From 41531016aacac30758c80971de51d9376cb79143 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Mon, 13 Jan 2025 11:35:45 +0100
Subject: [PATCH] Add php-fpm user and group for log file ownership

This commit introduces the php-fpm user and group, assigning ownership of relevant log files to ensure proper permissions. Updates were also made to the logrotate configuration to include the `su` directive for php-fpm. These changes improve compatibility and address log management requirements.
---
 tasks/main.yml            | 17 +++++++++++++++--
 templates/logrotate/chill |  2 ++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index a963e7f..8974434 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -28,13 +28,26 @@
     username: "{{ docker_hub_username }}"
     password: "{{ docker_hub_token }}"
 
+- name: Create group php-fpm on host (require to store logs)
+  ansible.builtin.group:
+    gid: 82
+    name: php-fpm
+    system: true
+
+- name: Create user php-fpm on host (required to store logs)
+  ansible.builtin.user:
+    uid: 82
+    group: php-fpm
+    name: php-fpm
+    create_home: false
+    system: true
 
 - name: Create log directory
   ansible.builtin.file:
     path: /var/log/chill
     state: directory
-    owner: 33
-    group: 33
+    owner: php-fpm
+    group: php-fpm
     mode: '0774'
 
 - name: Configure logrotate for chill
diff --git a/templates/logrotate/chill b/templates/logrotate/chill
index 21a6085..314ac5e 100644
--- a/templates/logrotate/chill
+++ b/templates/logrotate/chill
@@ -1,4 +1,5 @@
 /var/log/chill/default-*.log {
+  su php-fpm php-fpm
   rotate 90
   daily
   compress
@@ -7,6 +8,7 @@
 }
 
 /var/log/apt/private-*.log {
+  su php-fpm php-fpm
   rotate 180
   daily
   compress