add wordpress SSH user for uploads

2023-02-05 00:02:42 +00:00
parent 977a12730f
commit 4d1d486512
5 changed files with 37 additions and 68 deletions
--- a/roles/wordpress/files/public_keys.pub
+++ b/roles/wordpress/files/public_keys.pub
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5M3pWvjwFjDOsrAwnJsysE23SuWW+wQRHUgBWInzX oli@VSC
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTPOurRC0RiGe7+hgWyZzD/kNIEB+XuztHxKkC/xRe6 wordpress@NOVA
--- a/roles/wordpress/tasks/main.yml
+++ b/roles/wordpress/tasks/main.yml
@@ -1,27 +1,45 @@
 ---
+- name: Create wordpress group
+  group:
+    name: "{{ wordpress_group }}"
+    state: present
+    system: true
+  when: wordpress_group != "root"
+
+- name: Create wordpress user
+  user:
+    name: "{{ wordpress_user }}"
+    group: "{{ wordpress_group }}"
+    groups: "{{ wordpress_group }}"
+    append: true
+    shell: /bin/bash
+    create_home: true
+
+- name: Set authorized keys for wordpress user
+  authorized_key:
+    user: "{{ wordpress_user }}"
+    key: "{{ lookup('file', 'public_keys.pub') }}"
+    state: present
+    exclusive: false  # removing all the authorized keys already set
+
+- name: Add {{ webserver_user }} user to {{ wordpress_group }} group
+  user:
+    name: "{{ webserver_user }}"
+    groups: "{{ wordpress_group }}"
+    append: true
+
 - name: Create wordpress directory
  file:
    path: "{{ wordpress_dir }}"
    state: directory
    owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
+    group: "{{ wordpress_group }}"
    mode: 0755

- name: unpack latest wordpress version
-  unarchive:
-    remote_src: true
-    src: "https://wordpress.org/latest.tar.gz"
-    dest: "{{ wordpress_dir }}"
-    owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
-    creates: "{{ wordpress_dir }}/wp-config-sample.php"
-    extra_opts:
-      - --strip-components=1
-
 - name: Copy configuration file
  template:
    src: wp-config.php.j2
    dest: "{{ wordpress_dir }}/wp-config.php"
    owner: "{{ webserver_user }}"
-    group: "{{ webserver_group }}"
-    mode: 0600
+    group: "{{ wordpress_group }}"
+    mode: 0640
--- a/roles/wordpress/vars/main.yml
+++ b/roles/wordpress/vars/main.yml
@@ -1,4 +1,6 @@
 ---
+wordpress_group: wordpress
+wordpress_user: "{{ wordpress_group }}"
 wordpress_dir: "/var/www/wordpress"

 # database