jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
roles/phpmyadmin/templates/config.inc.php.j2 Normal file
View File

@@ -0,0 +1,36 @@
<?php
/*
{{ ansible_managed }}
*/
$cfg['blowfish_secret'] = '{{ pma_key }}';
$i = 0;
{% for server in pma_servers | default([]) %}
$i++;
$cfg['Servers'][$i]['auth_type'] = '{{ server.auth_type | default('cookie') }}';
$cfg['Servers'][$i]['host'] = '{{ server.host | default(mysql_server) }}';
{% if server.auth_type == 'signon' %}
$cfg['Servers'][$i]['SignonURL'] = '/sso.php';
$cfg['Servers'][$i]['SignonSession'] = 'PmaSignonSession';
{% endif %}
{% if server.host | default('localhost') == 'localhost' %}
$cfg['Servers'][$i]['socket'] = '{{ server.socket | default('/var/lib/mysql/mysql.sock') }}';
{% endif %}
{% if server.port is defined %}
$cfg['Servers'][$i]['port'] = '{{ server.port }}';
{% endif %}
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
{% endfor %}
$cfg['UploadDir'] = '{{ pma_root_dir }}/tmp';
$cfg['TempDir'] = '{{ pma_root_dir }}/tmp';
$cfg['SaveDir'] = '{{ pma_root_dir }}/data';
$cfg['ShowAll'] = true;
$cfg['SendErrorReports'] = 'never';
$cfg['PmaNoRelation_DisableWarning'] = true;
?>

44
roles/phpmyadmin/templates/httpd.conf.j2 Normal file
View File

@@ -0,0 +1,44 @@
{% if pma_alias is defined %}
Alias /{{ pma_alias }} {{ pma_root_dir }}/web
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
ProxyTimeout 1800
<Directory {{ pma_root_dir }}/web>
AllowOverride All
Options FollowSymLinks
{% if pma_allowed_ip is defined %}
Require ip {{ pma_allowed_ip | join(' ') }}
{% else %}
Require all granted
{% endif %}
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/{{ pma_php_fpm_pool | default('pma_' + pma_id | string) }}.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch "(\.git.*|README|LICENSE|DCO|CONTRIBUTING\.md|ChangeLog|composer\..*|config(\.sample)?\.inc\.php)">
Require all denied
</FilesMatch>
</Directory>
<Directory {{ pma_root_dir }}/web/examples>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/libraries>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/sql>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/locales>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/setup>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/sql>
Require all denied
</Directory>
<Directory {{ pma_root_dir }}/web/vendor>
Require all denied
</Directory>

16
roles/phpmyadmin/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
restorecon -R {{ pma_root_dir }}
chown root:root {{ pma_root_dir }}
chmod 700 {{ pma_root_dir }}
chown -R root:root {{ pma_root_dir }}/meta
chmod 700 {{ pma_root_dir }}/meta
setfacl -R -k -b {{ pma_root_dir }}
setfacl -m u:{{ pma_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:rx {{ pma_root_dir }}
chown -R root:root {{ pma_root_dir }}/web
chown -R {{ pma_php_user }} {{ pma_root_dir }}/{tmp,sessions,cache}
chmod 700 {{ pma_root_dir }}/{tmp,sessions,cache}
find {{ pma_root_dir }}/web -type f -exec chmod 644 "{}" \;
find {{ pma_root_dir }}/web -type d -exec chmod 755 "{}" \;
chown root:{{ pma_php_user }} {{ pma_root_dir }}/web/{sso.php,config.inc.php}
chmod 640 {{ pma_root_dir }}/web/{sso.php,config.inc.php}

37
roles/phpmyadmin/templates/php.conf.j2 Normal file
View File

@@ -0,0 +1,37 @@
[pma_{{ pma_id }}]
listen.owner = root
listen.group = {{ httpd_user | default('apache') }}
listen.mode = 0660
listen = /run/php-fpm/pma_{{ pma_id }}.sock
user = {{ pma_php_user }}
group = {{ pma_php_user }}
catch_workers_output = yes
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 6
pm.max_requests = 5000
request_terminate_timeout = 30m
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = 512M
php_admin_value[session.save_path] = {{ pma_root_dir }}/sessions
php_admin_value[upload_tmp_dir] = {{ pma_root_dir }}/tmp
php_admin_value[sys_temp_dir] = {{ pma_root_dir }}/tmp
php_admin_value[post_max_size] = 1024M
php_admin_value[upload_max_filesize] = 1024M
php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = {{ pma_root_dir }}
php_admin_value[max_execution_time] = 1800
php_admin_value[max_input_time] = 1800
php_admin_value[max_input_vars] = 10000
php_admin_flag[allow_url_include] = off
php_admin_flag[allow_url_fopen] = off
php_admin_flag[file_uploads] = on
php_admin_flag[session.cookie_httponly] = on

59
roles/phpmyadmin/templates/sso.php.j2 Normal file
View File

@@ -0,0 +1,59 @@
<?php
$login['admin'] = 'sqladmin';
$password['admin'] = '{{ mysql_admin_pass | regex_replace('\'', '\\\'')}}';
{% for user in pma_sso_users | default([]) %}
$login['{{ user.user }}'] = '{{ user.sql_login }}';
$password['{{ user.user }}'] = '{{ user.sql_password | regex_replace('\'', '\\\'') }}';
{% endfor %}
{% for group in pma_sso_groups | default([]) %}
$g_login['{{ group.group }}'] = '{{ group.sql_login }}';
$g_password['{{ group.group }}'] = '{{ group.sql_password | regex_replace('\'', '\\\'') }}';
{% endfor %}
{% for client in wh_clients | default([]) %}
$g_login['Client_{{ client.name }}'] = '{{ client.name | regex_replace('\'', '\\\'') }}';
$g_password['Client_{{ client.name }}'] = '{{ client.db_pass | default((wh_pass_seed | password_hash('sha256', 65534 | random(seed=client.name) | string))[9:27]) | regex_replace('\'', '\\\'') }}';
{% endfor %}
{% for field in pma_sso_user_fields %}
if (!isSet($ssologin) && isSet($_SERVER['{{ field }}'])){
$ssologin = $_SERVER['{{ field }}'];
}
{% endfor %}
{% for field in pma_sso_groups_fields %}
if (!isSet($ssogroups) && isSet($_SERVER['{{ field }}'])){
$ssogroups = explode('; ', $_SERVER['{{ field }}']);
}
{% endfor %}
if(isSet($ssologin) && isSet($login[$ssologin]) && isSet($password[$ssologin])) {
session_set_cookie_params(0, '/', '', 0);
session_name('PmaSignonSession');
session_start();
$_SESSION['PMA_single_signon_user'] = $login[$ssologin];
$_SESSION['PMA_single_signon_password'] = $password[$ssologin];
session_write_close();
header('Location: /index.php');
exit(0);
} elseif (isSet($ssogroups)) {
foreach ($ssogroups as $group){
if (isSet($g_login[$group]) && isSet($g_password[$group])){
session_set_cookie_params(0, '/', '', 0);
session_name('PmaSignonSession');
session_start();
$_SESSION['PMA_single_signon_user'] = $g_login[$group];
$_SESSION['PMA_single_signon_password'] = $g_password[$group];
session_write_close();
header('Location: /index.php');
exit(0);
}
}
}
header('HTTP/1.0 403 Forbidden');
echo 'Not logged in the SSO system';
die;
?>