From 9cfec2808a609b0bd40279846181b72da186abbf Mon Sep 17 00:00:00 2001 From: Thomas Schulze Date: Fri, 23 Feb 2024 12:49:35 +0100 Subject: [PATCH] migrate to ansible --- .rubocop.yml | 11 -- .vendor/.gitignore | 2 - Berksfile | 13 --- Berksfile.lock | 28 ----- base.yaml => baseimage.yaml | 0 chefignore | 107 ------------------ cookbooks/aws_codedeploy/LICENSE | 16 --- cookbooks/aws_codedeploy/README.md | 3 - cookbooks/aws_codedeploy/metadata.rb | 13 --- cookbooks/aws_codedeploy/recipes/default.rb | 26 ----- cookbooks/aws_ssm/LICENSE | 16 --- cookbooks/aws_ssm/README.md | 3 - cookbooks/aws_ssm/metadata.rb | 13 --- cookbooks/aws_ssm/recipes/default.rb | 26 ----- cookbooks/common/LICENSE | 16 --- cookbooks/common/README.md | 3 - cookbooks/common/files/locale.gen | 2 - cookbooks/common/metadata.rb | 11 -- cookbooks/common/recipes/default.rb | 53 --------- cookbooks/mozjpeg/README.md | 0 cookbooks/mozjpeg/files/installer.sh | 14 --- cookbooks/mozjpeg/metadata.rb | 11 -- cookbooks/mozjpeg/recipes/default.rb | 16 --- cookbooks/unattended-upgrades/LICENSE | 16 --- cookbooks/unattended-upgrades/README.md | 3 - .../unattended-upgrades/files/10periodic | 2 - .../files/50unattended-upgrades | 61 ---------- .../files/apt-daily-upgrade.timer | 14 --- cookbooks/unattended-upgrades/metadata.rb | 11 -- .../unattended-upgrades/recipes/default.rb | 25 ---- cookbooks/unattended_upgrades/LICENSE | 16 --- cookbooks/unattended_upgrades/README.md | 3 - .../unattended_upgrades/files/10periodic | 2 - .../files/50unattended-upgrades | 61 ---------- .../files/apt-daily-upgrade.timer | 14 --- cookbooks/unattended_upgrades/metadata.rb | 11 -- .../unattended_upgrades/recipes/default.rb | 25 ---- cookbooks/useraccounts/LICENSE | 16 --- cookbooks/useraccounts/README.md | 4 - cookbooks/useraccounts/files/authorized_keys | 1 - cookbooks/useraccounts/files/sudoers | 1 - cookbooks/useraccounts/metadata.rb | 11 -- cookbooks/useraccounts/recipes/default.rb | 44 ------- cookbooks/web/LICENSE | 16 --- cookbooks/web/README.md | 6 - cookbooks/web/metadata.rb | 13 --- cookbooks/web/recipes/ondrej.rb | 16 --- cookbooks/web/recipes/php74.rb | 75 ------------ cookbooks/web/recipes/php81.rb | 76 ------------- cookbooks/web/recipes/php82.rb | 76 ------------- packer.pkr.hcl | 82 ++++++++------ roles/mozjpeg/files/installer.sh | 7 +- roles/mozjpeg/tasks/main.yaml | 19 +++- .../web => roles/nginx}/files/nginx.conf | 0 .../nginx}/files/snippets/alb-health.conf | 0 .../nginx}/files/snippets/autoversioning.conf | 0 .../nginx}/files/snippets/compression.conf | 0 .../nginx}/files/snippets/cors.conf | 0 .../files/snippets/security-headers.conf | 0 roles/nginx/tasks/main.yaml | 40 +++++++ roles/php/tasks/main.yaml | 32 ++++++ webserver.yaml | 9 ++ 62 files changed, 146 insertions(+), 1065 deletions(-) delete mode 100644 .rubocop.yml delete mode 100644 .vendor/.gitignore delete mode 100644 Berksfile delete mode 100644 Berksfile.lock rename base.yaml => baseimage.yaml (100%) delete mode 100644 chefignore delete mode 100644 cookbooks/aws_codedeploy/LICENSE delete mode 100644 cookbooks/aws_codedeploy/README.md delete mode 100644 cookbooks/aws_codedeploy/metadata.rb delete mode 100644 cookbooks/aws_codedeploy/recipes/default.rb delete mode 100644 cookbooks/aws_ssm/LICENSE delete mode 100644 cookbooks/aws_ssm/README.md delete mode 100644 cookbooks/aws_ssm/metadata.rb delete mode 100644 cookbooks/aws_ssm/recipes/default.rb delete mode 100644 cookbooks/common/LICENSE delete mode 100644 cookbooks/common/README.md delete mode 100644 cookbooks/common/files/locale.gen delete mode 100644 cookbooks/common/metadata.rb delete mode 100644 cookbooks/common/recipes/default.rb delete mode 100644 cookbooks/mozjpeg/README.md delete mode 100644 cookbooks/mozjpeg/files/installer.sh delete mode 100644 cookbooks/mozjpeg/metadata.rb delete mode 100644 cookbooks/mozjpeg/recipes/default.rb delete mode 100644 cookbooks/unattended-upgrades/LICENSE delete mode 100644 cookbooks/unattended-upgrades/README.md delete mode 100644 cookbooks/unattended-upgrades/files/10periodic delete mode 100644 cookbooks/unattended-upgrades/files/50unattended-upgrades delete mode 100644 cookbooks/unattended-upgrades/files/apt-daily-upgrade.timer delete mode 100644 cookbooks/unattended-upgrades/metadata.rb delete mode 100644 cookbooks/unattended-upgrades/recipes/default.rb delete mode 100644 cookbooks/unattended_upgrades/LICENSE delete mode 100644 cookbooks/unattended_upgrades/README.md delete mode 100644 cookbooks/unattended_upgrades/files/10periodic delete mode 100644 cookbooks/unattended_upgrades/files/50unattended-upgrades delete mode 100644 cookbooks/unattended_upgrades/files/apt-daily-upgrade.timer delete mode 100644 cookbooks/unattended_upgrades/metadata.rb delete mode 100644 cookbooks/unattended_upgrades/recipes/default.rb delete mode 100644 cookbooks/useraccounts/LICENSE delete mode 100644 cookbooks/useraccounts/README.md delete mode 100644 cookbooks/useraccounts/files/authorized_keys delete mode 100644 cookbooks/useraccounts/files/sudoers delete mode 100644 cookbooks/useraccounts/metadata.rb delete mode 100644 cookbooks/useraccounts/recipes/default.rb delete mode 100644 cookbooks/web/LICENSE delete mode 100644 cookbooks/web/README.md delete mode 100644 cookbooks/web/metadata.rb delete mode 100644 cookbooks/web/recipes/ondrej.rb delete mode 100644 cookbooks/web/recipes/php74.rb delete mode 100644 cookbooks/web/recipes/php81.rb delete mode 100644 cookbooks/web/recipes/php82.rb rename {cookbooks/web => roles/nginx}/files/nginx.conf (100%) rename {cookbooks/web => roles/nginx}/files/snippets/alb-health.conf (100%) rename {cookbooks/web => roles/nginx}/files/snippets/autoversioning.conf (100%) rename {cookbooks/web => roles/nginx}/files/snippets/compression.conf (100%) rename {cookbooks/web => roles/nginx}/files/snippets/cors.conf (100%) rename {cookbooks/web => roles/nginx}/files/snippets/security-headers.conf (100%) create mode 100644 roles/nginx/tasks/main.yaml create mode 100644 roles/php/tasks/main.yaml diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 15bc488..0000000 --- a/.rubocop.yml +++ /dev/null @@ -1,11 +0,0 @@ -Chef/Sharing/EmptyMetadataField: - Exclude: - - 'cookbooks/**/*' - -Chef/Sharing/InvalidLicenseString: - Exclude: - - 'cookbooks/**/*' - -Chef/Correctness/TmpPath: - Exclude: - - 'cookbooks/**/*' diff --git a/.vendor/.gitignore b/.vendor/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/.vendor/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/Berksfile b/Berksfile deleted file mode 100644 index eb7539a..0000000 --- a/Berksfile +++ /dev/null @@ -1,13 +0,0 @@ -source 'https://supermarket.chef.io' - -source 'https://supermarket.chef.io' - -def dependencies(path) - berks = "#{path}/Berksfile.in" - instance_eval(File.read(berks)) if File.exist?(berks) -end - -Dir.glob('./cookbooks/*').each do |path| - dependencies path - cookbook File.basename(path), path: path -end diff --git a/Berksfile.lock b/Berksfile.lock deleted file mode 100644 index deffdab..0000000 --- a/Berksfile.lock +++ /dev/null @@ -1,28 +0,0 @@ -DEPENDENCIES - aws_codedeploy - path: cookbooks/aws_codedeploy - aws_ssm - path: cookbooks/aws_ssm - common - path: cookbooks/common - mozjpeg - path: cookbooks/mozjpeg - unattended-upgrades - path: cookbooks/unattended-upgrades - useraccounts - path: cookbooks/useraccounts - web - path: cookbooks/web - -GRAPH - aws_codedeploy (1.0.0) - line (>= 0.0.0) - aws_ssm (1.0.0) - line (>= 0.0.0) - common (1.0.0) - line (4.4.4) - mozjpeg (1.0.0) - unattended-upgrades (1.0.0) - useraccounts (1.0.0) - web (1.0.0) - line (>= 0.0.0) diff --git a/base.yaml b/baseimage.yaml similarity index 100% rename from base.yaml rename to baseimage.yaml diff --git a/chefignore b/chefignore deleted file mode 100644 index 38e7379..0000000 --- a/chefignore +++ /dev/null @@ -1,107 +0,0 @@ -# Put files/directories that should be ignored in this file when uploading -# to a chef-server or supermarket. -# Lines that start with '# ' are comments. - -# OS generated files # -###################### -.DS_Store -Icon? -nohup.out -ehthumbs.db -Thumbs.db - -# SASS # -######## -.sass-cache - -# EDITORS # -########### -\#* -.#* -*~ -*.sw[a-z] -*.bak -REVISION -TAGS* -tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log - -## COMPILED ## -############## -a.out -*.o -*.pyc -*.so -*.com -*.class -*.dll -*.exe -*/rdoc/ - -# Testing # -########### -.watchr -.rspec -spec/* -spec/fixtures/* -test/* -features/* -examples/* -Guardfile -Procfile -.kitchen* -.rubocop.yml -spec/* -Rakefile -.travis.yml -.foodcritic -.codeclimate.yml - -# SCM # -####### -.git -*/.git -.gitignore -.gitmodules -.gitconfig -.gitattributes -.svn -*/.bzr/* -*/.hg/* -*/.svn/* - -# Berkshelf # -############# -Berksfile -Berksfile.lock -cookbooks/* -tmp - -# Policyfile # -############## -Policyfile.rb -Policyfile.lock.json - -# Cookbooks # -############# -CONTRIBUTING* -CHANGELOG* -TESTING* -MAINTAINERS.toml - -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer - -# Vagrant # -########### -.vagrant -Vagrantfile diff --git a/cookbooks/aws_codedeploy/LICENSE b/cookbooks/aws_codedeploy/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/aws_codedeploy/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/aws_codedeploy/README.md b/cookbooks/aws_codedeploy/README.md deleted file mode 100644 index 1e80732..0000000 --- a/cookbooks/aws_codedeploy/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# aws_codedeploy - -This cookbook installs the lates AWS CodeDeploy agent \ No newline at end of file diff --git a/cookbooks/aws_codedeploy/metadata.rb b/cookbooks/aws_codedeploy/metadata.rb deleted file mode 100644 index e2db5c3..0000000 --- a/cookbooks/aws_codedeploy/metadata.rb +++ /dev/null @@ -1,13 +0,0 @@ -name 'aws_codedeploy' -description 'Installs the AWS CodeDeploy agent' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' - -depends 'line' diff --git a/cookbooks/aws_codedeploy/recipes/default.rb b/cookbooks/aws_codedeploy/recipes/default.rb deleted file mode 100644 index 86504fd..0000000 --- a/cookbooks/aws_codedeploy/recipes/default.rb +++ /dev/null @@ -1,26 +0,0 @@ -# dependencys for the Codedeploy agent -package 'ruby' -package 'gdebi-core' - -remote_file '/tmp/codedeploy-installer' do - source 'https://aws-codedeploy-eu-central-1.s3.amazonaws.com/latest/install' - owner 'root' - group 'root' - mode '0755' - action :create -end - -execute 'install-coddeploy' do - command '/tmp/codedeploy-installer auto' - action :run -end - -replace_or_add 'keep less codedeploy revisions' do - path '/etc/codedeploy-agent/conf/codedeployagent.yml' - pattern ':max_revisions:.*' - line ':max_revisions: 1' -end - -service 'codedeploy-agent' do - action [:start, :enable] -end diff --git a/cookbooks/aws_ssm/LICENSE b/cookbooks/aws_ssm/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/aws_ssm/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/aws_ssm/README.md b/cookbooks/aws_ssm/README.md deleted file mode 100644 index 38fb175..0000000 --- a/cookbooks/aws_ssm/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# aws_ssm - -This cookbook installs the lates AWS SSM agent diff --git a/cookbooks/aws_ssm/metadata.rb b/cookbooks/aws_ssm/metadata.rb deleted file mode 100644 index 7babe58..0000000 --- a/cookbooks/aws_ssm/metadata.rb +++ /dev/null @@ -1,13 +0,0 @@ -name 'aws_ssm' -description 'Installs the AWS SSM agent' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' - -depends 'line' diff --git a/cookbooks/aws_ssm/recipes/default.rb b/cookbooks/aws_ssm/recipes/default.rb deleted file mode 100644 index 24d0791..0000000 --- a/cookbooks/aws_ssm/recipes/default.rb +++ /dev/null @@ -1,26 +0,0 @@ -if node['cpu']['architecture'] == 'aarch64' - remote_file '/tmp/ssm.deb' do - source 'https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_arm64/amazon-ssm-agent.deb' - owner 'root' - group 'root' - mode '0755' - action :create - end -elsif node['cpu']['architecture'] == 'x86_64' - remote_file '/tmp/ssm.deb' do - source 'https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb' - owner 'root' - group 'root' - mode '0755' - action :create - end -end - -execute 'install ssm agent' do - command 'dpkg -i /tmp/ssm.deb' - action :run -end - -service 'amazon-ssm-agent' do - action [:start, :enable] -end diff --git a/cookbooks/common/LICENSE b/cookbooks/common/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/common/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/common/README.md b/cookbooks/common/README.md deleted file mode 100644 index bca2681..0000000 --- a/cookbooks/common/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# common - -This cookbook installs a set of handy tools including some basic configuration. \ No newline at end of file diff --git a/cookbooks/common/files/locale.gen b/cookbooks/common/files/locale.gen deleted file mode 100644 index 569ac13..0000000 --- a/cookbooks/common/files/locale.gen +++ /dev/null @@ -1,2 +0,0 @@ -de_DE.UTF-8 UTF-8 -en_US.UTF-8 UTF-8 \ No newline at end of file diff --git a/cookbooks/common/metadata.rb b/cookbooks/common/metadata.rb deleted file mode 100644 index 2f6b5fa..0000000 --- a/cookbooks/common/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -name 'common' -description 'Install some basic tools and configuration files' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' diff --git a/cookbooks/common/recipes/default.rb b/cookbooks/common/recipes/default.rb deleted file mode 100644 index d806af5..0000000 --- a/cookbooks/common/recipes/default.rb +++ /dev/null @@ -1,53 +0,0 @@ -apt_update 'update' do - action :update -end - -package %w(man-db manpages manpages-dev ntfs-3g bolt snapd) do - action :purge -end - -execute 'autoremove' do - command 'apt autoremove -y' -end - -# Install a set of default tools -# Allows easier maintenance via ssh -package 'vim-tiny' -package 'apt-transport-https' -package 'bash-completion' -package 'curl' -package 'htop' -package 'less' -package 'ncdu' -package 'tmux' -package 'psmisc' -package 'cron' -package 'logrotate' - -# Install locales package and generate en_US and de_DE -package 'locales' - -execute 'locale-gen' do - command 'locale-gen' - action :nothing -end - -cookbook_file '/etc/locale.gen' do - source 'locale.gen' - owner 'root' - group 'root' - mode '0644' - action :create - notifies :run, 'execute[locale-gen]', :immediately -end - -# Install awscli -package 'python3-pip' - -execute 'install awscli' do - command 'pip3 install awscli' -end - -link '/usr/bin/vim' do - to '/usr/bin/vim.tiny' -end diff --git a/cookbooks/mozjpeg/README.md b/cookbooks/mozjpeg/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/cookbooks/mozjpeg/files/installer.sh b/cookbooks/mozjpeg/files/installer.sh deleted file mode 100644 index 38e7581..0000000 --- a/cookbooks/mozjpeg/files/installer.sh +++ /dev/null @@ -1,14 +0,0 @@ -VERSION="4.1.1" - -cd /tmp -wget https://github.com/mozilla/mozjpeg/archive/refs/tags/v${VERSION}.tar.gz -O mozjpeg.tar.gz -tar xvzf mozjpeg.tar.gz -cd mozjpeg-${VERSION} -mkdir build -cd build -sudo cmake -G"Unix Makefiles" -DPNG_SUPPORTED=OFF ../ -make install -make deb -sudo dpkg -i mozjpeg_*.deb -sudo ln -s /opt/mozjpeg/bin/cjpeg /usr/bin/cjpeg -sudo ln -s /opt/mozjpeg/bin/jpegtran /usr/bin/jpegtran diff --git a/cookbooks/mozjpeg/metadata.rb b/cookbooks/mozjpeg/metadata.rb deleted file mode 100644 index 13d6c7b..0000000 --- a/cookbooks/mozjpeg/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -name 'mozjpeg' -description 'Install mozjpeg' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' diff --git a/cookbooks/mozjpeg/recipes/default.rb b/cookbooks/mozjpeg/recipes/default.rb deleted file mode 100644 index e2ab6fa..0000000 --- a/cookbooks/mozjpeg/recipes/default.rb +++ /dev/null @@ -1,16 +0,0 @@ -package %w(cmake autoconf automake libtool nasm make pkg-config) do - action :install -end - -cookbook_file '/tmp/installer.sh' do - source 'installer.sh' - mode '755' -end - -execute 'install my lib' do - command 'sh /tmp/installer.sh' -end - -package %w(cmake autoconf automake libtool nasm make pkg-config) do - action :purge -end diff --git a/cookbooks/unattended-upgrades/LICENSE b/cookbooks/unattended-upgrades/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/unattended-upgrades/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/unattended-upgrades/README.md b/cookbooks/unattended-upgrades/README.md deleted file mode 100644 index dd2fad5..0000000 --- a/cookbooks/unattended-upgrades/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# unattended-upgrades - -This cookbook installs and configures unattended-upgrades to install security updates. \ No newline at end of file diff --git a/cookbooks/unattended-upgrades/files/10periodic b/cookbooks/unattended-upgrades/files/10periodic deleted file mode 100644 index 8d6d7c8..0000000 --- a/cookbooks/unattended-upgrades/files/10periodic +++ /dev/null @@ -1,2 +0,0 @@ -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; diff --git a/cookbooks/unattended-upgrades/files/50unattended-upgrades b/cookbooks/unattended-upgrades/files/50unattended-upgrades deleted file mode 100644 index 84740b3..0000000 --- a/cookbooks/unattended-upgrades/files/50unattended-upgrades +++ /dev/null @@ -1,61 +0,0 @@ -// Automatically upgrade packages from these (origin:archive) pairs -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}"; - "${distro_id}:${distro_codename}-security"; -// "${distro_id}ESM:${distro_codename}"; -// "${distro_id}:${distro_codename}-updates"; -// "${distro_id}:${distro_codename}-proposed"; -// "${distro_id}:${distro_codename}-backports"; -}; - -// List of packages to not update (regexp are supported) -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. E.g. "user@example.com" -//Unattended-Upgrade::Mail "root"; - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* -// if the file /var/run/reboot-required is found after the upgrade -Unattended-Upgrade::Automatic-Reboot "false"; - -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" -//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; diff --git a/cookbooks/unattended-upgrades/files/apt-daily-upgrade.timer b/cookbooks/unattended-upgrades/files/apt-daily-upgrade.timer deleted file mode 100644 index c567f16..0000000 --- a/cookbooks/unattended-upgrades/files/apt-daily-upgrade.timer +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/systemd/system/apt-daily-upgrade.timer -# Copy of/lib/systemd/system/apt-daily-upgrade.timer -# Disables the persistent flag -[Unit] -Description=Daily apt upgrade and clean activities -After=apt-daily.timer - -[Timer] -OnCalendar=*-*-* 6:00 -RandomizedDelaySec=60m -Persistent=false - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/cookbooks/unattended-upgrades/metadata.rb b/cookbooks/unattended-upgrades/metadata.rb deleted file mode 100644 index b42d80c..0000000 --- a/cookbooks/unattended-upgrades/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -name 'unattended-upgrades' -description 'Install and configure unattended-upgrades to instsall security-updates' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' diff --git a/cookbooks/unattended-upgrades/recipes/default.rb b/cookbooks/unattended-upgrades/recipes/default.rb deleted file mode 100644 index d01478d..0000000 --- a/cookbooks/unattended-upgrades/recipes/default.rb +++ /dev/null @@ -1,25 +0,0 @@ -package 'unattended-upgrades' - -cookbook_file '/etc/apt/apt.conf.d/50unattended-upgrades' do - source '50unattended-upgrades' - owner 'root' - group 'root' - mode '0644' - action :create -end - -cookbook_file '/etc/apt/apt.conf.d/10periodic' do - source '10periodic' - owner 'root' - group 'root' - mode '0644' - action :create -end - -cookbook_file '/etc/systemd/system/apt-daily-upgrade.timer' do - source 'apt-daily-upgrade.timer' - owner 'root' - group 'root' - mode '0644' - action :create -end diff --git a/cookbooks/unattended_upgrades/LICENSE b/cookbooks/unattended_upgrades/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/unattended_upgrades/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/unattended_upgrades/README.md b/cookbooks/unattended_upgrades/README.md deleted file mode 100644 index dd2fad5..0000000 --- a/cookbooks/unattended_upgrades/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# unattended-upgrades - -This cookbook installs and configures unattended-upgrades to install security updates. \ No newline at end of file diff --git a/cookbooks/unattended_upgrades/files/10periodic b/cookbooks/unattended_upgrades/files/10periodic deleted file mode 100644 index 8d6d7c8..0000000 --- a/cookbooks/unattended_upgrades/files/10periodic +++ /dev/null @@ -1,2 +0,0 @@ -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Unattended-Upgrade "1"; diff --git a/cookbooks/unattended_upgrades/files/50unattended-upgrades b/cookbooks/unattended_upgrades/files/50unattended-upgrades deleted file mode 100644 index 84740b3..0000000 --- a/cookbooks/unattended_upgrades/files/50unattended-upgrades +++ /dev/null @@ -1,61 +0,0 @@ -// Automatically upgrade packages from these (origin:archive) pairs -Unattended-Upgrade::Allowed-Origins { - "${distro_id}:${distro_codename}"; - "${distro_id}:${distro_codename}-security"; -// "${distro_id}ESM:${distro_codename}"; -// "${distro_id}:${distro_codename}-updates"; -// "${distro_id}:${distro_codename}-proposed"; -// "${distro_id}:${distro_codename}-backports"; -}; - -// List of packages to not update (regexp are supported) -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// This option allows you to control if on a unclean dpkg exit -// unattended-upgrades will automatically run -// dpkg --force-confold --configure -a -// The default is true, to ensure updates keep getting installed -//Unattended-Upgrade::AutoFixInterruptedDpkg "false"; - -// Split the upgrade into the smallest possible chunks so that -// they can be interrupted with SIGUSR1. This makes the upgrade -// a bit slower but it has the benefit that shutdown while a upgrade -// is running is possible (with a small delay) -//Unattended-Upgrade::MinimalSteps "true"; - -// Install all unattended-upgrades when the machine is shuting down -// instead of doing it in the background while the machine is running -// This will (obviously) make shutdown slower -//Unattended-Upgrade::InstallOnShutdown "true"; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. A package that provides -// 'mailx' must be installed. E.g. "user@example.com" -//Unattended-Upgrade::Mail "root"; - -// Set this value to "true" to get emails only on errors. Default -// is to always send a mail if Unattended-Upgrade::Mail is set -//Unattended-Upgrade::MailOnlyOnError "true"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* -// if the file /var/run/reboot-required is found after the upgrade -Unattended-Upgrade::Automatic-Reboot "false"; - -// If automatic reboot is enabled and needed, reboot at the specific -// time instead of immediately -// Default: "now" -//Unattended-Upgrade::Automatic-Reboot-Time "02:00"; - -// Use apt bandwidth limit feature, this example limits the download -// speed to 70kb/sec -//Acquire::http::Dl-Limit "70"; diff --git a/cookbooks/unattended_upgrades/files/apt-daily-upgrade.timer b/cookbooks/unattended_upgrades/files/apt-daily-upgrade.timer deleted file mode 100644 index c567f16..0000000 --- a/cookbooks/unattended_upgrades/files/apt-daily-upgrade.timer +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/systemd/system/apt-daily-upgrade.timer -# Copy of/lib/systemd/system/apt-daily-upgrade.timer -# Disables the persistent flag -[Unit] -Description=Daily apt upgrade and clean activities -After=apt-daily.timer - -[Timer] -OnCalendar=*-*-* 6:00 -RandomizedDelaySec=60m -Persistent=false - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/cookbooks/unattended_upgrades/metadata.rb b/cookbooks/unattended_upgrades/metadata.rb deleted file mode 100644 index b42d80c..0000000 --- a/cookbooks/unattended_upgrades/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -name 'unattended-upgrades' -description 'Install and configure unattended-upgrades to instsall security-updates' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' diff --git a/cookbooks/unattended_upgrades/recipes/default.rb b/cookbooks/unattended_upgrades/recipes/default.rb deleted file mode 100644 index d01478d..0000000 --- a/cookbooks/unattended_upgrades/recipes/default.rb +++ /dev/null @@ -1,25 +0,0 @@ -package 'unattended-upgrades' - -cookbook_file '/etc/apt/apt.conf.d/50unattended-upgrades' do - source '50unattended-upgrades' - owner 'root' - group 'root' - mode '0644' - action :create -end - -cookbook_file '/etc/apt/apt.conf.d/10periodic' do - source '10periodic' - owner 'root' - group 'root' - mode '0644' - action :create -end - -cookbook_file '/etc/systemd/system/apt-daily-upgrade.timer' do - source 'apt-daily-upgrade.timer' - owner 'root' - group 'root' - mode '0644' - action :create -end diff --git a/cookbooks/useraccounts/LICENSE b/cookbooks/useraccounts/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/useraccounts/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/useraccounts/README.md b/cookbooks/useraccounts/README.md deleted file mode 100644 index 6b6a3f1..0000000 --- a/cookbooks/useraccounts/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# useraccounts - -This cookbook creates the `cmonauts`user and creates a Systemd service -to delete the default `ubuntu` user on the first boot. \ No newline at end of file diff --git a/cookbooks/useraccounts/files/authorized_keys b/cookbooks/useraccounts/files/authorized_keys deleted file mode 100644 index 044a9cc..0000000 --- a/cookbooks/useraccounts/files/authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfqcS0HMgsC/+WU/Up41n4eZWykvnPqToTJ7RKpQcgQ tom diff --git a/cookbooks/useraccounts/files/sudoers b/cookbooks/useraccounts/files/sudoers deleted file mode 100644 index fec2181..0000000 --- a/cookbooks/useraccounts/files/sudoers +++ /dev/null @@ -1 +0,0 @@ -cmonauts ALL=(ALL) NOPASSWD:ALL diff --git a/cookbooks/useraccounts/metadata.rb b/cookbooks/useraccounts/metadata.rb deleted file mode 100644 index c2f1339..0000000 --- a/cookbooks/useraccounts/metadata.rb +++ /dev/null @@ -1,11 +0,0 @@ -name 'useraccounts' -description 'Create cmonauts user' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' diff --git a/cookbooks/useraccounts/recipes/default.rb b/cookbooks/useraccounts/recipes/default.rb deleted file mode 100644 index 1d656f2..0000000 --- a/cookbooks/useraccounts/recipes/default.rb +++ /dev/null @@ -1,44 +0,0 @@ -user 'cmonauts' do - comment 'Admin account' - home '/home/cmonauts' - manage_home true - shell '/bin/bash' - password '$6$YSDsU/ZetJlqs$f26S1INvF4a1hFpc4VQa4vWodqF55ZTV4EZtoxKyXd1wF/sN.pT/AGo3t86FNpegeevdohn4DVL4CCs45z43Z.' - action :create -end - -directory '/home/cmonauts/.ssh' do - owner 'cmonauts' - group 'cmonauts' - mode '0700' - action :create -end - -cookbook_file '/home/cmonauts/.ssh/authorized_keys' do - source 'authorized_keys' - owner 'cmonauts' - group 'cmonauts' - mode '0600' - action :create -end - -# Passwordless sudo for user cmonauts -package 'sudo' - -cookbook_file '/etc/sudoers.d/90-cmonauts' do - source 'sudoers' - mode '440' - owner 'root' - group 'root' -end - -# Disable password login for ubuntu user -user 'ubuntu' do - password '!' - action :modify -end - -execute 'disable ubuntu user' do - command 'usermod --expiredate 1 ubuntu' - action :run -end diff --git a/cookbooks/web/LICENSE b/cookbooks/web/LICENSE deleted file mode 100644 index e9ecbd6..0000000 --- a/cookbooks/web/LICENSE +++ /dev/null @@ -1,16 +0,0 @@ -MIT License - -Copyright (c) 2018 codemonauts - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit -persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the -Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/cookbooks/web/README.md b/cookbooks/web/README.md deleted file mode 100644 index e655a8c..0000000 --- a/cookbooks/web/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# web - -This cookbook installs the complete webstack used for most customers. This includes -nginx, php7 and some php-modules. - -The specific configurations for nginx and php are then later installed during image creation for every customer. \ No newline at end of file diff --git a/cookbooks/web/metadata.rb b/cookbooks/web/metadata.rb deleted file mode 100644 index 2e5ab43..0000000 --- a/cookbooks/web/metadata.rb +++ /dev/null @@ -1,13 +0,0 @@ -name 'web' -description 'Install nginx and php' -maintainer 'Codemonauts Ops' -maintainer_email 'crew@codemonauts.com' -source_url 'https://github.com/codemonauts/ami-baseimage/' -issues_url 'https://github.com/codemonauts/aws-baseimage/issues' -chef_version '>= 12.4' -supports 'debian' -supports 'ubuntu' -license 'Apache-2.0' -version '1.0.0' - -depends 'line' diff --git a/cookbooks/web/recipes/ondrej.rb b/cookbooks/web/recipes/ondrej.rb deleted file mode 100644 index b011077..0000000 --- a/cookbooks/web/recipes/ondrej.rb +++ /dev/null @@ -1,16 +0,0 @@ -case node['platform_version'] -when '20.04' - apt_repository 'ondrej-php' do - uri 'ppa:ondrej/php' - distribution 'focal' - components ['main'] - key '14AA40EC0831756756D7F66C4F4EA0AAE5267A6C' - end -when '22.04' - apt_repository 'ondrej-php' do - uri 'ppa:ondrej/php' - distribution 'jammy' - components ['main'] - key '14AA40EC0831756756D7F66C4F4EA0AAE5267A6C' - end -end diff --git a/cookbooks/web/recipes/php74.rb b/cookbooks/web/recipes/php74.rb deleted file mode 100644 index d867e9e..0000000 --- a/cookbooks/web/recipes/php74.rb +++ /dev/null @@ -1,75 +0,0 @@ -include_recipe 'web::ondrej' - -package 'nginx' -package 'php7.4-cli' -package 'php7.4-curl' -package 'php7.4-fpm' -package 'php7.4-gd' -package 'php7.4-imagick' -package 'php7.4-intl' -package 'php7.4-mbstring' -package 'php7.4-mysql' -package 'php7.4-opcache' -package 'php7.4-soap' -package 'php7.4-xml' -package 'php7.4-zip' - -# Delete default configuration files -file_array = ['/etc/nginx/sites-enabled/default', - '/etc/nginx/sites-available/default', - '/etc/php/7.4/fpm/pool.d/www.conf'] - -file_array.each do |this_file| - file this_file do - action :delete - end -end - -# CraftCMS specific changes -replace_or_add 'increase max_execution_time' do - path '/etc/php/7.4/fpm/php.ini' - pattern 'max_execution_time.*' - line 'max_execution_time = 120' -end - -replace_or_add 'increase memory_limit' do - path '/etc/php/7.4/fpm/php.ini' - pattern 'memory_limit.*' - line 'memory_limit = 256M' -end - -replace_or_add 'increase upload size' do - path '/etc/php/7.4/fpm/php.ini' - pattern 'upload_max_filesize.*' - line 'upload_max_filesize = 1024M' -end - -replace_or_add 'increase post size' do - path '/etc/php/7.4/fpm/php.ini' - pattern 'post_max_size.*' - line 'post_max_size = 1024M' -end - -remote_directory '/etc/nginx/snippets/' do - source 'snippets' - files_owner 'root' - files_group 'root' - owner 'root' - group 'root' - purge true -end - -cookbook_file '/etc/nginx/nginx.conf' do - source 'nginx.conf' - owner 'root' - group 'root' - mode '0644' -end - -service 'php7.4-fpm' do - action [:stop, :disable] -end - -service 'nginx' do - action [:stop, :disable] -end diff --git a/cookbooks/web/recipes/php81.rb b/cookbooks/web/recipes/php81.rb deleted file mode 100644 index e6cc141..0000000 --- a/cookbooks/web/recipes/php81.rb +++ /dev/null @@ -1,76 +0,0 @@ -include_recipe 'web::ondrej' - -package 'nginx' -package 'php8.1-bcmath' -package 'php8.1-cli' -package 'php8.1-curl' -package 'php8.1-fpm' -package 'php8.1-gd' -package 'php8.1-imagick' -package 'php8.1-intl' -package 'php8.1-mbstring' -package 'php8.1-mysql' -package 'php8.1-opcache' -package 'php8.1-soap' -package 'php8.1-xml' -package 'php8.1-zip' - -# Delete default configuration files -file_array = ['/etc/nginx/sites-enabled/default', - '/etc/nginx/sites-available/default', - '/etc/php/8.1/fpm/pool.d/www.conf'] - -file_array.each do |this_file| - file this_file do - action :delete - end -end - -# CraftCMS specific changes -replace_or_add 'increase max_execution_time' do - path '/etc/php/8.1/fpm/php.ini' - pattern 'max_execution_time.*' - line 'max_execution_time = 120' -end - -replace_or_add 'increase memory_limit' do - path '/etc/php/8.1/fpm/php.ini' - pattern 'memory_limit.*' - line 'memory_limit = 256M' -end - -replace_or_add 'increase upload size' do - path '/etc/php/8.1/fpm/php.ini' - pattern 'upload_max_filesize.*' - line 'upload_max_filesize = 1024M' -end - -replace_or_add 'increase post size' do - path '/etc/php/8.1/fpm/php.ini' - pattern 'post_max_size.*' - line 'post_max_size = 1024M' -end - -remote_directory '/etc/nginx/snippets/' do - source 'snippets' - files_owner 'root' - files_group 'root' - owner 'root' - group 'root' - purge true -end - -cookbook_file '/etc/nginx/nginx.conf' do - source 'nginx.conf' - owner 'root' - group 'root' - mode '0644' -end - -service 'php8.1-fpm' do - action [:stop, :disable] -end - -service 'nginx' do - action [:stop, :disable] -end diff --git a/cookbooks/web/recipes/php82.rb b/cookbooks/web/recipes/php82.rb deleted file mode 100644 index 4ca76b1..0000000 --- a/cookbooks/web/recipes/php82.rb +++ /dev/null @@ -1,76 +0,0 @@ -include_recipe 'web::ondrej' - -package 'nginx' -package 'php8.2-bcmath' -package 'php8.2-cli' -package 'php8.2-curl' -package 'php8.2-fpm' -package 'php8.2-gd' -package 'php8.2-imagick' -package 'php8.2-intl' -package 'php8.2-mbstring' -package 'php8.2-mysql' -package 'php8.2-opcache' -package 'php8.2-soap' -package 'php8.2-xml' -package 'php8.2-zip' - -# Delete default configuration files -file_array = ['/etc/nginx/sites-enabled/default', - '/etc/nginx/sites-available/default', - '/etc/php/8.2/fpm/pool.d/www.conf'] - -file_array.each do |this_file| - file this_file do - action :delete - end -end - -# CraftCMS specific changes -replace_or_add 'increase max_execution_time' do - path '/etc/php/8.2/fpm/php.ini' - pattern 'max_execution_time.*' - line 'max_execution_time = 120' -end - -replace_or_add 'increase memory_limit' do - path '/etc/php/8.2/fpm/php.ini' - pattern 'memory_limit.*' - line 'memory_limit = 256M' -end - -replace_or_add 'increase upload size' do - path '/etc/php/8.2/fpm/php.ini' - pattern 'upload_max_filesize.*' - line 'upload_max_filesize = 1024M' -end - -replace_or_add 'increase post size' do - path '/etc/php/8.2/fpm/php.ini' - pattern 'post_max_size.*' - line 'post_max_size = 1024M' -end - -remote_directory '/etc/nginx/snippets/' do - source 'snippets' - files_owner 'root' - files_group 'root' - owner 'root' - group 'root' - purge true -end - -cookbook_file '/etc/nginx/nginx.conf' do - source 'nginx.conf' - owner 'root' - group 'root' - mode '0644' -end - -service 'php8.2-fpm' do - action [:stop, :disable] -end - -service 'nginx' do - action [:stop, :disable] -end diff --git a/packer.pkr.hcl b/packer.pkr.hcl index 88b7d8f..7423612 100644 --- a/packer.pkr.hcl +++ b/packer.pkr.hcl @@ -4,10 +4,6 @@ packer { source = "github.com/hashicorp/amazon" version = "~> 1" } - chef = { - source = "github.com/hashicorp/chef" - version = "~> 1" - } amazon-ami-management = { version = ">= 1.2.0" source = "github.com/wata727/amazon-ami-management" @@ -49,7 +45,7 @@ data "amazon-ami" "ubuntu-jammy-arm64" { # amd-web-jammy-74 source "amazon-ebs" "amd64-web-jammy-php74" { ami_groups = ["all"] - ami_name = "codemonauts-web-jammy-php74_${formatdate("YYYY-MM-DD-HHmm", timestamp())}" + ami_name = "codemonauts-web-jammy-php74_${formatdate("YYYY-MM-DD-hh-mm", timestamp())}" ami_regions = ["eu-west-1"] instance_type = "t3a.micro" region = "eu-central-1" @@ -71,19 +67,25 @@ build { ] } - provisioner "shell-local" { - command = "mkdir -p .vendor && berks vendor .vendor" + provisioner "shell" { + inline = [ + "sudo apt-get -y install python3-pip", + "sudo pip3 install ansible" + ] } - provisioner "chef-solo" { - chef_license = "accept" - cookbook_paths = [".vendor"] - run_list = ["common", "unattended-upgrades", "useraccounts", "aws_codedeploy", "aws_ssm", "mozjpeg", "web::php74"] + provisioner "ansible-local" { + playbook_dir = "./" + playbook_file = "webserver.yaml" + extra_arguments = [ + "-e", + "php_version=7.4" + ] } post-processor "amazon-ami-management" { identifier = "amd64_web_jammy_74" - keep_releases = "1" + keep_releases = "3" regions = ["eu-central-1", "eu-west-1"] } } @@ -91,7 +93,7 @@ build { # amd-base-jammy source "amazon-ebs" "amd64-base-jammy" { ami_groups = ["all"] - ami_name = "codemonauts-base-jammy_${formatdate("YYYY-MM-DD-hhmm", timestamp())}" + ami_name = "codemonauts-base-jammy_${formatdate("YYYY-MM-DD-hh-mm", timestamp())}" ami_regions = ["eu-west-1"] instance_type = "t3a.micro" region = "eu-central-1" @@ -122,12 +124,12 @@ build { provisioner "ansible-local" { playbook_dir = "./" - playbook_file = "base.yaml" + playbook_file = "baseimage.yaml" } post-processor "amazon-ami-management" { identifier = "amd64_base_jammy" - keep_releases = "10" + keep_releases = "3" regions = ["eu-central-1", "eu-west-1"] } } @@ -135,7 +137,7 @@ build { # arm-web-jammy-82 source "amazon-ebs" "arm64-web-jammy-php82" { ami_groups = ["all"] - ami_name = "codemonauts-arm-web-jammy-php82_${formatdate("YYYY-MM-DD", timestamp())}" + ami_name = "codemonauts-arm-web-jammy-php82_${formatdate("YYYY-MM-DD-hh-mm", timestamp())}" ami_regions = ["eu-west-1"] instance_type = "t4g.micro" region = "eu-central-1" @@ -157,19 +159,25 @@ build { ] } - provisioner "shell-local" { - command = "mkdir -p .vendor && berks vendor .vendor" + provisioner "shell" { + inline = [ + "sudo apt-get -y install python3-pip", + "sudo pip3 install ansible" + ] } - provisioner "chef-solo" { - chef_license = "accept" - cookbook_paths = [".vendor"] - run_list = ["common", "unattended-upgrades", "useraccounts", "aws_codedeploy", "aws_ssm", "mozjpeg", "web::php82"] + provisioner "ansible-local" { + playbook_dir = "./" + playbook_file = "webserver.yaml" + extra_arguments = [ + "-e", + "php_version=8.2" + ] } post-processor "amazon-ami-management" { identifier = "arm64_web_jammy_82" - keep_releases = "1" + keep_releases = "3" regions = ["eu-central-1", "eu-west-1"] } } @@ -177,7 +185,7 @@ build { # arm-web-jammy-81 source "amazon-ebs" "arm64-web-jammy-php81" { ami_groups = ["all"] - ami_name = "codemonauts-arm-web-jammy-php81_${formatdate("YYYY-MM-DD", timestamp())}" + ami_name = "codemonauts-arm-web-jammy-php81_${formatdate("YYYY-MM-DD-hh-mm", timestamp())}" ami_regions = ["eu-west-1"] instance_type = "t4g.micro" region = "eu-central-1" @@ -199,19 +207,25 @@ build { ] } - provisioner "shell-local" { - command = "mkdir -p .vendor && berks vendor .vendor" + provisioner "shell" { + inline = [ + "sudo apt-get -y install python3-pip", + "sudo pip3 install ansible" + ] } - provisioner "chef-solo" { - chef_license = "accept" - cookbook_paths = [".vendor"] - run_list = ["common", "unattended-upgrades", "useraccounts", "aws_codedeploy", "aws_ssm", "mozjpeg", "web::php81"] + provisioner "ansible-local" { + playbook_dir = "./" + playbook_file = "webserver.yaml" + extra_arguments = [ + "-e", + "php_version=8.1" + ] } post-processor "amazon-ami-management" { identifier = "arm64_web_jammy_81" - keep_releases = "1" + keep_releases = "3" regions = ["eu-central-1", "eu-west-1"] } } @@ -219,7 +233,7 @@ build { # arm-base-jammy source "amazon-ebs" "arm64-base-jammy" { ami_groups = ["all"] - ami_name = "codemonauts-arm-base-jammy_${formatdate("YYYY-MM-DD-HH-mm", timestamp())}" + ami_name = "codemonauts-arm-base-jammy_${formatdate("YYYY-MM-DD-hh-mm", timestamp())}" ami_regions = ["eu-west-1"] instance_type = "t4g.micro" region = "eu-central-1" @@ -249,12 +263,12 @@ build { provisioner "ansible-local" { playbook_dir = "./" - playbook_file = "base.yaml" + playbook_file = "baseimage.yaml" } post-processor "amazon-ami-management" { identifier = "arm64_base_jammy" - keep_releases = "10" + keep_releases = "3" regions = ["eu-central-1", "eu-west-1"] } } diff --git a/roles/mozjpeg/files/installer.sh b/roles/mozjpeg/files/installer.sh index 38e7581..65ed8f2 100644 --- a/roles/mozjpeg/files/installer.sh +++ b/roles/mozjpeg/files/installer.sh @@ -1,9 +1,4 @@ -VERSION="4.1.1" - -cd /tmp -wget https://github.com/mozilla/mozjpeg/archive/refs/tags/v${VERSION}.tar.gz -O mozjpeg.tar.gz -tar xvzf mozjpeg.tar.gz -cd mozjpeg-${VERSION} +#!/bin/sh mkdir build cd build sudo cmake -G"Unix Makefiles" -DPNG_SUPPORTED=OFF ../ diff --git a/roles/mozjpeg/tasks/main.yaml b/roles/mozjpeg/tasks/main.yaml index fa1e629..56ae64f 100644 --- a/roles/mozjpeg/tasks/main.yaml +++ b/roles/mozjpeg/tasks/main.yaml @@ -13,18 +13,31 @@ - make - pkg-config +- name: Copy install package + ansible.builtin.get_url: + url: "https://github.com/mozilla/mozjpeg/archive/refs/tags/v{{ mozjpeg_version }}.tar.gz" + dest: /tmp/mozjpeg.tar.gz + owner: root + group: root + mode: '0755' + +- name: Extract mozjpeg archive + ansible.builtin.unarchive: + src: /tmp/mozjpeg.tar.gz + dest: /tmp + - name: Copy install script ansible.builtin.copy: src: installer.sh - dest: /tmp/installer.sh + dest: "/tmp/mozjpeg-{{ mozjpeg_version }}/installer.sh" owner: root group: root mode: '0755' - name: Build and install mozjpeg ansible.builtin.command: - cmd: /tmp/installer.sh - chdir: /tmp + cmd: /tmp/mozjpeg-{{ mozjpeg_version }}/installer.sh + chdir: /tmp/mozjpeg-{{ mozjpeg_version }} changed_when: true - name: Remove build packages diff --git a/cookbooks/web/files/nginx.conf b/roles/nginx/files/nginx.conf similarity index 100% rename from cookbooks/web/files/nginx.conf rename to roles/nginx/files/nginx.conf diff --git a/cookbooks/web/files/snippets/alb-health.conf b/roles/nginx/files/snippets/alb-health.conf similarity index 100% rename from cookbooks/web/files/snippets/alb-health.conf rename to roles/nginx/files/snippets/alb-health.conf diff --git a/cookbooks/web/files/snippets/autoversioning.conf b/roles/nginx/files/snippets/autoversioning.conf similarity index 100% rename from cookbooks/web/files/snippets/autoversioning.conf rename to roles/nginx/files/snippets/autoversioning.conf diff --git a/cookbooks/web/files/snippets/compression.conf b/roles/nginx/files/snippets/compression.conf similarity index 100% rename from cookbooks/web/files/snippets/compression.conf rename to roles/nginx/files/snippets/compression.conf diff --git a/cookbooks/web/files/snippets/cors.conf b/roles/nginx/files/snippets/cors.conf similarity index 100% rename from cookbooks/web/files/snippets/cors.conf rename to roles/nginx/files/snippets/cors.conf diff --git a/cookbooks/web/files/snippets/security-headers.conf b/roles/nginx/files/snippets/security-headers.conf similarity index 100% rename from cookbooks/web/files/snippets/security-headers.conf rename to roles/nginx/files/snippets/security-headers.conf diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml new file mode 100644 index 0000000..6d004e4 --- /dev/null +++ b/roles/nginx/tasks/main.yaml @@ -0,0 +1,40 @@ +--- + +# Install nginx webserver + +- name: Install nginx package + ansible.builtin.apt: + name: + - nginx + +- name: Delete default files + ansible.builtin.file: + path: '{{ item }}' + state: absent + with_items: + - /etc/nginx/sites-enabled/default + - /etc/nginx/sites-available/default + - /etc/nginx/snippets/ + +- name: Copy main config file + ansible.builtin.copy: + src: nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: '0644' + +- name: Copy nginx snippets + ansible.builtin.copy: + src: snippets + dest: /etc/nginx + owner: root + group: root + mode: '0644' + directory_mode: '0755' + +- name: Enable nginx service + ansible.builtin.systemd: + name: nginx + enabled: true + masked: false diff --git a/roles/php/tasks/main.yaml b/roles/php/tasks/main.yaml new file mode 100644 index 0000000..034762c --- /dev/null +++ b/roles/php/tasks/main.yaml @@ -0,0 +1,32 @@ +--- + +# Install php + +- name: Add ondrej php repo + ansible.builtin.apt_repository: + repo: "ppa:ondrej/php" + codename: jammy + +- name: "Install packages for php {{ php_version }}" + ansible.builtin.apt: + name: + - "php{{ php_version }}-bcmath" + - "php{{ php_version }}-cli" + - "php{{ php_version }}-curl" + - "php{{ php_version }}-fpm" + - "php{{ php_version }}-gd" + - "php{{ php_version }}-imagick" + - "php{{ php_version }}-intl" + - "php{{ php_version }}-mbstring" + - "php{{ php_version }}-mysql" + - "php{{ php_version }}-opcache" + - "php{{ php_version }}-soap" + - "php{{ php_version }}-xml" + - "php{{ php_version }}-zip" + +- name: Delete default files + ansible.builtin.file: + path: '{{ item }}' + state: absent + with_items: + - "/etc/php/{{ php_version }}/fpm/pool.d/www.conf" diff --git a/webserver.yaml b/webserver.yaml index 9d43b88..dcbb954 100644 --- a/webserver.yaml +++ b/webserver.yaml @@ -3,7 +3,16 @@ hosts: 127.0.0.1 connection: local become: true + vars: + php_version: "8.1" + mozjpeg_version: "4.1.1" roles: - common - unattended_upgrades - useraccounts + - aws_ssm + - aws_codedeploy + - mozjpeg + - nginx + - php + - security