From 058e44e57c99da63a4032ad79806b75434363182 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sun, 24 Dec 2017 14:05:27 +0100
Subject: [PATCH] refactoring

---
 defaults/main.yml                 |  5 +++++
 tasks/install.yml                 | 26 ++++++++++++++++++++------
 templates/etc/nginx/nginx.conf.j2 |  2 +-
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4d38a17..1422d8e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+nginx_user: nginx
+nginx_group: nginx
 nginx_open_ports:
   - 80
   - 443
@@ -9,3 +11,6 @@ nginx_tls_intermediate_ca: ""
 nginx_pfs_enabled: False
 nginx_dhparam_size: '4069'
 nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem'
+nginx_tls_cert_file: "/etc/pki/tls/certs/my-chained.crt"
+nginx_tls_intermediate_ca_file: "/etc/pki/tls/certs/my-intermediate.crt"
+nginx_tls_private_key_file: "/etc/pki/tls/private/my-private.key"
diff --git a/tasks/install.yml b/tasks/install.yml
index 0c77829..8e1bebf 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -14,6 +14,20 @@
       name: nginx
       state: installed
 
+  - name: Create group '{{ nginx_group }}'
+    group:
+      name: "{{ nginx_group }}"
+      state: present
+    when: nginx_group != "nginx"
+
+  - name: Create user '{{ nginx_user }}'
+    user:
+      name: "{{ nginx_user }}"
+      group: "{{ nginx_group }}"
+      createhome: no
+      shell: /sbin/nologin
+    when: nginx_user != "nginx"
+
   - name: Prepare vhost directories
     file:
       path: '{{ item }}'
@@ -95,8 +109,8 @@
 - block:
   - name: Copy tls certificate
     copy:
-      content: '{{ nginx_tls_cert }}'
-      dest: /etc/pki/tls/certs/my-chained.crt
+      content: "{{ nginx_tls_cert }}"
+      dest: "{{ nginx_tls_cert_file }}"
       owner: root
       group: root
       mode: 0644
@@ -105,8 +119,8 @@
 
   - name: Copy ssl intermediate cert
     copy:
-      content: '{{ nginx_tls_intermediate_ca }}'
-      dest: /etc/pki/tls/certs/my-intermediate.crt
+      content: "{{ nginx_tls_intermediate_ca }}"
+      dest: "{{ nginx_tls_intermediate_ca_file }}"
       owner: root
       group: root
       mode: 0644
@@ -115,8 +129,8 @@
 
   - name: Copy tls private key
     copy:
-      content: '{{ nginx_tls_private_key }}'
-      dest: /etc/pki/tls/private/my-private.key
+      content: "{{ nginx_tls_private_key }}"
+      dest: "{{ nginx_tls_private_key_file }}"
       owner: root
       group: root
       mode: 0600
diff --git a/templates/etc/nginx/nginx.conf.j2 b/templates/etc/nginx/nginx.conf.j2
index 13dcc65..9d9baa9 100644
--- a/templates/etc/nginx/nginx.conf.j2
+++ b/templates/etc/nginx/nginx.conf.j2
@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-user nginx;
+user {{ nginx_user }} {{ nginx_group }};
 worker_processes 1;
 
 error_log /var/log/nginx/error.log;