# Fichier: install_php_83_symfony_pgsql.yml - name: Deploy application hosts: webservers become: true gather_facts: true vars: db_name: "ludikevent" db_user: "ludikevent" db_password: "ludikevent" redis_password: "ludikevent" redis_port: "20110" # path: /var/www/mainframe/app (à définir dans l'inventaire) tasks: - name: Exécuter 'composer install' dans le répertoire de l'application ansible.builtin.command: php8.4 /usr/local/bin/composer install --no-dev --optimize-autoloader become: false args: chdir: "{{ path }}" when: ansible_os_family == "Debian" - name: Send a message to the Discord channel community.general.discord: webhook_id: "1419573620602044518" webhook_token: "ikAdxWxsrrTqMTb5Gh_8ylcoJHlOnq7aJZvR5udoS_fCK56Jk3qpEnJHVKdD8fwuNJF3" content: "Mise à jour du intranet ludikevent https://intranet.ludikevent.fr" - name: Installer le support ACL pour corriger les permissions ansible.builtin.apt: name: acl state: present update_cache: true when: ansible_os_family == "Debian" - name: Installation des dépendances PostgreSQL pour Ansible ansible.builtin.apt: name: python3-psycopg2 state: present update_cache: true when: ansible_os_family == "Debian" - name: Installation de PHP 8.4 et dépendances ansible.builtin.apt: name: - php8.4 - php8.4-fpm - php8.4-cli - php8.4-common - php8.4-mysql - php8.4-pgsql - php8.4-xml - php8.4-mbstring - php8.4-zip - php8.4-intl - php8.4-gd - php8.4-curl - php8.4-pdo - php8.4-opcache - php8.4-bcmath - php8.4-redis - php8.4-imagick - ffmpeg state: present when: ansible_os_family == "Debian" - name: Démarrage de PHP 8.4-FPM ansible.builtin.systemd: name: php8.4-fpm state: started enabled: yes - name: Créer le fichier .env.local ansible.builtin.copy: content: | APP_ENV=prod APP_DEBUG=false VITE_LOAD=1 DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8" REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}" REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}" MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages" APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f REAL_MAIL=1 VAULT_ADDR=http://127.0.0.1:8200 VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3 PATH_URL=https://intranet.ludikevent.fr STRIPE_BASEURL=https://www.ludikevent.fr SIGN_URL=https://www.ludikevent.fr CONTRAT_BASEURL=https://www.ludikevent.fr DEFAULT_URI=https://www.ludikevent.fr INTRANET_LOCK=false STRIPE_PK=pk_live_51TCbkpC2wSA0hG0rhd2hEPIM3pRoFC2Pid83NsTWgFkpR9mEGxcMrR0wS6AYHsmCaph41YNp41cXLtLeQRWXCvzH0085BSRQq9 STRIPE_SK=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 dest: "{{ path }}/.env.local" - name: Configuration des dossiers de base ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data mode: '0775' state: directory loop: - "{{ path }}/var" - "{{ path }}/var/log" - "{{ path }}/public/media" - "{{ path }}/public/images" - "{{ path }}/public/pdf" - "{{ path }}/public/seo" - "{{ path }}/public/tmp-sign" - "{{ path }}/sauvegarde" - name: ACL pour Symfony (www-data rwx) ansible.builtin.acl: path: "{{ item }}" entity: www-data etype: group permissions: rwx state: present recursive: yes default: yes loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" - name: ACL pour Symfony (www-data rwx) ansible.builtin.acl: path: "{{ item }}" entity: bot etype: group permissions: rwx state: present recursive: yes default: yes loop: - "{{ path }}/public/media" - name: Bun install & build ansible.builtin.command: "{{ item }}" become: false args: chdir: "{{ path }}" loop: - "bun install" - "bun run build" - name: Supervisor config ansible.builtin.template: src: supervisor.j2 dest: "/etc/supervisor/conf.d/mainframe.conf" mode: '0644' - name: Reload Supervisor ansible.builtin.command: "{{ item }}" loop: - "supervisorctl reread" - "supervisorctl update" - name: Purger Redis ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL" - name: Caddy config ansible.builtin.template: src: caddy.j2 dest: "/etc/caddy/sites/ludikevent.conf" mode: '0644' - name: Reload Caddy ansible.builtin.systemd: name: caddy state: reloaded - name: Symfony Tasks (Migrations, Cache, Warmup) ansible.builtin.command: "php8.4 bin/console {{ item }} --no-interaction" become: false args: chdir: "{{ path }}" loop: - "doctrine:migrations:migrate" - "cache:clear" - "app:images:warmup" - "pwa:compile" - "app:sitemap" - name: S'assurer que le fichier update.json a les bonnes permissions ansible.builtin.file: path: "{{ path }}/var/update.json" owner: bot group: www-data mode: '0664' state: file ignore_errors: yes # --- CRON TASKS --- - name: "Cron Task - Unsigned Contracts (Relance & Annulation)" ansible.builtin.cron: name: "Intranet Ludikevent - Unsigned Contracts Expired" minute: "0" hour: "12" job: "php8.4 {{ path }}/bin/console app:mail" user: root state: present - name: "Cron Task Search" ansible.builtin.cron: name: "Intranet Ludikevent - Search" minute: "*/5" job: "php8.4 {{ path }}/bin/console app:search" user: root - name: "Cron Task Stripe" ansible.builtin.cron: name: "Intranet Ludikevent - Stripe" minute: "0" hour: "1" job: "php8.4 {{ path }}/bin/console app:stripe:sync" user: root - name: "Cron Task Backup" ansible.builtin.cron: name: "Intranet Ludikevent - Backup" minute: "0" hour: "*/6" job: "php8.4 {{ path }}/bin/console app:backup" user: "root" - name: "Cron Task - Clean Data" ansible.builtin.cron: name: "Intranet Ludikevent - Clean Data" minute: "0" hour: "20" job: "php8.4 {{ path }}/bin/console app:clean" user: "root" - name: Final Permissions Fix (0777 pour les dossiers d'upload) ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data mode: '0777' state: directory recurse: yes loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" - "{{ path }}/public/media" - "{{ path }}/sauvegarde" - "{{ path }}/public/images" - "{{ path }}/public/media" - "{{ path }}/public/pdf" - "{{ path }}/public/seo" - "{{ path }}/public/tmp-sign"