ansible/playbook.yml

    # Fichier: install_php_83_symfony_pgsql.yml

- name: Deploy application
  hosts: webservers
  become: true
  gather_facts: true

  vars:
      db_name: "e-cosplay"
      db_user: "e-cosplay"
      db_password: "e-cosplay"
      redis_password: "e-cosplay"
      redis_port: "20502"
  tasks:
      - name: Installer le support ACL pour corriger les permissions de 'become_user'
        ansible.builtin.apt:
            name: acl
            state: present
            update_cache: true
        when: ansible_os_family == "Debian"

      - name: Installation des dépendances pour le module Ansible PostgreSQL
        ansible.builtin.apt:
            name: python3-psycopg2
            state: present
            update_cache: true
        when: ansible_os_family == "Debian"

      - name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances
        ansible.builtin.apt:
            name:
                - php8.3
                - php8.3-fpm
                - php8.3-cli
                - php8.3-common
                - php8.3-mysql
                - php8.3-pgsql
                - php8.3-xml
                - php8.3-mbstring
                - php8.3-zip
                - php8.3-intl
                - php8.3-gd
                - php8.3-curl
                - php8.3-pdo
                - php8.3-opcache
                - php8.3-bcmath
                - php8.3-redis
                - php8.3-imagick
                - ffmpeg
            state: present
        when: ansible_os_family == "Debian"

      - name: Démarrage et activation du service PHP 8.3 FPM
        ansible.builtin.systemd:
            name: php8.3-fpm
            state: started
            enabled: yes
        when: ansible_os_family == "Debian"
      - name: Créer le fichier .env.local avec les secrets de production
        ansible.builtin.copy:
            content: |
                APP_ENV=prod
                VITE_LOAD=1
                DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8"
                REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
                REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
                MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages"
                APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f
                REAL_MAIL=1
                VAULT_ADDR=http://127.0.0.1:8200
                VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz
                APP_DEBUG=true
                MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3
            dest: "{{ path }}/.env.local"
        when: ansible_os_family == "Debian"

      # --- Initial creation of essential directories with correct ownership ---
      # These directories should exist before composer runs, but composer might create subdirs.
      - name: Ensure app/var and public/media directories exist with correct owner/group
        ansible.builtin.file:
            path: "{{ item }}"
            owner: bot # Assuming 'bot' is your deployment user
            group: www-data
            mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute
            state: directory
            recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions
        loop:
            - "{{ path }}/var"
            - "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later
            - "{{ path }}/public/media" # For uploads

      - name: Exécuter 'composer install' dans le répertoire de l'application
        ansible.builtin.command: composer install --no-dev --optimize-autoloader
        become: false # Run as the connection user (e.g., 'bot')
        args:
            chdir: "{{ path }}"
        when: ansible_os_family == "Debian"

      # --- POST-COMPOSER PERMISSION FIXES ---
      # This is crucial because composer creates var/cache as the `become: false` user
      - name: Set correct permissions for Symfony cache and logs directories
        ansible.builtin.file:
            path: "{{ item }}"
            owner: bot
            group: www-data
            mode: '0775' # rwx for owner and group, rx for others
            state: directory
            recurse: yes # Apply to all contents
        loop:
            - "{{ path }}/var/cache"
            - "{{ path }}/var/log"
          # For web-writable directories created by the app itself (e.g., uploads), you might set ACLs
          # or chown to www-data and then your user gets access via group membership.

      # Alternative for cache/log permissions using ACLs (more robust for mixed ownership)
      # This requires 'acl' package installed (which you already do).
      # Use this if 'bot' needs to own, but www-data needs to write.
      - name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs)
        ansible.builtin.acl:
            path: "{{ item }}"
            entity: www-data
            etype: group
            permissions: rwx
            state: present
            recursive: yes
            default: yes # Apply default ACLs for new files/dirs within
        loop:
            - "{{ path }}/var/cache"
            - "{{ path }}/var/log"
        when: ansible_os_family == "Debian" # ACLs are Linux-specific

      - name: Exécuter bun install dans le répertoire de l application
        ansible.builtin.command: bun install
        become: false
        args:
            chdir: "{{ path }}"
        when: ansible_os_family == "Debian"

      - name: Exécuter bun build dans le répertoire de l application
        ansible.builtin.command: bun run build
        become: false
        args:
            chdir: "{{ path }}"
        when: ansible_os_family == "Debian"

      - name: Supervisor config
        ansible.builtin.template:
            src: supervisor.j2
            dest: "/etc/supervisor/conf.d/e-cosplay.conf"
            mode: '0644'

      - name: Reread Supervisor configuration
        ansible.builtin.command: supervisorctl reread
        changed_when: true # Always mark as changed, as output is not always useful for idempotency

      - name: Update Supervisor (add/remove updated programs)
        ansible.builtin.command: supervisorctl update
        changed_when: true

      - name: Purger la base de données Redis
        ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL"
        when: ansible_os_family == "Debian"

      - name: Generate Caddy site configuration
        ansible.builtin.template:
            src: caddy.j2
            dest: "/etc/caddy/sites/e-cosplay.conf"
            mode: '0644'

      - name: Reload Caddy to apply new configuration
        ansible.builtin.systemd:
            name: caddy
            state: reloaded
            enabled: yes
      - name: Exécuter doctrine:migration:migrate dans le répertoire de l application
        ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction
        become: false
        args:
            chdir: "{{ path }}"
        when: ansible_os_family == "Debian"
      - name: Exécuter cache:clear dans le répertoire de l application
        ansible.builtin.command: php bin/console cache:clear
        become: false
        args:
            chdir: "{{ path }}"
        when: ansible_os_family == "Debian"

      - name: Exécuter liip:imagine:cache:remove dans le répertoire de l application
        ansible.builtin.command: php bin/console liip:imagine:cache:remove
        become: false
        args:
            chdir: "{{ path }}"
      - name: Set correct permissions for Symfony cache and logs directories
        ansible.builtin.file:
            path: "{{ item }}"
            owner: bot
            group: www-data
            mode: '0777' # rwx for owner and group, rx for others
            state: directory
            recurse: yes # Apply to all contents
        loop:
            - "{{ path }}/var/cache"
            - "{{ path }}/var/log"
            - "{{ path }}/public/media"
fix error regisster page 2025-11-16 19:41:07 +01:00			`# Fichier: install_php_83_symfony_pgsql.yml`
feat: Ajoute fichiers Ansible initiaux 2025-07-16 13:43:52 +02:00
			`- name: Deploy application`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`hosts: webservers`
			`become: true`
			`gather_facts: true`
feat: Ajoute fichiers Ansible initiaux 2025-07-16 13:43:52 +02:00
			`vars:`
fix error regisster page 2025-11-16 19:41:07 +01:00			`db_name: "e-cosplay"`
			`db_user: "e-cosplay"`
			`db_password: "e-cosplay"`
			`redis_password: "e-cosplay"`
✨ feat(ansible): Met à jour le port Redis et renomme le script de mise à jour. 2025-11-16 19:44:31 +01:00			`redis_port: "20502"`
feat: Ajoute fichiers Ansible initiaux 2025-07-16 13:43:52 +02:00			`tasks:`
✨ feat(ansible): Installe le support ACL et corrige le chemin des tâches cron. 2025-09-27 13:37:42 +02:00			`- name: Installer le support ACL pour corriger les permissions de 'become_user'`
			`ansible.builtin.apt:`
			`name: acl`
			`state: present`
			`update_cache: true`
			`when: ansible_os_family == "Debian"`

