# Run this with: # ansible-playbook -i playbooks/install_php_mysql_debian.yml -bkK --limit debian-xyz -e @vars-debian-xyz.yml --- - name: Install PHP and MySQL on Debian-based systems hosts: debian become: yes tasks: - name: Update apt cache ansible.builtin.apt: update_cache: yes # Remarque : php 8.2 pour Debian Bookworm - name: Install PHP ansible.builtin.apt: name: - php8.2 - php8.2-fpm - php8.2-iconv # for WordPress - php8.2-mysqli # for WordPress/MySQL - php8.2-phar # for wp-cli - php8.2-curl # for wp-cli - php8.2-gd # WordPress needs this in order to generate thumbnails state: present - name: Install curl ansible.builtin.apt: name: curl state: present - name: Install Nginx ansible.builtin.apt: name: nginx state: present - name: Check if WordPress exists in /var/www/wordpress stat: path: /var/www/wordpress register: wordpress_dir - name: Check if wp-config.php exists in /var/www/wordpress stat: path: /var/www/wordpress/wp-config.php register: wp_config # Only if wordpress_dir.stat.exists is false, download WordPress - name: Install WordPress using curl command: curl -o /tmp/wordpress.tar.gz https://wordpress.org/latest.tar.gz args: creates: /tmp/wordpress.tar.gz when: wordpress_dir.stat.exists == False # Unzip WordPress only if /var/www/wordpress doesn't exist - name: Unzip WordPress # ansible.builtin.unarchive: command: tar -xzf /tmp/wordpress.tar.gz -C /var/www when: wordpress_dir.stat.exists == False # ------ DEBUT AJOUTS SUGGÉRÉS PAR ChatGPT ------ - name: Changer le propriétaire et le groupe de /var/www/wordpress ansible.builtin.file: path: /var/www/wordpress owner: www-data group: www-data recurse: yes state: directory - name: Définir les permissions des dossiers ansible.builtin.find: paths: /var/www/wordpress recurse: yes file_type: directory register: wordpress_directories - name: Appliquer les permissions 755 aux dossiers ansible.builtin.file: path: "{{ item.path }}" mode: '0755' loop: "{{ wordpress_directories.files }}" - name: Définir les permissions des fichiers ansible.builtin.find: paths: /var/www/wordpress recurse: yes file_type: file register: wordpress_files - name: Appliquer les permissions 644 aux fichiers ansible.builtin.file: path: "{{ item.path }}" mode: '0644' loop: "{{ wordpress_files.files }}" - name: Assurer des permissions sécurisées pour wp-config.php ansible.builtin.file: path: /var/www/wordpress/wp-config.php mode: '0440' owner: www-data group: www-data when: wp_config.stat.exists == True # ------ FIN AJOUTS SUGGÉRÉS PAR ChatGPT ------ - name: Install MariaDB Server & Client ansible.builtin.apt: name: - mariadb-server - mariadb-client state: present - name: Start Nginx Service ansible.builtin.service: name: nginx state: started enabled: yes # Ensure the MySQL service starts on boot - name: Start MariaDB Service ansible.builtin.service: name: mariadb state: started enabled: yes # Ensure the MariaDB service starts on boot - name: Installer le client MySQL pour Python ansible.builtin.apt: name: python3-mysqldb state: present update_cache: yes - name: create MySQL database mysql_db: check_implicit_admin: yes login_user: "{{ db_username }}" login_password: "{{ db_password }}" name: "{{ db_name }}" encoding: utf8mb4 collation: utf8mb4_unicode_ci state: present - name: create MySQL user mysql_user: name: "{{ db_username }}" password: "{{ db_password }}" priv: "{{ db_name }}.*:ALL,GRANT" state: present - name: Downlownload wp salt config command: curl https://api.wordpress.org/secret-key/1.1/salt/ register: wp_salt when: wp_config.stat.exists == False # Register wp-salt content as variable # - name: Read wp-salt content # ansible.builtin.slurp: # src: /tmp/wp-salt # register: wp_salt # Use variables from vars above and from wp_salt - name: Create wp-config.php ansible.builtin.template: src: templates/wp-config-sample.php.j2 dest: /var/www/wordpress/wp-config.php owner: root group: root mode: 0644 when: wp_config.stat.exists == False # Overwrite default vhost config with our own - name: Write WordPress vhost config ansible.builtin.template: src: templates/nginx-wordpress.conf.j2 dest: /etc/nginx/sites-available/nginx-wordpress.conf owner: root group: root mode: 0644 - name: Create symbolic link to enable the vhost ansible.builtin.file: src: /etc/nginx/sites-available/nginx-wordpress.conf dest: /etc/nginx/sites-enabled/nginx-wordpress.conf state: link # remove `default` symlink from sites-enabled - name: Remove default symlink from sites-enabled ansible.builtin.file: path: /etc/nginx/sites-enabled/default state: absent - name: Restart PHP-FPM ansible.builtin.service: name: php8.2-fpm state: restarted enabled: yes # Ensure the PHP-FPM service starts on boot - name: Restart Nginx ansible.builtin.service: name: nginx state: restarted enabled: yes # Ensure the PHP-FPM service starts on boot # Check if wp-cli exists - name: Check if wp-cli exists ansible.builtin.stat: path: /usr/local/bin/wp register: wp_cli # Download WordPress CLI - name: Download WordPress CLI command: curl -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar args: creates: /usr/local/bin/wp when: wp_cli.stat.exists == False # Make WordPress CLI executable - name: Make WordPress CLI executable command: chmod +x /usr/local/bin/wp # Check if WordPress is installed - name: Check if WordPress is installed command: sudo -u debian wp core is-installed --path=/var/www/wordpress register: wp_installed ignore_errors: yes # WP core install (cwd: /var/www/wordpress) - name: Install WordPress command: sudo -u debian wp core install --url={{ site_url }} --title=My\ Blog --admin_user=admin --admin_password=admin --admin_email=benoithubert@gmail.com # WP-CLI complains if we run it as root, so we become a regular user become: no # Shou args: chdir: /var/www/wordpress when: wp_installed.rc != 0