From 35c6eee0545f950ccca4de2968e0b0996eea4ad6 Mon Sep 17 00:00:00 2001
From: Thomas Constans <thomas@opendoor.fr>
Date: Fri, 21 May 2021 09:36:45 +0200
Subject: [PATCH] we can set a password for dedicated apache user, and enable
 ssh access too

---
 README.md         |  3 ++-
 defaults/main.yml |  2 +-
 tasks/main.yml    | 13 +++++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5885e0c..4cb795f 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Role Variables
 
 apache_server_name
 apache_server_alias (list)
+apache_user_password: default undefined
 apache_base_dir: /srv/{{ apache_server_name }}
 apache_document_root: {{ apache_base_dir }}/www
 apache_access_log: {{ apache_base_dir}}/logs/access_log
@@ -25,7 +26,7 @@ apache_stats: true
 apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem
 apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem
 apache_ssl_key: /etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem
-apache_user: {{ apache_server_name }}
+apache_user: {{ apache_server_name | regex_search( '([^.]+)' ) }} }}
 apache_allowoverride: all
 
 Example Playbook
diff --git a/defaults/main.yml b/defaults/main.yml
index 46fbdab..a8d77d2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,7 +11,7 @@ apache_use_certbot: true
 apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
 apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"
 apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem "
-apache_user: "{{ apache_server_name }}"
+apache_user: "{{ apache_server_name | regex_search( '([^.]+)' ) }} }}"
 apache_allowoverride: all
 apache_restart: false
 apache_stats: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 4a6d73a..44510ae 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,19 @@
 ---
 # tasks file for apache_vhost
 
+
 - name: create dedicated user
+  tags: wip
+  user:
+    name: "{{ apache_user }}"
+    groups:
+    - apache
+    home: "{{ apache_base_dir }}"
+    shell: /bin/bash
+  when: apache_user_password is not defined
+
+- name: create dedicated user - ssh
+  tags: wip
   user:
     name: "{{ apache_user }}"
     groups:
@@ -9,6 +21,7 @@
     - ssh_users
     home: "{{ apache_base_dir }}"
     shell: /bin/bash
+  when: apache_user_password is defined
 
 - name: php-fpm config file
   template: