Création de l'utilisateur web.

2021-12-22 14:21:05 +01:00 · 2021-12-22 14:21:05 +01:00 · fe3d74c95b
commit fe3d74c95b
parent 52ecae1c22
5 changed files with 52 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /hosts.ini
+/deploy.pub
--- a/README.md
+++ b/README.md
@ -2,16 +2,11 @@

 This playbook installs webserver (Nginx, Mariadb, PHP)

-## Installation
-
-Copy init file and edit values
+## Usage

 ```shell
-cp hosts.example.ini hosts.ini
-```
+cp hosts.example.ini hosts.ini # change config values
+touch deploy.sub # paste your ssh pub key for www_user

-Then run playbook
-
-```shell
-ansible-playbook -i hosts.ini playbook.yml
+ansible-playbook -i hosts.ini playbook.yml # run playbook
 ```
--- a/hosts.example.ini
+++ b/hosts.example.ini
@ -7,3 +7,7 @@ ansible_python_interpreter=/usr/bin/python3
 mysql_root_password='motdepasse'
 mysql_old_root_password='motdepasse'
 php_version='8.0'
+www_user=user
+www_group=group
+www_home=/home/user
+
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -8,6 +8,33 @@
    state: present
    update_cache: yes

+- name: create web user
+  user:
+    name: "{{ www_user }}"
+    group: "{{ www_group }}"
+    comment: "Web user"
+    shell: /bin/bash
+    home: "{{ www_home }}"
+    system: true
+    state: present
+
+- name: authorize deployer ssh key to wwwuser
+  authorized_key:
+    user: "{{ www_user }}"
+    state: present
+    key: "{{ lookup('file', '../../../deploy.pub') }}"
+
+- name: define wwwuser as nginx's user
+  replace:
+    path: /etc/nginx/nginx.conf
+    regexp: '^user (.+);$'
+    replace: "user {{ www_user }};"
+
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
+
 - name: create letsencrypt's challenge directory
  file:
    name: /var/www/letsencrypt
--- a/roles/php/tasks/main.yml
+++ b/roles/php/tasks/main.yml
@ -22,3 +22,19 @@
  alternatives:
    name: php
    path: /usr/bin/php{{ php_version }}
+
+- name: define wwwuser as php-fpm's user
+  replace:
+    path: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
+    regexp: '{{ item.from }}'
+    replace: "{{ item.to }}"
+  with_items:
+    - {from: '^user = (.+)$', to: 'user = {{ www_user }}'}
+    - {from: '^group = (.+)$', to: 'group = {{ www_group }}'}
+    - {from: '^listen.owner = (.+)$', to: 'listen.owner = {{ www_user }}'}
+    - {from: '^listen.group = (.+)$', to: 'listen.group = {{ www_group }}'}
+
+- name: restart php-fpm
+  service:
+    name: php{{ php_version }}-fpm
+    state: restarted