{"id":20313248,"url":"https://github.com/dimiboi/wordpress-ansible","last_synced_at":"2026-04-12T14:47:16.549Z","repository":{"id":79845801,"uuid":"323167050","full_name":"dimiboi/wordpress-ansible","owner":"dimiboi","description":"🦾 An Ansible playbook to spin up a WordPress server running hardened Nginx and MariaDB with an SSL certificate issued by Let's Encrypt using dns-01 challenge.","archived":false,"fork":false,"pushed_at":"2021-07-06T17:09:07.000Z","size":35,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-14T12:29:17.374Z","etag":null,"topics":["ansible","ansible-playbook","certbot","mariadb","nginx","wordpress"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dimiboi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-20T21:20:32.000Z","updated_at":"2021-07-06T17:09:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"5c085077-5979-434a-829d-e076ac35c760","html_url":"https://github.com/dimiboi/wordpress-ansible","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dimiboi%2Fwordpress-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dimiboi%2Fwordpress-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dimiboi%2Fwordpress-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dimiboi%2Fwordpress-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dimiboi","download_url":"https://codeload.github.com/dimiboi/wordpress-ansible/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241812378,"owners_count":20024365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-playbook","certbot","mariadb","nginx","wordpress"],"created_at":"2024-11-14T18:10:06.100Z","updated_at":"2025-12-31T01:03:18.865Z","avatar_url":"https://github.com/dimiboi.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🦾 Hardened WordPress Ansible Playbook\n\nThe `cloud-init.yml` configuration file:\n\n- 👥 Creates a default user `dmitry` with a public key and gives it sudo permissions\n- 📦 Configures and enables unattended-upgrades\n- 🧱 Enables the firewall and lets SSH through it\n- 🐝 Pollinates entropy using Ubuntu's server\n\nThe Ansible playbook:\n\n- 📦 Installs and configures _MariaDB_, _Nginx_, _WordPress_, and _Certbot_\n  - 🔑 Generated MariaDB _credentials_ are stored in `.credentials` directory\n- 📜 Acquires Let's Encrypt _ceritificate_ using `dns-01` challenge with the configured _DNS provider_\n  - 🤖 Google Cloud Platform _service account_ credentials in a JSON file ([instructions](https://cloud.google.com/iam/docs/creating-managing-service-accounts))\n    - 🔧 Configure the file path as `certbot_dns.google_credentials_file`\n  - ☁️ CloudFlare _API token_ ([instructions](https://developers.cloudflare.com/api/tokens/create))\n    - 🔧 Configure the token as `certbot_dns.cloudflare_api_token`\n  - ❗ The playbook uses Let's Encrypt _staging environment_ by default\n      - 🔧 Make sure to override `certbot_server` with the production server\n- 🔏 Hardens the system and its running services\n\n## Instructions\n\nInstall [devsec.hardening](https://github.com/dev-sec/ansible-collection-hardening) collection before running:\n\n```bash\n$ ansible-galaxy collection install devsec.hardening\n```\n\nCreate a `.vars.yml` file and set the required variable values:\n\n```yaml\nssh_allow_users: john\nwordpress_http_hosts:\n  - john.example.net\n  - doe.example.com\ncertbot_email: john@doe.example.com\ncertbot_server: https://acme-v02.api.letsencrypt.org/directory\ncertbot_dns:\n  cloudflare_api_token: 0123456789abcdef0123456789abcdef01234567\n```\n\nTo use Google Cloud Platform DNS configure the service account credentials file path:\n```yaml\ncertbot_dns:\n  google_credentials_file: ~/certbot-service-account.json\n```\n\nRun the playbook:\n\n```bash\n$ ansible-playbook playbook.yml --limit \u003chost-name\u003e --user \u003cremote-user\u003e --extra-vars @.vars.yml\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdimiboi%2Fwordpress-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdimiboi%2Fwordpress-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdimiboi%2Fwordpress-ansible/lists"}