From 2692ac5661b8ababcfb85d5ba16ae2a6cdaf73b1 Mon Sep 17 00:00:00 2001
From: "William Hirigoyen (Evolix)" <whirigoyen@evolix.fr>
Date: Thu, 16 Jun 2022 17:58:34 +0200
Subject: [PATCH] Ajoute l'umask 0007 au service php-fpm

---
 lxc-php/defaults/main.yml | 10 ++++++++++
 lxc-php/handlers/main.yml | 11 +++++++++++
 lxc-php/tasks/main.yml    |  2 ++
 lxc-php/tasks/umask.yml   | 31 +++++++++++++++++++++++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 lxc-php/tasks/umask.yml

diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml
index 415d1c9e..5567c4d0 100644
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@@ -21,3 +21,13 @@ lxc_php_container_releases:
   php74: "bullseye"
   php80: "bullseye"
   php81: "bullseye"
+
+lxc_php_services:
+  php56: 'php5-fpm.service'
+  php70: 'php7.0-fpm.service'
+  php73: 'php7.3-fpm.service'
+  php74: 'php7.4-fpm.service'
+  php80: 'php8.0-fpm.service'
+  php81: 'php8.1-fpm.service'
+
+
diff --git a/lxc-php/handlers/main.yml b/lxc-php/handlers/main.yml
index a757a2d0..eb52e86d 100644
--- a/lxc-php/handlers/main.yml
+++ b/lxc-php/handlers/main.yml
@@ -1,4 +1,10 @@
 ---
+
+- name: Reload PHP-FPM
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl reload {{ lxc_php_services[lxc_php_version] }}"
+
 - name: Reload php81-fpm
   lxc_container:
     name: "{{ lxc_php_version }}"
@@ -34,6 +40,11 @@
     name: "{{ lxc_php_version }}"
     container_command: "systemctl restart opensmtpd"
 
+- name: Daemon reload
+  lxc_container:
+    name: "{{ lxc_php_version }}"
+    container_command: "systemctl daemon-reload"
+
 - name: Restart container
   lxc_container:
     name: "{{ lxc_php_version }}"
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
index c6d85fbe..4471a709 100644
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@@ -27,4 +27,6 @@
 - include: "php81.yml"
   when: lxc_php_version == "php81"
 
+- include: "umask.yml"
+
 - include: "misc.yml"
diff --git a/lxc-php/tasks/umask.yml b/lxc-php/tasks/umask.yml
new file mode 100644
index 00000000..5fca081a
--- /dev/null
+++ b/lxc-php/tasks/umask.yml
@@ -0,0 +1,31 @@
+# Ajoute UMask=0007 à l'unité systemd PHP-FPM du conteneur LXC
+# dans /etc/systemd/system/phpX.X-fpm.service.d/evolinux.conf
+---
+
+- name: "Définis le chemin du système de fichiers du conteneur LXC."
+  set_fact:
+    lxc_rootfs_path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs"
+
+- name: "Crée des répertoires (si absents) pour surcharger la config des services PHP dans les conteneurs LXC."
+  ansible.builtin.file:
+    path: "{{ lxc_rootfs_path }}/etc/systemd/system/{{ lxc_php_services[lxc_php_version] }}.d"
+    register: systemd_path
+    state: directory
+    
+- name: "[Service] est présent dans la surchage des services PHP-FPM des conteneurs LXC."
+  ansible.builtin.lineinfile:
+    path: "{{ systemd_path.path }}/evolinux.conf"
+    regex: "\\[Service\\]"
+    line: "[Service]"
+    create: yes
+
+- name: "UMask=0007 est présent dans la surchage des services PHP-FPM des conteneurs LXC."
+  ansible.builtin.lineinfile:
+    path: "{{ systemd_path.path }}/evolinux.conf"
+    regex: "^UMask="
+    line: "UMask=0007"
+    insertafter: "\\[Service\\]"
+  notify:
+    - "Daemon reload"
+    - "Reload PHP-FPM"
+