adapt role: the image should not be run as root, but with user with id 82.

defaults/main.yml

@@ -54,5 +54,5 @@ default_chill:
     # jwt_public_key: '1234'
     rabbitmq_user: 'chilldev'
     # rabbitmq_password:
-    editor_server: 'https://collabora.samusocial.be'
+    editor_server: 'https://collabora.champs-libres.be'
     ovhcloud_dsn: 'null://null'

tasks/chill/main.yml

@@ -42,15 +42,15 @@
   ansible.builtin.file:
     path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod"
     state: directory
-    owner: "{{ as_user }}"
-    mode: '0400'
+    owner: "82"
+    mode: '0500'
 
 - name: Copy configuration files
   ansible.builtin.template:
     src: "config/prod/{{ file }}"
     dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}"
-    owner: "{{ as_user }}"
-    mode: '0444'
+    owner: "82"
+    mode: '0400'
   loop:
     - lexik_jwt_authentication.yaml
     - messenger.yaml

templates/compose.yaml

@@ -73,7 +73,7 @@ services:
               sleep 3 && bin/console cache:clear &&
               while ! [ -f /tmp/kill_me ];
               do
-              su -p -s /bin/bash -c 'php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v' "www-data";
+              php -d memory_limit=2G bin/console messenger:consume priority async --limit=40 --time-limit=600 -v;
               done;
         pre_stop:
             - command:

templates/config/prod/monolog.yaml

@@ -29,11 +29,9 @@ monolog:
       type: stream
       path: "%kernel.logs_dir%/default-%log_prefix%.log"
       level: info
-      channels: [ '!event', '!doctrine', '!console', '!chill' ]
+      channels: [ '!event', '!doctrine', '!console', '!chill', '!deprecation']
     deprecation_log:
-      type: stream
-      path: "%kernel.logs_dir%/deprecation-%log_prefix%.log"
-      level: info
+      type: 'null'
       channels: [ 'deprecation' ]
     console:
       type: console

templates/logrotate/chill

@@ -1,26 +1,17 @@
-/var/log/chill/default-*.log {
+/var/log/chill/*.log {
   su php-fpm php-fpm
-  rotate 90
   daily
   compress
   missingok
   notifempty
+  copytruncate
+  rotate 90
 }
 
 /var/log/chill/privacy-*.log {
-  su php-fpm php-fpm
   rotate 180
-  daily
-  compress
-  missingok
-  notifempty
 }
 
 /var/log/chill/notifier-*.log {
-  su php-fpm php-fpm
   rotate 800
-  daily
-  compress
-  missingok
-  notifempty
-}
+}