add deidcated user for nextcloud andd php pool
This commit is contained in:
parent
d5ff42ef54
commit
4a1eddcae3
@ -14,7 +14,8 @@ nextcloud_data_directory_creation: true
|
||||
nextcloud_web_root: /usr/share/webapps/nextcloud
|
||||
nextcloud_trusted_domains:
|
||||
- localhost
|
||||
|
||||
nextcloud_user: nextcloud
|
||||
nextcloud_group: nextcloud
|
||||
|
||||
|
||||
nextcloud_config_options: # additional options to set in config.php
|
||||
|
@ -8,4 +8,4 @@ Target = nextcloud-app-*
|
||||
[Action]
|
||||
Description = Update Nextcloud installation
|
||||
When = PostTransaction
|
||||
Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade
|
||||
Exec = /usr/bin/runuser -u nextcloud -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade
|
||||
|
@ -24,26 +24,28 @@
|
||||
name: nextcloud # required. Package name, or package specifier with version, like C(name-1.0).,Be aware that packages are not always named the same and this module will not 'translate' them per distro.
|
||||
become: true
|
||||
|
||||
- name: change owner on nextcloud web directory
|
||||
- name: ensure nextcloud user exist
|
||||
become: true
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ nextcloud_web_root}}"
|
||||
owner: http
|
||||
recurse: yes
|
||||
user:
|
||||
name: "{{nextcloud_user}}"
|
||||
|
||||
- name: ensure nextcloud group exist
|
||||
become: true
|
||||
group:
|
||||
name: "{{nextcloud_group}}"
|
||||
|
||||
- name: création du répertoire data
|
||||
become: true
|
||||
file:
|
||||
path: "{{ nextcloud_datadirectory }}"
|
||||
group: http # not required. Name of the group that should own the file/directory, as would be fed to I(chown).
|
||||
group: "{{nextcloud_group}}" # not required. Name of the group that should own the file/directory, as would be fed to I(chown).
|
||||
state: directory # not required. choices: absent;directory;file;hard;link;touch. If C(directory), all intermediate subdirectories will be created if they do not exist. Since Ansible 1.7 they will be created with the supplied permissions. If C(file), the file will NOT be created if it does not exist; see the C(touch) value or the M(copy) or M(template) module if you want that behavior. If C(link), the symbolic link will be created or changed. Use C(hard) for hardlinks. If C(absent), directories will be recursively deleted, and files or symlinks will be unlinked. Note that C(absent) will not cause C(file) to fail if the C(path) does not exist as the state did not change. If C(touch) (new in 1.4), an empty file will be created if the C(path) does not exist, while an existing file or directory will receive updated file access and modification times (similar to the way `touch` works from the command line).
|
||||
owner: http # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
|
||||
owner: "{{nextcloud_group}}" # got required. Name of the user that should own the file/directory, as would be fed to I(chown).
|
||||
when: nextcloud_data_directory_creation == true
|
||||
|
||||
- name: création du fichier .ocdata in data
|
||||
become: true
|
||||
become_user: http
|
||||
become_user: "{{nextcloud_user}}"
|
||||
file:
|
||||
path: "{{ nextcloud_datadirectory }}/.ocdata"
|
||||
state: touch # not required. choices: absent;directory;file;hard;link;touch. If C(directory), all intermediate subdirectories will be created if they do not exist. Since Ansible 1.7 they will be created with the supplied permissions. If C(file), the file will NOT be created if it does not exist; see the C(touch) value or the M(copy) or M(template) module if you want that behavior. If C(link), the symbolic link will be created or changed. Use C(hard) for hardlinks. If C(absent), directories will be recursively deleted, and files or symlinks will be unlinked. Note that C(absent) will not cause C(file) to fail if the C(path) does not exist as the state did not change. If C(touch) (new in 1.4), an empty file will be created if the C(path) does not exist, while an existing file or directory will receive updated file access and modification times (similar to the way `touch` works from the command line).
