diff --git a/roles/nextcloud/tasks/nextcloud.yml b/roles/nextcloud/tasks/nextcloud.yml index 1132f28..fad4008 100644 --- a/roles/nextcloud/tasks/nextcloud.yml +++ b/roles/nextcloud/tasks/nextcloud.yml @@ -28,9 +28,9 @@ ansible.builtin.file: state: directory dest: "{{ nextcloud_app_home }}/{{ item }}" - owner: root + owner: www-data group: www-data - mode: "g+w" + mode: "a-rwx,u+rwX,g+rX" recurse: true loop: "{{ nextcloud_writable_app_dirs }}" diff --git a/roles/nginx/templates/vhosts/o.libertus.eu.conf.j2 b/roles/nginx/templates/vhosts/o.libertus.eu.conf.j2 index 8ba2a19..d149afc 100644 --- a/roles/nginx/templates/vhosts/o.libertus.eu.conf.j2 +++ b/roles/nginx/templates/vhosts/o.libertus.eu.conf.j2 @@ -53,7 +53,7 @@ server { add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; + add_header X-Robots-Tag "noindex,nofollow" always; add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak diff --git a/roles/php/templates/php.ini.j2 b/roles/php/templates/php.ini.j2 index 047b3ff..5634793 100644 --- a/roles/php/templates/php.ini.j2 +++ b/roles/php/templates/php.ini.j2 @@ -1797,10 +1797,10 @@ ldap.max_links = -1 ;opcache.enable_cli=0 ; The OPcache shared memory storage size. -;opcache.memory_consumption=128 +opcache.memory_consumption=256 ; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 +opcache.interned_strings_buffer=16 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 1000000 are allowed. diff --git a/roles/php/templates/www.conf.j2 b/roles/php/templates/www.conf.j2 index 54c1260..99d4461 100644 --- a/roles/php/templates/www.conf.j2 +++ b/roles/php/templates/www.conf.j2 @@ -9,3 +9,4 @@ pm.max_children = 100 pm.start_servers = 10 pm.min_spare_servers = 10 pm.max_spare_servers = 30 +clear_env = no