commit message

.gitignore

@@ -0,0 +1,2 @@
+hosts
+server.retry

LICENSE.text

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Jasper Frumau
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,134 @@
+# Stedding
+Stedding is a minimalistic LEMP Stack setup for Laravel *in progress*. It facilitates the setting up of Laravel apps on a well prepared server using Ansible Playbooks. It provisions your VPS with all the tools necessary to run your Laravel PHP application with ease.
+
+## Note
+Again, this is still a work in progress. So use it wisely and backup when possible. Better still to test on a barebone server and send in pull requests :)
+
+## Sources
+* [Digital Ocean Sudo User Setup](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04)
+* [Digital Ocean Basic PHP App Setup](https://www.digitalocean.com/community/tutorials/how-to-deploy-a-basic-php-application-using-ansible-on-ubuntu-14-04)
+* [Pogorelov-SS' Github Private Repo Clone Gist](https://gist.github.com/pogorelov-ss/41893e17c7c4776d4d57)
+
+## Local Box Requirements
+You need to have Ansible installed on your local computer. This really differs from box to box See [Ansible Documents](http://docs.ansible.com/ansible/intro_installation.html) for instructions. 
+
+## Remote Server Preparations
+To run Ansible Playbooks properly on Ubuntu 16.0.4 we need to setup a sudo user and make sure Python and some other packages are available so Ansible can run. The setting up of a sudo user and adding of the SSH keys for it can be done following the instructions below. In the future we will integrate this in a shell script.
+
+### Setup Sudo User laravel
+Log into your remote server as root using
+````
+ssh root@ip
+````
+Then add a new sudo user:
+````
+adduser laravel
+gpasswd -a laravel sudo
+````
+#### Public Key Addition to Authorized Keys
+Then add your own public key to the authorized keys for your user laravel:
+````
+su laravel
+cd
+mkdir .ssh
+chmod 700 .ssh
+nano .ssh/authorized_keys
+`````
+add key from local box cat ~/.ssh/id_rsa.pub and exit twice to log off the box
+````
+chmod 600 .ssh/authorized_keys
+exit
+exit
+````
+### Block Root SSH Access
+Now on your local box do the following:
+````
+ssh laravel@ip
+````
+Then on the remote do:
+````
+sudo su
+nano /etc/ssh/sshd_config
+````
+Make sure you set root access to no to secure the box
+````
+PermitRootLogin no
+````
+Then you need to restart the SSH server:
+````
+service ssh restart
+````
+And log off as root and exit box as laravel:
+````
+exit
+exit
+````
+## Local Ansible Config Setup
+
+We expect you to have installed Ansible on your own control box already. If not check out Ansible for [instructions](http://docs.ansible.com/ansible/intro_installation.html). 
+### Adding Host to Hosts file
+The Ansible config file is in the repository already. It checks for a *hosts* file the root of the project. It is put on .gitignore as we do not want to share host details. So you need to add it.
+So create and open hosts file with nano using:
+````
+nano hosts
+````
+add php details using your non sudo user, laravel here, and the ip address to your server
+````
+[server]
+xxx.xxx.xx.xxx  ansible_ssh_user=laravel
+````
+### SSH Agent Forwarding
+Then make sure SSH agent forwarding is working to forward the SSH key to access the repository. Add the following to `~/.ssh/config`:
+````
+Host *
+  ForwardAgent yes
+````
+I am using * as the Host as called "Laravel" + ip address did not work. May be a configuration issue on my part that can be changed later on. Also, to make sure the ssh agent is running and your ssh key is included you can run:
+````
+eval `ssh-agent -s`
+ssh-add
+`````
+### Ansible Books Test
+To do a test from your local computer - a MacBook Pro for example - you should run the following command:
+````
+ansible server -m ping
+````
+And when all is well you should get this response:
+````
+xxx.xxx.xx.xxx | SUCCESS => {
+    "changed": false, 
+    "ping": "pong"
+}
+````
+
+### Run Playbook
+Then to run the script use the following:
+````
+ansible-playbook server.yml --ask-sudo-pass
+````
+## Server Packages
+The current yaml playbook will install the following packages:
+
+* git
+* mcrypt
+* nginx
+* php7.1-cli
+* php7.1-common
+* php7.1-curl
+* php7.1-dev
+* php7.1-fpm
+* php7.1-gd
+* php7.1-intl
+* php7.1-json
+* php7.1-mbstring
+* php7.1-mcrypt
+* php7.1-mysql
+* php7.1-opcache
+* php7.1-xml
+* php7.1-xmlrpc
+* php7.1-zip
+* mariadb-server
+* mariadb-client
+
+### Git Clone
+It will also add a github repository of choice to a location of choice.

