http user and group configurateable

This commit is contained in:
Martin Geno 2016-12-07 11:49:05 +01:00
parent 94b808395c
commit 9669108a4a
11 changed files with 22 additions and 8 deletions

View File

@ -4,3 +4,4 @@ warehost_api_internal_ip: 127.0.0.1
warehost_api_internal_port: 60990 warehost_api_internal_port: 60990
warehost_api_ssl: true warehost_api_ssl: true
warehost_api_domain: api.warehost.de warehost_api_domain: api.warehost.de
http_usr: http

View File

@ -1,4 +1,4 @@
--- ---
- name: Configurate caddy - name: Configurate caddy
template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner=http mode=0644 template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner={{http_usr}} mode=0644
notify: reload caddy notify: reload caddy

View File

@ -6,5 +6,5 @@
when: warehostv2_api_ssl when: warehostv2_api_ssl
- name: Configurate nginx - name: Configurate nginx
template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner=http mode=644 template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner={{http_usr}} mode=644
notify: reload nginx notify: reload nginx

View File

@ -1,12 +1,14 @@
--- ---
- name: Create database - name: Create database
become: postgres become: true
become_user: postgres
become_method: su become_method: su
postgresql_db: name={{ warehost_db_dbname }} postgresql_db: name={{ warehost_db_dbname }}
when: warehost_db_pass is defined when: warehost_db_pass is defined
- name: Create users for database - name: Create users for database
become: postgres become: true
become_user: postgres
become_method: su become_method: su
postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}' postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}'
register: createdb register: createdb

View File

@ -1,6 +1,7 @@
--- ---
warehost_db_host: localhost warehost_db_host: localhost
warehost_ftp_port: 22 warehost_ftp_port: 21
warehost_ftp_data_path: /srv/ftp warehost_ftp_data_path: /srv/ftp
warehost_ftp_host_path: /srv/http/domain warehost_ftp_host_path: /srv/http/domain
warehost_ftp_web_path: /srv/http/web warehost_ftp_web_path: /srv/http/web
http_grp: http

View File

@ -3,7 +3,7 @@
copy: src=warehost-ftp dest=/usr/local/bin/warehost-ftp owner=root group=root mode=0755 copy: src=warehost-ftp dest=/usr/local/bin/warehost-ftp owner=root group=root mode=0755
- name: Create data folder - name: Create data folder
file: path={{warehost_ftp_data_path}} state=directory owner=warehost group=http mode=0770 file: path={{warehost_ftp_data_path}} state=directory owner=warehost group={{http_grp}} mode=0770
- name: Configurate warehost - name: Configurate warehost
template: src=config.yml dest=/etc/warehost/ftp.conf owner=warehost mode=0600 template: src=config.yml dest=/etc/warehost/ftp.conf owner=warehost mode=0600

View File

@ -11,5 +11,13 @@ Group=nobody
ExecStart=/usr/local/bin/warehost-ftp -c /etc/warehost/ftp.conf ExecStart=/usr/local/bin/warehost-ftp -c /etc/warehost/ftp.conf
Restart=always Restart=always
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -8,3 +8,4 @@ warehost_host_db_host: ""
warehost_host_db_user: root warehost_host_db_user: root
warehost_host_db_pass: "{{ lookup('password', 'credentials/mysql_root length=15') }}" warehost_host_db_pass: "{{ lookup('password', 'credentials/mysql_root length=15') }}"
warehost_host_db_prefix: warehost_db warehost_host_db_prefix: warehost_db
http_grp: http

View File

@ -11,7 +11,7 @@
notify: restart warehost-host notify: restart warehost-host
- name: Configurate warehost-host - name: Configurate warehost-host
file: path={{warehost_host_web_path}} state=touch owner=warehost group=http mode=0660 file: path={{warehost_host_web_path}} state=touch owner=warehost group={{http_grp}} mode=0660
- name: Install service - name: Install service
template: src=warehost-host.{{item}} dest=/lib/systemd/system/warehost-host.{{item}} owner=root mode=644 template: src=warehost-host.{{item}} dest=/lib/systemd/system/warehost-host.{{item}} owner=root mode=644

View File

@ -3,3 +3,4 @@ warehost_db_host: localhost
warehost_web_internal_ip: 127.0.0.1 warehost_web_internal_ip: 127.0.0.1
warehost_web_internal_port: 60000 warehost_web_internal_port: 60000
warehost_web_webroot: /srv/http/web warehost_web_webroot: /srv/http/web
http_grp: http

View File

@ -3,7 +3,7 @@
copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755 copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755
- name: Create web folder - name: Create web folder
file: path={{warehost_web_webroot}} state=directory owner=warehost group=http mode=0770 file: path={{warehost_web_webroot}} state=directory owner=warehost group={{http_grp}} mode=0770
- name: Configurate warehost - name: Configurate warehost
template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600 template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600