podman-wordpress role created

modified: ../.gitignore Added env files modified: ../ansible/playbooks/equilibrateit.com.yml Moved tasks to role deleted: ../docker-compose.yml Moved file to role new file: main.tf Tofu provider new file: variables.tf Tofu resource variables deleted: ../wordpress/apache/Dockerfile Changed file to template, moved to role
4 months ago · b3bffb22c0
parent 1111c1a203
commit b3bffb22c0
6 changed files with 71 additions and 80 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,4 @@
 archives/
+tofu/terraform*
+tofu/.terraform*
+tofu/.*
--- a/ansible/playbooks/equilibrateit.com.yml
+++ b/ansible/playbooks/equilibrateit.com.yml
@ -1,5 +1,5 @@
 ---
- hosts: equilibrateit.com
+- hosts: test-wordpress
  become: yes
  become_user: root

@ -7,17 +7,4 @@
    - podman-host
    - repo-epel
    - certbot
-  tasks:
-    - name: Root port forwards for web traffic.
-      firewalld:
-        rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=4443
-        zone: public
-        permanent: true
-        immediate: true
-        state: enabled
-      firewalld:
-        rich_rule: rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080
-        zone: public
-        permanent: true
-        immediate: true
-        state: enabled
+    - podman-wordpress
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,44 +0,0 @@
-version: '3.6'
-
-services:
-  wordpress:
-    build: ./wordpress/apache
-    volumes:
-        - ~/wordpress/data:/var/www/html
-    depends_on:
-        - db
-    ports:
-        - 8080:80 # change to 80:80 when the shop is ready to go live
-        - 4443:443 # change to 80:80 when the shop is ready to go live
-    restart: always
-    env_file: ".env"
-
-  db:
-     image: mysql:5.7
-     volumes:
-         - ~/wordpress/database:/var/lib/mysql
-     restart: always
-     env_file: ".env"
-
-  wordpress-cli:
-    depends_on:
-      - db
-      - wordpress
-    image: wordpress:cli
-    # vstm: This is required to run wordpress-cli with the same
-    # user-id as wordpress. This way there are no permission problems
-    # when running the cli
-    user: '33'
-    # vstm: The sleep 10 is required so that the command is run after
-    # mysql is initialized. Depending on your machine this might take
-    # longer or it can go faster.
-    command: >
-      /bin/sh -c '
-      sleep 10;
-      wp user list'
-
-    # vstm: add shared volume
-    volumes:
-          - ~/wordpress/data:/var/www/html
-    # WP CLI needs the environment variables used for the Wordpress image
-    env_file: ".env"
--- a/tofu/main.tf
+++ b/tofu/main.tf
@ -0,0 +1,22 @@
+terraform {
+  required_providers {
+    linode = {
+      source = "linode/linode"
+      version = "2.26.0"
+    }
+  }
+}
+
+provider linode {
+  # Configuration options
+  token = var.token
+}
+
+resource linode_instance "instance" {
+  label = var.label
+  image = var.image
+  region = var.region
+  type = var.type
+  authorized_keys = var.authorized_keys
+  root_pass = var.root_pass
+}
--- a/tofu/variables.tf
+++ b/tofu/variables.tf
@ -0,0 +1,44 @@
+## Required Variables
+##
+
+variable "token" {
+  description	= "The linode API Token"
+  type		= string
+}
+
+variable "label" {
+  description	= "The label for the linode."
+  type		= string
+}
+
+variable "root_pass" {
+  description	= "The root password of the linode."
+  type		= string
+}
+
+## Optional Variables
+##
+
+variable "image" {
+  description	= "The OS image for the linode."
+  type		= string
+  default	= "linode/almalinux9"
+}
+
+variable "region" {
+  description	= "The region where the linode will run."
+  type		= string
+  default	= "ca-central"
+}
+
+variable "type" {
+  description	= "The linode host type."
+  type		= string
+  default	= "g6-nanode-1"
+}
+
+variable "authorized_keys" {
+  description	= "The list of public keys to be authorized for ssh login."
+  type		= list
+  default	= ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeRI1w3uNny7KjK2UdlAnyoGdGgtOx4isSD52u5dr4QkkdLRMj42dLjgT0MK+QehlgaH2XzFPMDz+hZQ+66YeBSm+F4km/8F9XVyUzGl0scUA1p0pqeL3FiyM3Art4Bo71zuE3PvMjyI3pGMKQ3VDWVA0XdAjjSw4G+czJTxZLLBPGvzDT07WuWM4Evl6H21Gn7PB6CKNV0vuUZwGiCsjRbghml1L2kDtTXV1B6wQsniuhQigIVo6YXhMgge/2UCcmiyeEizdfaSstrQHEyxFMvlPUJyw4a3plAuPORDyZdAFF6OA7/wP5fVWoCu/CkbMIDjPifXGQOuhQU1qUVy7r m00t@miserver.lan"]
+}
--- a/wordpress/apache/Dockerfile
+++ b/wordpress/apache/Dockerfile
@ -1,21 +0,0 @@
-FROM wordpress:6.6.1-php8.2-apache
-
-COPY fullchain.pem /etc/ssl/certs/
-COPY privkey.pem /etc/ssl/private/
-
-RUN set -eux; \
-        a2enmod ssl; \
-	{ \
-		echo '<VirtualHost _default_:443>'; \
-    
-    
-    
-    
-# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
-		echo 'ServerName equilibrateit.com:443'; \
-		echo 'SSLEngine on'; \
-		echo 'SSLCertificateKeyFile  /etc/ssl/private/privkey.pem'; \
-		echo 'SSLCertificateFile /etc/ssl/certs/fullchain.pem'; \
-		echo '</VirtualHost>'; \
-	} > /etc/apache2/sites-available/equilibrateit.com-ssl.conf; \
-	ln -s /etc/apache2/sites-available/equilibrateit.com-ssl.conf /etc/apache2/sites-enabled/equilibrateit.com-ssl.conf; \