senselab/ansible-role-nextcloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nextcloud: Entferne php-Kram

Browse source 
Ist in php-Rolle enthalten
This commit is contained in:
phil 2022-10-08 19:51:48 +02:00
parent 32ac174e72
commit 4de618da86
3 changed files with 0 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
files/systemd/php-fpm@.socket
View file

@ -1,11 +0,0 @@
[Unit]
After=network-online.target
[Socket]
SocketUser=%i
SocketGroup=%i
SocketMode=0660
ListenStream=/run/php/php-fpm-%i.sock
[Install]
WantedBy=sockets.target

32
tasks/common.yml
View file

@ -26,11 +26,6 @@
state: link state: link
notify: reload apache notify: reload apache
- name: common | Erstelle PHP-FPM-Log-Verzeichnis
file:
path: "{{ php_fpm_log_dir }}"
state: directory
- name: "common | Kopiere PHP-CLI-Konfiguration" - name: "common | Kopiere PHP-CLI-Konfiguration"
copy: copy:
src: ../roles/nextcloud/files/30-sao-nextcloud.ini src: ../roles/nextcloud/files/30-sao-nextcloud.ini
@ -42,33 +37,6 @@
dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini" dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini"
state: link state: link
- name: "common | Kopiere Template für systemd socket"
copy:
src: "../roles/nextcloud/files/systemd/php-fpm@.socket"
dest: /etc/systemd/system/php-fpm@.socket
notify:
- stop php-fpm-socket
- stop php-fpm-service
- start php-fpm-socket
- name: "common | Kopiere Template für systemd service"
template:
src: ../roles/nextcloud/templates/systemd/php-fpm@.service.j2
dest: /etc/systemd/system/php-fpm@.service
notify:
- stop php-fpm-socket
- stop php-fpm-service
- start php-fpm-socket
- name: "common | Aktiviere systemd Socket und Service"
systemd:
name: "{{ item }}"
enabled: true
daemon_reload: true
loop:
- php-fpm@.socket
- php-fpm@.service
- name: "common | Kopiere Update-Skript" - name: "common | Kopiere Update-Skript"
template: template:
src: ../roles/nextcloud/templates/nextcloud-updater.j2 src: ../roles/nextcloud/templates/nextcloud-updater.j2

43
templates/systemd/php-fpm@.service.j2
View file

@ -1,43 +0,0 @@
# {{ ansible_managed }}
#
# This service can be enabled for Wordpress site.
# It uses a single php-fpm configuration file.
# User-specific settings can be overridden via environment variables (see "FPM_SOCKET_PATH" below).
[Unit]
Description=The PHP FastCGI Process Manager for %I
Documentation=man:php-fpm{{ php_version.stdout }}(8)
After=network.target
Requires=php-fpm@%i.socket
[Service]
User=%i
Group=%i
Type=notify
Environment="FPM_SOCKETS=/run/php/php-fpm-%i.sock=3"
Environment="FPM_ERROR_LOG={{ php_fpm_log_dir }}/%i.log"
# this variable is used in the pool configuration file
Environment="FPM_SOCKET_PATH=/run/php/php-fpm-%i.sock"
ExecStart=/usr/sbin/php-fpm{{ php_version.stdout }} --nodaemonize --fpm-config {{ php_fpm_pool_dir }}/%i.cfg
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=process
Restart=on-failure
RestartSec=30s
# Hardening
# https://github.com/php/php-src/blob/master/sapi/fpm/php-fpm.service.in
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictRealtime=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictNamespaces=true
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
[Install]
WantedBy=multi-user.target