From 576261919fadda89d527e083476faeba62ce3fea Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@holzmarkt.com>
Date: Sat, 1 Feb 2025 18:04:18 +0100
Subject: [PATCH] Fix cleanup services with roundcube_separate_user enabled

---
 handlers/main.yml                  |  3 +++
 tasks/main.yml                     | 30 ++++++++++++++++++++++++++++--
 templates/10-separate-user.conf.j2 |  3 +++
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 handlers/main.yml
 create mode 100644 templates/10-separate-user.conf.j2

diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..0f8cbb4
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,3 @@
+- name: reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: True
diff --git a/tasks/main.yml b/tasks/main.yml
index 2f8a770..10392ac 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,6 +21,33 @@
     create_home: false
     system: true
 
+- name: Create directories for systemd drop-ins
+  when: roundcube_separate_user
+  ansible.builtin.file:
+    path: '/etc/systemd/system/{{ item }}.d'
+    state: directory
+  loop:
+  - roundcube-gc.service
+  - roundcube-cleandb.service
+
+- name: Create systemd drop-ins to use separate user
+  when: roundcube_separate_user
+  ansible.builtin.template:
+    src: 10-separate-user.conf.j2
+    dest: '/etc/systemd/system/{{ item }}'
+  loop: &roundcube_separate_user_dropins
+  - roundcube-gc.service.d/10-separate-user.conf
+  - roundcube-cleandb.service.d/10-separate-user.conf
+  notify: reload systemd
+
+- name: Remove systemd drop-ins to use separate user
+  when: not roundcube_separate_user
+  ansible.builtin.file:
+    path: '/etc/systemd/system/{{ item }}'
+    state: absent
+  loop: *roundcube_separate_user_dropins
+  notify: reload systemd
+
 # php_version and "restart php-fpm" handler from nginx role
 - name: Create roundcube php pool
   when: roundcube_separate_user
@@ -30,8 +57,7 @@
     owner: root
     group: root
     mode: 0644
-  notify:
-  - restart php-fpm
+  notify: restart php-fpm
 
 - name: Create db directory
   ansible.builtin.file:
diff --git a/templates/10-separate-user.conf.j2 b/templates/10-separate-user.conf.j2
new file mode 100644
index 0000000..1267841
--- /dev/null
+++ b/templates/10-separate-user.conf.j2
@@ -0,0 +1,3 @@
+[Service]
+User=roundcube
+Group=roundcube