Last active
August 8, 2019 20:28
-
-
Save jonmbake/c708ee273178d4591a5c6e1119484166 to your computer and use it in GitHub Desktop.
Ansible Playbook for Local Provisioning of Matomo on Ubuntu 18.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hosts: local | |
| connection: local | |
| become: yes | |
| become_user: root | |
| vars_files: | |
| - local_vars.yml | |
| pre_tasks: | |
| - raw: apt -y update && apt install -y python-apt | |
| tasks: | |
| - name: Install Apache, PHP, MySQL, Unzip | |
| apt: | |
| pkg: | |
| - apache2 | |
| - php7.2 | |
| - php7.2-curl | |
| - php7.2-gd | |
| - php7.2-cli | |
| - mysql-server | |
| - php7.2-mysql | |
| - php7.2-xml | |
| - php7.2-mbstring | |
| - python-mysqldb | |
| - unzip | |
| force_apt_get: true | |
| update_cache: yes | |
| - name: Upgrade all packages to the latest version | |
| apt: | |
| name: "*" | |
| state: latest | |
| force_apt_get: true | |
| - name: Firewall | Allow outgoing | |
| ufw: | |
| direction: outgoing | |
| policy: allow | |
| - name: Firewall | Deny incoming | |
| ufw: | |
| direction: incoming | |
| policy: deny | |
| - name: Firewall | Limit SSH | |
| ufw: | |
| rule: limit | |
| port: ssh | |
| proto: tcp | |
| - name: Firewall | Open port 443 | |
| ufw: | |
| rule: allow | |
| port: '443' | |
| proto: tcp | |
| - name: Firewall | Enable | |
| ufw: | |
| state: enabled | |
| - name: Enable Apache SSL module | |
| apache2_module: | |
| state: present | |
| name: ssl | |
| # TO DO - Use custom apache template | |
| - name: Enable default Apache SSL site | |
| command: a2ensite default-ssl | |
| - name: Add certbot repo | |
| apt_repository: | |
| repo: ppa:certbot/certbot | |
| state: present | |
| - name: Install Certbot | |
| apt: | |
| pkg: | |
| - certbot | |
| - python-certbot-apache | |
| force_apt_get: true | |
| # - name: Invoke Certbot | |
| # command: certbot --apache -n --agree-tos -m {{ certificate_contact_email }} -d {{ certificate_domain }} | |
| - name: Start MySQL | |
| service: | |
| name: mysql | |
| state: started | |
| enabled: yes | |
| - name: Create Matomo database | |
| mysql_user: | |
| name: "{{ db_username }}" | |
| password: "{{ db_password }}" | |
| priv: '*.*:ALL' | |
| state: present | |
| - name: Check if Matomo is installed | |
| stat: | |
| path: /var/www/html/matomo | |
| register: matomo_install | |
| - name: Download Matomo | |
| get_url: | |
| url: https://builds.matomo.org/matomo.zip | |
| dest: /tmp | |
| when: matomo_install.stat.exists == false | |
| - name: Extract matomo.zip | |
| unarchive: | |
| src: /tmp/matomo.zip | |
| dest: /var/www/html | |
| when: matomo_install.stat.exists == false | |
| - name: Set proper Apache owner/group | |
| file: | |
| path: /var/www/html | |
| state: directory | |
| recurse: yes | |
| owner: www-data | |
| group: www-data | |
| - name: Configure php.ini | |
| lineinfile: | |
| path: /etc/php/7.2/apache2/php.ini | |
| regexp: '^;always_populate_raw_post_data = -1' | |
| line: 'always_populate_raw_post_data = -1' | |
| when: matomo_install.stat.exists == false | |
| - name: Start Apache | |
| service: | |
| name: apache2 | |
| state: started | |
| enabled: yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment