refactoring

2017-12-24 14:05:27 +01:00 · 2017-12-24 14:05:27 +01:00 · 058e44e57c
parent 2958937a7b
commit 058e44e57c
3 changed files with 26 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,6 @@
 ---
+nginx_user: nginx
+nginx_group: nginx
 nginx_open_ports:
  - 80
  - 443
@ -9,3 +11,6 @@ nginx_tls_intermediate_ca: ""
 nginx_pfs_enabled: False
 nginx_dhparam_size: '4069'
 nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem'
+nginx_tls_cert_file: "/etc/pki/tls/certs/my-chained.crt"
+nginx_tls_intermediate_ca_file: "/etc/pki/tls/certs/my-intermediate.crt"
+nginx_tls_private_key_file: "/etc/pki/tls/private/my-private.key"
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -14,6 +14,20 @@
      name: nginx
      state: installed

+  - name: Create group '{{ nginx_group }}'
+    group:
+      name: "{{ nginx_group }}"
+      state: present
+    when: nginx_group != "nginx"
+
+  - name: Create user '{{ nginx_user }}'
+    user:
+      name: "{{ nginx_user }}"
+      group: "{{ nginx_group }}"
+      createhome: no
+      shell: /sbin/nologin
+    when: nginx_user != "nginx"
+
  - name: Prepare vhost directories
    file:
      path: '{{ item }}'
@ -95,8 +109,8 @@
 - block:
  - name: Copy tls certificate
    copy:
-      content: '{{ nginx_tls_cert }}'
-      dest: /etc/pki/tls/certs/my-chained.crt
+      content: "{{ nginx_tls_cert }}"
+      dest: "{{ nginx_tls_cert_file }}"
      owner: root
      group: root
      mode: 0644
@ -105,8 +119,8 @@

  - name: Copy ssl intermediate cert
    copy:
-      content: '{{ nginx_tls_intermediate_ca }}'
-      dest: /etc/pki/tls/certs/my-intermediate.crt
+      content: "{{ nginx_tls_intermediate_ca }}"
+      dest: "{{ nginx_tls_intermediate_ca_file }}"
      owner: root
      group: root
      mode: 0644
@ -115,8 +129,8 @@

  - name: Copy tls private key
    copy:
-      content: '{{ nginx_tls_private_key }}'
-      dest: /etc/pki/tls/private/my-private.key
+      content: "{{ nginx_tls_private_key }}"
+      dest: "{{ nginx_tls_private_key_file }}"
      owner: root
      group: root
      mode: 0600
--- a/templates/etc/nginx/nginx.conf.j2
+++ b/templates/etc/nginx/nginx.conf.j2
@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-user nginx;
+user {{ nginx_user }} {{ nginx_group }};
 worker_processes 1;

 error_log /var/log/nginx/error.log;