Add Vagrant support

.gitignore

@@ -2,6 +2,7 @@
 /inventory
 /inventory-*
 /*.sh
+/.vagrant
 
 # Created by http://gitignore.io
 

Vagrantfile

@@ -0,0 +1,48 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby
+
+# Vagrantfile for ginas project
+# https://github.com/drybjed/ginas/
+
+VAGRANTFILE_API_VERSION = '2'
+
+DOMAIN = '.nat.example.com'
+NETWORK = '192.168.50.'
+NETMASK = '255.255.255.0'
+
+# Source: https://github.com/drybjed/vagrant-debian-wheezy-64/tree/ginas
+DEFAULT_BOX = 'debian-wheezy-amd64-netinst'
+DEFAULT_BOX_URL = 'https://dl.dropboxusercontent.com/u/55426468/debian-wheezy-amd64-netinst.box'
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+
+  config.vm.box = DEFAULT_BOX
+  config.vm.box_url = DEFAULT_BOX_URL
+
+  # LEMP webserver (Linux, nginx, MySQL, PHP5)
+  config.vm.define :web do |web|
+    web.vm.hostname = 'web' + DOMAIN
+    web.vm.network :private_network, ip: NETWORK + "10", :netmask => NETMASK
+  end
+
+  # MySQL server with PHPMyAdmin
+  config.vm.define :db do |db|
+    db.vm.hostname = 'db' + DOMAIN
+    db.vm.network :private_network, ip: NETWORK + "20", :netmask => NETMASK
+  end
+
+  # Ansible Controller
+  config.vm.define :master do |master|
+    master.vm.hostname = 'master' + DOMAIN
+    master.vm.network :private_network, ip: NETWORK + "2", :netmask => NETMASK
+
+    config.vm.provision "ansible" do |ansible|
+      ansible.host_key_checking = false
+      ansible.inventory_path = "contrib/vagrant/inventory"
+      ansible.playbook = "playbooks/site.yml"
+    end
+  end
+
+end
+
+

contrib/vagrant/inventory/group_vars/vagrant.yml

@@ -0,0 +1,60 @@
+---
+# host group: vagrant
+
+# Default deployment user, database
+global_vagrant_deploy: 'deploy'
+
+# Default password
+global_vagrant_password: 'vagrant'
+
+# vagrant local network
+global_vagrant_network: '192.168.50.0/24'
+
+# vagrant manages the network interfaces by itself, so let's get out of the way
+interfaces: False
+
+# Enable local mail on each host
+postfix: [ 'local' ]
+
+# Default admin accounts (vagrant and your username)
+auth_admin_accounts:
+  - 'vagrant'
+  - '{{ lookup("env","USER") }}'
+
+# Install additional packages in the vagrant group
+apt_group_packages: [ 'mysql-client' ]
+
+# root account configuration - set shell to /bin/zsh and install custom dotfiles
+# root should be in it's own hash variable
+users_root:
+  - name: 'root'
+    shell: '/bin/zsh'
+    dotfiles: True
+
+# Configuration of default accounts on all hosts in vagrant group
+users_default:
+
+  # vagrant account
+  - name: 'vagrant'
+    shell: '/bin/zsh'
+    groups: 'admins'
+    dotfiles: True
+    sshkeys:
+
+      # Insecure vagrant SSH keys from https://github.com/mitchellh/vagrant/tree/master/keys
+      - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key'
+
+      # Install key from your account just in case
+      - '{{ lookup("file","~/.ssh/id_rsa.pub") }}'
+
+  # Your own account
+  - name: '{{ lookup("env","USER") }}'
+    shell: '/bin/zsh'
+    dotfiles: True
+    groups: 'admins'
+    sshkeys:
+
+      # SSH key from your account
+      - '{{ lookup("file","~/.ssh/id_rsa.pub") }}'
+
+

contrib/vagrant/inventory/host_vars/db.yml

@@ -0,0 +1,53 @@
+---
+# host: db
+
+# MySQL server with PHPMyAdmin
+
+# Enable PHPMyAdmin
+mysql_phpmyadmin: True
+
+# Default password for MySQL 'root' user
+mysql_root_password: '{{ global_vagrant_password }}'
+
+# MySQL should listen on all interfaces
+# At the moment you might need to restart mysql-server on db for it to happen
+# Command: ansible -s -i inventory-vagrant -m service -a 'name=mysql state=restarted' db
+mysql_mysqld_bind_address: '0.0.0.0'
+
+# Allow plaintext connections from local vagrant network
+mysql_network_allow_list: [ '{{ global_vagrant_network }}' ]
+
+# List of MySQL databases
+mysql_databases:
+
+  # deploy
+  - name: '{{ global_vagrant_deploy }}'
+
+# List of MySQL users
+mysql_users:
+
+  # Your username, from localhost (db)
+  - name: '{{ lookup("env","USER") }}'
+    host: 'localhost'
+    priv: '*.*:ALL,GRANT'
+    password: '{{ global_vagrant_password }}'
+
+  # Your username, from local network
+  - name: '{{ lookup("env","USER") }}'
+    host: '192.168.50.%'
+    priv: '*.*:ALL,GRANT'
+    password: '{{ global_vagrant_password }}'
+
+  # deploy user, from localhost (db)
+  - name: '{{ global_vagrant_deploy }}'
+    host: 'localhost'
+    priv: '{{ global_vagrant_deploy }}.*:ALL'
+    password: '{{ global_vagrant_password }}'
+
+  # deploy user, from local network
+  - name: '{{ global_vagrant_deploy }}'
+    host: '192.168.50.%'
+    priv: '{{ global_vagrant_deploy }}.*:ALL'
+    password: '{{ global_vagrant_password }}'
+
+

contrib/vagrant/inventory/host_vars/master.yml

@@ -0,0 +1,9 @@
+---
+# host: master
+
+# Ansible Controller
+
+# Install additional packages on this host
+apt_host_packages: [ 'elinks', 'mutt' ]
+
+

contrib/vagrant/inventory/host_vars/web.yml

@@ -0,0 +1,37 @@
+---
+# host: web
+
+# LEMP webserver (Linux, nginx, MySQL, PHP5)
+
+# Install additional PHP5 packages (it's good to add them in this variable
+# instead of 'apt_*_packages', so that packages depending on php5 are installed
+# after their dependencies)
+php5_packages: [ 'php5-mysql' ]
+
+# List of additional users configured on this host
+users_host_list:
+
+  # Deploy user, with git access similar to Heroku cloud
+  - name: '{{ global_vagrant_deploy }}'
+    comment: 'Web Deployment'
+    type: 'git'
+    sshkeys:
+      - '{{ lookup("file","~/.ssh/id_rsa.pub") }}'
+
+# List of nginx servers configured on this host
+nginx_servers:
+  - '{{ nginx_default_server }}'
+
+# Default nginx server with custom configuration
+nginx_default_server:
+  enabled: True
+  default: True
+
+  # Enable userdir support, you can define one git repository as "userdir" and
+  # it will be available as http://hostname/~deploy/
+  # No PHP5 support though, just plain HTML/CSS
+  userdir: True
+  root: '/srv/users/{{ global_vagrant_deploy }}/sites/{{ ansible_hostname }}.{{ ansible_domain }}/public'
+  upstream_php5: 'php5_www-data'
+
+

contrib/vagrant/inventory/hosts

@@ -0,0 +1,25 @@
+# Default 'inventory/hosts' file for vagrant environment
+
+# Host machine needs to be in the inventory for 'encfs' and 'secret' roles to
+# work, otherwise it should be harmless
+localhost ansible_connection=local
+
+# Hosts defined in the Vagrantfile
+[vagrant]
+master	ansible_ssh_host=192.168.50.2	ansible_ssh_user=vagrant ansible_ssh_private_key_file=contrib/vagrant/ssh/id_rsa_insecure
+web	ansible_ssh_host=192.168.50.10	ansible_ssh_user=vagrant ansible_ssh_private_key_file=contrib/vagrant/ssh/id_rsa_insecure
+db	ansible_ssh_host=192.168.50.20	ansible_ssh_user=vagrant ansible_ssh_private_key_file=contrib/vagrant/ssh/id_rsa_insecure
+
+# Hosts with installed nginx webserver
+[ginas_nginx]
+web
+
+# Hosts with installed PHP5
+[ginas_php]
+web
+
+# Hosts with installed MySQL database
+[ginas_mysql]
+db
+
+

contrib/vagrant/ssh/id_rsa_insecure

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
+w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
+kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
+hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
+Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
+yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
+ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
+Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
+TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
+iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
+sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
+4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
+cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
+EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
+CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
+3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
+YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
+3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
+dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
+6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
+P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
+llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
+kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
+NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
+-----END RSA PRIVATE KEY-----

inventory-vagrant

@@ -0,0 +1 @@
+contrib/vagrant/inventory

vagrant.sh

@@ -0,0 +1 @@
+site.sh