From b1a93849a1e53c20d9d161fad921acecd81567da Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Sun, 21 Jun 2020 17:43:26 +0200 Subject: [PATCH] Moved var nginx_system_user to global vars --- group_vars/all/vars.yml | 1 + roles/nginx/application/defaults/main.yml | 2 -- roles/nginx/application/templates/nginx.conf | 2 +- roles/nginx/mail_proxy/tasks/main.yml | 4 ++-- roles/nginx/php-pool/tasks/main.yml | 4 ++-- roles/nginx/php-pool/templates/pool.conf | 4 ++-- roles/server/firefox-sync/tasks/main.yml | 2 +- roles/server/firefox-sync/templates/firefox.socket | 2 +- roles/server/gitea/tasks/main.yml | 2 +- roles/server/nextcloud/meta/main.yml | 2 +- roles/server/php/meta/main.yml | 4 ++-- roles/server/static/meta/main.yml | 2 +- roles/server/tt-rss/meta/main.yml | 4 ++-- roles/server/tt-rss/tasks/main.yml | 2 +- 14 files changed, 18 insertions(+), 19 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 8bfa666..0d6e4ce 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -113,6 +113,7 @@ global_log_directory: "/var/log" global_nfs_port: "2049" # for version 4 global_nfs_directory: "{{ global_webservers_directory }}/nfs" +global_nginx_system_user: www-data global_nginx_service_name: "nginx.service" global_pamd: "/etc/pam.d" diff --git a/roles/nginx/application/defaults/main.yml b/roles/nginx/application/defaults/main.yml index 95ebac4..bf9393a 100644 --- a/roles/nginx/application/defaults/main.yml +++ b/roles/nginx/application/defaults/main.yml @@ -1,7 +1,5 @@ --- -nginx_system_user: www-data - nginx_installation_directory: "/etc/nginx" nginx_upstreams_directory: "{{ nginx_installation_directory }}/upstreams" nginx_sites_directory: "{{ nginx_installation_directory }}/sites" diff --git a/roles/nginx/application/templates/nginx.conf b/roles/nginx/application/templates/nginx.conf index 1151688..b15f669 100644 --- a/roles/nginx/application/templates/nginx.conf +++ b/roles/nginx/application/templates/nginx.conf @@ -1,4 +1,4 @@ -user {{ nginx_system_user }} {{ nginx_system_user }}; +user {{ global_nginx_system_user }} {{ global_nginx_system_user }}; worker_processes auto; pid /run/nginx.pid; include {{ nginx_installation_directory }}/modules-enabled/*.conf; diff --git a/roles/nginx/mail_proxy/tasks/main.yml b/roles/nginx/mail_proxy/tasks/main.yml index 64d3426..f859b21 100644 --- a/roles/nginx/mail_proxy/tasks/main.yml +++ b/roles/nginx/mail_proxy/tasks/main.yml @@ -4,8 +4,8 @@ template: src: mail_proxy.conf dest: "{{ nginx_streams_directory }}/{{ domain }}:{{ port }}" - owner: "{{ nginx_system_user }}" - group: "{{ nginx_system_user }}" + owner: "{{ global_nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rw,g=r,o=r" - name: Allow {{ protocol }} in firewall diff --git a/roles/nginx/php-pool/tasks/main.yml b/roles/nginx/php-pool/tasks/main.yml index 8571e74..bfb429d 100644 --- a/roles/nginx/php-pool/tasks/main.yml +++ b/roles/nginx/php-pool/tasks/main.yml @@ -5,7 +5,7 @@ path: "{{ socket_directory }}" state: directory owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" - name: Check if src is a directory @@ -13,7 +13,7 @@ path: "{{ src }}" state: directory owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" - name: Configure pool in php-fpm diff --git a/roles/nginx/php-pool/templates/pool.conf b/roles/nginx/php-pool/templates/pool.conf index 02435ef..c9ead3e 100644 --- a/roles/nginx/php-pool/templates/pool.conf +++ b/roles/nginx/php-pool/templates/pool.conf @@ -1,11 +1,11 @@ [{{ pool_name }}] user = {{ system_user }} -group = {{ nginx_system_user }} +group = {{ global_nginx_system_user }} listen = {{ socket }} listen.owner = {{ system_user }} -listen.group = {{ nginx_system_user }} +listen.group = {{ global_nginx_system_user }} listen.mode = 0660 pm = dynamic diff --git a/roles/server/firefox-sync/tasks/main.yml b/roles/server/firefox-sync/tasks/main.yml index 2c5240b..53787cb 100644 --- a/roles/server/firefox-sync/tasks/main.yml +++ b/roles/server/firefox-sync/tasks/main.yml @@ -40,7 +40,7 @@ state: directory path: "{{ socket_directory }}" owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" - name: Register socket for firefox sync server diff --git a/roles/server/firefox-sync/templates/firefox.socket b/roles/server/firefox-sync/templates/firefox.socket index bf00359..544ccaa 100644 --- a/roles/server/firefox-sync/templates/firefox.socket +++ b/roles/server/firefox-sync/templates/firefox.socket @@ -4,7 +4,7 @@ Description=firefox sync server socket at {{ domain }} [Socket] ListenStream={{ socket_path }} SocketUser={{ system_user }} -SocketGroup={{ nginx_system_user }} +SocketGroup={{ global_nginx_system_user }} SocketMode=0660 [Install] diff --git a/roles/server/gitea/tasks/main.yml b/roles/server/gitea/tasks/main.yml index 82a149e..3769b61 100644 --- a/roles/server/gitea/tasks/main.yml +++ b/roles/server/gitea/tasks/main.yml @@ -21,7 +21,7 @@ path: "{{ user_directory }}" state: directory owner: "{{ gitea_system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" - name: Configure installation directory diff --git a/roles/server/nextcloud/meta/main.yml b/roles/server/nextcloud/meta/main.yml index 3965bc9..43e45e3 100644 --- a/roles/server/nextcloud/meta/main.yml +++ b/roles/server/nextcloud/meta/main.yml @@ -6,7 +6,7 @@ dependencies: - role: misc/system_user # system_user # user_directory - user_directory_group: "{{ nginx_system_user }}" + user_directory_group: "{{ global_nginx_system_user }}" - role: misc/backup_files # domain backup_directory: "{{ nextcloud_data_directory }}" diff --git a/roles/server/php/meta/main.yml b/roles/server/php/meta/main.yml index 45c1898..2a50300 100644 --- a/roles/server/php/meta/main.yml +++ b/roles/server/php/meta/main.yml @@ -6,14 +6,14 @@ dependencies: - role: misc/system_user # system_user # user_directory - user_directory_group: "{{ nginx_system_user }}" + user_directory_group: "{{ global_nginx_system_user }}" - role: mysql/database # database_user - role: git_auto_update # repo dest: "{{ installation_directory }}" owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" repo_name: "{{ domain }}" reload_command: "systemctl restart {{ phpfpm_package }}" diff --git a/roles/server/static/meta/main.yml b/roles/server/static/meta/main.yml index 78abf9a..bf5514a 100644 --- a/roles/server/static/meta/main.yml +++ b/roles/server/static/meta/main.yml @@ -6,5 +6,5 @@ dependencies: name: "{{ domain }}" dest: "{{ root_directory }}" owner: root - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" diff --git a/roles/server/tt-rss/meta/main.yml b/roles/server/tt-rss/meta/main.yml index e4507cf..61defe5 100644 --- a/roles/server/tt-rss/meta/main.yml +++ b/roles/server/tt-rss/meta/main.yml @@ -7,13 +7,13 @@ dependencies: - role: misc/system_user # system_user # user_directory - user_directory_group: "{{ nginx_system_user }}" + user_directory_group: "{{ global_nginx_system_user }}" - role: git_auto_update # repo repo_name: "{{ domain }}" dest: "{{ installation_directory }}" owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rwx,g=rx,o=" reload_command: "true" - role: mysql/database diff --git a/roles/server/tt-rss/tasks/main.yml b/roles/server/tt-rss/tasks/main.yml index 1445b4d..4775883 100644 --- a/roles/server/tt-rss/tasks/main.yml +++ b/roles/server/tt-rss/tasks/main.yml @@ -5,7 +5,7 @@ src: config.php dest: "{{ installation_directory }}/config.php" owner: "{{ system_user }}" - group: "{{ nginx_system_user }}" + group: "{{ global_nginx_system_user }}" mode: "u=rw,g=r,o=" notify: "restart {{ domain }}"