roles/nginx: git clone as nginx

roles/nginx: fix syntax
roles/mariadb: rework to use Debian's mariadb
2025-11-21 22:07:55 +03:00 · 2025-11-21 21:08:29 +03:00 · 2025-11-20 08:47:27 +03:00 · 2025-11-20 08:47:27 +03:00 · 2025-11-20 08:47:27 +03:00 · 2025-11-20 08:47:26 +03:00
9 changed files with 623 additions and 843 deletions
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/host_vars/web22
+++ b/host_vars/web22
@@ -1,141 +1,141 @@
 $ANSIBLE_VAULT;1.1;AES256
-38353762626535363837346634333565643931386536313339336365663162656533363636383931
+65636230346264393938656566653961393466306338353435333061356463363836616435333731
-3737373161623364396366323338613062386466313539640a653334643937326338386262623261
+3537316534663335343333643435383663303438333433650a666133633965643939306661383536
-65643635373532636439396235373964303537646334343633633531633435323037313433346636
+33626364316338306530393036653134373339653264616537623731323063646531383137333131
-3866306363303338360a356166353265386130616163616662623764313536616666656237636563
+6263363037613631360a343831393830646536326538363764643136613732636165316466316566
-30323036353635303438363234646234656530373365396530666539393132643831653039666562
+65346162383337626631663533626230643061633139663661656365333738353530316661313864
-65383962306465363862333131383263353736623264616465336139313638343462653361333239
+32373831396437386434313430666434363534656130613632643264393538663131336635653537
-64363562653366396664623662376433663335313231653935626237663430303734326433333739
+61613065336133343130353862646130386136333231393962353064666335363330623064626631
-62616265373732316530366331323664373637386661353664626464646264356465346466663539
+34333137363566313764343335646531326337616563366636316232633936333264373731653332
-31613435366362343564313732616639376664613630316236373333653634386130663463626231
+66366361643261626563633838663061303762386234336133366233356564343562323965663731
-31396631623466666364316237313363366439326231653035316437616134643035393138383364
+38326631333166643534313836323337663131313766306166333534336333613735643033326633
-35313738373562353632366637663232393638396330626165323535343538633264353366663738
+39396335613362363230333863396535343464346437366632316336626539623865313239353539
-30663135646162396331623837343661613333313437313434313365623664316135626239636230
+30643834633130333564666162623365323439396630333136616137633532363530623234376332
-65376137303439323166346536353831653537326662356330393362666430633831323537623830
+66353539306637633432353231326666643261386466633533313063353061643761313132623035
-65326164663136383339353138663936306166633662346363353063663435323266653137666630
+62653263636237666432336662633136653930323532623137386261333862623337326431336365
-61353263653735626236373233313436343466653238376634623366356431333439323932343938
+36663364386364346631393031326434326334636166663739366435616166363130623463633733
-33303432613063383135633261653837633961643737623462626439373335613430356532353031
+35383834326231363264623061303066326433613139333237656635643835393762313866356237
-31626666663963643736323731613735376239663530373166626365666339346435323761333637
+62616435613863616161376666333966323030326531323261646436633233613635383438373834
-35383464626437646665653931653932653033376464386132383038633734373138313830303466
+31343133326231636661353466396566656365396466343430613262316537623631376433633630
-39313532333866303565353161636435646231313461646639316566386639323561363633636139
+62336664346363393363306163333662323338343139646238633830326535313034613739616138
-37613661626162306431313266383964323434343039386533333535646565373933396565613565
+38313637333333383032316134316164363036396338306634633436633564306333336437393566
-34666136633265663035306261623531333665636336303665613635333232316331643935353461
+61656337343030393936353364386461643766636564333864396130343762323630393839393463
-32643735623532313363663530656630653531666335323565353063316537396334383230386462
+35343864393035333930313238663465663633633862623336663136626165666131383933626437
-33333565616634356537376466373332356663376363353166656139623336396130653564333739
+31323936653737646231363036383764333335313762356465333635303334663734636531343331
-39303733303939313838363331356437646632386631343466383332313037616430313566396335
+37386461643239363434373864373561353339343031346364383530663430393938333963333837
-31363038373437643266656463373662653966653832613935303462303031653761336165646162
+63303966366364626665303530356433643264343861346238353937386338383034356633623231
-31646631373335336435383638666562373236656231613662646161613533376237366463383630
+36663735386233396138306561326339626262326463336535646265666637383032396435333835
-36393532316336303531353032303937353963306164663162386137393664353962323865616532
+31363266666230366438313432356637663632333530646263663563373137313262663937636532
-63326462626130386234643639363762323863326134623063343731366433306431303763363233
+66633731333166386564386666363130633734643963653030386533393766623038383234646161
-36366334386266616261616266386439623665326339653562373836306165353137353137376337
+36343135663231323030306430623535373534353835623339333738376362663930343436343637
-37316363653935623736613138356333653936363866356665303737363032363564643532303234
+34383963306266623437323462356466336533643933653839366666393839626663353264326334
-37656432656363336564393263353430373437303337303461613763346461646565646535366638
+32663461663561396631363533383334363361373764363132643435373537333839613066396463
-34366337343033666134383966646563356533626665373337646231313431346239303635353261
+35386436326638353431363064626131306634363339653132396563356239653265303930333634
-62313939383762303235373537643531623465353062303939383666323139396630346461626136
+32376332643863376237383966623233323864393338346537393865363661616338333631383532
-38656632373637616532666433626564376338363239326234656561636239653536366331633234
+34373635316138663261633839333664353432666234306463306338653634633038373266646462
-65366139623238336234363564616430646435666562616636303064663437663731303839313365
+32336534356537306366656236356663616336333031306431653239343132336234626165333032
-38636438386162623862363865646233346336636439663833343136316165343564393339653565
+38303137666131363462363263333832356333616130346337663837376365346166306261373036
-38346166346434386338303032303430303535373635336562663030336566666435623537363137
+63383236323738303562623631633064363564663861336162356262373861383965623935343931
-61373161343138656365376531633830313561336632633330323035346431643837383062343537
+65663934623431363164356331353135633837616130363464353661663438323132363165343766
-66663961306666333535656432393134363565656635333633363732626665656365356138623164
+31393633306261303762613537343034316535373731363365666530623361623630633137326466
-65303936633666643034313636663262616661313739663135653335366261613133643630343362
+32326533313362333863383561343230626466303831623033613065363136396362373333306333
-66343033363835613031626635336538303362393561313032336136306465316231366137373736
+32336464356364663564626234653832323265313364343631646633396362373438666165353962
-62303335393333306132326135393562666431303631306538326433613362306131316139386361
+38396330333161356365626562383531323664636235643666613631636636323638376638396531
-31383665386466653066613038633335636233396335383764336462636138333034383836386365
+38646531666164653161353932643662363261323564373537343731666232666532633063353431
-38323739346630643532346161383336646165333336393961663930623531303434366265313861
+61386163363562313330393037656139303365396438313935306333656264373531373037303939
-39613231373335373338656434636134663036636234393534353033613133383034343437626434
+63373962356233346164383163323532373163376364623766323933623063653939346537306338
-31646339613430343265333833303231333739666266646436336161363330396264313636616461
+65353266656532636633326137356430666432333465626437633733356435363163626430303964
-61396332363537636162316261363030393466356263353938343236323932306366316535366533
+39343935623937616130326637323061373538616633393465653266656666376661393635333662
-38633165393339356339383939666161336461653438353632653530326639313238323761386461
+30363364653130356137393463613038663762396336306234363461396133306562323838336330
-63653765313532646166306237386435663432633934343039666637323362626338313135623034
+63303735646132353766313137303162366164613530303966383636393934393035306264626465
-30356438633635363738383932393861376235353962303663313963313964383530306530316363
+36613233376234633932663963623432663032656236323963353036356437383066373532323865
-64656638363436326562323234303961396333323931666365656433663865616439336138656232
+36643431373966613533646164303564653336396535343366303339303134613936656137653939
-66653964383034343837663936306632336562373637346132333063663263306237303461333732
+31333062623734613538333666636561386338306235633165386262383261333264623638383366
-65363661623064643663623661393563353739373535373764356163666639376236313839336438
+34313266333636376337393736343062363539366235393136663561303663386438333834613539
-35386265646331313663653761353864663934663261313037396135373938343265353934353361
+38623632656161653766363166653661336136653833336663616261663831656133666232633362
-30343564623631316366343838656135393364353836613330393536623662383637333039383133
+31373166306134653162313134333432323134623336666632613766386662653831643732326330
-37653733626662646631616563306638366263323634303636616331323964393962643061646361
+63643737333638626162646136373466613536653831663835616432343537323864343166316461
-39363562396634656637626630653533396236613334343332326439656165306537326464613436
+34393732353930343430356231626636373763636561343430616533663861346566326262313232
-37333632663731316165613432353339356561316431623038303365303663326666303666646363
+39623936366633363136353632346134643563383833376134363833336137613337326435613764
-66656630396661353765666131393737636630366666373136313837373165303437316233656261
+37653232613632333334316162383261383836613936376230393633343336346633386539356232
-38346463303964343132393162663762346163363739383733326635643264616166393264633934
+30316232373738363038356665366663623536626539376364303038643061386363636337386663
-64333137373532343032303431316633613836323631613231346133366635616435366436316239
+61383634336530666163346239343838326138373932383339396265653764313039653138643938
-64353633366431386664623239353735623037623364346431633733336563303430653233313637
+31613163653632656238376533363739346539623863623332653936643731623565613234663430
-35353138616164643834343339653739373038633531303039333632663566323565383637646561
+39363935306330386634363634363233376234613837353765353732646638663830323335616234
-31383965396365653364343761363161656432656665383963656463613637633938376234353532
+34366334636436633734333830306136333563666337623035653239313361626438316535313434
-33653837613266666661613165376665626432643439363637623333336234313836373232333736
+37343930643832383136343737313365316238373638323130653766646637343464653134616137
-65313232373233613763376463663161643636663162643864363962376232326462643936383131
+38313034383833626433326237633863313364353662326233636333333932633039396565356133
-39366164323038376633376238363663313238336166386663616261306532633331643537376631
+64376166383064343239633364363861616136643061646636323437376162313438396230393331
-31376663393036363566653061353636326565376636346466656263663266326332656461336437
+32633662323031666238643934646665303666383834336432363430363166356632353033336333
-32646162313932646632663738646532663439313630393038383530653562313439336631663535
+64383861663563653531643832656238643066323564656134633639666234363363363132623836
-36396265353231373435353137303164356633653938373166363663616632303764633738333439
+61386431643130333761376161646262346562363532353632633332343666393562313465303337
-62626533346561333565626163643235393164353861636662636531333834623965323034363735
+31333732626164363464323531323239333963303333626466623966346361383832353765346565
-33336138356663303462393864343434636364346432383665313931653062363138623261326438
+37303765363834376237636632386663373061346534643132636333623137366662646538306231
-31616533643163363261386635653732343939633965363362643536626264323537656238633539
+33353538623231636166653838333264396463616437396264353537633661313932353133316438
-62393935386433313366656133633532353131343237623466376632623434626362363062326531
+61323439363635383035316335363132383366613733383363306366356466333364633537393033
-33346165643164363365626432333631393664316266613731663162313764386336333231396632
+66636434623962633063306236303831633637656430376533353436613934636466363461333562
-36666536336333623063346166306164376138343566353063343866316432333266366337623866
+34613339373732343632343435333331353935303735633732656663643938663439656233613163
-61313039663661643863663434343732313139653037373065333463383635393061323938643162
+65356232633865656439643430636332386663333761376638323630373930663837653638363963
-61383064303461366162636439343438376266313931323934313563623435346634663739666565
+63656437323138633664613166353537306466666261353532326363346332343363343035386435
-62333035346634303139626432313262383262633437663436323763313361633235393037343665
+33326238333730303539363265383761663862313961383030326263353034303866626661623334
-62316564376464333133343134333230383765303834613233613232626131343631326433373062
+61623365373332366333376630626539343835663466666534636561643736646537646431386631
-36343466396430313534336332636233623337613134333861646334326633396434353765636163
+36366132663830336234613065626262336564316339383038333330323237363665373935326438
-37343638363234313030363661306337393361333332306331396164346633336130336366396430
+38646335346239316432636138633365373062663564326465643032633438306230363434323262
-62306539656332313162626239303066656664383639353730633738643132386662643733393761
+34313932653361346261623030623739313665356464373666346361663430336362383063666134
-62666339346130626163656237623730363066343838303036613038613763356263363365366238
+38323539653437623030333437373231646634333563306165393231653465313731633536323362
-62623435303838623630333231663137393362323234383533393763623235376164626461373736
+65613262633563653031306139383436663834616339316164393365336437653730393331636464
-36343761353362623433663936623433353439646463613233363732613435373564616239626564
+32313537313164386164313832396566353137376239303663656130383336336634313235376363
-61313066333939326435656535333963313831316231356232346534633531613963353130333432
+63326530333339356432343938306465623636336161363133613864336339393635306234656263
-37656163663230626632393939363532356366643764323330366630656334623261656334633865
+34343437336461303831393562653934633439336562663366643066393439396531653663386531
-61303066333566363061626437643132353664383061383364333338666230313034373535613063
+65623061643064396534353364663633653331653535306133386466356236623239646432373066
-63386237383638333263323337313336373830303865303466363965303839316162663431656538
+61313261366466663866613162323939646534653561356335393237376138633930663364636236
-33376332643335366537306133613761613132643232316438623939356331656263633933613935
+36613834303338646530663565303438363831663865323531386635303239646464343936303832
-65653465383434386561323462626362623566663330656439386361616562353430303938636436
+31323531363263333830623838666437636262306164386236643032356165323037656630383739
-66636531343063633561363330663436383930613438323764356562383536393933646264323135
+65666333656639333263346465666463616534353835656337353464336134303732323037393538
-64633764356166343965346362323466306636363633656466653934313230326435336536306230
+37366263656133643039373438636537343636663065646534616339303833666532396633616565
-38353432323537393131313239373861386237313530366139313338313330326632313536353837
+38353139323739656564623065613364346164633863343738633163383031663531663365616534
-63386161336335363834356437326630353031373435316462613634633039336132646134653236
+31663835323435643463666264623932396133336531626331303862356261306238326333366164
-31346664353932323339366464356161333637313761666138386164313163333531626235663338
+66306262386137363432376530366432356432653333393833376532623333373337393830316263
-62386333303264306363646136646463393134373939346438383465393439343337643336633039
+30326531613662313430663130613734663937613663353936346134356537393761373238393433
-62316464663038326439656334373331303165346534346466663538313632633561393335333931
+37356136393731626561303430626339386531386333386536656465646232633934393630613339
-65363964363335616639643462393463343437626539363838626439386164303464316666633663
+61333163613862346564316336353766346461626639303661353464633835626663313462613666
-63656639626133653266306266306531646331386366343936316136363935323662336335326338
+33343561613662303036643937656431393432333831383461323631393262346464393539353537
-30666130316265666631306635646565363039306138313462376662626161313134383633653834
+33633364383261663535323136393138333739356439663731636136393530323864333566323361
-32376163383763306165323466306264616366343332636564636162666434333732643635336163
+62643961323264336662316661303630636430323838633535343036303437393439656637326566
-61626162626331613438373464336465303739316130343965633532336531313661613961313164
+34363832366434316639393939313965633037653931323462363465643262653539623063326432
-39636165316638616338653965373833333732396363393463383433383930353361636166346232
+36616434366432303235663062663138623336336165373734353838333662363239333762323932
-61323935663536306533336137356566383130393564623938666231393431626136396137633066
+65393765326232373230666437656433373930643638386131363339343630636634636434326464
-36633133313861353338616561373838363833353531633465363731336237663561383561326635
+39366339326263666239646237326534383665376536313536303263373265306537316161663262
-62306338643965613635353536613335363934666362366466663461646135346436336164346536
+31346635346436313261626366333738333966643333313230623133313434373530366462653435
-62666631303638386137356233303235613636346661303834613335616161396238663530643165
+33353434643635383833643736653461373765326537313430353164306566323733653237343632
-65366364336139303766303938643038303461656335303438396565346330313665636165626432
+66346133656333303538306133313563393363313230323664303836323861346466343230343264
-64326666313562646239356231663834326566313331303363343064346539626636346438313266
+36613934643662626365653036636136623630333638373565316437646232316263663433313762
-65643364656164336166353435343730376266333633666230316464356439336463316464653137
+39353234333131623731643662303130626465386338353833393533646564646565623736343039
-66303865613961373732323439326535373933393537656462303831333432636261613564636330
+38356635393461353166653565336535626366396532633961393334343234353764303431303663
-63323361366332386331376437666234346661373233653432343733346363306130383665626437
+61666533633731663666346132383037646433336463643062396465383034346631346165323939
-33313330336365633464643563643465393935653132376135663163393161616462353838336664
+33313937343338383737373164363930336236326432346465646166363430653932333932343236
-35393833656135643733623765626639386561333336623930303465323963613164666531396632
+38336235613034386533613665393666633635383164646538373035623862343737353463623730
-35326365386566353966383635643132316230383363393539653335633934646239316131653536
+33396233353331633463373538326365636231323535633737303562613262613730636237336632
-66656161653030343462346337653434313062343663633665363838393865336536626532623132
+38626230313637336436623661666438666538333838356632653034303864313232623337306333
-66643636656134353363636433636538623930396262663864343332303066333566653063336464
+66363464643061363337393732323065306335656531376337323438313733616539613538333837
-32303030396137346636636164323133396364623532643332363638643761323938616530353836
+34363033666366613933343563303537613564356462313931353533323938656362393536386334
-65366331633561623331393231323534343239323565333330636136383836616230343034633036
+38336237616335346334613534323130613861663239356363366564623933303737306138613535
-38373530616532653166653932643665396434373465376530313663646236336238656266616261
+63643639323135663232336131643331343063363234336230653536623765323562393161663266
-33396463303963646633373038336662623161643135656136326533646337316562323932613833
+32663839613564613636343166396463366665666333306239386338616366363236393931313439
-65616434316239353531666131383335383733333830613934393465663138353662613063323537
+30386238316261323630633464386265353464333735336435646663656638316130333762666531
-31393337343737646537666430323666366338303731623339323063393636353132636233343436
+38626463316165373434613436343335303633643965633230326534323761616365376630363039
-61653862333837623666343061633531396235633565313631663937393337303764316466613130
+30336661313737383535343934366466353231396430353030653762383934666235646161653832
-33653732373034613639326338353438643664653461616133646235393864386564353765313932
+31613565643031353535353234386665373636356362653337366563316630343838626231646462
-36613165323465333937626165316632313334313364353463366239356630653530313761373261
+34623262343761373831303861313661666435373565386465336166306631376666643631303863
-35326331313438656238646535643131656634396238363734626431633734336238616538383636
+37633934326262623737373266326631663932373863346466613133303961386466366336643235
-32303331666531653331306263303534613332653535643833303062653566393632333030383263
+39303933333236626637663636633739343761393432616232643238663738313636346137316430
-63393636643264656439373165383861323534333462353763343931363065393738323433323839
+34623238326430616134396166306339626261643032613661343763366138653830376463306461
-33333530323434363662633939303261636465356663326565633238663333656131376130396561
+62366564393364306139633837646264633130383064383730393862633561303538363232663366
-63363636613161383465323233626630613265346162386439353665393832383961616564636538
+30343633666632303530356637646337623339303236376164633962383839386265336666396436
-65333635336638646436623033343831356339656638333231666439643337306636313931643466
+38616238656336343066333063393833623862646237323238393465633662393362353161313963
-32393765303361323735646130613035346564356562656631373435653832663165313131336236
+63663539383630366536313933643565346162646363353035386666396363633635386564346666
-31636634663466366234386262623234626161663461386661656435656133616339383633386230
+64336362633033346461353133396363646237613433306366333064626563656637383863323361