|
||||
@ -66,15 +68,25 @@
|
||||
|
||||
- name: installation - ensure nextcloud config
|
||||
command: >
|
||||
php7 {{ nextcloud_web_root }}/occ maintenance:install --database "{{ 'pgsql' if nextcloud_DB_type == 'postgres' else nextcloud_DB_type }}" --database-name "{{ nextcloud_db_name}}"
|
||||
php "{{ nextcloud_web_root }}"/occ maintenance:install --database "{{ 'pgsql' if nextcloud_DB_type == 'postgres' else nextcloud_DB_type }}" --database-name "{{ nextcloud_db_name}}"
|
||||
--database-user "{{ nextcloud_db_user }}" --database-pass "{{ nextcloud_db_password }}"
|
||||
--admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_password }}" --data-dir "{{ nextcloud_datadirectory }}"
|
||||
become: true
|
||||
become_user: http
|
||||
become_user: "{{nextcloud_user}}"
|
||||
changed_when: true
|
||||
ignore_errors: yes
|
||||
when: installed_mode is changed or nextcloud_config_exist.stat.exists == false
|
||||
|
||||
- name: apply php-fpm pool template
|
||||
become: true
|
||||
template:
|
||||
src: php-fpm.j2
|
||||
dest: /etc/php/php-fpm.d/nextcloud.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
|
||||
- name: ensure additional options are set in config.php if defined
|
||||
become: true
|
||||
lineinfile:
|
||||
@ -86,9 +98,9 @@
|
||||
when: nextcloud_config_options is defined
|
||||
|
||||
- name: installation - ensure trusted domains are set
|
||||
command: 'php7 {{ nextcloud_web_root }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
|
||||
command: 'php {{ nextcloud_web_root }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
|
||||
become: true
|
||||
become_user: http
|
||||
become_user: "{{nextcloud_user}}"
|
||||
changed_when: true
|
||||
with_indexed_items:
|
||||
- '{{ nextcloud_trusted_domains }}'
|
||||
@ -118,7 +130,7 @@
|
||||
|
||||
- name: create cron for nextcloud
|
||||
cron:
|
||||
job: "sudo -u http /usr/bin/php -f {{nextcloud_web_root}}/cron.php"
|
||||
job: "sudo -u {{nextcloud_user}} /usr/bin/php -f {{nextcloud_web_root}}/cron.php"
|
||||
user: root # not required. The specific user whose crontab should be modified.
|
||||
minute: 0,15,30,45 # not required. Minute when the job should run ( 0-59, *, */2, etc )
|
||||
name: "nextcloud recuring cron job" # not required. Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones.
|
||||
@ -126,7 +138,7 @@
|
||||
|
||||
- name: create cron for file scan
|
||||
cron:
|
||||
job: "sudo -u http /usr/bin/php /usr/share/webapps/nextcloud/occ files:scan --all > /dev/null"
|
||||
job: "sudo -u {{nextcloud_user}} /usr/bin/php /usr/share/webapps/nextcloud/occ files:scan --all > /dev/null"
|
||||
user: root # not required. The specific user whose crontab should be modified.
|
||||
minute: "00" # not required. Minute when the job should run ( 0-59, *, */2, etc )
|
||||
hour: "4"
|
||||
|
16
templates/php-fpm.j2
Normal file
16
templates/php-fpm.j2
Normal file
@ -0,0 +1,16 @@
|
||||
[nextcloud]
|
||||
user = {{nextcloud_user}}
|
||||
group = {{nextcloud_group}}
|
||||
listen = /run/nextcloud/nextcloud.sock
|
||||
env[PATH] = /usr/local/bin:/usr/bin:/bin
|
||||
env[TMP] = /tmp
|
||||
|
||||
; should be accessible by your web server
|
||||
listen.owner = http
|
||||
listen.group = http
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 15
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
Loading…
Reference in New Issue
Block a user