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+hostfile = hosts

group_vars/all

@@ -0,0 +1,8 @@
+---
+#Which github repo to use
+repo_url : https://github.com/jasperf/ianua.git
+git_branch: master
+base_user: laravel
+password: 1111
+www_user: www-data
+project_folder: laravel

nginx.conf

@@ -0,0 +1,28 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server ipv6only=on;
+
+    root /var/www/laravel/public;
+    index index.php index.html index.htm;
+
+    server_name {{ inventory_hostname }};
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    error_page 404 /404.html;
+    error_page 500 502 503 504 /50x.html;
+    location = /50x.html {
+        root /var/www/laravel/public;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+}

server.yml

@@ -0,0 +1,126 @@
+---
+- name: Install prerequisites
+  hosts: server
+  gather_facts: false
+  become: yes
+  tasks:
+    - name: Install Python 2.x
+      raw: which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson
+      register: python_check
+      changed_when: not python_check.stdout | search('/usr/bin/python')
+
+- name: Create a new sudo user
+    user: name={{base_user}}
+          state=present
+          group=primary-group
+          groups="sudo"
+          password={{ password }}
+          comment="Comment"
+
+- name: Server Provisioning
+  hosts: server
+  become: yes
+  tasks:
+    - name: Add PHP 7.1 PPA
+      apt_repository:
+        repo: "ppa:ondrej/php"
+        update_cache: yes
+
+    - name: install packages
+      apt: name={{ item }} update_cache=yes state=latest
+      with_items:
+        - git
+        - mcrypt
+        - nginx
+        - php7.1-cli
+        - php7.1-common
+        - php7.1-curl
+        - php7.1-dev
+        - php7.1-fpm
+        - php7.1-gd
+        - php7.1-intl
+        - php7.1-json
+        - php7.1-mbstring
+        - php7.1-mcrypt
+        - php7.1-mysql
+        - php7.1-opcache
+        - php7.1-xml
+        - php7.1-xmlrpc
+        - php7.1-zip
+        - mariadb-server
+        - mariadb-client
+
+    - name: create /var/www/ directory
+      file: dest=/var/www/ state=directory owner=www-data group=www-data mode=0700
+
+   #https://gist.github.com/pogorelov-ss/41893e17c7c4776d4d57
+   # test SSH agent forwarding
+    - shell: echo "Client= [$SSH_CLIENT] Sock= [$SSH_AUTH_SOCK]"
+      become: no
+      register: myecho
+    - debug: msg="{{myecho.stdout}}"
+    - shell: ssh-add -l
+      become: no
+      register: myecho
+    - debug: msg="{{myecho.stdout}}"
+    # - shell: ssh -T -vvvv [email protected]
+    #   register: myecho
+    # - debug: msg="{{myecho.stdout}}"
+
+    - name: Get app from Github
+      become: no
+      git:
+          [email protected]:jasperf/ianua.git
+          dest=repo/myproject.git
+          accept_hostkey=yes
+          force=yes
+          bare=yes
+          update=yes
+          version="{{ git_branch }}"
+
+    - name: Create project folder
+      become: yes
+      become_user: root
+      become_method: sudo
+      file: path=/var/www/{{ project_folder }}
+           owner={{ www_user }}
+           group={{ www_user }}
+           mode=0775
+           state=directory
+
+    - name: checkout app to project folder
+      environment:
+          GIT_WORK_TREE: /var/www/{{ project_folder }}
+      shell:
+          git checkout {{ git_branch}} -f
+          chdir=/home/{{base_user}}/repo/myproject.git
+
+    - name: install composer
+      shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+      args:
+        creates: /usr/local/bin/composer
+
+    - name: composer create-project
+      composer: command=create-project working_dir=/var/www/laravel optimize_autoloader=no
+      become: yes
+      become_user: www-data
+      when: cloned|changed
+
+    - name: set APP_DEBUG=false
+      lineinfile: dest=/var/www/laravel/.env regexp='^APP_DEBUG=' line=APP_DEBUG=false
+
+    - name: set APP_ENV=production
+      lineinfile: dest=/var/www/laravel/.env regexp='^APP_ENV=' line=APP_ENV=production
+
+    - name: Configure nginx
+      template: src=nginx.conf dest=/etc/nginx/sites-available/default
+      notify:
+        - restart php7.1-fpm
+        - restart nginx
+
+  handlers:
+    - name: restart php7.1-fpm
+      service: name=php7.1-fpm state=restarted
+
+    - name: restart nginx
+      service: name=nginx state=restarted