From 8920d79078c5c14ce8ff0c19520b22ecb564554f Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 11 Jun 2019 15:53:55 +0300
Subject: [PATCH] selinux file context fixes for nginx data directories

---
 roles/nginx/server/tasks/main.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/roles/nginx/server/tasks/main.yml b/roles/nginx/server/tasks/main.yml
index 91e18f2..287d7b5 100644
--- a/roles/nginx/server/tasks/main.yml
+++ b/roles/nginx/server/tasks/main.yml
@@ -7,6 +7,11 @@
     name: nginx
     state: installed
 
+- name: fix selinux contexts from data directory
+  sefcontext:
+    path: /srv/web(/.*)?
+    setype: httpd_sys_content_t
+  when: ansible_selinux_python_present == true
 - name: create nginx data and config directories
   file:
     state: directory
@@ -14,17 +19,13 @@
     mode: 0755
     owner: root
     group: "{{ ansible_wheel }}"
+    seuser: _default
+    setype: _default
   with_items:
     - /srv/web
     - "/srv/web/{{ inventory_hostname }}"
     - "/etc/nginx/conf.d/{{ inventory_hostname }}"
 
-- name: fix selinux contexts from data directory
-  sefcontext:
-    path: /srv/web(/.*)?
-    setype: httpd_sys_content_t
-  when: ansible_selinux_python_present == true
-
 - name: create nginx base config
   template:
     src: nginx.conf.j2