feat(deploy): Ajoute installation PHP 8.3 et dépendances 2025-07-16 13:50:41 +02:00			`- name: Installation des dépendances pour le module Ansible PostgreSQL`
			`ansible.builtin.apt:`
			`name: python3-psycopg2`
			`state: present`
			`update_cache: true`
			`when: ansible_os_family == "Debian"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
feat(deploy): Ajoute installation PHP 8.3 et dépendances 2025-07-16 13:50:41 +02:00			`- name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances`
			`ansible.builtin.apt:`
			`name:`
			`- php8.3`
			`- php8.3-fpm`
			`- php8.3-cli`
			`- php8.3-common`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`- php8.3-mysql`
			`- php8.3-pgsql`
			`- php8.3-xml`
			`- php8.3-mbstring`
			`- php8.3-zip`
			`- php8.3-intl`
			`- php8.3-gd`
			`- php8.3-curl`
			`- php8.3-pdo`
			`- php8.3-opcache`
			`- php8.3-bcmath`
			`- php8.3-redis`
			`- php8.3-imagick`
			`- ffmpeg`
feat(deploy): Ajoute installation PHP 8.3 et dépendances 2025-07-16 13:50:41 +02:00			`state: present`
			`when: ansible_os_family == "Debian"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
			`- name: Démarrage et activation du service PHP 8.3 FPM`
			`ansible.builtin.systemd:`
			`name: php8.3-fpm`
			`state: started`
			`enabled: yes`
			`when: ansible_os_family == "Debian"`
feat: Ajoute script d'update et config supervisor 2025-07-16 14:02:46 +02:00			`- name: Créer le fichier .env.local avec les secrets de production`
			`ansible.builtin.copy:`
			`content: \|`
			`APP_ENV=prod`
			`VITE_LOAD=1`
			`DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8"`
			`REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"`
			`MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages"`
			`APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f`
feat(artemis): Ajoute une réponse basique à la route du dashboard Artemis Ce commit ajoute une réponse simple "a" à la route `/artemis` du DashboardController. Cela permet de s'assurer que la route fonctionne correctement et renvoie une réponse. 2025-07-17 13:41:24 +02:00			`REAL_MAIL=1`
✨ feat(ansible/playbook): Ajoute des variables Vault pour l'authentification. 2025-07-23 09:35:59 +02:00			`VAULT_ADDR=http://127.0.0.1:8200`
			`VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz`
✨ feat(ansible): Ajoute APP_DEBUG à .env.local pour le développement 2025-10-01 13:58:50 +02:00			`APP_DEBUG=true`
✨ feat(ansible): Ajoute la configuration du DSN de l'email dans .env.local 2025-10-07 14:28:09 +02:00			`MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3`
🐛 fix(ansible/playbook): Corrige la typo dans la destination du fichier .env.local 2025-07-23 09:36:27 +02:00			`dest: "{{ path }}/.env.local"`
feat: Ajoute script d'update et config supervisor 2025-07-16 14:02:46 +02:00			`when: ansible_os_family == "Debian"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`# --- Initial creation of essential directories with correct ownership ---`
			`# These directories should exist before composer runs, but composer might create subdirs.`
			`- name: Ensure app/var and public/media directories exist with correct owner/group`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`ansible.builtin.file:`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`path: "{{ item }}"`
			`owner: bot # Assuming 'bot' is your deployment user`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`group: www-data`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`state: directory`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions`
			`loop:`
			`- "{{ path }}/var"`
			`- "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later`
			`- "{{ path }}/public/media" # For uploads`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
feat(ansible): Configurer vars et ajouter composer/bun 2025-07-16 14:09:13 +02:00			`- name: Exécuter 'composer install' dans le répertoire de l'application`
			`ansible.builtin.command: composer install --no-dev --optimize-autoloader`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`become: false # Run as the connection user (e.g., 'bot')`
feat(ansible): Configurer vars et ajouter composer/bun 2025-07-16 14:09:13 +02:00			`args:`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`chdir: "{{ path }}"`
feat(ansible): Configurer vars et ajouter composer/bun 2025-07-16 14:09:13 +02:00			`when: ansible_os_family == "Debian"`

feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`# --- POST-COMPOSER PERMISSION FIXES ---`
			# This is crucial because composer creates var/cache as the `become: false` user
			`- name: Set correct permissions for Symfony cache and logs directories`
			`ansible.builtin.file:`
			`path: "{{ item }}"`
			`owner: bot`
			`group: www-data`
			`mode: '0775' # rwx for owner and group, rx for others`
			`state: directory`
			`recurse: yes # Apply to all contents`
			`loop:`
			`- "{{ path }}/var/cache"`
			`- "{{ path }}/var/log"`
			`# For web-writable directories created by the app itself (e.g., uploads), you might set ACLs`
			`# or chown to www-data and then your user gets access via group membership.`

			`# Alternative for cache/log permissions using ACLs (more robust for mixed ownership)`
			`# This requires 'acl' package installed (which you already do).`
			`# Use this if 'bot' needs to own, but www-data needs to write.`
			`- name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs)`
			`ansible.builtin.acl:`
			`path: "{{ item }}"`
			`entity: www-data`
			`etype: group`
			`permissions: rwx`
			`state: present`
			`recursive: yes`
			`default: yes # Apply default ACLs for new files/dirs within`
			`loop:`
			`- "{{ path }}/var/cache"`
			`- "{{ path }}/var/log"`
			`when: ansible_os_family == "Debian" # ACLs are Linux-specific`

feat(ansible): Configurer vars et ajouter composer/bun 2025-07-16 14:09:13 +02:00			`- name: Exécuter bun install dans le répertoire de l application`
			`ansible.builtin.command: bun install`
			`become: false`
			`args:`
			`chdir: "{{ path }}"`
			`when: ansible_os_family == "Debian"`

			`- name: Exécuter bun build dans le répertoire de l application`
			`ansible.builtin.command: bun run build`
			`become: false`
			`args:`
			`chdir: "{{ path }}"`
			`when: ansible_os_family == "Debian"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
			`- name: Supervisor config`
			`ansible.builtin.template:`
			`src: supervisor.j2`
fix error regisster page 2025-11-16 19:41:07 +01:00			`dest: "/etc/supervisor/conf.d/e-cosplay.conf"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`mode: '0644'`

			`- name: Reread Supervisor configuration`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`ansible.builtin.command: supervisorctl reread`
			`changed_when: true # Always mark as changed, as output is not always useful for idempotency`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
			`- name: Update Supervisor (add/remove updated programs)`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`ansible.builtin.command: supervisorctl update`
			`changed_when: true`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00
			`- name: Purger la base de données Redis`
			`ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL"`
			`when: ansible_os_family == "Debian"`

			`- name: Generate Caddy site configuration`
			`ansible.builtin.template:`
			`src: caddy.j2`
fix error regisster page 2025-11-16 19:41:07 +01:00			`dest: "/etc/caddy/sites/e-cosplay.conf"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`mode: '0644'`

			`- name: Reload Caddy to apply new configuration`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`ansible.builtin.systemd:`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`name: caddy`
			`state: reloaded`
			`enabled: yes`
✨ feat(ansible): Ajoute la migration Doctrine et vide le cache après déploiement. 2025-10-01 13:57:10 +02:00			`- name: Exécuter doctrine:migration:migrate dans le répertoire de l application`
🐛 fix(ansible): Corrige la commande doctrine pour exécuter les migrations sans interaction. 2025-10-01 14:03:09 +02:00			`ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction`
✨ feat(ansible): Ajoute la migration Doctrine et vide le cache après déploiement. 2025-10-01 13:57:10 +02:00			`become: false`
			`args:`
			`chdir: "{{ path }}"`
			`when: ansible_os_family == "Debian"`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`- name: Exécuter cache:clear dans le répertoire de l application`
			`ansible.builtin.command: php bin/console cache:clear`
			`become: false`
			`args:`
			`chdir: "{{ path }}"`
			`when: ansible_os_family == "Debian"`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00
chore: Activer liip:imagine et mise à jour CHANGELOG 2025-07-16 15:09:01 +02:00			`- name: Exécuter liip:imagine:cache:remove dans le répertoire de l application`
			`ansible.builtin.command: php bin/console liip:imagine:cache:remove`
			`become: false`
			`args:`
			`chdir: "{{ path }}"`
✨ feat(ansible/playbook): Configure les permissions pour cache, logs et media Symfony. 2025-10-01 13:53:19 +02:00			`- name: Set correct permissions for Symfony cache and logs directories`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`ansible.builtin.file:`
✨ feat(ansible/playbook): Configure les permissions pour cache, logs et media Symfony. 2025-10-01 13:53:19 +02:00			`path: "{{ item }}"`
feat(ansible): Améliore déploiement et permissions Corrige gestion des permissions, ajout d'ACL, optimise cache. 2025-07-17 11:36:14 +02:00			`owner: bot`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`group: www-data`
📝 chore(ansible/playbook): Modifie les permissions des répertoires à 0777. 2025-10-01 13:55:19 +02:00			`mode: '0777' # rwx for owner and group, rx for others`
feat: Ansible: Ajoute config Caddy et améliorations Ajout config Caddy et améliorations playbook Ansible. 2025-07-16 14:16:23 +02:00			`state: directory`
✨ feat(ansible/playbook): Configure les permissions pour cache, logs et media Symfony. 2025-10-01 13:53:19 +02:00			`recurse: yes # Apply to all contents`
			`loop:`
			`- "{{ path }}/var/cache"`
			`- "{{ path }}/var/log"`
			`- "{{ path }}/public/media"`