create a non prifileged user

2025-02-12 19:22:24 +00:00 · 2017-06-19 06:56:54 -07:00 · 2017-06-19 06:56:54 -07:00 · 68243f1a74
commit 68243f1a74
parent dfe245d280
3 changed files with 24 additions and 15 deletions
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -12,6 +12,8 @@ nextcloud_dbname: nextcloud
 nextcloud_dbhost: localhost
 nextcloud_dbuser: nextcloud
 nextcloud_dbpassword: nextcloudmysql
+nextcloud_user: nextcloud
+nextcloud_user_password: nextcloudmysql

 nextcloud_admin_user: root
 nextcloud_admin_password: "{{ mysql_root_password }}"
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -90,15 +90,6 @@
  mysql_db: name={{ nextcloud_dbname }}
  when: mysql_enabled and nextcloud_enabled

- name: Create a user to access the nextcloud database
-  mysql_user: name={{ nextcloud_dbuser }} host={{ item }} password={{ nextcloud_dbpassword }} priv={{ nextcloud_dbname }}.*:ALL,GRANT
-  with_items:
-        - "{{ nextcloud_dbhost }}"
-        - 127.0.0.1
-        - ::1
-        - localhost
-  when: mysql_enabled and nextcloud_enabled
-
 - name: Restart apache, so it picks up the new aliases
  service: name={{ apache_service }} state=restarted
  when: not nextcloud_enabled
--- a/roles/nextcloud/tasks/nextcloud_enabled.yml
+++ b/roles/nextcloud/tasks/nextcloud_enabled.yml
@ -1,5 +1,4 @@
- # This should go in computed_network.yml, but here for now
-
+ # This should go in computed_network.yml, but here for now 
 - name: Compute nextcloud listen ip addr for nextcloud.conf
  set_fact:
     nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
@ -29,12 +28,12 @@

 # the install wizard does not succeed if already installed
 - name: Determine if nextcloud is installed
-  command: >
-         php {{ nextcloud_prefix }}/nextcloud/occ status |
-         grep installed | wc | cut -f' ' -d1
+  shell: >
+         sudo -u {{ apache_user }} php 
+         '{{ nextcloud_prefix }}/nextcloud/occ' status | 
+         grep installed | wc | cut -d' ' -f1
  register: returned_count

-
 - name: Run nextcloud initial install wizard
  shell: >
         cd {{ nextcloud_prefix }}/nextcloud;
@ -47,6 +46,23 @@
         --admin-pass "{{ mysql_root_password }}"  
  when: nextcloud_enabled and returned_count == "0"

+- name: Determine if nextcloud user exists already
+  shell: >
+         sudo -u {{ apache_user }} php 
+         '{{ nextcloud_prefix }}/nextcloud/occ' user:list | 
+         grep {{ nextcloud_user }} | wc | cut -d' ' -f1
+  register: returned_count
+
+# nextcloud wants to make users rather than just mysql users and not done
+- name: create the default user
+  shell: >
+        su -s /bin/sh {{ apache_user }} -c 
+        'OC_PASS={{ nextcloud_user_password }};
+        php {{ nextcloud_prefix }}/nextcloud/occ user:add
+        --password-from-env --display-name={{ nextcloud_user }}
+        --group="users" {{ nextcloud_user }}'
+  when: nextcloud_enabled and returned_count == "0"
+
 - name: Remove Rewrite URL
  lineinfile: regexp='overwrite.cli.url'
              state=absent