Added templates

templates/common/.gitignore.example

@@ -0,0 +1 @@
+.vault_password

templates/common/.spin.example.yml

@@ -0,0 +1,114 @@
+---
+###########################################
+# Basic Server Configuration
+###########################################
+server_timezone: "Etc/UTC"
+server_contact: [email protected]
+
+# SSH
+server_ssh_port: "22"
+
+## Email Notifications
+postfix_hostname: "{{ inventory_hostname }}"
+
+## Set variables below to enable external SMTP relay
+# postfix_relayhost: "smtp.example.com"
+# postfix_relayhost_port: "587"
+# postfix_relayhost_username: "myusername"
+# postfix_relayhost_password: "mysupersecretpassword"
+
+##############################################################
+# Users
+##############################################################
+
+### Use the template below to set users and their authorized keys
+## Passwords must be set with an encrypted hash. To do this, see the Ansible FAQ
+## https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module
+
+# users:
+#   - username: alice
+#     name: Alice Smith
+#     state: present
+#     groups: ['adm','sudo']
+#     password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
+#     shell: "/bin/bash"
+#     authorized_keys:
+#       - public_key: "ssh-ed25519 AAAAC3NzaC1lmyfakeublickeyMVIzwQXBzxxD9b8Erd1FKVvu alice"
+
+#   - username: bob
+#     name: Bob Smith
+#     state: present
+#     password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
+#     groups: ['adm','sudo']
+#     shell: "/bin/bash"
+#     authorized_keys:
+#       - public_key: "ssh-ed25519 AAAAC3NzaC1anotherfakekeyIMVIzwQXBzxxD9b8Erd1FKVvu bob"
+
+### Additional users
+## You can also set additional users (great if you're working with contractors or clients on certain groups of servers)
+## These users will be flattened into the users list (if you set any settings below)
+
+# additional_users:
+#   - username: charlie
+#     name: Charlie Smith
+#     state: present
+#     groups: ['adm','sudo']
+#     password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
+#     shell: "/bin/bash"
+#     authorized_keys:
+#       - public_key: "ssh-ed25519 AAAAC3NzaC1lmyfakeublickeyMVIzwQXBzxxD9b8Erd1FKVvu alice"
+
+#   - username: dana
+#     name: Dana Smith
+#     state: present
+#     password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
+#     groups: ['adm','sudo']
+#     shell: "/bin/bash"
+#     authorized_keys:
+#       - public_key: "ssh-ed25519 AAAAC3NzaC1anotherfakekeyIMVIzwQXBzxxD9b8Erd1FKVvu bob"
+
+###########################################
+# Advanced Server Configurations
+###########################################
+
+# Time is in seconds (default: 24 hours)
+apt_cache_expiration: 86400
+
+# Common packages to install
+common_installed_packages:
+  - cron
+  - curl
+  - figlet
+  - fail2ban
+  - git
+  - htop
+  - logrotate
+  - mailutils
+  - ncdu
+  - ntp
+  - python3-minimal
+  - ssh
+  - tzdata
+  - ufw
+  - unattended-upgrades
+  - unzip
+  - wget
+  - zip
+
+# APT - Automatic Update Configuration
+apt_periodic_update_package_lists: "1"
+apt_periodic_download_upgradeable_packages: "1"
+apt_periodic_autoclean_interval: "7"
+apt_periodic_unattended_upgrade: "1"
+
+###########################################
+# Fun Terminal Customizations
+###########################################
+motd_header_text: "ServerSideUp"
+motd_header_text_color: '\e[38;5;255m'
+motd_header_background_color: '\e[48;5;34m'
+motd_hostname_text_color: '\e[38;5;202m'
+motd_services:
+  - ufw
+  - fail2ban
+  - postfix

templates/laravel/.infrastructure/conf/traefik/dev/certificates/local-dev-key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAzD4tEgMDNmqJMqfW1KcR7sIan+8z3J+fWRIYREkk24UbaQzX
+of3dYYzPztmVh7ai4NhAnI/MfzPlJdPFVgPvGEO0TDCz9GmhNdFmXQiZ/dDQfR8b
+5py/mdiNBqsYWDBlj+I5KrMqE+pViDoKOLxVZXo+lECc2KCaz/ROJgj7b29+AOo5
+h/b/RzSnmQJGuCAAX+WIii63T3VA3GkzbnKGjMaPVTVPSpmLhkptq1t7kYam3p9b
+lDw+o3BzQKl7GtdLLcKpxYBwfsGiyCCYu5ojqGeK0enJNDZtfyP8k6heK/npeqXo
+QcWiLVxwXVqUqzCSt08L5F8u+2tObLW6NZ2bmWPUmZSXNC4qJjjlgrwrllkDJG+S
+3LPJYW+VZzvTYFcfE7f1miLBa6X37F03htnhlLx7Ep1EEfNXlhPhqX+eA87Io6fy
+B63udmKDJiDyFrYS7Qcz4WLFSHok7i7Y8FX0maedRye8upBep4a9qP6hodtAzkqn
+AoJQqUtghgJFPh65Z3mAFV3f4YgPpxjkYPNrpnYUo+TtGGTbeH6wLMQv91ZoA6HQ
+glC88wEUyO8V9hlu16mHv1n/fcsA9itP9Pr9gT4MphBmPBDYtNUYfGxMTTkAhGlT
+w3QzNWpG3AWaBWZdoTdOHCizFGTs/dJclIJt4gZ97XPjb1oWKPc5MmLXlWUCAwEA
+AQKCAgAzq7czS1fQuHslOZj8C5hZ0vlxZM62Dhv+KLnC7M5KSw54MSuMa/FJ8JnS
+NvHBd88VGyCdezO9Kp/aRg0yiaQ/e0Ft1RRxzRdfyi4fc0GiGOXmAazJVvaSMVrc
+SQTLqtLG5/CWgOUwTKR+5lAXsm3YUmjqkL4df+QqoB/1N2iE9KvoB1musCo9FXEh
+IJZLlq0BlcxJSTBPBdb27BZ65rZrfwBcCjSZJudJfiLoqyhD1ND6mU5N3j/qkVRX
+E4l1bOo0FX9l2+yZ5NsNzlFVhNVokWlpWb/xWaOx+qS3pmzMq1kKElcD7L/uwegb
+dgMOnCdCANl9WSdFrAwXLJKDZfArFeasU2wbhVPB2J2w3l8RTBAO6OqjAgRCcRO3
+iqr9M/cDT0K83n+tijtK6YZblP8EoxRzLjfCsQs8KSUZW1cylWoYq/8fX73FJ0S/
+DGrNdlHsZc13rut8Yg2YEomkPO9V1uInqpXCUWz/O/8vTAWrbaOULNocFGutgM6T
+obvOnrKrJ45UJvbjwS/76WEn7CNiWqon+7bzAls6xTHKmmx1PZ7z+rXaIyHkWyax
+RDzy56RLMRLtQdiFoCrFHoBuiagNmO3CyZvQ6oiqH1A/XF83rgZAGU9yHDbSlqTm
+rFGgfYrWkn8w7m9O8gSyrIj9HtB82hxq/m3x7YMMN6lCKon7sQKCAQEAzggKeFOG
+1e8MQQuar3ypJH8IaqNhnKfL4308n7jFr6+wjpzeF6Mp+tl27pZrpPgHvk7YUQq/
+ZXYZFdDMoRf0KzWSLRGwev2VhEqN+Gu7akXBFOHCkrg2+aK4lIC9d3NiI3CphjqZ
