initial commit

.gitignore

@@ -0,0 +1,4 @@
+.ansible/
+.vscode/
+
+inventory.yaml

playbook.yaml

@@ -0,0 +1,14 @@
+---
+- name: Install GLPI
+  hosts: ungrouped
+  remote_user: root
+
+  pre_tasks:
+    - name: Update APT packages indexes
+      ansible.builtin.apt:
+        update_cache: true
+  roles:
+    - nginx
+    - php
+    - glpi
+...

roles/glpi/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Download GLPI archive
+  ansible.builtin.get_url:
+    url: "{{ glpi_archive_url }}"
+    dest: '/var/www'
+    owner: root
+    group: nogroup
+    mode: '0600'
+  register: glpi_archive
+
+- name: Extract the archive
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ glpi_archive.dest }}"
+    dest: '/var/www'
+    owner: www-data
+    group: nogroup
+    mode: '0700'
+
+- name: Rename the folder
+  ansible.builtin.command:
+    argv:
+      - '/usr/bin/mv'
+      - '/var/www/glpi'
+      - "{{ glpi_folderpath }}"
+  changed_when: true
+
+- name: Link the glpi folder with version to glpi
+  ansible.builtin.file:
+    src: "{{ glpi_folderpath }}"
+    path: '/var/www/glpi'
+    state: link
+...

roles/glpi/vars/main.yml

@@ -0,0 +1,4 @@
+---
+glpi_archive_url: 'https://github.com/glpi-project/glpi/releases/download/10.0.19/glpi-10.0.19.tgz'
+glpi_folderpath: '/var/www/glpi_v10.0.19'
+...

roles/nginx/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart Nginx
+  ansible.builtin.service:
+    name: nginx.service
+    state: restarted
+...

roles/nginx/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+- name: Install Nginx
+  ansible.builtin.apt:
+    name: nginx
+
+- name: Delete default sites
+  ansible.builtin.file:
+    dest: "{{ item }}"
+    state: absent
+  loop:
+    - '/etc/nginx/sites-available/default'
+    - '/etc/nginx/sites-enabled/default'
+
+- name: Replace nginx.conf configuration file
+  ansible.builtin.copy:
+    src: "{{ playbook_dir }}/roles/nginx/templates/nginx.conf.jinja2"
+    dest: "/etc/nginx/nginx.conf"
+    owner: root
+    group: nogroup
+    mode: '0600'
+
+- name: Copy the glpi.site site file to /etc/nginx/sites-available
+  ansible.builtin.template:
+    src: "{{ playbook_dir }}/roles/nginx/templates/glpi.site.jinja2"
+    dest: "/etc/nginx/sites-available/glpi.site"
+    owner: root
+    group: nogroup
+    mode: '0600'
+  register: nginx_site_glpi
+
+- name: Link the glpi.site to /etc/nginx/sites-enabled
+  ansible.builtin.file:
+    src: "{{ nginx_site_glpi.dest }}"
+    dest: "/etc/nginx/sites-enabled/glpi.site"
+    state: link
+  notify: Restart Nginx
+...

roles/nginx/templates/glpi.site.jinja2

@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ nginx_site_fqdn }};
+
+    root /var/www/glpi/public;
+
+    location / {
+        try_files $uri /index.php$is_args$args;
+    }
+
+    location ~ ^/index\.php$ {
+        fastcgi_pass unix:/run/php/php-fpm.sock;
+
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}

roles/nginx/templates/nginx.conf.jinja2

@@ -0,0 +1,39 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  sendfile on;
+  tcp_nopush on;
+  types_hash_max_size 2048;
+  # server_tokens off;
+
+  # server_names_hash_bucket_size 64;
+  # server_name_in_redirect off;
+
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+
+  access_log /var/log/nginx/access.log;
+
+  gzip on;
+
+  # gzip_vary on;
+  # gzip_proxied any;
+  # gzip_comp_level 6;
+  # gzip_buffers 16 8k;
+  # gzip_http_version 1.1;
+  # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/sites-enabled/*.site;
+}

roles/nginx/vars/main.yml

@@ -0,0 +1,3 @@
+---
+nginx_site_fqdn: assistance.johann-infra.net
+...

roles/php/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart PHP-FPM
+  ansible.builtin.service:
+    name: "php{{ php_version }}-fpm.service"
+    state: restarted
+...

roles/php/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Install PHP extensions
+  ansible.builtin.apt:
+    name:
+      - "php{{ php_version }}-fpm"
+
+      # Required
+      - "php{{ php_version }}-common"
+      - php-json
+      - "php{{ php_version }}-xml"
+      - "php{{ php_version }}-curl"
+      - "php{{ php_version }}-gd"
+      - "php{{ php_version }}-intl"
+      - "php{{ php_version }}-mysql"
+
+      # Optional
+      - "php{{ php_version }}-bz2"
+      - "php{{ php_version }}-zip"
+      - "php{{ php_version }}-ldap"
+      - "php{{ php_version }}-mbstring"
+
+- name: Configure session.cookie_secure on php.ini to on
+  ansible.builtin.replace:
+    path: "/etc/php/{{ php_version }}/fpm/php.ini"
+    regexp: "^(;)?({{ item }} =)( (on|off))?$"
+    replace: "{{ item }} = on"
+  loop:
+    - session.cookie_secure
+    - session.cookie_httponly
+  notify:
+    - Restart PHP-FPM
+...

roles/php/vars/main.yml

@@ -0,0 +1,3 @@
+---
+php_version: '8.2'
+...