+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type |default(omit) }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option |default(omit) }}"
+ loop_control:
+ label: "{{ item.name }}"
+ loop:
+ - db: "{{ nextcloud_db_name }}"
+ privs: "USAGE,CREATE"
+ type: "schema"
+ objs: "public"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_namespace"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_collation"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_index"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_attrdef"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_description"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_settings"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
+ - db: "{{ nextcloud_db_name }}"
+ privs: "SELECT"
+ objs: "pg_database"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+
+- name: Creation d'un fichier cron pour /etc/cron.d
+ ansible.builtin.cron:
+ name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
+ minute: "*/5"
+ user: "php_{{ SIGLE }}_{{ SITE }}"
+ job: "{{ nextcloud_webroot }}/cron"