Merge branch 'unstable' into stable

2017-09-08 02:02:53 +02:00 · 2017-09-08 02:02:53 +02:00 · 62189dbca8
parent 6ac4bdf734 27f0369c5b
commit 62189dbca8
41 changed files with 550 additions and 112 deletions
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@ -9,8 +9,6 @@ apache_evolinux_default_enabled: True
 apache_evolinux_default_ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
 apache_evolinux_default_ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key

-apache_phpmyadmin_set: False
-apache_phpmyadmin_suffix: ""
 apache_serverstatus_suffix: ""

 apache_log2mail_include: True
--- a/apache/files/evolinux-custom.conf
+++ b/apache/files/evolinux-custom.conf
@ -20,3 +20,7 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
 ##SSLUseStapling on
 ##SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling-cache(150000)
 #</IfModule>
+
+#<FilesMatch ".(eot|ttf|otf|woff)">
+#    Header set Access-Control-Allow-Origin "*"
+#</FilesMatch>
--- a/apache/meta/main.yml
+++ b/apache/meta/main.yml
@ -12,6 +12,7 @@ galaxy_info:
  - name: Debian
    versions:
    - jessie
+    - stretch

 dependencies: []
  # List your role dependencies here, one per line.
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -90,7 +90,7 @@
    src: evolinux-default.conf.j2
    dest: /etc/apache2/sites-available/000-evolinux-default.conf
    mode: "0640"
-    # force: yes
+    force: no
  notify: reload apache
  tags:
  - apache
@ -134,11 +134,6 @@
  check_mode: no
  tags:
  - apache
-  when: apache_phpmyadmin_set
-
- include: phpmyadmin.yml
-  when: apache_phpmyadmin_set and _default_index.stat.exists
-

 # - block:
 #   - name: generate random string for serverstatus suffix
--- a/apache/tasks/phpmyadmin.yml
+++ b/apache/tasks/phpmyadmin.yml
@ -1,32 +0,0 @@
---
-
- block:
-  - name: packages are installed
-    apt:
-      name: '{{ item }}'
-      state: present
-    with_items:
-    - phpmyadmin
-    - apg
-
-  - name: generate random string for phpmyadmin suffix
-    command: "apg -a 1 -M N -n 1"
-    changed_when: False
-    register: _random_phpmyadmin_suffix
-
-  - name: overwrite apache_phpmyadmin_suffix
-    set_fact:
-      apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
-  when: apache_phpmyadmin_suffix == ""
-  tags:
-  - apache
-  - phpmyadmin
-
- name: replace phpmyadmin suffix in default site index
-  replace:
-    dest: /var/www/index.html
-    regexp: '__PHPMYADMIN_SUFFIX__'
-    replace: "{{ apache_phpmyadmin_suffix }}"
-  tags:
-  - apache
-  - phpmyadmin
--- a/apache/templates/evolinux-default.conf.j2
+++ b/apache/templates/evolinux-default.conf.j2
@ -67,6 +67,8 @@

        DocumentRoot /var/www/

+        # We override these 2 Directory directives setted in apache2.conf.
+        # We want no access except from allowed IP address.
        <Directory />
            Include /etc/apache2/ipaddr_whitelist.conf
        </Directory>
@ -80,12 +82,6 @@
        SSLCertificateFile    {{ apache_evolinux_default_ssl_cert }}
        SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}

-        # We override these 2 Directory directives setted in apache2.conf.
-        # We want no access except from allowed IP address.
-        <Directory />
-            Include /etc/apache2/ipaddr_whitelist.conf
-        </Directory>
-
        # Munin. We need to set Directory directive as Alias take precedence.
        Alias /munin /var/cache/munin/www
        <Directory /var/cache/munin/>
@ -106,6 +102,9 @@
            Include /etc/apache2/ipaddr_whitelist.conf
        </Directory>

+# BEGIN phpMyAdmin section
+# END phpMyAdmin section
+
        CustomLog /var/log/apache2/access.log vhost_combined
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
--- a/apt/files/reg.gpg
+++ b/apt/files/reg.gpg
@ -1,16 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>Public Key Server -- Get "0x44975278b8612b5d "</title>
-<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
-<style type="text/css">
-/*<![CDATA[*/
- .uid { color: green; text-decoration: underline; }
- .warn { color: red; font-weight: bold; }
-/*]]>*/
-</style></head><body><h1>Public Key Server -- Get "0x44975278b8612b5d "</h1>
-<pre>
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: SKS 1.1.6
 Comment: Hostname: keyserver.ubuntu.com
@ -930,6 +917,4 @@ yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
 g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
 BWcdiQ==
 =iUyJ
-----END PGP PUBLIC KEY BLOCK-----
-</pre>
-</body></html>
+-----END PGP PUBLIC KEY BLOCK-----
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@ -143,7 +143,6 @@ evolinux_default_www_include: True

 evolinux_default_www_files: True
 evolinux_default_www_ssl_cert: True
-evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"

 # hardware

--- a/evolinux-base/tasks/default_www.yml
+++ b/evolinux-base/tasks/default_www.yml
@ -20,6 +20,7 @@
    src: default_www/index.html.j2
    dest: /var/www/index.html
    mode: "0755"
+    force: no
  when: evolinux_default_www_files

 # SSL cert
@ -27,7 +28,7 @@
 - block:

  - name: Create private key and csr for default site ({{ ansible_fqdn }})
-    command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}"
+    command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
    args:
      creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"

--- a/evolinux-base/tasks/ssh.yml
+++ b/evolinux-base/tasks/ssh.yml
@ -8,7 +8,7 @@
  blockinfile:
    dest: /etc/ssh/sshd_config
    block: |
-      Match Group sudo
+      Match Group evolinux-sudo
          PasswordAuthentication no
      Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
          PasswordAuthentication yes
--- a/evolinux-base/templates/default_www/index.html.j2
+++ b/evolinux-base/templates/default_www/index.html.j2
@ -59,13 +59,15 @@
        <ul id="evolinks">
            <li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
            <li><a href="/server-status">Server Status</a></li>
-            <!--
-            <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
-            <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
-            <li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
-            <li><a href="/info.php">Infos PHP</a></li>
-            <li><a href="/opcache.php">Infos OpCache PHP</a></li>
-            -->
+            <!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->
+            <!-- <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li> -->
+            <!-- <li><a href="/cgi-bin/awstats.pl">Stats web</a></li> -->
+            <!-- <li><a href="/info.php">Infos PHP</a></li> -->
+            <!-- <li><a href="/opcache.php">Infos OpCache PHP</a></li> -->
+<!-- BEGIN evoadmin-web section -->
+<!-- END evoadmin-web section -->
+<!-- BEGIN evoadmin-mail section -->
+<!-- END evoadmin-mail section -->
        </ul>

        <p class="footer">
--- a/evomaintenance/tasks/main.yml
+++ b/evomaintenance/tasks/main.yml
@ -14,14 +14,14 @@
    src: evomaintenance.j2
    dest: /etc/evomaintenance.cf

- name: list users with a shell
-  shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
-  changed_when: False
-  check_mode: no
-  register: home_of_shell_users
-
- include: trap.yml home={{ item }}
-  with_items: "{{ home_of_shell_users.stdout_lines }}"
+# - name: list users with a shell
+#   shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
+#   changed_when: False
+#   check_mode: no
+#   register: home_of_shell_users
+#
+# - include: trap.yml home={{ item }}
+#   with_items: "{{ home_of_shell_users.stdout_lines }}"

 - name: Is minifirewall installed?
  stat:
--- a/mongodb/tasks/main.yml
+++ b/mongodb/tasks/main.yml
@ -3,7 +3,7 @@
 - fail:
    msg: only compatible with Debian 8
  when:
-  - ansible_distribution =! "Debian" or ansible_distribution_release != "jessie"
+  - ansible_distribution != "Debian" or ansible_distribution_release != "jessie"

 # Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
 - name: MongoDB public GPG Key
--- a/mysql/README.md
+++ b/mysql/README.md
@ -18,7 +18,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` :

 ## Available variables

-* `mysql_variant` : install Oracle's MySQL or MariaDB (default: `oracle`) ;
+* `mysql_variant` : install Oracle's MySQL or MariaDB (default: `oracle`) [Debian 8 only];
 * `mysql_replace_root_with_mysqladmin`: switch from `root` to `mysqladmin` user or not ;
 * `mysql_thread_cache_size`: number of threads for the cache ;
 * `mysql_innodb_buffer_pool_size`: amount of RAM dedicated to InnoDB ;
@ -30,4 +30,4 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
 * `mysql_scripts_dir`: email address to send Log2mail messages to (default: `general_scripts_dir`).
 * `mysql_force_new_nrpe_password` : change the password for NRPE even if it exists already (default: `False`).

-NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created  and can't be switched back, yet).
+NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet).
--- a/mysql/tasks/config_jessie.yml
+++ b/mysql/tasks/config_jessie.yml
--- a/mysql/tasks/config_stretch.yml
+++ b/mysql/tasks/config_stretch.yml
@ -0,0 +1,22 @@
+---
+- name: Copy MySQL defaults config file
+  copy:
+    src: evolinux-defaults.cnf
+    dest: /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf
+    owner: root
+    group: root
+    mode: "0644"
+    force: yes
+  tags:
+    - mysql
+
+- name: Copy MySQL custom config file
+  template:
+    src: evolinux-custom.cnf.j2
+    dest: /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf
+    owner: root
+    group: root
+    mode: "0640"
+    force: no
+  tags:
+    - mysql
--- a/mysql/tasks/main.yml
+++ b/mysql/tasks/main.yml
@ -12,7 +12,11 @@
 - include: users_jessie.yml
  when: ansible_distribution_release == "jessie"

- include: config.yml
+- include: config_stretch.yml
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- include: config_jessie.yml
+  when: ansible_distribution_release == "jessie"

 - include: datadir.yml

--- a/mysql/tasks/utils.yml
+++ b/mysql/tasks/utils.yml
@ -10,16 +10,7 @@

 # mytop

-# mytop is installed with MariaB
-# the package has been removed of Stretch repositories
- name: Is mytop available ?
-  command: which mytop
-  failed_when: False
-  changed_when: False
-  check_mode: no
-  register: which_mytop
-
- name: Install mytop
+- name: "Install mytop (jessie)"
  apt:
    name: mytop
    state: present
@ -27,7 +18,16 @@
    - packages
    - mytop
    - mysql
-  when: which_mytop.rc != 0
+  when: ansible_distribution_release == "jessie"
+
+- name: "Install depends for mytop (Debian 9 or later)"
+  apt:
+    name: "{{ item }}"
+  with_items:
+  - mariadb-client-10.1
+  - libconfig-inifiles-perl
+  - libterm-readkey-perl
+  when: ansible_distribution_major_version | version_compare('9', '>=')

 - name: Read debian-sys-maint password
  shell: cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3
@ -62,7 +62,6 @@
  tags:
    - mysql
    - mysqltuner
-    - mysqltuner

 - name: Install aha
  apt:
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@ -6,3 +6,5 @@ packweb_enable_evoadmin_vhost: True
 packweb_fhs_retrictions: True
 packweb_apache_modphp: True
 packweb_apache_fpm: False
+
+packweb_phpmyadmin_suffix: ""
--- a/packweb-apache/files/info.php
+++ b/packweb-apache/files/info.php
@ -0,0 +1,3 @@
+<?php
+phpinfo();
+?>
--- a/packweb-apache/tasks/fhs_retrictions.yml
+++ b/packweb-apache/tasks/fhs_retrictions.yml
@ -40,6 +40,11 @@
  - /etc/phpmyadmin
  - /var/log/installer

+- name: Change group to www-data for /etc/phpmyadmin/
+  file:
+    dest: /etc/phpmyadmin/
+    group: www-data
+
 - name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
  shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
  register: command_result
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@ -23,6 +23,18 @@
    php_fpm_enable: True
  when: packweb_apache_fpm

+- name: install info.php
+  copy:
+    src: info.php
+    dest: /var/www/info.php
+    mode: "0644"
+
+- name: enable info.php link in default site index
+  lineinfile:
+    dest: /var/www/index.html
+    line: '            <li><a href="/info.php">Infos PHP</a></li>'
+    regexp: "Infos PHP"
+
 - name: Add elements to user account template
  file:
    path: "/etc/skel/{{ item.path }}"
--- a/packweb-apache/tasks/phpmyadmin.yml
+++ b/packweb-apache/tasks/phpmyadmin.yml
@ -2,8 +2,11 @@

 - name: Install phpmyadmin
  apt:
-    name: phpmyadmin
+    name: '{{ item }}'
    state: present
+  with_items:
+  - phpmyadmin
+  - apg

 - name: Check if phpmyadmin default configuration is present
  stat:
@ -20,7 +23,37 @@
  changed_when: "'Disabling' in command_result.stderr"
  when: pma_default_config.stat.exists

- name: Change group to www-data for /etc/phpmyadmin/
-  file:
-    dest: /etc/phpmyadmin/
-    group: www-data
+- name: generate random string for phpmyadmin suffix
+  command: "apg -a 1 -M N -n 1"
+  changed_when: False
+  register: _random_phpmyadmin_suffix
+
+- name: overwrite packweb_phpmyadmin_suffix
+  set_fact:
+    packweb_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
+  when: packweb_phpmyadmin_suffix == ""
+
+- name: enable phpMyAdmin config
+  blockinfile:
+    dest: /etc/apache2/sites-available/000-evolinux-default.conf
+    marker: "# {mark} phpMyAdmin section"
+    block: |
+      Alias /phpmyadmin /var/www
+      Alias /phpmyadmin-{{ packweb_phpmyadmin_suffix }} /usr/share/phpmyadmin/
+      Include /etc/phpmyadmin/apache.conf
+      <Directory /usr/share/phpmyadmin/>
+          Require all denied
+          Include /etc/apache2/ipaddr_whitelist.conf
+      </Directory>
+
+- name: enable phpmyadmin link in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp:  '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
+    replace: '     <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
+
+- name: replace phpmyadmin suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__PHPMYADMIN_SUFFIX__'
+    replace: "{{ packweb_phpmyadmin_suffix }}"
--- a/php/defaults/main.yml
+++ b/php/defaults/main.yml
@ -2,3 +2,4 @@

 php_fpm_enable: False
 php_apache_enable: False
+php_symfony_requirements: False
--- a/php/tasks/apache.yml
+++ b/php/tasks/apache.yml
@ -57,3 +57,14 @@
    content: |
      # Put customized values here.
    force: no
+
+- name: "Set custom values for PHP to enable Symfony"
+  ini_file:
+    dest: "{{ php_apache_custom_file }}"
+    section: PHP
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: "0644"
+  with_items:
+  - { option: "date.timezone", value: "Europe/Paris" }
+  when: php_symfony_requirements
--- a/php/tasks/fpm.yml
+++ b/php/tasks/fpm.yml
@ -88,3 +88,14 @@
      # Put customized values here.
    force: no

+- name: "Set custom values for PHP to enable Symfony"
+  ini_file:
+    dest: "{{ phpini_cli_custom_file }}"
+    section: PHP
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: "0644"
+  with_items:
+  - { option: "date.timezone", value: "Europe/Paris" }
+  when: php_symfony_requirements
+
--- a/php/tasks/php_jessie.yml
+++ b/php/tasks/php_jessie.yml
@ -23,7 +23,7 @@
    phpini_cli_defaults_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini
    phpini_cli_custom_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini

- name: Set default php.ini values for CLI
+- name: "Set default php.ini values for CLI (jessie)"
  ini_file:
    dest: "{{ phpini_cli_defaults_file }}"
    section: PHP
@ -39,7 +39,7 @@
  - { option: "html_errors", value: "Off" }
  - { option: "allow_url_fopen", value: "Off" }

- name: Disable PHP functions for CLI
+- name: "Disable PHP functions for CLI (jessie)"
  ini_file:
    dest: "{{ phpini_cli_defaults_file }}"
    section: PHP
@ -52,3 +52,15 @@
    content: |
      # Put customized values here.
    force: no
+
+- name: "Set custom values for PHP to enable Symfony (jessie)"
+  ini_file:
+    dest: "{{ phpini_cli_custom_file }}"
+    section: PHP
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: "0644"
+  with_items:
+  - { option: "date.timezone", value: "Europe/Paris" }
+  when: php_symfony_requirements
+
--- a/php/tasks/php_stretch.yml
+++ b/php/tasks/php_stretch.yml
@ -24,7 +24,7 @@
    phpini_cli_defaults_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini
    phpini_cli_custom_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini

- name: Set default php.ini values for CLI
+- name: "Set default php.ini values for CLI (Debian 9 or later)"
  ini_file:
    dest: "{{ phpini_cli_defaults_file }}"
    section: PHP
@ -40,16 +40,27 @@
  - { option: "html_errors", value: "Off" }
  - { option: "allow_url_fopen", value: "Off" }

- name: Disable PHP functions for CLI
+- name: "Disable PHP functions for CLI (Debian 9 or later)"
  ini_file:
    dest: "{{ phpini_cli_defaults_file }}"
    section: PHP
    option: disable_functions
    value: "exec,shell-exec,system,passthru,putenv,popen"

- name: Custom php.ini for CLI
+- name: "Custom php.ini for CLI (Debian 9 or later)"
  copy:
    dest: "{{ phpini_cli_custom_file }}"
    content: |
      # Put customized values here.
    force: no
+
+- name: "Set custom values for PHP to enable Symfony (Debian 9 or later)"
+  ini_file:
+    dest: "{{ phpini_cli_custom_file }}"
+    section: PHP
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: "0644"
+  with_items:
+  - { option: "date.timezone", value: "Europe/Paris" }
+  when: php_symfony_requirements
--- a/redmine/defaults/main.yml
+++ b/redmine/defaults/main.yml
@ -0,0 +1,8 @@
+---
+puma_env: 'production'
+puma_worker: 2
+puma_min_thread: 0
+puma_max_thread: 4
+redmine_db_name: "{{ redmine_user }}"
+redmine_db_host: "localhost"
+redmine_db_username: "{{ redmine_user }}"
--- a/redmine/files/Gemfile.local
+++ b/redmine/files/Gemfile.local
@ -0,0 +1 @@
+gem "puma"
--- a/redmine/files/profile
+++ b/redmine/files/profile
@ -0,0 +1,23 @@
+# ~/.profile: executed by the command interpreter for login shells.
+
+umask 027
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+        . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes gems bin
+if [ -d "$HOME/bin" ] ; then
+    export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH"
+fi
+
+# For systemctl --user
+export XDG_RUNTIME_DIR=/run/user/$UID
+
+# Ruby vars
+export RAILS_ENV=production
+export BUNDLE_GEMFILE="$HOME/www/Gemfile"
--- a/redmine/files/puma.service
+++ b/redmine/files/puma.service
@ -0,0 +1,17 @@
+[Unit]
+Description=Puma HTTP server for Ruby Apps : %u
+After=network.target
+
+[Service]
+WorkingDirectory=%h/www
+UMask=0027
+PIDFile=%h/ruby.pid
+ExecStartPre=/bin/mkdir -m 0750 -p %h/run
+ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb
+ExecReload=/bin/kill -USR2 $MAINPID
+KillMode=process
+#Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=puma.service
--- a/redmine/tasks/main.yml
+++ b/redmine/tasks/main.yml
@ -0,0 +1,281 @@
+---
+- name: Install dependancy
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+  - libpam-systemd
+  - ruby
+  - ruby-dev
+  - bundler
+  - imagemagick
+  - git-core
+  - git-svn
+  - gcc
+  - build-essential
+  - libxml2-dev
+  - libxslt1-dev
+  - libssl-dev
+  - libmagickwand-dev
+  - libmagickcore-dev
+  - libmysqlclient-dev
+  - python-mysqldb
+  tags:
+  - redmine
+
+#- name: 
+#  lineinfile:
+#  with_items:
+#  - 'https://github.com/.*'
+#  - 'http://rubygems.org/.*'
+#  - 'http://.*.rubygems.org/.*'
+#  tags:
+#  - redmine
+
+- name: Deploy systemd unit
+  copy:
+    src: puma.service
+    dest: /etc/systemd/user/puma.service
+    mode: "0644"
+  tags:
+  - redmine
+
+- name: Create puma config dir
+  file:
+    path: /etc/puma
+    state: directory
+    mode: "0755"
+    owner: root
+  tags:
+  - redmine
+
+- name: Create redmine group
+  group:
+    name: "{{ redmine_user }}"
+    state: present
+  tags:
+  - redmine
+
+- name: Add www-data to redmine group
+  user:
+    name: www-data
+    groups: "{{ redmine_user }}"
+    append: yes
+  tags:
+  - redmine
+
+- name: Create redmine user
+  user:
+    name: "{{ redmine_user }}"
+    state: present
+    group: "{{ redmine_user }}"
+    createhome: yes
+    home: "/home/{{ redmine_user }}"
+    shell: /bin/bash
+  tags:
+  - redmine
+
+- name: Create required directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0750"
+  with_items:
+  - "/home/{{ redmine_user }}"
+  - "/home/{{ redmine_user }}/files"
+  - "/home/{{ redmine_user }}/log"
+  tags:
+  - redmine
+
+- name: Touch Nginx logs file
+  file:
+    path: "/home/{{ redmine_user }}/log/{{ item }}"
+    state: touch
+    owner: "root"
+    group: "{{ redmine_user }}"
+    mode: "0640"
+  changed_when: false
+  with_items:
+  - nginx_access.log
+  - nginx_error.log
+  tags:
+  - redmine
+
+- name: Enable systemd user mode
+  command: "loginctl enable-linger {{ redmine_user }}"
+  changed_when: false
+
+- name: Set user .profile
+  copy:
+    src: profile
+    dest: "/home/{{ redmine_user }}/.profile"
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0640"
+  tags:
+  - redmine
+
+- name: Update or clone Redmine git
+  git:
+    repo: 'https://github.com/redmine/redmine.git'
+    dest: "/home/{{ redmine_user }}/www"
+    version: '3.4-stable'
+    umask: "027"
+    update: yes
+  become_user: "{{ redmine_user }}"
+  register: redmine_git_task
+  tags:
+  - redmine
+
+- name: Deploy custom Gemfile
+  copy:
+    src: Gemfile.local
+    dest: "/home/{{ redmine_user }}/www"
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0640"
+  register: redmine_local_gemfile_task
+
+- name: Get actual Mysql password
+  shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
+  register: redmine_get_mysql_password
