Repository: A5hleyRich/wordpress-ansible
Branch: master
Commit: 285ada0c6131
Files: 18
Total size: 6.4 KB
Directory structure:
gitextract_hew2n5wq/
├── .gitignore
├── README.md
├── ansible.cfg
├── hosts
├── provision.yml
└── roles/
├── common/
│ └── tasks/
│ └── main.yml
├── mariadb/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── nginx/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── php/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── ssh/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── ufw/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── user/
│ └── tasks/
│ └── main.yml
└── wp-cli/
└── tasks/
└── main.yml
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
provision.retry
================================================
FILE: README.md
================================================
# WordPress Ansible
This repository contains a playbook for provisioning modern hosting environments geared towards WordPress. It's based on [How to Install WordPress on Ubuntu 18.04](https://deliciousbrains.com/hosting-wordpress-setup-secure-virtual-server/) and [WordPress Nginx](https://github.com/A5hleyRich/wordpress-nginx). The following is handled out of the box:
* User setup
* SSH hardening
* Firewall setup
It will also install the following software:
* Nginx with HTTP/2 and [improved default configs](https://github.com/A5hleyRich/wordpress-nginx)
* PHP 7.4
* MariaDB
* Redis
* WP-CLI
* Fail2Ban
* Git
## Usage
Configure your [hosts file](https://github.com/A5hleyRich/wordpress-ansible/blob/master/hosts).
```
[production]
192.168.1.1 #sampledomain.com
```
Edit [provision.yml](https://github.com/A5hleyRich/wordpress-ansible/blob/master/provision.yml) to configure your default user, [hashed](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) sudo password and local public key path. This will create a new user on the provisioned servers that you can use to gain SSH access.
Run:
`ansible-playbook provision.yml`
================================================
FILE: ansible.cfg
================================================
[defaults]
inventory = hosts
================================================
FILE: hosts
================================================
# Add hosts here, one per line. Additional groups can be created using
# [group] syntax. Hosts can join multiple groups.
[production]
server_hostname1
[staging]
server_hostname2
================================================
FILE: provision.yml
================================================
---
- hosts: production
user: root
vars:
username: ashley
password: $6$rlLdG6wd1CT8v7i$7psP8l26lmaPhT3cigoYYXhjG28CtD1ifILq9KzvA0W0TH2Hj4.iO43RkPWgJGIi60Mz0CsxWbRVBSQkAY95W0
public_key: ~/.ssh/id_rsa.pub
roles:
- common
- ufw
- user
- nginx
- php
- mariadb
- wp-cli
- ssh
================================================
FILE: roles/common/tasks/main.yml
================================================
---
- name: Upgrade packages
apt: upgrade=safe
- name: Install packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- fail2ban
- git-core
- redis-server
- ufw
================================================
FILE: roles/mariadb/handlers/main.yml
================================================
================================================
FILE: roles/mariadb/tasks/main.yml
================================================
---
- name: Install MariaDB
apt:
name: mariadb-server
state: present
force: yes
================================================
FILE: roles/nginx/handlers/main.yml
================================================
---
- name: restart nginx
service:
name: nginx
state: restarted
- name: reload nginx
service:
name: nginx
state: reloaded
================================================
FILE: roles/nginx/tasks/main.yml
================================================
---
- name: Add Nginx repo
apt_repository:
repo: ppa:ondrej/nginx
- name: Install Nginx
apt:
name: nginx
state: present
force: yes
update_cache: yes
- name: Check Nginx configs exist
stat: path=/etc/nginx/.git
register: git_exists
- name: Remove default Nginx configs
file:
path: /etc/nginx
state: absent
when: not git_exists.stat.exists
- name: Clone Nginx configs
git:
repo: https://github.com/A5hleyRich/wordpress-nginx.git
dest: /etc/nginx
version: master
force: yes
when: not git_exists.stat.exists
- name: Symlink default site
file:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify: reload nginx
- name: Set Nginx user
lineinfile:
dest: /etc/nginx/nginx.conf
regexp: "^user"
line: "user {{ username }};"
state: present
notify: restart nginx
