From e177232fb815a0ce4d4c9f9894f76c038f819302 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Mon, 25 Apr 2022 14:38:22 +0200
Subject: Set customizable nginx user/group

---
 playbooks.d/webserver-nginx/etc/defaults                    |  3 +++
 playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux |  2 ++
 playbooks.d/webserver-nginx/playbook.bash                   | 11 ++++++-----
 playbooks.d/webserver-nginx/share/nginx.conf                |  2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)
 create mode 100644 playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux

(limited to 'playbooks.d/webserver-nginx')

diff --git a/playbooks.d/webserver-nginx/etc/defaults b/playbooks.d/webserver-nginx/etc/defaults
index c345a67..26eaa60 100644
--- a/playbooks.d/webserver-nginx/etc/defaults
+++ b/playbooks.d/webserver-nginx/etc/defaults
@@ -2,3 +2,6 @@ pkg.certbot=certbot
 pkg.nginx=nginx
 
 svc.nginx=nginx
+
+nginx.user=www
+nginx.group=www
diff --git a/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux b/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux
new file mode 100644
index 0000000..a87d2af
--- /dev/null
+++ b/playbooks.d/webserver-nginx/etc/os.d/linux-debian_gnu_linux
@@ -0,0 +1,2 @@
+nginx.user=www-data
+nginx.group=www-data
diff --git a/playbooks.d/webserver-nginx/playbook.bash b/playbooks.d/webserver-nginx/playbook.bash
index 85c38be..b436018 100644
--- a/playbooks.d/webserver-nginx/playbook.bash
+++ b/playbooks.d/webserver-nginx/playbook.bash
@@ -5,14 +5,14 @@ playbook_add()
 	info "webserver/add" "Installing packages"
 	pkg install certbot nginx
 
-	info "webserver/add" "Create www user"
-	groupadd www
+	info "webserver/add" "Create nginx user account"
+	groupadd "$(config "nginx.group")"
 	useradd \
 		--home-dir /var/www \
-		--gid www \
+		--gid "$(config "nginx.group")" \
 		--system \
 		--shell /sbin/nologin \
-		www
+		"$(config "nginx.user")"
 
 	info "webserver/add" "Cleaning up whatever the package manager did"
 	rm -frv -- "$(config "fs.etcdir")/nginx"
@@ -47,6 +47,7 @@ playbook_sync()
 	notice "webserver/sync" "Updating nginx.conf"
 	file_template "nginx.conf" \
 		etc="$(config "fs.etcdir")" \
+		user="$(config "nginx.user")" \
 		> "$(config "fs.etcdir")/nginx/nginx.conf"
 
 	notice "webserver/sync" "Updating mime.types"
@@ -83,7 +84,7 @@ playbook_sync()
 	done
 
 	notice "webserver/sync" "Set nginx permissions to www user"
-	chown -R www:www "$(config "fs.etcdir")/nginx"
+	chown -R "$(config "nginx.user"):$(config "nginx.group")" "$(config "fs.etcdir")/nginx"
 
 	notice "webserver/sync" "Renewing Let's Encrypt certificates"
 	certbot renew --no-random-sleep-on-renew
diff --git a/playbooks.d/webserver-nginx/share/nginx.conf b/playbooks.d/webserver-nginx/share/nginx.conf
index 834f220..2bfea75 100644
--- a/playbooks.d/webserver-nginx/share/nginx.conf
+++ b/playbooks.d/webserver-nginx/share/nginx.conf
@@ -1,4 +1,4 @@
-user www;
+user ${user};
 worker_processes auto;
 pid /run/nginx.pid;
 
-- 
cgit v1.1