http user and group configurateable
This commit is contained in:
parent
94b808395c
commit
9669108a4a
|
@ -4,3 +4,4 @@ warehost_api_internal_ip: 127.0.0.1
|
||||||
warehost_api_internal_port: 60990
|
warehost_api_internal_port: 60990
|
||||||
warehost_api_ssl: true
|
warehost_api_ssl: true
|
||||||
warehost_api_domain: api.warehost.de
|
warehost_api_domain: api.warehost.de
|
||||||
|
http_usr: http
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: Configurate caddy
|
- name: Configurate caddy
|
||||||
template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner=http mode=0644
|
template: src=caddy.conf dest=/etc/caddy/hosts/80-warehost-api.act owner={{http_usr}} mode=0644
|
||||||
notify: reload caddy
|
notify: reload caddy
|
||||||
|
|
|
@ -6,5 +6,5 @@
|
||||||
when: warehostv2_api_ssl
|
when: warehostv2_api_ssl
|
||||||
|
|
||||||
- name: Configurate nginx
|
- name: Configurate nginx
|
||||||
template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner=http mode=644
|
template: src=nginx.conf dest=/etc/nginx/servers/80-{{ warehost_api_domain }}.act owner={{http_usr}} mode=644
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
|
@ -1,12 +1,14 @@
|
||||||
---
|
---
|
||||||
- name: Create database
|
- name: Create database
|
||||||
become: postgres
|
become: true
|
||||||
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
postgresql_db: name={{ warehost_db_dbname }}
|
postgresql_db: name={{ warehost_db_dbname }}
|
||||||
when: warehost_db_pass is defined
|
when: warehost_db_pass is defined
|
||||||
|
|
||||||
- name: Create users for database
|
- name: Create users for database
|
||||||
become: postgres
|
become: true
|
||||||
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}'
|
postgresql_user: db={{ warehost_db_dbname }} name={{ warehost_db_user }} password='{{ warehost_db_pass }}'
|
||||||
register: createdb
|
register: createdb
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
warehost_db_host: localhost
|
warehost_db_host: localhost
|
||||||
warehost_ftp_port: 22
|
warehost_ftp_port: 21
|
||||||
warehost_ftp_data_path: /srv/ftp
|
warehost_ftp_data_path: /srv/ftp
|
||||||
warehost_ftp_host_path: /srv/http/domain
|
warehost_ftp_host_path: /srv/http/domain
|
||||||
warehost_ftp_web_path: /srv/http/web
|
warehost_ftp_web_path: /srv/http/web
|
||||||
|
http_grp: http
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
copy: src=warehost-ftp dest=/usr/local/bin/warehost-ftp owner=root group=root mode=0755
|
copy: src=warehost-ftp dest=/usr/local/bin/warehost-ftp owner=root group=root mode=0755
|
||||||
|
|
||||||
- name: Create data folder
|
- name: Create data folder
|
||||||
file: path={{warehost_ftp_data_path}} state=directory owner=warehost group=http mode=0770
|
file: path={{warehost_ftp_data_path}} state=directory owner=warehost group={{http_grp}} mode=0770
|
||||||
|
|
||||||
- name: Configurate warehost
|
- name: Configurate warehost
|
||||||
template: src=config.yml dest=/etc/warehost/ftp.conf owner=warehost mode=0600
|
template: src=config.yml dest=/etc/warehost/ftp.conf owner=warehost mode=0600
|
||||||
|
|
|
@ -11,5 +11,13 @@ Group=nobody
|
||||||
ExecStart=/usr/local/bin/warehost-ftp -c /etc/warehost/ftp.conf
|
ExecStart=/usr/local/bin/warehost-ftp -c /etc/warehost/ftp.conf
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
|
PrivateTmp=true
|
||||||
|
PrivateDevices=true
|
||||||
|
ProtectHome=true
|
||||||
|
|
||||||
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -8,3 +8,4 @@ warehost_host_db_host: ""
|
||||||
warehost_host_db_user: root
|
warehost_host_db_user: root
|
||||||
warehost_host_db_pass: "{{ lookup('password', 'credentials/mysql_root length=15') }}"
|
warehost_host_db_pass: "{{ lookup('password', 'credentials/mysql_root length=15') }}"
|
||||||
warehost_host_db_prefix: warehost_db
|
warehost_host_db_prefix: warehost_db
|
||||||
|
http_grp: http
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
notify: restart warehost-host
|
notify: restart warehost-host
|
||||||
|
|
||||||
- name: Configurate warehost-host
|
- name: Configurate warehost-host
|
||||||
file: path={{warehost_host_web_path}} state=touch owner=warehost group=http mode=0660
|
file: path={{warehost_host_web_path}} state=touch owner=warehost group={{http_grp}} mode=0660
|
||||||
|
|
||||||
- name: Install service
|
- name: Install service
|
||||||
template: src=warehost-host.{{item}} dest=/lib/systemd/system/warehost-host.{{item}} owner=root mode=644
|
template: src=warehost-host.{{item}} dest=/lib/systemd/system/warehost-host.{{item}} owner=root mode=644
|
||||||
|
|
|
@ -3,3 +3,4 @@ warehost_db_host: localhost
|
||||||
warehost_web_internal_ip: 127.0.0.1
|
warehost_web_internal_ip: 127.0.0.1
|
||||||
warehost_web_internal_port: 60000
|
warehost_web_internal_port: 60000
|
||||||
warehost_web_webroot: /srv/http/web
|
warehost_web_webroot: /srv/http/web
|
||||||
|
http_grp: http
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755
|
copy: src=warehost-web dest=/usr/local/bin/warehost-web owner=root group=root mode=0755
|
||||||
|
|
||||||
- name: Create web folder
|
- name: Create web folder
|
||||||
file: path={{warehost_web_webroot}} state=directory owner=warehost group=http mode=0770
|
file: path={{warehost_web_webroot}} state=directory owner=warehost group={{http_grp}} mode=0770
|
||||||
|
|
||||||
- name: Configurate warehost
|
- name: Configurate warehost
|
||||||
template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600
|
template: src=config.yml dest=/etc/warehost/web.conf owner=warehost mode=0600
|
||||||
|
|
Reference in New Issue