Création de l'utilisateur web.
This commit is contained in:
William
parent
52ecae1c22
commit
fe3d74c95b
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
/hosts.ini
|
/hosts.ini
|
||||||
|
/deploy.pub
|
||||||
|
|||||||
13
README.md
13
README.md
@ -2,16 +2,11 @@
|
|||||||
|
|
||||||
This playbook installs webserver (Nginx, Mariadb, PHP)
|
This playbook installs webserver (Nginx, Mariadb, PHP)
|
||||||
|
|
||||||
## Installation
|
## Usage
|
||||||
|
|
||||||
Copy init file and edit values
|
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
cp hosts.example.ini hosts.ini
|
cp hosts.example.ini hosts.ini # change config values
|
||||||
```
|
touch deploy.sub # paste your ssh pub key for www_user
|
||||||
|
|
||||||
Then run playbook
|
ansible-playbook -i hosts.ini playbook.yml # run playbook
|
||||||
|
|
||||||
```shell
|
|
||||||
ansible-playbook -i hosts.ini playbook.yml
|
|
||||||
```
|
```
|
||||||
|
|||||||
@ -7,3 +7,7 @@ ansible_python_interpreter=/usr/bin/python3
|
|||||||
mysql_root_password='motdepasse'
|
mysql_root_password='motdepasse'
|
||||||
mysql_old_root_password='motdepasse'
|
mysql_old_root_password='motdepasse'
|
||||||
php_version='8.0'
|
php_version='8.0'
|
||||||
|
www_user=user
|
||||||
|
www_group=group
|
||||||
|
www_home=/home/user
|
||||||
|
|
||||||
|
|||||||
@ -8,6 +8,33 @@
|
|||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: create web user
|
||||||
|
user:
|
||||||
|
name: "{{ www_user }}"
|
||||||
|
group: "{{ www_group }}"
|
||||||
|
comment: "Web user"
|
||||||
|
shell: /bin/bash
|
||||||
|
home: "{{ www_home }}"
|
||||||
|
system: true
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: authorize deployer ssh key to wwwuser
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ www_user }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ lookup('file', '../../../deploy.pub') }}"
|
||||||
|
|
||||||
|
- name: define wwwuser as nginx's user
|
||||||
|
replace:
|
||||||
|
path: /etc/nginx/nginx.conf
|
||||||
|
regexp: '^user (.+);$'
|
||||||
|
replace: "user {{ www_user }};"
|
||||||
|
|
||||||
|
- name: restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
|
||||||
- name: create letsencrypt's challenge directory
|
- name: create letsencrypt's challenge directory
|
||||||
file:
|
file:
|
||||||
name: /var/www/letsencrypt
|
name: /var/www/letsencrypt
|
||||||
|
|||||||
@ -22,3 +22,19 @@
|
|||||||
alternatives:
|
alternatives:
|
||||||
name: php
|
name: php
|
||||||
path: /usr/bin/php{{ php_version }}
|
path: /usr/bin/php{{ php_version }}
|
||||||
|
|
||||||
|
- name: define wwwuser as php-fpm's user
|
||||||
|
replace:
|
||||||
|
path: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
|
||||||
|
regexp: '{{ item.from }}'
|
||||||
|
replace: "{{ item.to }}"
|
||||||
|
with_items:
|
||||||
|
- {from: '^user = (.+)$', to: 'user = {{ www_user }}'}
|
||||||
|
- {from: '^group = (.+)$', to: 'group = {{ www_group }}'}
|
||||||
|
- {from: '^listen.owner = (.+)$', to: 'listen.owner = {{ www_user }}'}
|
||||||
|
- {from: '^listen.group = (.+)$', to: 'listen.group = {{ www_group }}'}
|
||||||
|
|
||||||
|
- name: restart php-fpm
|
||||||
|
service:
|
||||||
|
name: php{{ php_version }}-fpm
|
||||||
|
state: restarted
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user