opdavies/oliverdavies.uk
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Move all files to old/drupal/

Browse source
This commit is contained in:
Oliver Davies 2025-10-02 07:57:25 +01:00
parent 8203e983d5
commit 7d76bf2968
468 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
old/drupal/tools/deployment/ansible.cfg Normal file
View file

@ -0,0 +1,10 @@
[defaults]
bin_ansible_callbacks = True
inventory = hosts.yml
nocows = True
roles_path = .roles
stdout_callback = yaml
verbosity = 1
[ssh_connection]
pipelining = True

13
old/drupal/tools/deployment/deploy.yml Normal file
View file

@ -0,0 +1,13 @@
---
- hosts: web
become: true
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
- vars/deploy_vault.yml
- vars/deploy_vars.yml
roles:
- name: ansistrano.deploy

38
old/drupal/tools/deployment/deploy/after-update-code.yml Normal file
View file

@ -0,0 +1,38 @@
---
- include: ../includes/build-theme-assets.yml
- name: Install Composer dependencies
composer:
command: install
optimize_autoloader: true
working_dir: '{{ ansistrano_release_path.stdout }}'
- name: Generate settings.php file
include_role:
name: opdavies.drupal_settings_files
- name: Fix file permissions
include_role:
name: drupal-permissions
- name: Clear Drush cache
command: >
{{ release_drush_path }}
cache-clear drush
chdir={{ release_web_path }}
changed_when: false
- name: Run database updates
command: >
{{ release_drush_path }}
updatedb -y
chdir={{ release_web_path }}
register: update_database_result
changed_when: "'No pending updates' not in update_database_result.stderr"
- name: Import configuration
command: >
{{ release_drush_path }} config-import -y
chdir={{ release_web_path }}
register: config_import_result
changed_when: "'There are no changes to import' not in config_import_result.stderr"

6
old/drupal/tools/deployment/deploy/before-symlink.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Rebuild Drupal cache
command: >
{{ release_drush_path }} cache-rebuild
chdir={{ release_web_path }}
changed_when: false

9
old/drupal/tools/deployment/hosts.yml Normal file
View file

@ -0,0 +1,9 @@
all:
children:
web:
hosts:
18.134.1.201:
vars:
ansible_port: 2849
ansible_python_interpreter: /usr/bin/python3
ansible_user: ubuntu

8
old/drupal/tools/deployment/includes/build-theme-assets.yml Normal file
View file

@ -0,0 +1,8 @@
---
- name: Copy theme dependencies from the Docker container.
command: |
pwd
ls
docker-compose pull
./run copy-theme-assets
creates={{ release_theme_path }}/build

3
old/drupal/tools/deployment/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- import_playbook: provision.yml
- import_playbook: deploy.yml

41
old/drupal/tools/deployment/provision.yml Normal file
View file

@ -0,0 +1,41 @@
---
- hosts: web
vars_files:
- vars/vars.yml
- vars/provision_vault.yml
- vars/provision_vars.yml
roles:
- name: geerlingguy.firewall
- name: geerlingguy.security
- name: geerlingguy.certbot
- name: geerlingguy.mysql
- name: geerlingguy.nginx
- name: geerlingguy.php-versions
- name: geerlingguy.php
- name: geerlingguy.php-mysql
- name: geerlingguy.composer
- name: geerlingguy.nodejs
pre_tasks:
- name: Update apt cache
apt:
update_cache: true
cache_valid_time: 3600
tasks:
- name: Install packages
package:
name: [curl, zip]
state: present
- name: Add cron jobs
cron:
name: Drupal cron - oliverdavies.uk
minute: '*/5'
job: >
{{ project_root_path }}/{{ ansistrano_current_dir }}/bin/drush core-cron
--root={{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}
--uri https://www.oliverdavies.uk
--quiet

27
old/drupal/tools/deployment/requirements.yml Normal file
View file

@ -0,0 +1,27 @@
---
- name: ansistrano.deploy
version: 3.4.0
- name: ansistrano.rollback
version: 3.0.0
- name: geerlingguy.certbot
version: 3.0.3
- name: geerlingguy.composer
version: 1.9.0
- name: geerlingguy.firewall
version: 2.5.0
- name: geerlingguy.mysql
version: 3.3.0
- name: geerlingguy.nginx
version: 2.7.0
- name: geerlingguy.nodejs
version: 5.1.1
- name: geerlingguy.php
version: 3.7.0
- name: geerlingguy.php-mysql
version: 2.1.0
- name: geerlingguy.php-versions
version: 4.0.2
- name: geerlingguy.security
version: 2.0.1
- name: opdavies.drupal_settings_files
version: 0.2.0

