Merge branch 'sifi'

Reviewed-on: #9

ansible/inventories/externals.yaml

@@ -1,5 +1,9 @@
+---
 externals:
     children:
+      nextcloud:
+        hosts:
+          c-service.sse.cloud.isti.cnr.it
       rup_tests:
         hosts:
           liquid:

ansible/inventories/group_vars/automotive/automotive.yaml

@@ -1,30 +1,31 @@
 ---
-#Common Docker 
-docker_network_name: wp_net
+# Docker 
+wordpress_docker_tag: 7.0.0-php8.2-apache
+mysql_docker_tag: 9.7.0
+nginx_docker_tag: 1.31.1
+
 docker_base_volume_path: /usr/data/wp
 
 
 # MYSQL Docker 
-mysql_docker_tag: 9.7.0
-docker_mysql_hostname: web_db
-
-db_name: automotive_test_db
-db_user: automotive_test_db_u
+db_name: automotive_db
+db_user: automotive_db_u
 db_password:  "{{ automotive_mysql_user_password }}"
 db_root_password: "{{ automotive_mysql_root_password }}"
 
 
 #NGINX Docker 
-nginx_docker_tag: 1.31.1
 nginx_server_name: automotive.sse.cloud.isti.cnr.it
 ssl: true
 
-#WORDPRESS Docker
-wordpress_docker_tag: 7.0.0-php8.2-apache
-docker_wordpress_hostname: automotive_test
 
-#CERTBOT for letsencrypt
-certbot_create_method: webroot
+# WORDPRESS
+wordpress_debug : true
+wordpress_debug_log: true
+
+
+#******* CERTBOT for letsencrypt
+certbot_create_method: standalone
 certbot_create_if_missing: true
 certbot_admin_email: fabio.sinibaldi@isti.cnr.it
 
@@ -35,5 +36,5 @@ certbot_certs:
     - "{{ nginx_server_name }}"
 
 #Certbot verbose level
-certbot_create_extra_args: "-vvv --force-renewal"
+certbot_create_extra_args: "-vvv"
 certbot_testmode: false

ansible/inventories/group_vars/wireguard_server/sifi.yaml

@@ -8,5 +8,8 @@ wg_server_address: 192.168.99.1/32
 
 wg_peers:  
   - name: fabio_test
-    publicKey: "dzODOKndtafZSf2GqvClFdxrpwyNJnZ/AsZkNl+ovEE="
-    allowedIP: "192.168.99.4/32"
+    publicKey: "byR/8T9AZK2t1cxDCLVzdLXsxcUPRXA06CnfI8gwQyY="
+    allowedIP: "192.168.99.4/32"
+  - name: lucio
+    publicKey: "IifwTYaBMoL3IhAHHplyuVMCir7PHNT57cP57RvEIwg="
+    allowedIP: "192.168.99.3/32"

ansible/inventories/sifi.yaml

@@ -2,22 +2,22 @@
 # SIFI
 sifi:
   children:
-    opn:
-      hosts:
-        sifi_opnsense.sifi.isti.cnr.it:
+    #opn:
+      #hosts:
+        # sifi_opnsense.sifi.isti.cnr.it:
         # ns1.sifi.isti.cnr.it:
         # ansible_host:  146.48.108.51 #[WAN public ip]
         # ansible_host: 10.20.30.111
     wireguard_server:
       hosts:
-        wireguarder.sifi.isti.cnr.it:
+        vpn-1.sifi.sse.cloud.isti.cnr.it:
         #  ansible_host: 146.48.108.13
-    nameserver:
-      hosts:
-        ns1.sifi.isti.cnr.it:
-          ansible_host: 146.48.108.51
+    # nameserver:
+    #   hosts:
+        #ns1.sifi.isti.cnr.it:
+        #  ansible_host: 146.48.108.51
           # dns1.internal.sifi.isti.cnr.it:
           #  ansible_host: 10.11.12.11
     workers:
       hosts:
-        worker1.internal.sifi.isti.cnr.it:
+        dev-1.sifi.sse.cloud.isti.cnr.it:

ansible/inventories/vlab1.yaml

@@ -0,0 +1,12 @@
+---
+vlab-1:
+  children:
+    wireguard_server:
+      hosts:
+        vpn-1.sse.cloud.isti.cnr.it: 
+    nextcloud:
+      hosts:
+        b-service_2:
+          ansible_host: 10.22.2.77
+        b-service_1:
+          ansible_host: 10.22.1.145

ansible/playbooks/docker_deploy_image.yaml

@@ -0,0 +1,29 @@
+---
+- name: Create and run container
+  hosts: all
+  become : true
+  vars:
+    image_name: ubuntu
+    image_tag: latest
+    image_hostname: ubuntu
+    image_network:
+      - wp_net
+    image_volumes:
+      - "/usr/data/wp/wordpress/:/var/www"
+
+
+  tasks:
+  - name: Pull Image
+    docker_image:
+      name: "{{ image_name }}:{{ image_tag }}"
+      source: pull
+
+  - name: Create container with pulled image
+    docker_container:
+      name: "{{ image_name }}"
+      image: "{{ image_name }}"
+      networks:
+        - name: "{{ image_network }}"
+      hostname: "{{ image_hostname }}"
+      volumes: "{{image_volumes}}"
+      restart: true

ansible/playbooks/misc_tests.yaml

@@ -0,0 +1,9 @@
+---
+- name: Misc tests
+  hosts: web
+
+  tasks:
+    - name: Using dict2items
+      ansible.builtin.debug:
+        msg: "{{ item.name }}"
+      loop: "{{ certbot_certs }}"

ansible/playbooks/nextcloud.yaml

@@ -1,17 +1,8 @@
 ---
 - name: Install Nextcloud AIO Docker
-  hosts: all
+  hosts: nextcloud
   become: true
-  vars:
-    pip_install_packages:
-      - name: docker
-    docker_version: "=5:28.2.2-1~ubuntu.24.04~noble"
-    docker_users:
-      - fabio
-      - ansible
-
 
   roles: 
-    - geerlingguy.pip
     - geerlingguy.docker
-    # - nextcloud_aio
+    - nextcloud_aio

ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml

@@ -1,16 +1,9 @@
 ---
-# Need to stop using port 80 for certbot webroot validation
-- name: Gathering NGINX container state
-  docker_container_info:
-    name: nginx
-  register: nginx_info
-
-- name: Stop NGINX if present
+# Stop NGINX
+- name: Stop NGINX 
   docker_container:
     name: nginx
     state: stopped
-  when: 
-    - nginx_info.exists
 
 # Manage certbot
 
@@ -18,6 +11,7 @@
   include_role:
     name: geerlingguy.certbot
 
+
 - name: Copy fullchain files to nginx volume
   ansible.builtin.copy:
     src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
@@ -54,9 +48,7 @@
     - "/etc/letsencrypt/renewal-hooks/pre/stop_services"
     - "/etc/letsencrypt/renewal-hooks/post/start_services"
 
-
-# Installs dockered NGINX if needed and start it 
-
-- name: Installing and (Re)starting NGINX
-  include_role:
-    name: chrissayon.wordpress_docker.nginx
+# Start NGINX
+- name: Start NGINX
+  docker_container:
+    name: nginx

ansible/playbooks/roles/docker-certbot/tasks/main.yaml

@@ -8,8 +8,11 @@
   docker_container:
     name: certbot
     image: certbot/certbot
+    command: "certonly --standalone --non-interactive -v --dry-run -d {{ nginx_server_name}} --agree-tos -m {{ certbot_domain_mail }}"
     networks:
       - name: "{{ docker_network_name }}"
+    ports: 
+      - "81:80"
     hostname: certbot
     volumes:
       - "{{ docker_base_volume_path }}/certbot/logs:/var/log/letsencrypt"

ansible/playbooks/roles/docker/defaults/main.yml

@@ -1,3 +1,3 @@
-#SPDX-License-Identifier: MIT-0
----
-# defaults file for docker
+docker_version: "*.*.*"
+docker_sudo_users: []
+

ansible/playbooks/roles/nextcloud_aio/defaults/main.yaml

@@ -0,0 +1,4 @@
+nextcloud_docker_image_name: "ghcr.io/nextcloud-releases/all-in-one"
+nextcloud_docker_image_tag: latest
+nextcloud_docker_skip_domain_validation: "true"
+nextcloud_docker_mastercontainer_volume_dir: /usr/data/nextcloud_aio_mastercontainer

ansible/playbooks/roles/nextcloud_aio/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-  - role: docker

ansible/playbooks/roles/nextcloud_aio/tasks/nextcloud_docker_aio.yaml

@@ -1,18 +1,31 @@
 ---
-- name: Create volumes 
-  debug:
-    msg:
-    - "TODO!!!"
+- name: Pull docker image
+  docker_image:
+    name: "{{ nextcloud_docker_image_name }}"
+    tag: "{{ nextcloud_docker_image_tag }}"
+    source: pull
 
-- name: Download compose file 
-  become: true
-  become_user: docker
-  ansible.builtin.git:
-    repo: "https://gitea-s2i2s.isti.cnr.it/sinibaldi/SSE-Lab"
-    dest: SSE-Lab
+- name: Create Master Container volume dir
+  file:
+    path: "{{ nextcloud_docker_mastercontainer_volume_dir }}"
+    state: directory
+    mode: "0766"
 
-- name: create and start docker compose services
-  become: true
-  become_user: docker
-  community.docker.docker_compose_v2:
-    project_src: ~/SSE-Lab/dockerized/nextcloud-aio/compose.yaml
+- name: Create container
+  docker_container:
+    name: nextcloud-aio-mastercontainer
+    image: "{{ nextcloud_docker_image_name }}"
+    ports:
+      - "8080:8080"
+      - "80:80"
+      - "8443:8443"
+    env:
+      APACHE_PORT: "443"
+      APACHE_IP_BINDING: "0.0.0.0"
+      APACHE_ADDITIONAL_NETWORK: ""
+      SKIP_DOMAIN_VALIDATION: "{{ nextcloud_docker_skip_domain_validation }}"
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart_policy : "always"
+    init : true

ansible/playbooks/roles/wordpress-docker/defaults/main.yaml

@@ -0,0 +1,27 @@
+---
+wordpress_docker_tag: latest
+nginx_docker_tag: latest
+mysql_docker_tag: latest
+
+docker_network_name: wordpress_network
+docker_wordpress_hostname: wordpress_host
+docker_nginx_hostname: nginx_host
+docker_mysql_hostname: mysql_host
+
+docker_base_volume_path: /home/wordpress_docker
+
+
+nginx_server_name: default_server
+ssl: false
+
+db_name: wordpress_database
+db_user: wordpress_user
+db_password: wordpress_password
+db_root_password: wordpress_rootpassword
+
+wordpress_debug : false
+wordpress_debug_log: false
+
+
+
+

ansible/playbooks/roles/wordpress-docker/tasks/main.yml

@@ -0,0 +1,57 @@
+---
+- name: Pull docker images
+  docker_image:
+    name: "{{ item.name }}"
+    tag: "{{ item.tag }}"
+    source: pull
+  loop:
+    - name : wordpress
+      tag: "{{ wordpress_docker_tag }}"
+    - name: mysql
+      tag : "{{ mysql_docker_tag }}"
+    - name: nginx
+      tag : "{{ nginx_docker_tag }}"
+    
+
+- name: Create docker network
+  docker_network:
+    name: "{{ docker_network_name }}"
+    state: present
+
+
+- name: Create container with mysql image
+  docker_container:
+    name: mysql
+    image: mysql
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_mysql_hostname }}"
+    env:
+      MYSQL_DATABASE: "{{ db_name }}"
+      MYSQL_USER: "{{ db_user }}"
+      MYSQL_PASSWORD: "{{ db_password }}"
+      MYSQL_ROOT_PASSWORD: "{{ db_root_password }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/temp_db_data:/var/tmp"
+
+
+- name: Create container with Wordpress image
+  docker_container:
+    name: wordpress
+    image: wordpress
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_wordpress_hostname }}"
+    env:
+      WORDPRESS_DB_HOST: "{{ docker_mysql_hostname }}"
+      WORDPRESS_DB_NAME: "{{ db_name }}"
+      WORDPRESS_DB_USER: "{{ db_user }}"
+      WORDPRESS_DB_PASSWORD: "{{ db_password }}"
+      WORDPRESS_DEBUG: " {{ wordpress_debug }} "
+      WORDPRESS_DEBUG_LOG: " {{ wordpress_debug_log }} "
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+    restart: true
+
+- include_tasks: nginx.yaml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml

@@ -0,0 +1,18 @@
+---
+- name: Create conf folder to put nginx folder
+  ansible.builtin.file:
+    path: "{{ docker_base_volume_path }}/nginx/conf"
+    state: directory
+    mode: "0755"
+
+- name: Copy nginx.conf to server
+  template:
+    src: templates/nginx.j2
+    dest: "{{ docker_base_volume_path }}/nginx/conf/nginx.conf"
+
+
+- include_tasks: nginx_http.yml
+  when: ssl is false
+
+- include_tasks: nginx_https.yml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml

@@ -0,0 +1,15 @@
+---
+- name: Start Nginx Container (HTTP)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+    restart: true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml

@@ -0,0 +1,17 @@
+---
+- name: Start Nginx Container (HTTPS)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+      - "{{ docker_base_volume_path }}/nginx/ssl:/etc/nginx/ssl/:ro"
+    restart: true

ansible/playbooks/roles/wordpress-docker/templates/nginx.j2

@@ -15,13 +15,22 @@ server {
     root   /var/www/html;
     index  index.php;
 
-
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
+    # Needed to upload backups 
 
     client_max_body_size 40M;
 
 
+    # Try to support website restore plugin 
+
+    proxy_read_timeout 600s;
+    keepalive_timeout 600s;
+
+
+
+     ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
+
+
     location / {
         proxy_pass http://{{ docker_wordpress_hostname }}:80;
         proxy_set_header Host $host;
@@ -29,4 +38,5 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
+
 }

ansible/playbooks/wordpress.yaml

@@ -2,12 +2,9 @@
 - name: Install and configure Wordpress
   hosts: web
   become : True
-  collections:
-    - chrissayon.wordpress_docker
+  
 
   roles:
     - geerlingguy.docker
-    - chrissayon.wordpress_docker.network
-    - chrissayon.wordpress_docker.mysql
-    - chrissayon.wordpress_docker.wordpress
+    - wordpress-docker
     - certbot

ansible/requirements.yml

@@ -1,6 +1,10 @@
 # requirements.yml
 ---
 roles:
+  - name: githubixx.ansible_role_wireguard
+    src: https://github.com/githubixx/ansible-role-wireguard.git
+    version: 19.0.0
+
   # - name: bodsch.dns.bind
   #   version: