nextcloud: Entferne php-Kram
Ist in php-Rolle enthalten
This commit is contained in:
parent
32ac174e72
commit
4de618da86
|
|
@ -1,11 +0,0 @@
|
|||
[Unit]
|
||||
After=network-online.target
|
||||
|
||||
[Socket]
|
||||
SocketUser=%i
|
||||
SocketGroup=%i
|
||||
SocketMode=0660
|
||||
ListenStream=/run/php/php-fpm-%i.sock
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
|
|
@ -26,11 +26,6 @@
|
|||
state: link
|
||||
notify: reload apache
|
||||
|
||||
- name: common | Erstelle PHP-FPM-Log-Verzeichnis
|
||||
file:
|
||||
path: "{{ php_fpm_log_dir }}"
|
||||
state: directory
|
||||
|
||||
- name: "common | Kopiere PHP-CLI-Konfiguration"
|
||||
copy:
|
||||
src: ../roles/nextcloud/files/30-sao-nextcloud.ini
|
||||
|
|
@ -42,33 +37,6 @@
|
|||
dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini"
|
||||
state: link
|
||||
|
||||
- name: "common | Kopiere Template für systemd socket"
|
||||
copy:
|
||||
src: "../roles/nextcloud/files/systemd/php-fpm@.socket"
|
||||
dest: /etc/systemd/system/php-fpm@.socket
|
||||
notify:
|
||||
- stop php-fpm-socket
|
||||
- stop php-fpm-service
|
||||
- start php-fpm-socket
|
||||
|
||||
- name: "common | Kopiere Template für systemd service"
|
||||
template:
|
||||
src: ../roles/nextcloud/templates/systemd/php-fpm@.service.j2
|
||||
dest: /etc/systemd/system/php-fpm@.service
|
||||
notify:
|
||||
- stop php-fpm-socket
|
||||
- stop php-fpm-service
|
||||
- start php-fpm-socket
|
||||
|
||||
- name: "common | Aktiviere systemd Socket und Service"
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
loop:
|
||||
- php-fpm@.socket
|
||||
- php-fpm@.service
|
||||
|
||||
- name: "common | Kopiere Update-Skript"
|
||||
template:
|
||||
src: ../roles/nextcloud/templates/nextcloud-updater.j2
|
||||
|
|
|
|||
|
|
@ -1,43 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
#
|
||||
# This service can be enabled for Wordpress site.
|
||||
# It uses a single php-fpm configuration file.
|
||||
# User-specific settings can be overridden via environment variables (see "FPM_SOCKET_PATH" below).
|
||||
|
||||
[Unit]
|
||||
Description=The PHP FastCGI Process Manager for %I
|
||||
Documentation=man:php-fpm{{ php_version.stdout }}(8)
|
||||
After=network.target
|
||||
Requires=php-fpm@%i.socket
|
||||
|
||||
[Service]
|
||||
User=%i
|
||||
Group=%i
|
||||
Type=notify
|
||||
Environment="FPM_SOCKETS=/run/php/php-fpm-%i.sock=3"
|
||||
Environment="FPM_ERROR_LOG={{ php_fpm_log_dir }}/%i.log"
|
||||
# this variable is used in the pool configuration file
|
||||
Environment="FPM_SOCKET_PATH=/run/php/php-fpm-%i.sock"
|
||||
ExecStart=/usr/sbin/php-fpm{{ php_version.stdout }} --nodaemonize --fpm-config {{ php_fpm_pool_dir }}/%i.cfg
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartSec=30s
|
||||
|
||||
# Hardening
|
||||
# https://github.com/php/php-src/blob/master/sapi/fpm/php-fpm.service.in
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectSystem=full
|
||||
RestrictRealtime=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
SystemCallFilter=@system-service
|
||||
SystemCallErrorNumber=EPERM
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Loading…
Reference in a new issue