================================================
FILE: roles/php/handlers/main.yml
================================================
---
- name: start php
service:
name: php7.4-fpm
state: started
- name: reload php
service:
name: php7.4-fpm
state: reloaded
- name: restart php
service:
name: php7.4-fpm
state: restarted
================================================
FILE: roles/php/tasks/main.yml
================================================
---
- name: Add PHP repo
apt_repository:
repo: ppa:ondrej/php
- name: Install PHP
apt:
name: "{{ item }}"
state: present
force: yes
update_cache: yes
with_items:
- "php7.4-bcmath"
- "php7.4-cli"
- "php7.4-common"
- "php7.4-curl"
- "php7.4-fpm"
- "php7.4-gd"
- "php7.4-igbinary"
- "php7.4-imagick"
- "php7.4-mbstring"
- "php7.4-mysql"
- "php7.4-opcache"
- "php7.4-redis"
- "php7.4-soap"
- "php7.4-xml"
- "php7.4-xmlrpc"
- "php7.4-zip"
- name: Set PHP user
lineinfile:
dest: /etc/php/7.4/fpm/pool.d/www.conf
regexp: "^user"
line: "user = {{ username }}"
state: present
notify: restart php
- name: Set PHP group
lineinfile:
dest: /etc/php/7.4/fpm/pool.d/www.conf
regexp: "^group"
line: "group = {{ username }}"
state: present
notify: restart php
- name: Set PHP listen owner
lineinfile:
dest: /etc/php/7.4/fpm/pool.d/www.conf
regexp: "^listen\\.owner"
line: "listen.owner = {{ username }}"
state: present
notify: restart php
- name: Set PHP listen group
lineinfile:
dest: /etc/php/7.4/fpm/pool.d/www.conf
regexp: "^listen\\.group"
line: "listen.group = {{ username }}"
state: present
notify: restart php
- name: Set PHP upload max filesize
lineinfile:
dest: /etc/php/7.4/fpm/php.ini
regexp: "^upload_max_filesize"
line: "upload_max_filesize = 128M"
state: present
notify: reload php
- name: Set PHP post max filesize
lineinfile:
dest: /etc/php/7.4/fpm/php.ini
regexp: "^post_max_size"
line: "post_max_size = 128M"
state: present
notify: reload php
================================================
FILE: roles/ssh/handlers/main.yml
================================================
---
- name: restart ssh
service:
name: ssh
state: restarted
================================================
FILE: roles/ssh/tasks/main.yml
================================================
---
- name: Disable root login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
state: present
notify: restart ssh
- name: Disable password authentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
state: present
notify: restart ssh
================================================
FILE: roles/ufw/handlers/main.yml
================================================
================================================
FILE: roles/ufw/tasks/main.yml
================================================
---
- name: Enable firewall
ufw: state=enabled policy=deny
- name: Allow HTTP
ufw: rule=allow port=80 proto=tcp
- name: Allow HTTPS
ufw: rule=allow port=443 proto=tcp
- name: Allow SSH
ufw: rule=allow port=22 proto=tcp
================================================
FILE: roles/user/tasks/main.yml
================================================
---
- name: Ensure sudo group is present
group:
name: sudo
state: present
- name: Ensure sudo group has sudo privileges
lineinfile:
dest: /etc/sudoers
state: present
regexp: "^%sudo"
line: "%sudo ALL=(ALL:ALL) ALL"
validate: "/usr/sbin/visudo -cf %s"
- name: Create default user
user:
name: "{{ username }}"
groups: sudo
password: "{{ password }}"
shell: /bin/bash
update_password: always
state: present
- name: Add authorized key
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', public_key) }}"
================================================
FILE: roles/wp-cli/tasks/main.yml
================================================
---
- name: Install WP-CLI
get_url:
url: https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
dest: /usr/bin/wp
mode: 0755
- name: Install WP-CLI tab completions
get_url:
url: https://raw.githubusercontent.com/wp-cli/wp-cli/master/utils/wp-completion.bash
dest: /etc/bash_completion.d
mode: 0644
gitextract_hew2n5wq/
├── .gitignore
├── README.md
├── ansible.cfg
├── hosts
├── provision.yml
└── roles/
├── common/
│ └── tasks/
│ └── main.yml
├── mariadb/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── nginx/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── php/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── ssh/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── ufw/
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
├── user/
│ └── tasks/
│ └── main.yml
└── wp-cli/
└── tasks/
└── main.yml
Condensed preview — 18 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (8K chars).
[
{
"path": ".gitignore",
"chars": 16,
"preview": "provision.retry\n"
},
{
"path": "README.md",
"chars": 1217,
"preview": "# WordPress Ansible\n\nThis repository contains a playbook for provisioning modern hosting environments geared towards Wor"
},
{
"path": "ansible.cfg",
"chars": 28,
"preview": "[defaults]\ninventory = hosts"
},
{
"path": "hosts",
"chars": 179,
"preview": "# Add hosts here, one per line. Additional groups can be created using\n# [group] syntax. Hosts can join multiple groups."
},
{
"path": "provision.yml",
"chars": 314,
"preview": "---\n- hosts: production\n user: root\n vars:\n username: ashley\n password: $6$rlLdG6wd1CT8v7i$7psP8l26lmaPhT3cigoYY"
},
{
"path": "roles/common/tasks/main.yml",
"chars": 212,
"preview": "---\n- name: Upgrade packages\n apt: upgrade=safe\n \n- name: Install packages\n apt:\n name: \"{{ item }}\"\n state: pr"
},
{
"path": "roles/mariadb/handlers/main.yml",
"chars": 0,
"preview": ""
},
{
"path": "roles/mariadb/tasks/main.yml",
"chars": 93,
"preview": "---\n- name: Install MariaDB\n apt:\n name: mariadb-server\n state: present\n force: yes"
},
{
"path": "roles/nginx/handlers/main.yml",
"chars": 144,
"preview": "---\n- name: restart nginx\n service: \n name: nginx\n state: restarted\n\n- name: reload nginx\n service: \n name: n"
},
{
"path": "roles/nginx/tasks/main.yml",
"chars": 897,
"preview": "---\n- name: Add Nginx repo\n apt_repository:\n repo: ppa:ondrej/nginx\n\n- name: Install Nginx\n apt:\n name: nginx\n "
},
{
"path": "roles/php/handlers/main.yml",
"chars": 218,
"preview": "---\n- name: start php\n service:\n name: php7.4-fpm\n state: started\n\n- name: reload php\n service:\n name: php7.4"
},
{
"path": "roles/php/tasks/main.yml",
"chars": 1629,
"preview": "---\n- name: Add PHP repo\n apt_repository:\n repo: ppa:ondrej/php\n\n- name: Install PHP\n apt:\n name: \"{{ item }}\"\n "
},
{
"path": "roles/ssh/handlers/main.yml",
"chars": 69,
"preview": "---\n- name: restart ssh\n service:\n name: ssh\n state: restarted"
},
{
"path": "roles/ssh/tasks/main.yml",
"chars": 384,
"preview": "---\n- name: Disable root login\n lineinfile: \n dest: /etc/ssh/sshd_config\n regexp: \"^PermitRootLogin\"\n line: \"P"
},
{
"path": "roles/ufw/handlers/main.yml",
"chars": 0,
"preview": ""
},
{
"path": "roles/ufw/tasks/main.yml",
"chars": 230,
"preview": "---\n- name: Enable firewall\n ufw: state=enabled policy=deny\n\n- name: Allow HTTP\n ufw: rule=allow port=80 proto=tcp\n\n- "
},
{
"path": "roles/user/tasks/main.yml",
"chars": 580,
"preview": "---\n- name: Ensure sudo group is present\n group:\n name: sudo\n state: present\n\n- name: Ensure sudo group has sudo "
},
{
"path": "roles/wp-cli/tasks/main.yml",
"chars": 345,
"preview": "---\n- name: Install WP-CLI\n get_url:\n url: https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar"
}
]
About this extraction
This page contains the full source code of the A5hleyRich/wordpress-ansible GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 18 files (6.4 KB), approximately 2.6k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.