable "domain_name" {
+  type        = string
+  description = "The domain name (common name) for the TLS certificates ex. example.com"
+}
+
+variable "fqdn" {
+  type        = string
+  description = "The Fully Qualified Domain Name (alt name) ex. subdomain.example.com"
+}