From 612ec385ce402263d13d2720aed8da760661ec28 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Sun, 9 Mar 2025 14:21:06 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BB:=20move=20freshrss=20app=20dir?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/freshrss/tasks/check.yml                |  2 +-
 roles/freshrss/tasks/freshrss.yml             | 67 +++++++++++++------
 roles/freshrss/templates/freshrss.service.j2  |  2 +-
 roles/freshrss/vars/main.yml                  | 11 ++-
 .../templates/vhosts/rss.libertus.eu.conf.j2  |  2 +-
 5 files changed, 60 insertions(+), 24 deletions(-)

diff --git a/roles/freshrss/tasks/check.yml b/roles/freshrss/tasks/check.yml
index 13fa11b..964a8e4 100644
--- a/roles/freshrss/tasks/check.yml
+++ b/roles/freshrss/tasks/check.yml
@@ -2,7 +2,7 @@
 
 - name: Check freshrss version
   ansible.builtin.lineinfile:
-    path: "{{ freshrss_home }}/constants.php"
+    path: "{{ freshrss_app_home }}/constants.php"
     line: "const FRESHRSS_VERSION = '{{ freshrss_version }}';"
     state: present
   check_mode: true
diff --git a/roles/freshrss/tasks/freshrss.yml b/roles/freshrss/tasks/freshrss.yml
index 2293894..4221747 100644
--- a/roles/freshrss/tasks/freshrss.yml
+++ b/roles/freshrss/tasks/freshrss.yml
@@ -1,40 +1,69 @@
 ---
 
-- name: Create application directory
+## Remove the previous app & install the new version
+- name: Remove freshrss previous version
+  ansible.builtin.file:
+    state: absent
+    dest: "{{ freshrss_app_home }}"
+
+- name: Create app home
   ansible.builtin.file:
     state: directory
-    dest: "{{ freshrss_home }}"
+    dest: "{{ freshrss_app_home }}"
     owner: root
     group: www-data
-    mode: "a-rwx,u+rwX,g+rX"
+    mode: "0o750"
 
 - name: Install freshrss application
   ansible.builtin.unarchive:
     remote_src: true
     src: "{{ freshrss_url }}"
-    dest: "{{ freshrss_home }}"
+    dest: "{{ freshrss_app_home }}"
     owner: root
     group: www-data
     mode: "a-rwx,u+rwX,g+rX"
     extra_opts: ['--strip-components=1']
-    exclude:
-      - "config/config.php"
+    exclude: "{{ freshrss_userdata_app_dirs }}"
 
+## Ensure the data dirs exist, populate them if not
+- name: Create data home
+  ansible.builtin.file:
+    state: directory
+    path: "{{ freshrss_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+# If the first data dir exists, other should exist too
+- name: Get data dir
+  ansible.builtin.stat:
+    path: "{{ freshrss_data_home }}/{{ freshrss_userdata_app_dirs[0] }}"
+  register: _freshrss_userdata_dir_stat
+
+- name: Install freshrss data dir
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ freshrss_url }}"
+    dest: "{{ freshrss_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    include: "{{ freshrss_userdata_app_dirs | map('regex_replace', '^', 'FreshRSS-' ~ freshrss_version ~ '/') }}"
+  when: not _freshrss_userdata_dir_stat.stat.exists
+
+- name: Link FreshRSS userdata dirs
+  ansible.builtin.file:
+    state: link
+    src: "{{ freshrss_data_home }}/{{ item }}"
+    dest: "{{ freshrss_app_home }}/{{ item }}"
+  loop: "{{ freshrss_userdata_app_dirs }}"
+
+# Config file is inside `data/`, so we must put it last
 - name: Put freshrss configuration file
   ansible.builtin.template:
     src: config.php.j2
     dest: "{{ freshrss_config_path }}"
-    owner: root
+    owner: www-data
     group: www-data
-    mode: "0o660"
-
-- name: Check writable dirs
-  ansible.builtin.file:
-    state: directory
-    dest: "{{ freshrss_home }}/{{ item }}"
-    owner: root
-    group: www-data
-    mode: "g+w"
-    recurse: true
-  loop:
-    - "data"
+    mode: "0o640"
diff --git a/roles/freshrss/templates/freshrss.service.j2 b/roles/freshrss/templates/freshrss.service.j2
index 7acdc50..b295a39 100644
--- a/roles/freshrss/templates/freshrss.service.j2
+++ b/roles/freshrss/templates/freshrss.service.j2
@@ -5,4 +5,4 @@ Wants=freshrss.timer
 [Service]
 User=www-data
 Type=simple
-ExecStart=/usr/bin/php {{ freshrss_home }}/app/actualize_script.php
+ExecStart=/usr/bin/php {{ freshrss_app_home }}/app/actualize_script.php
diff --git a/roles/freshrss/vars/main.yml b/roles/freshrss/vars/main.yml
index cc6aa91..ffbce52 100644
--- a/roles/freshrss/vars/main.yml
+++ b/roles/freshrss/vars/main.yml
@@ -4,5 +4,12 @@ freshrss_version: "1.26.0"
 freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz"
 
 freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}"
-freshrss_home: "/srv/http/{{ freshrss_access_url }}"
-freshrss_config_path: "{{ freshrss_home }}/data/config.php"
+
+# Access path
+freshrss_app_home: "/var/www/{{ freshrss_access_url }}"
+freshrss_data_home: "/srv/www-data/{{ freshrss_access_url }}"
+freshrss_config_path: "{{ freshrss_app_home }}/data/config.php"
+
+# App dirs
+freshrss_userdata_app_dirs:
+  - data
diff --git a/roles/nginx/templates/vhosts/rss.libertus.eu.conf.j2 b/roles/nginx/templates/vhosts/rss.libertus.eu.conf.j2
index 1f5c97a..63e3331 100644
--- a/roles/nginx/templates/vhosts/rss.libertus.eu.conf.j2
+++ b/roles/nginx/templates/vhosts/rss.libertus.eu.conf.j2
@@ -1,6 +1,6 @@
 server {
 {% include './templates/header.conf.j2' %}
-	root /srv/http/rss.libertus.eu/p;
+	root /var/www/rss.libertus.eu/p;
 	index index.html index.htm index.php;
 	
 	location ~ \.(js|css|png|jpg|jpeg|gif|svg|svgz)$ {