+  check_mode: no
+  changed_when: False
+  failed_when: false
+  tags:
+  - redmine
+
+- name: Generate Mysql password
+  shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
+  register: redmine_generate_mysql_password
+  check_mode: no
+  changed_when: False
+  when: redmine_get_mysql_password.stdout == ""
+  tags:
+  - redmine
+
+- name: Set Mysql password
+  set_fact:
+    redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
+  tags:
+  - redmine
+
+- name: Create Mysql database
+  mysql_db:
+    name: "{{ redmine_db_name }}"
+    config_file: "/root/.my.cnf"
+    state: present
+  tags:
+  - redmine
+
+- name: Create Mysql user
+  mysql_user:
+    name: "{{ redmine_db_username }}"
+    password: '{{ redmine_db_pass }}'
+    priv: "{{ redmine_user }}.*:ALL"
+    config_file: "/root/.my.cnf"
+    update_password: always
+    state: present
+  tags:
+  - redmine
+
+- name: Store credentials in my.cnf
+  ini_file:
+    dest: "/home/{{ redmine_user }}/.my.cnf"
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0600"
+    section: client
+    option: '{{ item.option }}'
+    value: '{{ item.value }}'
+  with_items:
+    - { option: 'user', value: "{{ redmine_db_username }}" }
+    - { option: 'database', value: "{{ redmine_db_name }}" }
+    - { option: 'password', value: '{{ redmine_db_pass }}' }
+  tags:
+  - redmine
+
+- name: Copy configurations file
+  template:
+    src: "{{ item }}.j2"
+    dest: "/home/{{ redmine_user }}/www/config/{{ item }}"
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0640"
+  with_items:
+  - 'configuration.yml'
+  - 'database.yml'
+  - 'additional_environment.rb'
+  tags:
+  - redmine
+
+- name: Update local gems with bundle
+  bundler:
+    state: present
+    gemfile: "/home/{{ redmine_user }}/www/Gemfile"
+    gem_path: "/home/{{ redmine_user }}/.gems"
+    user_install: yes
+  become_user: "{{ redmine_user }}"
+  when: redmine_git_task.changed or redmine_local_gemfile_task.changed
+
+- name: Migrate database with rake
+  shell: bundle exec rake -qf ~/www/Rakefile db:migrate
+  become_user: "{{ redmine_user }}"
+  become_method: sudo
+  become_flags: '-iu {{ redmine_user }}'
+  when: redmine_git_task.changed
+
+- name: Populate Mysql database
+  shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated
+  args:
+    creates: "/home/{{ redmine_user }}/.populated"
+  become_user: "{{ redmine_user }}"
+  become_method: sudo
+  become_flags: '-iu {{ redmine_user }}'
+
+- name: Generate secret token
+  shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token
+  args:
+    creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
+  become_user: "{{ redmine_user }}"
+  become_method: sudo
+  become_flags: '-iu {{ redmine_user }}'
+  tags:
+  - redmine
+
+- name: Copy puma config
+  template:
+    src: puma.rb.j2
+    dest: "/etc/puma/{{ redmine_user }}.rb"
+    owner: "{{ redmine_user }}"
+    group: "{{ redmine_user }}"
+    mode: "0640"
+  register: redmine_puma_config_task
+  tags:
+  - redmine
+
+- name: Start puma service
+  systemd:
+    name: puma
+    daemon_reload: yes
+    enabled: yes
+    state: started
+    user: yes
+  become_user: "{{ redmine_user }}"
+  become_method: sudo
+  become_flags: '-iu {{ redmine_user }}'
+  tags:
+  - redmine
+
+- name: Reload puma service
+  systemd:
+    name: puma
+    daemon_reload: yes
+    state: reloaded
+    user: yes
+  become_user: "{{ redmine_user }}"
+  become_method: sudo
+  become_flags: '-iu {{ redmine_user }}'
+  when: redmine_puma_config_task.changed
--- a/redmine/templates/additional_environment.rb.j2
+++ b/redmine/templates/additional_environment.rb.j2
@ -0,0 +1 @@
+config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log"
--- a/redmine/templates/configuration.yml.j2
+++ b/redmine/templates/configuration.yml.j2
@ -0,0 +1,11 @@
+production:
+  email_delivery:
+    delivery_method: :smtp
+    smtp_settings:
+      address: localhost
+      port: 25
+      domain: "{{ ansible_domain }}"
+      ssl: false
+      enable_starttls_auto: false
+  attachments_storage_path: /home/{{ redmine_user }}/files
+  autologin_cookie_secure: true
--- a/redmine/templates/database.yml.j2
+++ b/redmine/templates/database.yml.j2
@ -0,0 +1,7 @@
+production:
+  adapter: mysql2
+  database: {{ redmine_db_name }}
+  host: {{ redmine_db_host }}
+  username: {{ redmine_db_username }}
+  password: "{{ redmine_db_pass }}"
+  encoding: utf8
--- a/redmine/templates/puma.rb.j2
+++ b/redmine/templates/puma.rb.j2
@ -0,0 +1,4 @@
+environment '{{ puma_env }}'
+workers {{ puma_worker }}
+threads {{ puma_min_thread }}, {{ puma_max_thread }}
+tag 'Redmine {{ redmine_user }}'
--- a/webapps/evoadmin-web/defaults/main.yml
+++ b/webapps/evoadmin-web/defaults/main.yml
@ -9,7 +9,6 @@ evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
 evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
 evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
 evoadmin_username: evoadmin
-evoadmin_ssl_subject: "/CN={{ evoadmin_host }}"

 evoadmin_enable_vhost: True

--- a/webapps/evoadmin-web/tasks/main.yml
+++ b/webapps/evoadmin-web/tasks/main.yml
@ -11,3 +11,11 @@
 - include: web.yml

 - include: ftp.yml
+
+- name: enable evoadmin-web link in default site index
+  blockinfile:
+    dest: /var/www/index.html
+    marker: "<!-- {mark} evoadmin-web section -->"
+    block: |
+      <li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
+
--- a/webapps/evoadmin-web/tasks/ssl.yml
+++ b/webapps/evoadmin-web/tasks/ssl.yml
@ -7,7 +7,7 @@
    state: present

 - name: Create private key and csr for default site ({{ ansible_fqdn }})
-  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "{{ evoadmin_ssl_subject }}"
+  command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "/CN={{ evoadmin_host }}"
  args:
    creates: "/etc/ssl/private/{{ evoadmin_host }}.key"

--- a/webapps/evoadmin-web/tasks/web.yml
+++ b/webapps/evoadmin-web/tasks/web.yml
@ -1,17 +1,17 @@
 ---

- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
+- name: "Set custom values for PHP config (jessie)"
  ini_file:
-    dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
+    dest: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini
    section: PHP
    option: "disable_functions"
    value: "shell-exec,system,passthru,putenv,popen"
  notify: reload apache
  when: ansible_distribution_release == "jessie"

- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
+- name: "Set custom values for PHP config (Debian 9 or later)"
  ini_file:
-    dest: /etc/php/7.0/apache2/conf.d/z-evolinux_defaults.ini
+    dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
    section: PHP
    option: "disable_functions"
    value: "shell-exec,system,passthru,putenv,popen"
				`@ -0,0 +1 @@`
				`config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log"`