diff --git a/files/systemd/php-fpm@.socket b/files/systemd/php-fpm@.socket deleted file mode 100644 index 6b9313e..0000000 --- a/files/systemd/php-fpm@.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -After=network-online.target - -[Socket] -SocketUser=%i -SocketGroup=%i -SocketMode=0660 -ListenStream=/run/php/php-fpm-%i.sock - -[Install] -WantedBy=sockets.target diff --git a/tasks/common.yml b/tasks/common.yml index d8841e1..06d0d17 100644 --- a/tasks/common.yml +++ b/tasks/common.yml @@ -26,11 +26,6 @@ state: link notify: reload apache -- name: common | Erstelle PHP-FPM-Log-Verzeichnis - file: - path: "{{ php_fpm_log_dir }}" - state: directory - - name: "common | Kopiere PHP-CLI-Konfiguration" copy: src: ../roles/nextcloud/files/30-sao-nextcloud.ini @@ -42,33 +37,6 @@ dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini" state: link -- name: "common | Kopiere Template für systemd socket" - copy: - src: "../roles/nextcloud/files/systemd/php-fpm@.socket" - dest: /etc/systemd/system/php-fpm@.socket - notify: - - stop php-fpm-socket - - stop php-fpm-service - - start php-fpm-socket - -- name: "common | Kopiere Template für systemd service" - template: - src: ../roles/nextcloud/templates/systemd/php-fpm@.service.j2 - dest: /etc/systemd/system/php-fpm@.service - notify: - - stop php-fpm-socket - - stop php-fpm-service - - start php-fpm-socket - -- name: "common | Aktiviere systemd Socket und Service" - systemd: - name: "{{ item }}" - enabled: true - daemon_reload: true - loop: - - php-fpm@.socket - - php-fpm@.service - - name: "common | Kopiere Update-Skript" template: src: ../roles/nextcloud/templates/nextcloud-updater.j2 diff --git a/templates/systemd/php-fpm@.service.j2 b/templates/systemd/php-fpm@.service.j2 deleted file mode 100644 index d972c55..0000000 --- a/templates/systemd/php-fpm@.service.j2 +++ /dev/null @@ -1,43 +0,0 @@ -# {{ ansible_managed }} -# -# This service can be enabled for Wordpress site. -# It uses a single php-fpm configuration file. -# User-specific settings can be overridden via environment variables (see "FPM_SOCKET_PATH" below). - -[Unit] -Description=The PHP FastCGI Process Manager for %I -Documentation=man:php-fpm{{ php_version.stdout }}(8) -After=network.target -Requires=php-fpm@%i.socket - -[Service] -User=%i -Group=%i -Type=notify -Environment="FPM_SOCKETS=/run/php/php-fpm-%i.sock=3" -Environment="FPM_ERROR_LOG={{ php_fpm_log_dir }}/%i.log" -# this variable is used in the pool configuration file -Environment="FPM_SOCKET_PATH=/run/php/php-fpm-%i.sock" -ExecStart=/usr/sbin/php-fpm{{ php_version.stdout }} --nodaemonize --fpm-config {{ php_fpm_pool_dir }}/%i.cfg -ExecReload=/bin/kill -USR2 $MAINPID -KillMode=process -Restart=on-failure -RestartSec=30s - -# Hardening -# https://github.com/php/php-src/blob/master/sapi/fpm/php-fpm.service.in -PrivateDevices=true -PrivateTmp=true -ProtectClock=true -ProtectControlGroups=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectSystem=full -RestrictRealtime=true -RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX -RestrictNamespaces=true -SystemCallFilter=@system-service -SystemCallErrorNumber=EPERM - -[Install] -WantedBy=multi-user.target