---
- name: ensure the wordpress package is installed
apt:
name:
- wordpress
- wordpress-l10n
state: present
install_recommends: false
tags:
- wordpress
- webservices
- name: "ensure group for {{ wordpress_name }} exists"
group:
name: "{{ wordpress_user }}"
state: present
system: true
tags:
- wordpress
- webservices
- name: "ensure user for {{ wordpress_name }} exists"
user:
name: "{{ wordpress_user }}"
group: "{{ wordpress_group }}"
state: present
system: true
shell: /usr/bin/nologin
home: "{{ wordpress_web_root }}"
createhome: false
tags:
- wordpress
- webservices
- name: "ensure the wordpress folders for {{ wordpress_name }} exists"
file:
state: directory
mode: "u=rx,g=rx,o="
owner: "{{ wordpress_user }}"
group: "www-data"
path: "{{ wordpress_web_root }}/{{ item }}"
with_items:
- "{{ wordpress_name }}-files"
- "{{ wordpress_name }}"
tags:
- wordpress
- webservices
- name: Create overlayfs workdir for {{ wordpress_name }}
file:
state: directory
mode: '0700'
owner: root
group: root
path: "{{ wordpress_web_root }}/{{ wordpress_name }}-workdir"
tags:
- wordpress
- webservices
# yamllint disable-line rule:line-length
- name: "ensure local folders without write permissions for {{ wordpress_name }} exist"
file:
state: directory
mode: "u=rx,g=rx,o="
owner: "{{ wordpress_user }}"
group: "www-data"
path: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/{{ item }}"
with_items:
- wp-content
tags:
- wordpress
- webservices
# yamllint disable-line rule:line-length
- name: "ensure local folders with write permissions for {{ wordpress_name }} exist"
file:
state: directory
mode: "2750"
owner: "{{ wordpress_user }}"
group: "www-data"
path: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/{{ item }}"
with_items:
- wp-content/blogs.dir
- wp-content/uploads
- wp-content/plugins
- wp-content/themes
- wp-content/upgrade
tags:
- wordpress
- webservices
# yamllint disable-line rule:line-length
- name: "ensure the directories for {{ wordpress_name }} are mounted above each other"
mount:
state: mounted
fstype: overlay
path: "{{ wordpress_web_root }}/{{ wordpress_name }}"
# yamllint disable-line rule:line-length
opts: "upperdir={{ wordpress_web_root }}/{{ wordpress_name }}-files/,lowerdir=/usr/share/wordpress,workdir={{ wordpress_web_root }}/{{ wordpress_name }}-workdir"
src: none
tags:
- wordpress
- webservices
- name: "ensure the config for {{ wordpress_name }} exists"
template:
src: wp-config.php.j2
dest: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/wp-config.php"
tags:
- wordpress
- webservices
- name: "get randomness for secrets for {{ wordpress_name }}"
set_fact:
wordpress_secrets_1: "{{ (2**2048)|random }}"
wordpress_secrets_2: "{{ (2**2048)|random }}"
wordpress_secrets_3: "{{ (2**2048)|random }}"
wordpress_secrets_4: "{{ (2**2048)|random }}"
wordpress_secrets_5: "{{ (2**2048)|random }}"
wordpress_secrets_6: "{{ (2**2048)|random }}"
wordpress_secrets_7: "{{ (2**2048)|random }}"
wordpress_secrets_8: "{{ (2**2048)|random }}"
- name: "ensure the secrets for {{ wordpress_name }} exist"
template:
src: secrets.php.j2
dest: "{{ wordpress_web_root }}/{{ wordpress_name }}-files/secrets.php"
force: false
tags:
- wordpress
- webservices
# yamllint disable-line rule:line-length
- name: "ensure wordpress can access javascript files that debian places somewhere else"
file:
src: /usr/share/javascript
dest: "{{ wordpress_web_root }}/javascript"
state: link
tags:
- wordpress
- webservices
- import_tasks: mysql.yml