32
old/drupal/tools/deployment/roles/drupal-permissions/tasks/main.yml Normal file
View file

@ -0,0 +1,32 @@
---
- name: Set the permissions for each Drupal root directory.
file:
group: ubuntu
mode: ug=rX,o=
owner: "{{ drupal_permissions.user }}"
path: "{{ item.root }}"
recurse: true
state: directory
with_items: "{{ drupal_permissions.sites }}"
become: true
- name: Set permissions for the defined settings files.
file:
mode: a-X
path: "{{ item.0.root }}/{{ item.1 }}"
state: file
with_subelements:
- "{{ drupal_permissions.sites }}"
- settings_files
become: true
- name: Set permissions for the defined files directories.
file:
mode: ug=rwX,o=
path: "{{ item.0.root }}/{{ item.1 }}"
recurse: true
state: directory
with_subelements:
- "{{ drupal_permissions.sites }}"
- files_directories
become: true

69
old/drupal/tools/deployment/vars/deploy_vars.yml Normal file
View file

@ -0,0 +1,69 @@
---
ansistrano_allow_anonymous_stats: false
ansistrano_deploy_via: git
ansistrano_deploy_to: '{{ project_root_path }}'
ansistrano_git_repo: https://github.com/opdavies/oliverdavies-uk
ansistrano_git_branch: production
ansistrano_keep_releases: 5
ansistrano_shared_paths:
- '{{ project_web_dir }}/sites/default/files'
# Hooks
ansistrano_after_update_code_tasks_file: '{{ playbook_dir }}/deploy/after-update-code.yml'
# ansistrano_before_symlink_tasks_file: '{{ playbook_dir }}/deploy/before-symlink.yml'
app_hash_salt: '{{ vault_app_hash_salt }}'
integromat_webhook_url: '{{ vault_integromat_webhook_url }}'
post_tweet_webhook_url: '{{ vault_post_tweet_webhook_url }}'
release_drush_path: '{{ ansistrano_release_path.stdout }}/bin/drush'
release_web_path: '{{ ansistrano_release_path.stdout }}/{{ project_web_dir }}'
release_theme_path: '{{ release_web_path }}/themes/custom/opdavies'
drupal_permissions:
sites:
- root: "{{ release_web_path }}"
files_directories:
- sites/default/files
settings_files:
- sites/default/settings.php
- sites/default/settings.local.php
user: www-data
drupal_settings:
- drupal_root: '{{ release_web_path }}'
sites:
- name: default
filename: settings.local.php
settings:
hash_salt: '{{ app_hash_salt }}'
databases:
default:
default:
database: '{{ app_mysql_database }}'
driver: mysql
host: '{{ app_mysql_host }}'
password: '{{ app_mysql_password }}'
port: '{{ app_mysql_port }}'
username: '{{ app_mysql_user }}'
trusted_hosts:
- '^www\.oliverdavies\.uk$'
extra_parameters: |
$settings['deployment_identifier'] = '{{ ansistrano_release_version }}';
$settings['config_exclude_modules'] = [
'devel',
'stage_file_proxy',
];
$config['config_split.config_split.live']['status'] = TRUE;
// Configure Cloudflare.
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']];
$settings['reverse_proxy_header'] = 'CF-Connecting-IP';
$settings['omit_vary_cookie'] = TRUE;
$config['opdavies_blog.settings']['integromat_webhook_url'] = '{{ integromat_webhook_url }}';
$config['opdavies_blog.settings']['post_tweet_webhook_url'] = '{{ post_tweet_webhook_url }}';

19
old/drupal/tools/deployment/vars/deploy_vault.yml Normal file
View file

@ -0,0 +1,19 @@
$ANSIBLE_VAULT;1.1;AES256
30653362663533616334373532653633363838333932666137633662313431303763646433366238
3464333531326134626361396661306130373461633536630a653637366565366462313335623561
63653563653533306436663335623961343539366566633730306638323833373261363063363538
3163326166353836300a373466646366663333353165323035613533636138383162663562343231
38353362316136316434373362633839323135666536326662643666303838393635626333373339
63313035633161626534323862346230386461363766666263323964666261636238333631393862
30383638613964313165623732383866333064366136663131396166363737653961646166663664
32346461396537663639303665646639636265646164373066633638396661323463343165633064
66653734356463656462346364336262643761323935646331363864623865316631623239616136
33616262663134323434316533303234643336616434393638393436396439346266353035343931
61336366396237653235653834396237366664303737373766323230336162303763623761633836
63326264643737333064363163353762326636646462363466343334353266303936616163326238
65313235643866323730386363656233333132633837613235643237623130383334646439303839
33383633653334643865623231333836383262303933303032653538636465663938623562336661
63643435373161666331663861646431613236646564316238623736353762303533653835383230
65306231303330376432306664623938386563646434633039313237643239316136656262346562
63313462316338656137613634343034393534646162363464373830623335353564376338623636
6630623238373438363732333834646432633435366165363066

3
old/drupal/tools/deployment/vars/digitalocean_vars.yml Normal file
View file

@ -0,0 +1,3 @@
---
digitalocean_api_key: '{{ vault_digitalocean_api_key }}'

10
old/drupal/tools/deployment/vars/digitalocean_vault.yml Normal file
View file

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
36643735336232646262626537363631353061356565346664643261663565633364323932653232
6639396262393839643437626338343930316439623633330a616566646533343063333166383136
39353532316166623361626133326135383833643030663634376464663838353064663538343162
3536373232623235620a303465306339653663306564383335643166323934393264633532616437
33313231343432643030366565313135653163363434323632613361623339643137343361643135
65666364346566356136383830366334326133633766313130653639626362366138663032653962
39386364613838646133656230356564663564633537376435336438346434633161646436623137
30666239343832663764303830616264643538346665353963383734373265663233303934666363
6461

164
old/drupal/tools/deployment/vars/provision_vars.yml Normal file
View file

@ -0,0 +1,164 @@
---
security_ssh_permit_root_login: 'no'
security_ssh_port: 2849
php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
- 'php{{ php_version }}-cli'
- 'php{{ php_version }}-common'
- 'php{{ php_version }}-fpm'
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-mysql'
- 'php{{ php_version }}-pdo'
- 'php{{ php_version }}-xml'
app_mysql_database: '{{ vault_app_mysql_database }}'
app_mysql_host: '{{ vault_app_mysql_host }}'
app_mysql_password: '{{ vault_app_mysql_password }}'
app_mysql_port: '{{ vault_app_mysql_port }}'
app_mysql_user: '{{ vault_app_mysql_user }}'
mysql_packages:
- mariadb-client
- mariadb-server
- python3-mysqldb
mysql_databases:
- name: "{{ app_mysql_database }}"
mysql_users:
- name: "{{ app_mysql_user }}"
host: "{{ app_mysql_host }}"
password: "{{ app_mysql_password }}"
priv: "{{ app_mysql_database }}.*:ALL"
nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
- listen: 80 default_server
server_name: oliverdavies.uk www.oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: www.oliverdavies.uk.80.conf
- listen: 443 ssl
server_name: oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: oliverdavies.uk.443.conf
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
- listen: 443 ssl default_server
server_name: www.oliverdavies.uk
root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
index: index.php index.html
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
location ~ ^/images/(.*) {
return 301 /sites/default/files/images/$1;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass localhost:9000;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
# Enforce clean URLs
if ($request_uri ~* "^(.*/)index\.php(.*)") {
return 307 $1$2;
}
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_admin_email: oliver+certbot@oliverdavies.uk
certbot_certs:
- domains:
- oliverdavies.uk
- www.oliverdavies.uk
composer_version_branch: '--1'
firewall_allowed_tcp_ports: [80, 443, 22, 2849]

14
old/drupal/tools/deployment/vars/provision_vault.yml Normal file
View file

@ -0,0 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256
65313232366632313563363535343635383966306563366362626632336236393734653863656535
3135306661313266313164343762326364626135303465630a643466643632356532626137613233
34363862623830363833643438623338383433623231396365303636386531666562333834386239
6331353164373966340a613939303635653032386130653430383932636332336436323866643831
63373339336431666139393266316232383065303332336438323166653632363033333534396165
36313937333733353139323034393166353335646531386563353932353837613439323433343266
65396532366365313838666536373534336362363232616336666539366236346566333236613035
30336536656330373366633134383132396266346465646663376466333364656234333061366435
31656335613238613736643163353739633137643634613564373231306565323066663332313736
62306139373761396335353332626162356134326334366631393632376537613134333133373632
66616463353936366262363038383036356630663965353165643264626437373965316436333263
31653631373566613038333335323330396464306163633635626232313664643737376138393932
30626336313137636363336330643661343964636562633331343438636330626462

4
old/drupal/tools/deployment/vars/vars.yml Normal file
View file

@ -0,0 +1,4 @@
---
ansistrano_current_dir: current
project_root_path: /srv/oliverdavies-uk
project_web_dir: web