stable single wp

hosts.ini

@@ -0,0 +1,2 @@
+psmcentral ansible_host=159.69.47.163
+

provision.yml

@@ -0,0 +1,9 @@
+---
+- name: Provision PSM Server
+  hosts: psmcentral
+  remote_user: root
+  roles:
+          - wordpress
+  vars_files:
+          - ./vars.yml
+

roles/wordpress/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: Restart Apache
+  service:
+          name: apache2
+          state: restarted
+          enabled: yes
+

roles/wordpress/tasks/letsencrypt.yml

@@ -0,0 +1,91 @@
+- name: "Create required directories in /etc/letsencrypt"
+  file:
+          path: "/etc/letsencrypt/{{ item }}"
+          state: directory
+          owner: root
+          group: root
+          mode: u=rwx,g=x,o=x
+  with_items:
+          - account
+          - certs
+          - csrs
+          - keys
+
+- name: "Generate a Let's Encrypt account key"
+  shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi"
+  args:
+          creates: "{{ letsencrypt_account_key }}"
+
+- name: "Generate Let's Encrypt private key"
+  shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ site_url }}.key"
+
+- name: "Generate Let's Encrypt CSR"
+  shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ site_url }}.key -subj \"/CN={{ site_url }}\" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf \"\n[SAN]\nsubjectAltName=DNS:{{ site_url }}\")) | sudo tee /etc/letsencrypt/csrs/{{ site_url }}.csr"
+  args:
+          executable: /bin/bash
+
+- name: "Begin Let's Encrypt challenges"
+  letsencrypt:
+          acme_directory: "{{ acme_directory }}"
+          acme_version: "{{ acme_version }}"
+          account_key_src: "{{ letsencrypt_account_key }}"
+          account_email: "{{ admin_email }}"
+          terms_agreed: 1
+          challenge: "{{ acme_challenge_type }}"
+          csr: "{{ letsencrypt_csrs_dir }}/{{ site_url }}.csr"
+          dest: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt"
+          fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ site_url }}.crt"
+          remaining_days: 91
+          force: yes
+  register: acme_challenge_domain
+
+- name: "Create .well-known/acme-challenge directory"
+  file:
+          path: /var/www/html/{{ site_url }}/.well-known/acme-challenge
+          state: directory
+          owner: root
+          group: root
+          mode: u=rwx,g=rx,o=rx
+
+- name: "Implement http-01 challenge files"
+  copy:
+          content: "{{ acme_challenge_domain['challenge_data'][item]['http-01']['resource_value'] }}"
+          dest: "/var/www/html/{{ acme_challenge_domain['challenge_data'][item]['http-01']['resource'] }}"
+          owner: root
+          group: root
+          mode: u=rw,g=r,o=r
+  with_items:
+          - "{{ site_url }}"
+  when: acme_challenge_domain['challenge_data'][item] is defined
+
+- name: "Use challenge Apache conf"
+  template:
+          src: apache-challenge-site.conf
+          dest: /etc/apache2/sites-available/{{ site_url }}.conf
+          owner: root
+          group: root
+          mode: u=rw,g=r,o=r
+
+- name: "Enable site"
+  shell: a2ensite {{ site_url }}
+
+- name: "Restart Apache"
+  service:
+          name: apache2
+          state: restarted
+
+- name: "Complete Let's Encrypt challenges"
+  letsencrypt:
+          acme_directory: "{{ acme_directory }}"
+          acme_version: "{{ acme_version }}"
+          account_key_src: "{{ letsencrypt_account_key }}"
+          account_email: "{{ admin_email }}"
+          challenge: "{{ acme_challenge_type }}"
+          csr: "{{ letsencrypt_csrs_dir }}/{{ site_url }}.csr"
+          dest: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt"
+          chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ site_url }}.crt"
+          fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ site_url }}"
+          data: "{{ acme_challenge_domain }}"
+          force: yes
+
+ 

roles/wordpress/tasks/main.yml

@@ -0,0 +1,38 @@
+- name: Install LAMP stack
+  apt:
+          name: apache2, php, libapache2-mod-php, php-mysql, mariadb-server 
+          state: present
+          update_cache: true
+
+- name: Install Wordpress Pre-Reqs
+  apt:
+          name: php-curl, php-imagick, php-json, php-mbstring, php-xml, php-zip, php-gd, ghostscript, imagemagick
+          state: present
+
+- name: Check Certificate Modify Dates
+  stat:
+          path: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt"
+  register: stat_results
+
+- name: Get LetsEncrypt Certificates
+  import_tasks: letsencrypt.yml
+  when: ((ansible_date_time.epoch|int - stat_results.stat.mtime) > (90 * 60 * 60 * 24))
+
+- name: Copy Apache config
+  template:
+          src: apache-site.conf
+          dest: /etc/apache2/sites-available/{{ site_url }}.conf
+          owner: root
+          group: root
+          mode: u=rw,g=r,o=r
+
+- name: Enable Apache Modules
+  shell: a2enmod ssl rewrite
+  notify:
+          - Restart Apache
+
+- name: Enable Apache site
+  shell: a2ensite {{ site_url }}
+  notify:
+          - Restart Apache
+

roles/wordpress/templates/apache-challenge-site.conf

@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+	ServerName {{ site_url }}
+	ServerAdmin {{ admin_email }}
+	DocumentRoot /var/www/html/{{ site_url }}
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+

roles/wordpress/templates/apache-site.conf

@@ -0,0 +1,23 @@
+<VirtualHost *:80>
+        ServerName {{ site_url }}
+        Redirect permanent / https://{{ site_url }}/
+</VirtualHost>
+<VirtualHost *:443>
+        ServerName {{ site_url }}
+        DocumentRoot /var/www/html/{{ site_url }}
+
+        <Directory "/var/www/html/{{ site_url }}">
+                Order Allow,Deny
+                Allow from All
+                AllowOverride All
+                Require all granted
+        </Directory>
+
+        SSLEngine on
+        SSLCertificateFile "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt"
+        SSLCertificateKeyFile "/etc/letsencrypt/keys/{{ site_url }}.key"
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+

vars.yml

@@ -0,0 +1,15 @@
+---
+site_url: psm.msolidariti.org
+admin_email: naresh@msolidariti.org
+
+# LetsEncrypt Configuration
+
+acme_challenge_type: http-01
+acme_directory: https://acme-v02.api.letsencrypt.org/directory
+acme_version: 2
+letsencrypt_dir: /etc/letsencrypt
+letsencrypt_keys_dir: /etc/letsencrypt/keys
+letsencrypt_csrs_dir: /etc/letsencrypt/csrs
+letsencrypt_certs_dir: /etc/letsencrypt/certs
+letsencrypt_account_key: /etc/letsencrypt/account/account.key
+