Add roundcube_separate_user option

2025-01-29 16:38:03 +01:00 · 2025-01-29 16:38:03 +01:00 · 136668e71f
commit 136668e71f
parent 48fc92aade
3 changed files with 56 additions and 3 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -5,11 +5,39 @@
    - roundcube-sqlite3
    - roundcube-pgsql

+- name: create roundcube group
+  when: roundcube_separate_user
+  ansible.builtin.group:
+    name: roundcube
+    system: true
+
+- name: Create roundcube user
+  when: roundcube_separate_user
+  ansible.builtin.user:
+    name: roundcube
+    group: roundcube
+    groups: www-data
+    home: /nonexistent
+    create_home: false
+    system: true
+
+# php_version and "restart php-fpm" handler from nginx role
+- name: Create roundcube php pool
+  when: roundcube_separate_user
+  ansible.builtin.template:
+    src: php-fpm-pool.conf.j2
+    dest: "/etc/php/{{ php_version }}/fpm/pool.d/roundcube.conf"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+  - restart php-fpm
+
 - name: Create db directory
  ansible.builtin.file:
    path: /var/lib/roundcube/db
-    owner: www-data
-    group: www-data
+    owner: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
+    group: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
    state: directory
    mode: "0750"

@ -18,5 +46,5 @@
    src: config.inc.php.j2
    dest: /etc/roundcube/config.inc.php
    owner: root
-    group: www-data
+    group: '{{ "roundcube" if roundcube_separate_user else "www-data" }}'
    mode: "0640"