-34313065396335636630333066633339646432313632373131306235333164336534363630313939
+31386262346631343565653836333764636366313330633462303533616531316537353538313031
-32623062393230633732323130613338363833356533306662616637326337343330303635343532
+64366263666138356339373864383866303632366162633738383437323564313732373738373038
-38396665633938313932656130303263396631343761616631616637633831666139343130313236
+39643862336136663165343736613730306339643237313361333438613438323439373966396138
-62356630346264376432
+62323661383336396636
--- a/roles/mariadb/defaults/main.yml
+++ b/roles/mariadb/defaults/main.yml
@@ -1,15 +1,4 @@
 ---
 # ansible.builtin.file: roles/mariadb/defaults/main.yml
 #
 # Based on my running of mysqltuner.pl on a host with three WordPress databases
 #
 # default is 128MB but is a waste because it seems only the mysql table uses it
 key_buffer_size: 8M
 # default is 128MB but is a waste because it seems only information_schema uses
 # AriaDB, see: https://mariadb.com/kb/en/mariadb/aria-system-variables
 aria_pagecache_buffer_size: 8M
 # default is 128M, but set to at least the size of your InnoDB data
 innodb_buffer_pool_size: 256M
@@ -22,10 +11,6 @@ mariadb_login_unix_socket: /run/mysqld/mysqld.sock
 # default is 100 but the max I've seen used is 5, so let's reduce it
 max_connections: 33
 # disable the query cache by default
 query_cache_size: 0
 query_cache_type: 0
 # mysqltuner says we should use larger than 32M on our setup
 tmp_table_size: 64M
 max_heap_table_size: 64M
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -1,44 +1,4 @@
 ---
 - name: Check MariaDB package signing key
  ansible.builtin.stat:
    path: /etc/apt/keyrings/mariadb_release_signing_key.asc
  register: mariadb_signing_key_stat
  tags:
    - packages
    - mariadb
 - name: Download MariaDB package signing key
  when: not mariadb_signing_key_stat.stat.exists
  ansible.builtin.get_url:
    url: https://mariadb.org/mariadb_release_signing_key.asc
    dest: /etc/apt/keyrings/mariadb_release_signing_key.asc
    owner: root
    group: root
    mode: "0644"
  register: download_mariadb_signing_key
  tags:
    - packages
    - mariadb
 - name: Add MariaDB 10.11 repo
  ansible.builtin.apt_repository:
    repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/mariadb_release_signing_key.asc] https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian {{ ansible_distribution_release
      }} main
    filename: mariadb
    state: present
  register: add_mariadb_apt_repository
  tags:
    - packages
    - mariadb
 - name: Update apt cache
  when: (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or add_mariadb_apt_repository is changed
  ansible.builtin.apt: # noqa no-handler
    update_cache: true
  tags:
    - packages
    - mariadb
 - name: Install mariadb-server
  ansible.builtin.apt:
    name: [mariadb-server, python3-pymysql]
@@ -46,10 +6,10 @@
    cache_valid_time: 3600
  tags: mariadb, packages
- name: Create system my.cnf
+- name: Add MariaDB configuration overrides
  ansible.builtin.template:
-    src: my.cnf.j2
+    src: 70-local.cnf.j2
-    dest: /etc/mysql/my.cnf
+    dest: /etc/mysql/mariadb.conf.d/70-local.cnf
    owner: root
    group: root
    mode: "0644"
--- a/roles/mariadb/templates/70-local.cnf.j2
+++ b/roles/mariadb/templates/70-local.cnf.j2
@@ -0,0 +1,10 @@
 {{ ansible_managed | comment }}
 [mysqld]
 # don't resolve connection IPs to hostnames (make sure user accounts are using
 # IPs instead of "localhost")
 skip-name-resolve=1
 max_connections		= {{ max_connections }}
 tmp_table_size		= {{ tmp_table_size }}
 max_heap_table_size	= {{ max_heap_table_size }}
 innodb_buffer_pool_size	= {{ innodb_buffer_pool_size }}
--- a/roles/mariadb/templates/my.cnf.j2
+++ b/roles/mariadb/templates/my.cnf.j2
@@ -1,196 +0,0 @@
 {{ ansible_managed | comment }}
 # MariaDB database server configuration file.
 #
 # You can copy this file to one of:
 # - "/etc/mysql/my.cnf" to set global options,
 # - "~/.my.cnf" to set user-specific options.
 # 
 # One can use all long options that the program supports.
 # Run program with --help to get a list of available options and with
 # --print-defaults to see which it would actually understand and use.
 #
 # For explanations see
 # http://dev.mysql.com/doc/mysql/en/server-system-variables.html
 # This will be passed to all mysql clients
 # It has been reported that passwords should be enclosed with ticks/quotes
 # escpecially if they contain "#" chars...
 # Remember to edit /etc/mysql/debian.cnf when changing the socket location.
 [client]
 port		= 3306
 socket		= /run/mysqld/mysqld.sock
 # Here is entries for some specific programs
 # The following values assume you have at least 32M ram
 # This was formally known as [safe_mysqld]. Both versions are currently parsed.
 [mysqld_safe]
 socket		= /run/mysqld/mysqld.sock
 nice		= 0
 [mysqld]
 #
 # * Basic Settings
 #
 user		= mysql
 pid-file	= /run/mysqld/mysqld.pid
 socket		= /run/mysqld/mysqld.sock
 port		= 3306
 basedir		= /usr
 datadir		= /var/lib/mysql
 tmpdir		= /tmp
 lc_messages_dir	= /usr/share/mysql
 lc_messages	= en_US
 skip-external-locking
 #
 # Instead of skip-networking the default is now to listen only on
 # localhost which is more compatible and is not less secure.
 bind-address		= 127.0.0.1
 # don't resolve connection IPs to hostnames (make sure user accounts are using
 # IPs instead of "localhost")
 skip-name-resolve=1
 #
 # * Fine Tuning
 #
 max_connections		= {{ max_connections }}
 connect_timeout		= 5
 wait_timeout		= 600
 max_allowed_packet	= 16M
 thread_cache_size       = 128
 sort_buffer_size	= 4M
 bulk_insert_buffer_size	= 16M
 tmp_table_size		= {{ tmp_table_size }}
 max_heap_table_size	= {{ max_heap_table_size }}
 #
 # * MyISAM
 #
 # This replaces the startup script and checks MyISAM tables if needed
 # the first time they are touched. On error, make copy and try a repair.
 myisam_recover_options = BACKUP
 key_buffer_size		= {{ key_buffer_size }}
 #open-files-limit	= 2000
 table_open_cache	= 400
 myisam_sort_buffer_size	= 512M
 concurrent_insert	= 2
 read_buffer_size	= 2M
 read_rnd_buffer_size	= 1M
 #
 # * Query Cache Configuration
 #
 query_cache_limit		= 128K
 query_cache_size		= {{ query_cache_size }}
 query_cache_type		= {{ query_cache_type }}
 #
 # * Logging and Replication
 #
 # Both location gets rotated by the cronjob.
 # Be aware that this log type is a performance killer.
 # As of 5.1 you can enable the log at runtime!
 #general_log_file        = /var/log/mysql/mysql.log
 #general_log             = 1
 #
 # Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf.
 #
 # we do want to know about network errors and such
 log_warnings		= 2
 #
 # Enable the slow query log to see queries with especially long duration
 #slow_query_log[={0|1}]
 slow_query_log_file	= /var/log/mysql/mariadb-slow.log
 long_query_time = 10
 #log_slow_rate_limit	= 1000
 log_slow_verbosity	= query_plan
 #log-queries-not-using-indexes
 #log_slow_admin_statements
 #
 # The following can be used as easy to replay backup logs or for replication.
 # note: if you are setting up a replication slave, see README.Debian about
 #       other settings you may need to change.
 #server-id		= 1
 #report_host		= master1
 #auto_increment_increment = 2
 #auto_increment_offset	= 1
 log_bin			= /var/log/mysql/mariadb-bin
 log_bin_index		= /var/log/mysql/mariadb-bin.index
 # not fab for performance, but safer
 #sync_binlog		= 1
 expire_logs_days	= 10
 max_binlog_size         = 100M
 # slaves
 #relay_log		= /var/log/mysql/relay-bin
 #relay_log_index	= /var/log/mysql/relay-bin.index
 #relay_log_info_file	= /var/log/mysql/relay-bin.info
 #log_slave_updates
 #read_only
 #
 # If applications support it, this stricter sql_mode prevents some
 # mistakes like inserting invalid dates etc.
 #sql_mode		= NO_ENGINE_SUBSTITUTION,TRADITIONAL
 #
 # * InnoDB
 #
 # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
 # Read the manual for more InnoDB related options. There are many!
 default_storage_engine	= InnoDB
 # you can't just change log file size, requires special procedure
 #innodb_log_file_size	= 50M
 innodb_buffer_pool_size	= {{ innodb_buffer_pool_size }}
 innodb_log_buffer_size	= 8M
 innodb_file_per_table	= 1
 innodb_open_files	= 400
 innodb_io_capacity	= 400
 innodb_flush_method	= O_DIRECT
 aria_pagecache_buffer_size = {{ aria_pagecache_buffer_size }}
 #
 # * Security Features
 #
 # Read the manual, too, if you want chroot!
 # chroot = /var/lib/mysql/
 #
 # For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
 #
 # ssl-ca=/etc/mysql/cacert.pem
 # ssl-cert=/etc/mysql/server-cert.pem
 # ssl-key=/etc/mysql/server-key.pem
 #
 # * Galera-related settings
 #
 [galera]
 # Mandatory settings
 #wsrep_on=ON
 #wsrep_provider=
 #wsrep_cluster_address=
 #binlog_format=row
 #default_storage_engine=InnoDB
 #innodb_autoinc_lock_mode=2
 #
 # Allow server to accept connections on all interfaces.
 #
 #bind-address=0.0.0.0
 #
 # Optional setting
 #wsrep_slave_threads=1
 #innodb_flush_log_at_trx_commit=0
 [mysqldump]
 quick
 quote-names
 max_allowed_packet	= 16M
 [mysql]
 #no-auto-rehash	# faster start of mysql but no tab completion
 [isamchk]
 key_buffer		= 16M
 #
 # * IMPORTANT: Additional settings that can override those from this file!
 #   The files must end with '.cnf', otherwise they'll be ignored.
 #
 !include /etc/mysql/mariadb.cnf
 !includedir /etc/mysql/conf.d/
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -5,7 +5,7 @@
  tags: letsencrypt
  when:
    - ansible_distribution == 'Debian'
-    - ansible_distribution_version is version('11', '>='))
+    - ansible_distribution_version is version('11', '>=')
  block:
    - name: Remove certbot
      ansible.builtin.apt:
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -1,12 +1,4 @@
 ---
 - name: Remove nginx apt signing key from apt-key
  ansible.builtin.apt_key:
    id: "053473772654754373614404074646527257655730117366337542"
    state: absent
  tags:
    - packages
    - nginx
 - name: Download nginx apt signing key
  ansible.builtin.get_url:
    url: https://nginx.org/keys/nginx_signing.key
--- a/roles/nginx/tasks/wordpress.yml
+++ b/roles/nginx/tasks/wordpress.yml
@@ -13,6 +13,8 @@
        depth: 1
        force: true
      loop: "{{ nginx_vhosts }}"
      become: true
      become_user: nginx
    - name: Fix WordPress directory permissions
      when:
Author	SHA1	Message	Date
Alan Orth	8439b674dd	roles/nginx: git clone as nginx	2025-11-21 22:07:55 +03:00
Alan Orth	c2c9f1b88d	roles/nginx: fix syntax	2025-11-21 21:08:29 +03:00
Alan Orth	3763ce80e1	roles/mariadb: rework to use Debian's mariadb There are no MariaDB builds for Debian 13 (trixie) yet. This seems to happen every new release. Surprisingly Debian's mariadb-server is very new and we can simplify our tasks and templates a lot.	2025-11-20 08:47:27 +03:00
Alan Orth	a8e4821ad0	roles/nginx: remove apt-key task	2025-11-20 08:47:27 +03:00
Alan Orth	6ff4cf30f7	roles/mariadb: remove apt-key task This is not longer present as of Debian 13, and the old MariaDB key should not be present on any of my hosts anymore anyway.	2025-11-20 08:47:27 +03:00
Alan Orth	8f57a5a974	roles/php_fpm: rework for Debian 13 We can use metapackages like php-fpm on each version as those pull in the correct package. This allows us to use the same playbook lo- gic for Debian 12 (PHP 8.2) and Debian 13 (PHP 8.4).	2025-11-20 08:47:26 +03:00
Alan Orth	cac74c53ef	roles/common: minor configuration of Debian 13 SSH Tweak some of the new OpenSSH per-source penalty settings on Debian 13. For now only adjusting the source network masks and reusing the list of IPs to exempt from fail2ban. These being built in makes them easier to use, but I think I will end up sticking with fail2ban for the heavy lifting because it per- sists across restarts of the daemon, whereas OpenSSH's doesn't. I will monitor OpenSSH on Debian 13 to see how to best use it along side fail2ban.	2025-11-20 08:47:26 +03:00
Alan Orth	078c5b36d8	roles/common: use 127.0.0.0/8 for fail2ban ignoreip We can re-use our fail2ban ignoreip setting for Debian 13's OpenSSH PerSourcePenaltyExemptList, but OpenSSH is more strict with regards to masks not being applied to the host portion. I had never noticed that fail2ban's default was applying the mask on the host portion!	2025-11-20 08:47:25 +03:00
Alan Orth	a18c1e6a16	roles/common: sshd overrides for Debian 13	2025-11-20 08:47:25 +03:00
Alan Orth	36cf98026b	Pipfile.lock: run pipenv update	2025-11-20 08:46:41 +03:00
Alan Orth	98746b3eb8	host_vars/web22: WordPress 6.8.3	2025-11-20 08:44:23 +03:00