Add all files needed to bring up VM and run agaric.com locally

box/examples/prod/README.md

@@ -0,0 +1,5 @@
+# Drupal VM Production Configuration Example
+
+> **Important**: This feature is currently in 'experimental' status, and the security of your servers is _your_ responsibility.
+
+See [Deploying Drupal VM to a production environment](http://docs.drupalvm.com/en/latest/other/production/#example-drupal-vm-on-digitalocean) for a guide on how you can build a Drupal environment with Drupal VM on a cloud provider such as DigitalOcean.

box/examples/prod/bootstrap/example.vars.yml

@@ -0,0 +1,15 @@
+---
+admin_user: my_admin_username
+
+# On RHEL/CentOS, 'wheel'; on Debian/Ubuntu, 'sudo'.
+admin_group: sudo
+
+# IMPORTANT: Configure your own password for the admin user account. To generate
+# a password hash, use either of the following commands:
+#   - `openssl passwd -1 [password]`
+#   - `mkpasswd --method=SHA-512`.
+admin_password: $1$HgT69GsW$qZ8FUJHafZZWD76KXgAZO/
+
+# Configuration for copying local public SSH key to admin's authorized_keys.
+admin_copy_ssh_pubkey: true
+admin_pubkey: ~/.ssh/id_rsa.pub

box/examples/prod/bootstrap/init.yml

@@ -0,0 +1,40 @@
+---
+- hosts: drupalvm
+  gather_facts: no
+
+  vars_files:
+    - vars.yml
+
+  pre_tasks:
+    # See: https://github.com/geerlingguy/drupal-vm/issues/1245
+    - name: Install Python if it's not available.
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+      register: output
+      changed_when: output.stdout != ""
+    - action: setup
+
+  tasks:
+    - name: Create admin user account.
+      user:
+        name: "{{ admin_user }}"
+        createhome: yes
+        home: "/home/{{ admin_user }}"
+        generate_ssh_key: yes
+        ssh_key_comment: "ansible-{{ inventory_hostname }}"
+        password: "{{ admin_password }}"
+        groups: "{{ admin_group }}"
+        shell: /bin/bash
+
+    - name: Add local SSH public key to admin account authorized_keys.
+      authorized_key:
+        user: "{{ admin_user }}"
+        key: "{{ lookup('file', admin_pubkey) }}"
+        manage_dir: yes
+      when: admin_copy_ssh_pubkey
+
+    - name: Disable requiretty.
+      lineinfile:
+        dest: /etc/sudoers
+        regexp: '^Defaults.+requiretty'
+        line: 'Defaults    !requiretty'
+        state: present

box/examples/prod/example.inventory

@@ -0,0 +1,2 @@
+[drupalvm]
+1.2.3.4 ansible_ssh_user=my_admin_username

box/examples/prod/prod.config.yml

@@ -0,0 +1,47 @@
+---
+# Normally, this would be set to the hostname of your DigitalOcean Droplet.
+drupal_domain: "drupalvm.test"
+vagrant_hostname: "{{ drupal_domain }}"
+
+# Add only the `apache_vhosts` or `nginx_vhosts` you need. If installing a
+# single Drupal site, the variable should look like this (Apache):
+apache_vhosts:
+  - servername: "{{ drupal_domain }}"
+    documentroot: "{{ drupal_core_path }}"
+    extra_parameters: "{{ apache_vhost_php_fpm_parameters }}"
+
+# Since this will be a publicly-accessible instance of Drupal VM, make sure you
+# configure secure passwords, especially for Drupal and MySQL!
+drupal_account_pass: admin
+drupal_db_password: drupal
+mysql_root_password: root
+
+# Only install extras that you will need/use on your site, and don't install
+# development-related software on production environments!
+installed_extras:
+  - drush
+  # - memcached
+  # - redis
+  # - solr
+  - varnish
+
+# Disable Apache package upgrades.
+apache_packages_state: installed
+
+# Disable the dashboard page. Also remove any unneeded virtualhosts.
+dashboard_install_dir: ''
+
+# Enable a more hardened security configuration.
+extra_security_enabled: true
+
+# Restrict the firewall to only ports that are required for external services.
+firewall_allowed_tcp_ports:
+  - "22"
+  - "80"
+  - "443"
+firewall_log_dropped_packets: true
+
+# Set Apache to listen on port 81 (internal only), and Varnish on 80.
+apache_listen_port: "81"
+varnish_listen_port: "80"
+varnish_default_backend_port: "81"