Chill-project/ansible-role-chill
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adapt role: the image should not be run as root, but with user with id 82.

Browse Source
This commit is contained in:
Julien Fastré
2026-05-15 15:15:24 +02:00
parent 8ccb88503a
commit 0dcd51b601
5 changed files with 12 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
defaults/main.yml
+1 -1
View File
@@ -54,5 +54,5 @@ default_chill:
# jwt_public_key: '1234' # jwt_public_key: '1234'
rabbitmq_user: 'chilldev' rabbitmq_user: 'chilldev'
# rabbitmq_password: # rabbitmq_password:
editor_server: 'https://collabora.samusocial.be' editor_server: 'https://collabora.champs-libres.be'
ovhcloud_dsn: 'null://null' ovhcloud_dsn: 'null://null'
tasks/chill/main.yml
+4 -4
View File
@@ -42,15 +42,15 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod" path: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod"
state: directory state: directory
owner: "{{ as_user }}" owner: "82"
mode: '0400' mode: '0500'
- name: Copy configuration files - name: Copy configuration files
ansible.builtin.template: ansible.builtin.template:
src: "config/prod/{{ file }}" src: "config/prod/{{ file }}"
dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}" dest: "{{ install_dir }}/{{ chill['chill_environment'] }}/config/prod/{{ file }}"
owner: "{{ as_user }}" owner: "82"
mode: '0444' mode: '0400'
loop: loop:
- lexik_jwt_authentication.yaml - lexik_jwt_authentication.yaml
- messenger.yaml - messenger.yaml
templates/compose.yaml
+1 -1
View File
@@ -73,7 +73,7 @@ services:
sleep 3 && bin/console cache:clear && sleep 3 && bin/console cache:clear &&
while ! [ -f /tmp/kill_me ]; while ! [ -f /tmp/kill_me ];
do do
su -p -s /bin/bash -c 'php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v' "www-data"; php -d memory_limit=2G bin/console messenger:consume priority async --limit=40 --time-limit=600 -v;
done; done;
pre_stop: pre_stop:
- command: - command:
templates/config/prod/monolog.yaml
+2 -4
View File
@@ -29,11 +29,9 @@ monolog:
type: stream type: stream
path: "%kernel.logs_dir%/default-%log_prefix%.log" path: "%kernel.logs_dir%/default-%log_prefix%.log"
level: info level: info
channels: [ '!event', '!doctrine', '!console', '!chill' ] channels: [ '!event', '!doctrine', '!console', '!chill', '!deprecation']
deprecation_log: deprecation_log:
type: stream type: 'null'
path: "%kernel.logs_dir%/deprecation-%log_prefix%.log"
level: info
channels: [ 'deprecation' ] channels: [ 'deprecation' ]
console: console:
type: console type: console
templates/logrotate/chill
+3 -12
View File
@@ -1,26 +1,17 @@
/var/log/chill/default-*.log { /var/log/chill/*.log {
su php-fpm php-fpm su php-fpm php-fpm
rotate 90
daily daily
compress compress
missingok missingok
notifempty notifempty
copytruncate
rotate 90
} }
/var/log/chill/privacy-*.log { /var/log/chill/privacy-*.log {
su php-fpm php-fpm
rotate 180 rotate 180
daily
compress
missingok
notifempty
} }
/var/log/chill/notifier-*.log { /var/log/chill/notifier-*.log {
su php-fpm php-fpm
rotate 800 rotate 800
daily
compress
missingok
notifempty
} }