diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2022-04-25 14:38:22 +0200 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2022-04-25 14:38:22 +0200 |
| commit | e177232fb815a0ce4d4c9f9894f76c038f819302 (patch) | |
| tree | 5f347b736dfc16edbb323fc1016eda21ef96403d /playbooks.d/webserver-nginx | |
| parent | b8f5d5769068ee6e34fa1c82a740a6d16d9836ad (diff) | |
Set customizable nginx user/group
Diffstat (limited to 'playbooks.d/webserver-nginx')
| -rw-r--r-- | playbooks.d/webserver-nginx/etc/defaults | 3 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux | 2 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/playbook.bash | 11 | ||||
| -rw-r--r-- | playbooks.d/webserver-nginx/share/nginx.conf | 2 |
4 files changed, 12 insertions, 6 deletions
diff --git a/playbooks.d/webserver-nginx/etc/defaults b/playbooks.d/webserver-nginx/etc/defaults index c345a67..26eaa60 100644 --- a/playbooks.d/webserver-nginx/etc/defaults +++ b/playbooks.d/webserver-nginx/etc/defaults @@ -2,3 +2,6 @@ pkg.certbot=certbot pkg.nginx=nginx svc.nginx=nginx + +nginx.user=www +nginx.group=www diff --git a/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux b/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux new file mode 100644 index 0000000..a87d2af --- /dev/null +++ b/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux @@ -0,0 +1,2 @@ +nginx.user=www-data +nginx.group=www-data diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash index 85c38be..b436018 100644 --- a/playbooks.d/webserver-nginx/playbook.bash +++ b/playbooks.d/webserver-nginx/playbook.bash @@ -5,14 +5,14 @@ playbook_add() info "webserver/add" "Installing packages" pkg install certbot nginx - info "webserver/add" "Create www user" - groupadd www + info "webserver/add" "Create nginx user account" + groupadd "$(config "nginx.group")" useradd \ --home-dir /var/www \ - --gid www \ + --gid "$(config "nginx.group")" \ --system \ --shell /sbin/nologin \ - www + "$(config "nginx.user")" info "webserver/add" "Cleaning up whatever the package manager did" rm -frv -- "$(config "fs.etcdir")/nginx" @@ -47,6 +47,7 @@ playbook_sync() notice "webserver/sync" "Updating nginx.conf" file_template "nginx.conf" \ etc="$(config "fs.etcdir")" \ + user="$(config "nginx.user")" \ > "$(config "fs.etcdir")/nginx/nginx.conf" notice "webserver/sync" "Updating mime.types" @@ -83,7 +84,7 @@ playbook_sync() done notice "webserver/sync" "Set nginx permissions to www user" - chown -R www:www "$(config "fs.etcdir")/nginx" + chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/nginx" notice "webserver/sync" "Renewing Let's Encrypt certificates" certbot renew --no-random-sleep-on-renew diff --git a/playbooks.d/webserver-nginx/share/nginx.conf b/playbooks.d/webserver-nginx/share/nginx.conf index 834f220..2bfea75 100644 --- a/playbooks.d/webserver-nginx/share/nginx.conf +++ b/playbooks.d/webserver-nginx/share/nginx.conf @@ -1,4 +1,4 @@ -user www; +user ${user}; worker_processes auto; pid /run/nginx.pid; |