| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- ---
- - name: Selinux... selinux targets
- sefcontext:
- target: "{{ item }}"
- setype: httpd_sys_rw_content_t
- state: present
- register: filecontext
- with_items:
- - '{{ nc_data_dir }}(/.*)?'
- - '{{ http_webroot }}/nextcloud/config(/.*)?'
- - '{{ http_webroot }}/nextcloud/apps(/.*)?'
- - '{{ http_webroot }}/nextcloud/custom_apps(/.*)?'
- - '{{ http_webroot }}/nextcloud/assets(/.*)?'
- - '{{ http_webroot }}/nextcloud/.htaccess'
- - '{{ http_webroot }}/nextcloud/.user.ini'
- - '{{ http_webroot }}/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
- - name: Selinux... enable seboolean settings
- seboolean:
- name: "{{ item }}"
- state: yes
- persistent: yes
- with_items:
- - httpd_unified
- - httpd_graceful_shutdown
- - httpd_can_network_relay
- - httpd_can_network_connect
- - httpd_can_network_connect_db
- - daemons_enable_cluster_mode
- - httpd_use_fusefs
- - httpd_use_cifs
- - httpd_use_gpg
- - httpd_use_nfs
- - httpd_execmem
- - httpd_can_sendmail
- ###- name: Selinux... enable seboolean settings
- ### command: semodule -i {{ role_path }}/files/{{ item }}
- ### loop:
- ### - httpd-to-php-fpm.pp
- ### - httpd-to-redis-socket.pp
- ### - httpd-to-upload-tmp.pp
- # if you have trouble with php-fpm and selinux in this nextcloud configuration :
- # # ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
- # # semodule -X 300 -i my-phpfpm.pp
- # # ausearch -c 'df' --raw | audit2allow -M my-df
- # # semodule -X 300 -i my-df.pp
- - name: Selinux... Run restore context to reload selinux
- shell: restorecon -R -v {{ item.target }}
- when: filecontext.results[item.index] is changed
- with_items:
- - { index: 0, target: '{{ nc_data_dir }}/' }
- - { index: 1, target: '{{ http_webroot }}/nextcloud/' }
- - name: Selinux... Restart {{ http_service_name }} service
- service:
- name: "{{ http_service_name }}"
- state: restarted
|
