server/spotme: Moved service envs to extra file

Otherwise all users would be able to extract data using systemctl show

roles/server/spotme/defaults/main.yml

@@ -8,6 +8,7 @@ spotme_service_name: "{{ domain }}.service"
 
 spotme_user_directory: "{{ global_webservers_directory }}/{{ domain }}"
 spotme_installation_directory: "{{ spotme_user_directory }}/server"
+service_environment_file: "{{ user_directory }}/{{ service_name }}.env"
 
 database_user: "spotme"
 # database_pass from mysql/database

roles/server/spotme/tasks/main.yml

@@ -57,6 +57,17 @@
     chdir: "{{ spotme_installation_directory }}"
   notify: restart spotme
 
+- name: Store environments required for service
+  template:
+    src: service.env
+    dest: "{{ service_environment_file }}"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  notify:
+    - reload systemd # required for task below, systemd must reload before the service tries to restart
+    - restart spotme
+
 - name: Register service for SpotMe
   template:
     src: spotme.service

roles/server/spotme/templates/service.env

@@ -0,0 +1,9 @@
+USER={{ spotme_system_user }}
+HOME={{ spotme_user_directory }}
+NODE_ENV=production
+PORT={{ bind_port }}
+DATABASE_HOST=127.0.0.1
+DATABASE_PORT=3306
+DATABASE_USERNAME={{ database_user }}
+DATABASE_PASSWORD={{ database_pass }}
+DATABASE_NAME={{ database_name }}

roles/server/spotme/templates/spotme.service

@@ -11,15 +11,7 @@ Group={{ spotme_system_user }}
 
 WorkingDirectory={{ spotme_installation_directory }}
 ExecStart=/usr/bin/npm start
-Environment="USER={{ spotme_system_user }}"
-Environment="HOME={{ spotme_user_directory }}"
-Environment="NODE_ENV=production"
-Environment="PORT={{ bind_port }}"
-Environment="DATABASE_HOST=127.0.0.1"
-Environment="DATABASE_PORT=3306"
-Environment="DATABASE_USERNAME={{ database_user }}"
-Environment="DATABASE_PASSWORD={{ database_pass }}"
-Environment="DATABASE_NAME={{ database_name }}"
+EnvironmentFile={{ service_environment_file }}
 
 Restart=always
 RestartSec=2s