banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

server/node: Moved private envs to extra file

Browse Source 
Otherwise all users would be able to extract data using systemctl show
dehydrated
Felix Stupp 4 years ago
parent 15ac9de2ef
commit 9e04a7b39b
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7
4 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File

1
roles/server/node/defaults/main.yml
Unescape Escape View File

@ -9,6 +9,7 @@ service_name: "{{ domain }}.service"
# system_user: "nodejs"
user_directory: "{{ global_webservers_directory }}/{{ domain }}"
service_environment_file: "{{ user_directory }}/{{ service_name }}.env"
src: "{{ user_directory }}/server"
database_user: "{{ system_user | regex_replace('[^a-zA-Z]', '_') }}"

13
roles/server/node/tasks/main.yml
Unescape Escape View File

@ -6,13 +6,24 @@
chdir: "{{ src }}"
creates: "{{ src }}/node_modules"
- name: Store environments required for service
template:
src: service.env
dest: "{{ service_environment_file }}"
owner: root
group: root
mode: u=rw,g=r,o=
notify:
- reload systemd # required for task below, systemd must reload before the service tries to restart
- "restart {{ domain }}"
- name: Register service for node server
template:
src: node.service
dest: "{{ global_systemd_configuration_directory }}/{{ service_name }}"
owner: root
group: root
mode: "u=rw,g=r,o="
mode: "u=rw,g=r,o=r"
notify:
- reload systemd
- "restart {{ domain }}"

14
roles/server/node/templates/node.service
Unescape Escape View File

@ -11,19 +11,7 @@ Group={{ system_user }}
WorkingDirectory={{ src }}
ExecStart=/usr/bin/npm start
Environment="USER={{ system_user }}"
Environment="HOME={{ user_directory }}"
Environment="NODE_ENV=production"
Environment="PORT={{ bind_port }}"
Environment="DOMAIN={{ domain }}"
Environment="DATABASE_HOST=127.0.0.1"
Environment="DATABASE_PORT=3306"
Environment="DATABASE_USERNAME={{ database_user }}"
Environment="DATABASE_PASSWORD={{ database_pass }}"
Environment="DATABASE_NAME={{ database_name }}"
{% for name, var in environment_vars.items() %}
Environment="{{ name }}={{ var }}"
{% endfor %}
EnvironmentFile={{ service_environment_file }}
TimeoutStartSec=2s
TimeoutStopSec=10s

13
roles/server/node/templates/service.env
Unescape Escape View File

@ -0,0 +1,13 @@
USER={{ system_user }}
HOME={{ user_directory }}
NODE_ENV=production
PORT={{ bind_port }}
DOMAIN={{ domain }}
DATABASE_HOST=127.0.0.1
DATABASE_PORT=3306
DATABASE_USERNAME={{ database_user }}
DATABASE_PASSWORD={{ database_pass }}
DATABASE_NAME={{ database_name }}
{% for name, var in environment_vars.items() %}
{{ name }}={{ var }}
{% endfor %}
Write Preview
Loading…
Cancel
Save