Created
September 1, 2013 05:16
-
-
Save brianly/6402488 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| ### CONFIGURE REPOSITORIES ### | |
| - name: install python-software-properties | |
| action: apt name='python-software-properties' state=installed | |
| - name: "add nginx ppa if ubuntu 10.04 and up" | |
| action: apt_repository repo=ppa:nginx/stable | |
| only_if: "$is_ubuntu and $is_10_up" | |
| - name: update apt repo | |
| action: apt update-cache=yes | |
| ### HOSTS ### | |
| - name: set hosts | |
| lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 $hostname' owner=root group=root mode=0644 | |
| - name: set hostname | |
| action: template src='nginx/templates/hostname' dest='/etc/hostname' backup=no | |
| ### SSH ### | |
| - name: Disallow password authentication | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" owner=root group=root mode=0600 | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^.PasswordAuthentication" line="PasswordAuthentication no" owner=root group=root mode=0600 | |
| notify: restart sshd | |
| ### TOOLS ### | |
| - name: install base packages | |
| action: apt name=$item state=installed | |
| with_items: | |
| - php5 | |
| - curl | |
| - htop | |
| - ack-grep | |
| - python-pip | |
| - sendmail | |
| ### IPTABLES ### | |
| - name: install iptables | |
| action: apt name=iptables state=installed | |
| action: apt name=iptables-persistent state=installed | |
| - name: service iptables-persistent | |
| action: service name=iptables-persistent state=started | |
| - name: write iptables rules | |
| action: copy src=nginx/files/rules.v4 dest=/etc/iptables/rules.v4 owner=root group=root mode=0600 backup=yes | |
| notify: | |
| - restart iptables | |
| ### NGINX + PHP ### | |
| - name: install nginx | |
| action: apt name=$item state=installed | |
| with_items: | |
| - nginx | |
| - php5-cli | |
| - php5-cgi | |
| - spawn-fcgi | |
| - psmisc | |
| - name: service nginx | |
| action: service name=nginx state=stopped | |
| - name: delete default nginx site | |
| file: path=/etc/nginx/sites-available/default state=absent | |
| file: path=/var/www state=absent | |
| file: path=/var/www state=directory owner=root group=www-data mode=0755 | |
| - name: deploy php test file | |
| action: copy src=nginx/files/test.php dest=/var/www/test.php owner=root group=www-data mode=0755 | |
| - name: deploy html test file | |
| action: template src=nginx/templates/index.html dest=/var/www/index.html owner=root group=www-data mode=0755 | |
| - name: copy fixed init for nginx | |
| action: copy src=nginx/files/nginx.init dest=/etc/init.d/nginx mode=0755 backup=yes | |
| - name: push php-fastcgi files | |
| action: copy src=nginx/files/php-fastcgi.sh dest=/usr/bin/php-fastcgi owner=root group=root mode=0755 | |
| - name: push php-fastcgi init files | |
| action: copy src=nginx/files/php-fastcgi.init dest=/etc/init.d/php-fastcgi owner=root group=root mode=0755 | |
| - name: configure php-fastcgi | |
| action: command chmod +x /usr/bin/php-fastcgi | |
| action: command chmod +x /etc/init.d/php-fastcgi | |
| action: command update-rc.d php-fastcgi defaults | |
| notify: | |
| - restart php-fastcgi | |
| - name: write nginx.conf | |
| action: template src=nginx/templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf backup=yes | |
| action: template src=nginx/templates/default dest=/etc/nginx/sites-available/default backup=no | |
| notify: | |
| - restart php-fastcgi | |
| - restart nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment