we can set a password for dedicated apache user, and enable ssh access too

2021-05-21 09:36:45 +02:00
parent a239313ba1
commit 35c6eee054
3 changed files with 16 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Role Variables
 apache_server_name
 apache_server_alias (list)
 apache_user_password: default undefined
 apache_base_dir: /srv/{{ apache_server_name }}
 apache_document_root: {{ apache_base_dir }}/www
 apache_access_log: {{ apache_base_dir}}/logs/access_log
@@ -25,7 +26,7 @@ apache_stats: true
 apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem
 apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem
 apache_ssl_key: /etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem
-apache_user: {{ apache_server_name }}
+apache_user: {{ apache_server_name | regex_search( '([^.]+)' ) }} }}
 apache_allowoverride: all
 Example Playbook
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,7 +11,7 @@ apache_use_certbot: true
 apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
 apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"
 apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem "
-apache_user: "{{ apache_server_name }}"
+apache_user: "{{ apache_server_name | regex_search( '([^.]+)' ) }} }}"
 apache_allowoverride: all
 apache_restart: false
 apache_stats: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,19 @@
 ---
 # tasks file for apache_vhost
 - name: create dedicated user
  tags: wip
  user:
    name: "{{ apache_user }}"
    groups:
    - apache
    home: "{{ apache_base_dir }}"
    shell: /bin/bash
  when: apache_user_password is not defined
 - name: create dedicated user - ssh
  tags: wip
  user:
    name: "{{ apache_user }}"
    groups:
@@ -9,6 +21,7 @@
    - ssh_users
    home: "{{ apache_base_dir }}"
    shell: /bin/bash
  when: apache_user_password is defined
 - name: php-fpm config file
  template: