From 07004c3717e0d7fa47d718d23bf0a3ff3fcf03ca Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Tue, 23 Jun 2020 17:22:25 +0200 Subject: [PATCH] server/tt-rss: Moved service envs in extra file Otherwise all users would be able to extract data using systemctl show --- roles/server/tt-rss/defaults/main.yml | 1 + roles/server/tt-rss/tasks/main.yml | 11 +++++++++++ roles/server/tt-rss/templates/service.env | 3 +++ roles/server/tt-rss/templates/tt-rss.service | 4 +--- 4 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 roles/server/tt-rss/templates/service.env diff --git a/roles/server/tt-rss/defaults/main.yml b/roles/server/tt-rss/defaults/main.yml index e3941f4..53445cc 100644 --- a/roles/server/tt-rss/defaults/main.yml +++ b/roles/server/tt-rss/defaults/main.yml @@ -8,6 +8,7 @@ system_user: "{{ domain | domain_to_username }}" user_directory: "{{ global_webservers_directory }}/{{ domain }}" installation_directory: "{{ user_directory }}/repository" +service_environment_file: "{{ user_directory }}/{{ service_name }}.env" database_user: "{{ system_user }}" # database_pass from mysql/database diff --git a/roles/server/tt-rss/tasks/main.yml b/roles/server/tt-rss/tasks/main.yml index 4775883..293f1d4 100644 --- a/roles/server/tt-rss/tasks/main.yml +++ b/roles/server/tt-rss/tasks/main.yml @@ -9,6 +9,17 @@ mode: "u=rw,g=r,o=" notify: "restart {{ domain }}" +- name: Store environments required for service + template: + src: service.env + dest: "{{ service_environment_file }}" + owner: root + group: root + mode: u=rw,g=r,o= + notify: + - reload systemd # required for task below, systemd must reload before the service tries to restart + - "restart {{ domain }}" + - name: Configure Tiny Tiny RSS systemd service template: src: tt-rss.service diff --git a/roles/server/tt-rss/templates/service.env b/roles/server/tt-rss/templates/service.env new file mode 100644 index 0000000..344705e --- /dev/null +++ b/roles/server/tt-rss/templates/service.env @@ -0,0 +1,3 @@ +DATABASE_USERNAME={{ database_user }} +DATABASE_PASSWORD={{ database_pass }} +DATABASE_NAME={{ database_name }} diff --git a/roles/server/tt-rss/templates/tt-rss.service b/roles/server/tt-rss/templates/tt-rss.service index 81157f4..9f0f187 100644 --- a/roles/server/tt-rss/templates/tt-rss.service +++ b/roles/server/tt-rss/templates/tt-rss.service @@ -5,9 +5,7 @@ After=network.target mysql.service [Service] User={{ system_user }} ExecStart={{ installation_directory }}/update_daemon2.php -Environment="DATABASE_USERNAME={{ database_user }}" -Environment="DATABASE_PASSWORD={{ database_pass }}" -Environment="DATABASE_NAME={{ database_name }}" +EnvironmentFile={{ service_environment_file }} [Install] WantedBy=multi-user.target