+ROXVXbmNSsa0JPWPva8jQufto87yWnhyvYMQBYFCFnJjGsKsmf7EG/gEmqjR17sl
+fOW84UIcNG+W2Shyn4hMOHg6PbL2LV01WCAvOwgJDGBPntvRlZeT+70HP7q8jQ1I
+9qgnBvd9pIfD3YUdW3ToFnOzmNI5w2GHUdEKBHtyodO4wqXiGUoIbxQtuDk5x9Nu
+uvEEEG+1vrML5wKCAQEA/ccW892p/MYTqasxLH3FEuWlbDzuM/wmW0UOqCuHVsWO
+LIbObd2nXA1FfixsH7AmQGz6840eSrd42Tyc4L0PgYiZMt2x0fVPtppTleARCrb1
+G1z3pm/V0SNfiWU/zJnBRWzO19YMrd44+inqvPsdVzJzOe0MqjKpjRJnXjB4tGJ4
+5K/GiUenb2eUoWepW/Co/WHGOe06d5TvjK8aMWUZXrw8zYKAMWef60tlw8mQsiBa
+5nfVHC92bB+gVaZj7esyJmmx0HJrAZWVxdD5JogCg3k1SA5707KORXNwpUfrmHs7
+5RmidgIL4TfH5N3HD38TMUhj9M166smWYG8KUwxK0wKCAQEAm2rLYxs3Alhx+Psk
+863o9cPx+GdIseCN2AxX1/CNB0tTtzC0BEar2zOCGNZVWztStAdL/E5MNOBSafd4
+9ShZouKlYuQOKajyyblnwPabiL4XuYXXvc/CgKtz62n2Ao6CgFNzPfMkPSnWuv3G
+jJq5t4uZo6/ivIyx4bixbvefLkAYrN5lmQMuqTgi9YOOMb700in5KXBeBgpTYeT5
+28A1nZh6ZsdtH8fpvzMpquy92b1lg3U7Rh+80Avn3J1cHzDnr/ZQV2KnIJGV5xZ4
+q81SPd81VxEoJg+fce9bbXw7lMdIdDsfLN3GaOazWPpUxF4HYwmgAZIH3HME6tUp
+1zG/DwKCAQBGTh2BuesZ6BYSbybUWJN8RLqrXcXwCO7nYh5JYKXB2EEm/MG7liiD
+S/nwloXt0XMHbimnx3SY5nNIW45qhHYDQMCQYvKcZAWNZPu7DbQq77y/s+W36kum
+ANK60Z33JLFydk5nZRlmIaZPR8WMTVU3jvZ1GcLkc9ydBHg2k98cuhsb38Z0ybEN
+H/kBLiKxId7vM2MjMSF9d3lV1DzBamy43hVKKdkx1q9rFBxBPVokvunv50rW4B9C
+nRBiKhKNGxdtpOJqCQi0C6jOgLJFhnCL08x7BegwIctgWjbe0ynluF5DffKQFskL
+v9RVB0vacy3x/UgTzck7ulU6qgiGMWWZAoIBAQCVA4qZyWfvlZok4CCOyVzyokQk
+iegae/vSXavf7P3rnt9A2tWb15JKHake+zI79QC8Ea8edA8j1/2xbTV7bF3fi0at
+UC5hiyOwVgxI2lGo3KxbOx3/kdTMWgiXjX1IZA9Zp9FzsvMrAGlU02imQSWq0/qW
+kdd3NWZHLJZgzmlMVX9s6WIzRP1CdD5E9NyJortgzLQmgWkxMTU7fx9TlSAtJpci
+00gQBq/aqWMNAtQwwz2M9eMr14TgTUgVhLmQJN9aBcNgUMielcn1zTthSG7euhQK
+0gu98piVTfVQarAAWWP2O9s9CvP5o6iItvSC01DG7RPw/Cj/q9P9sFCh6y1H
+-----END RSA PRIVATE KEY-----

templates/laravel/.infrastructure/conf/traefik/dev/certificates/local-dev.pem

@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGkjCCBHqgAwIBAgIUKttFImgEG9cO56DRD/WAJQKHIAswDQYJKoZIhvcNAQEN
+BQAwezELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCVdpc2NvbnNpbjESMBAGA1UEBxMJ
+TWlsd2F1a2VlMRcwFQYDVQQKEw5TZXJ2ZXIgU2lkZSBVcDEPMA0GA1UECxMGRGV2
+T3BzMRowGAYDVQQDExFTZXJ2ZXIgU2lkZSBVcCBDQTAeFw0yMzExMDkwMTAzMDBa
+Fw00MzExMDQwMTAzMDBaMHQxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25z
+aW4xEjAQBgNVBAcTCU1pbHdhdWtlZTEXMBUGA1UEChMOU2VydmVyIFNpZGUgVXAx
+DzANBgNVBAsTBkRldk9wczETMBEGA1UEAwwKKi5kZXYudGVzdDCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAMw+LRIDAzZqiTKn1tSnEe7CGp/vM9yfn1kS
+GERJJNuFG2kM16H93WGMz87ZlYe2ouDYQJyPzH8z5SXTxVYD7xhDtEwws/RpoTXR
+Zl0Imf3Q0H0fG+acv5nYjQarGFgwZY/iOSqzKhPqVYg6Cji8VWV6PpRAnNigms/0
+TiYI+29vfgDqOYf2/0c0p5kCRrggAF/liIout091QNxpM25yhozGj1U1T0qZi4ZK
+batbe5GGpt6fW5Q8PqNwc0CpexrXSy3CqcWAcH7BosggmLuaI6hnitHpyTQ2bX8j
+/JOoXiv56Xql6EHFoi1ccF1alKswkrdPC+RfLvtrTmy1ujWdm5lj1JmUlzQuKiY4
+5YK8K5ZZAyRvktyzyWFvlWc702BXHxO39ZoiwWul9+xdN4bZ4ZS8exKdRBHzV5YT
+4al/ngPOyKOn8get7nZigyYg8ha2Eu0HM+FixUh6JO4u2PBV9JmnnUcnvLqQXqeG
+vaj+oaHbQM5KpwKCUKlLYIYCRT4euWd5gBVd3+GID6cY5GDza6Z2FKPk7Rhk23h+
+sCzEL/dWaAOh0IJQvPMBFMjvFfYZbteph79Z/33LAPYrT/T6/YE+DKYQZjwQ2LTV
+GHxsTE05AIRpU8N0MzVqRtwFmgVmXaE3ThwosxRk7P3SXJSCbeIGfe1z429aFij3
+OTJi15VlAgMBAAGjggETMIIBDzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
+KwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU+njyDOLRRQQPlzgAq38z
+Ug209jMwHwYDVR0jBBgwFoAUNZc4wBBAJBUFKQnjiV4tknKqGPUwgZkGA1UdEQSB
+kTCBjoIKKi5kZXYudGVzdIILKi5naXRwb2QuaW+CCioubmdyb2suaW+CECoubG9j
+YWx0dW5uZWwubWWCDCouc2VydmVvLm5ldIIJKi5sb2NhLmx0gggqLm5pcC5pb4IK
+Ki5zc2xpcC5pb4IIKi54aXAuaW+CDioudHVubmVsdG8uZGV2ggwqLmlubGV0cy5k
+ZXYwDQYJKoZIhvcNAQENBQADggIBABP+PX9/Fu2kLuk1MuTs1vcAluf52i11XAPt
+QpeWCqS4lTu8P//8VPVcjdfWnqZP2xoQYS2yvMvcs6ec8Lwz7cds5NmIj5QBTRwV
+avi1J5IO62lEX6qLIUFpJFP29xtyMHZxBA/gcPeRZjcaE5CRBemUzrjSsVFr9TWl
+VcrNkGnw9MWvMuozesMWQbT4PC9kBb5Kh8mCi1uEFxRrlt1Jc7VtCQkINMNOoxty
+FYVZyd4rQtPSglFFuLrhI0wtrv1lGjiHNemipDI5TKb9swgIpqtNhXbe0vMtOHKC
+21+VHFSVRRvGRwklsGkCTC6FYnHSOVRVs9DQr8XP2sbjO6fIhlWvgt1AajYIzvfO
+9YNOsrnVeSEZrdVD8kkVL15iQewpLtgxQdm6lXedK0SNSTqWAT8+FBNKyt8FLQPv
+Owd68TCPNP7KUxwZHEeHfSn6BPdAgWhSNBLTPrwupQb9AdnQzvNA6seT4yKhI2Zj
+V7XPY92M99t6Ac7yimcT8zQQCVbNKZuFTHxb5FxQ7LWRyUK7+WlWPwLWzpU8fAlD
+KmLNIBn1HURVWDtECBpHb9ZjMh02EAea+wzpPNKiW/4+npBf6di7vUeFQs+dbB7J
+f1gR970Cmsaec3ZVOPdlcuJckNwBcvTSc07tDu5vP1nZlgp99IFVP/CQz48rVJTZ
+2lhEyLbm
+-----END CERTIFICATE-----

templates/laravel/.infrastructure/conf/traefik/dev/traefik-certs.yml

@@ -0,0 +1,11 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certificates/local-dev.pem
+        keyFile: /certificates/local-dev-key.pem
+  certificates:
+    - certFile: /certificates/local-dev.pem
+      keyFile: /certificates/local-dev-key.pem
+      stores:
+        - default

templates/laravel/.infrastructure/conf/traefik/dev/traefik.yml

@@ -0,0 +1,30 @@
+# Allow self-signed certificates
+serversTransport:
+  insecureSkipVerify: true
+
+providers:
+  docker:
+    network: development
+    exposedbydefault: false
+  file:
+      filename: /traefik-certs.yml
+      watch: true
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+
+  websecure:
+    address: ":443"
+
+accessLog: {}
+log:
+  level: ERROR
+
+api:
+  dashboard: true
+  insecure: true

templates/laravel/.infrastructure/conf/traefik/prod/traefik.yml

@@ -0,0 +1,70 @@
+# Cloudflare TrustedIPs
+x-trustedIps: &trustedIPs
+  - "173.245.48.0/20"
+  - "103.21.244.0/22"
+  - "103.22.200.0/22"
+  - "103.31.4.0/22"
+  - "141.101.64.0/18"
+  - "108.162.192.0/18"
+  - "190.93.240.0/20"
+  - "188.114.96.0/20"
+  - "197.234.240.0/22"
+  - "198.41.128.0/17"
+  - "162.158.0.0/15"
+  - "104.16.0.0/13"
+  - "104.24.0.0/14"
+  - "172.64.0.0/13"
+  - "131.0.72.0/22"
+  - "2400:cb00::/32"
+  - "2606:4700::/32"
+  - "2803:f800::/32"
+  - "2405:b500::/32"
+  - "2405:8100::/32"
+  - "2a06:98c0::/29"
+  - "2c0f:f248::/32"
+
+# Allow self-signed certificates
+serversTransport:
+  insecureSkipVerify: true
+
+providers:
+  docker:
+    network: web-public
+    exposedbydefault: false
+    swarmMode: true
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entrypoint:
+          to: websecure
+          scheme: https
+    forwardedHeaders:
+      trustedIPs: *trustedIPs
+    proxyProtocol:
+      trustedIPs: *trustedIPs
+
+  websecure:
+    address: ":443"
+    forwardedHeaders:
+      trustedIPs: *trustedIPs
+    proxyProtocol:
+      trustedIPs: *trustedIPs
+
+accessLog: {}
+log:
+  level: ERROR
+
+api:
+  dashboard: true
+  insecure: true
+
+certificatesResolvers:
+  letsencryptresolver:
+    acme:
+      email: "[email protected]"
+      storage: "/certificates/acme.json"
+      httpChallenge:
+        entryPoint: web

templates/laravel/.infrastructure/volume_data/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

templates/laravel/Dockerfile

@@ -0,0 +1,4 @@
+FROM serversideup/php:beta-8.3-fpm-nginx as base
+
+FROM base as deploy
+COPY --chown=www-data:www-data . /var/www/html

templates/laravel/docker-compose.ci.yml

@@ -0,0 +1,37 @@
+version: '3.8'
+services:
+  mariadb:
+    networks:
+      - ci
+    environment:
+        MYSQL_ROOT_PASSWORD: "rootpassword"
+        MYSQL_DATABASE: "laravel_testing"
+        MYSQL_USER: "mysqluser"
+        MYSQL_PASSWORD: "mysqlpassword"
+
+  php:
+    networks:
+      - ci
+    volumes:
+      - .:/var/www/html/
+    working_dir: /var/www/html/
+    environment:
+      AUTORUN_ENABLED: false
+    depends_on:
+      - mariadb
+
+  node:
+    image: node:20
+    volumes:
+      - .:/usr/src/app/
+    working_dir: /usr/src/app/
+    networks: 
+      - ci
+
+  mailpit:
+    image: axllent/mailpit
+    networks:
+      - ci
+
+networks:
+  ci: