changed sites loop var to 'site' instead of 'item'

deployer/roles/build/tasks/backup.yml

@@ -3,7 +3,7 @@
 #   - item: dict describing the site install (cf group_vars/all/vars.yml)
 #   - site_data_path: path of the site's data
 
-- name: "Site's data backups"
+- name: "Data backups"
   block:
     - name: "Setup weekly backup of site's data"
       cron:
@@ -32,7 +32,7 @@
       become: yes
   when: site_data_path is defined
 
-- name: "Site's database backups"
+- name: "Database backups"
   block:
     # You need your root MySQL password stored in /root/.my.cnf to avoid
     # putting the password in the crontab
@@ -60,8 +60,3 @@
           }
       become: yes
   when: item.mysql_database is defined
-
-
-
-
-

deployer/roles/build/tasks/drupal.yml

@@ -1,5 +1,5 @@
-- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}"
+- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
-  set_fact: site_data_path="{{ www_path }}/{{ item.slug }}"
+  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
   tags: always
 
 
@@ -7,9 +7,9 @@
 # Render templates #
 ####################
 
-- name: "Create folder {{ sites_path }}/{{ item.slug }}"
+- name: "Create folder {{ sites_path }}/{{ site.slug }}"
   file: 
-    path: "{{ sites_path }}/{{ item.slug }}"
+    path: "{{ sites_path }}/{{ site.slug }}"
     state: directory
     mode: '750'
   tags: [docker, nginx, mysql]
@@ -17,19 +17,19 @@
 - name: Render sexy Dockerfile
   template: 
     src: drupal/Dockerfile.j2
-    dest: "{{ sites_path }}/{{ item.slug }}/Dockerfile"
+    dest: "{{ sites_path }}/{{ site.slug }}/Dockerfile"
   tags: docker
 
 - name: Render marvelous docker-compose.yml
   template:
     src: drupal/docker-compose.yml.j2
-    dest: "{{ sites_path }}/{{ item.slug }}/docker-compose.yml"
+    dest: "{{ sites_path }}/{{ site.slug }}/docker-compose.yml"
   tags: docker
 
 - name: Render swell nginx site config
   template:
     src: drupal/nginx.j2
-    dest: "/etc/nginx/sites-available/{{ item.url }}"
+    dest: "/etc/nginx/sites-available/{{ site.url }}"
   become: yes
   tags: nginx
 
@@ -41,18 +41,18 @@
 # MySQL equivalent:
 # create user <user>@<ip> identified by <pass>;
 # grant all on <db>.* to <user>@<ip>;
-- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
+- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
   mysql_user:
     # Credentials to log in MySQL
     login_host: localhost
     login_user: root
     login_password: "{{ mysql_root_password }}"
     # Credentials of the new db user
-    host: "{{ item.subnet_site_ip }}"
+    host: "{{ site.subnet_site_ip }}"
-    name: "{{ item.mysql_username }}"
+    name: "{{ site.mysql_username }}"
-    password: "{{ item.mysql_password }}"
+    password: "{{ site.mysql_password }}"
     # Grants
-    priv: "{{ item.mysql_database }}.*:all"
+    priv: "{{ site.mysql_database }}.*:all"
     state: present
   tags: mysql
 

deployer/roles/build/tasks/main.yml

@@ -3,12 +3,16 @@
 - name: Build Wordpress sites
   include_tasks: wordpress.yml  
   loop: "{{ sites }}"
+  loop_control:
+    loop_var: site
   when: item.type == "wordpress"
   tags: wordpress
 
 - name: Build Drupal sites
   include_tasks: drupal.yml  
   loop: "{{ sites }}"
+  loop_control:
+    loop_var: site
   when: item.type == "drupal"
   tags: drupal
 

deployer/roles/build/tasks/wordpress.yml

@@ -1,5 +1,5 @@
-- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}_wp-content"
+- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}_wp-content"
-  set_fact: site_data_path="{{ www_path }}/{{ item.slug }}_wp-content"
+  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}_wp-content"
   tags: always
 
 
@@ -62,33 +62,29 @@
 # Render templates #
 ####################
 
-- name: "Create folder {{ sites_path }}/{{ item.slug }}"
+- name: "Create folder {{ sites_path }}/{{ site.slug }}"
   file: 
-    path: "{{ sites_path }}/{{ item.slug }}"
+    path: "{{ sites_path }}/{{ site.slug }}"
     state: directory
     mode: '750'
   tags: [docker, nginx]
 
-- name: "Create {{ sites_path }}/{{ item.slug }} sub-directories"
+- name: "Create {{ sites_path }}/{{ site.slug }} sub-directories"
   file:
-    path: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path }}"
+    path: "{{ sites_path }}/{{ site.slug }}/{{ item.path }}"
     state: directory
-    mode: "{{ filetree_item.mode }}"
+    mode: "{{ item.mode }}"
   with_filetree: "../templates/wordpress/"
-  loop_control:
+  when: item.state == 'directory'
-    loop_var: filetree_item
-  when: filetree_item.state == 'directory'
   tags: [docker, nginx]
 
 - name: Render template files 
   template:
-    src: "{{ filetree_item.src }}"
+    src: "{{ item.src }}"
-    dest: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path | regex_replace('.j2','') }}"
+    dest: "{{ sites_path }}/{{ site.slug }}/{{ item.path | regex_replace('.j2','') }}"
-    mode: "{{ filetree_item.mode }}"
+    mode: "{{ item.mode }}"
   with_filetree: "../templates/wordpress/"
-  loop_control:
+  when: item.state == 'file'
-    loop_var: filetree_item
-  when: filetree_item.state == 'file'
   tags: [docker, nginx]
 
 
@@ -99,18 +95,18 @@
 # MySQL equivalent:
 # create user <user>@<ip> identified by <pass>;
 # grant all on <db>.* to <user>@<ip>;
-- name: "Add database user {{ item.mysql_username }}@{{ item.subnet_site_ip }} and grant all privileges on {{ item.mysql_database }}"
+- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
   mysql_user:
     # Credentials to log in MySQL
     login_host: localhost
     login_user: root
     login_password: "{{ mysql_root_password }}"
     # Credentials of the new db user
-    host: "{{ item.subnet_site_ip }}"
+    host: "{{ site.subnet_site_ip }}"
-    name: "{{ item.mysql_username }}"
+    name: "{{ site.mysql_username }}"
-    password: "{{ item.mysql_password }}"
+    password: "{{ site.mysql_password }}"
     # Grants
-    priv: "{{ item.mysql_database }}.*:all"
+    priv: "{{ site.mysql_database }}.*:all"
     state: present
   tags: mysql
 

deployer/roles/build/templates/drupal/Dockerfile.j2

@@ -8,6 +8,6 @@ RUN echo "sendmail_path = /usr/bin/msmtp -t " > /usr/local/etc/php/conf.d/sendma
 
 RUN echo "\
 account default\n\
-host {{ item.subnet_gateway_ip }}\n\
+host {{ site.subnet_gateway_ip }}\n\
 port 25\n\
-from php@{{ item.url }}\n" > /etc/msmtprc
+from php@{{ site.url }}\n" > /etc/msmtprc

deployer/roles/build/templates/drupal/Dockerfile.php.j2

@@ -62,9 +62,9 @@ RUN { \
 # Configure msmtp
 RUN echo "\
 account default\n\
-host {{ item.subnet_gateway_ip }}\n\
+host {{ site.subnet_gateway_ip }}\n\
 port 25\n\
-from php@{{ item.url }}\n" > /etc/msmtprc
+from php@{{ site.url }}\n" > /etc/msmtprc
 
 # Send mails using msmtp
 RUN echo "sendmail_path = /usr/bin/msmtp -t " > /usr/local/etc/php/conf.d/sendmail.ini

deployer/roles/build/templates/drupal/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 version: '3'
 
-# Generated by ansible for site {{ item.url }} 
+# Generated by ansible for site {{ site.url }} 
-# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}
 
 services:
   drupal: 
@@ -13,16 +13,16 @@ services:
       # - /var/www/html/profiles
       # - /var/www/html/sites
       # We want a host volume for the themes directory to easily work on theming
-      - "{{ www_path }}/{{ item.slug }}/themes:/var/www/html/themes"
+      - "{{ www_path }}/{{ site.slug }}/themes:/var/www/html/themes"
-      - "{{ www_path }}/{{ item.slug }}/sites:/var/www/html/sites"
+      - "{{ www_path }}/{{ site.slug }}/sites:/var/www/html/sites"
     # Fix the container's IP
     networks:
       net:
-        ipv4_address: "{{ item.subnet_site_ip }}"
+        ipv4_address: "{{ site.subnet_site_ip }}"
 
 networks:
   net:
     ipam:
       driver: default
       config:
-        - subnet: "{{ item.subnet_cidr_address }}"
+        - subnet: "{{ site.subnet_cidr_address }}"

deployer/roles/build/templates/drupal/nginx.j2

@@ -1,19 +1,19 @@
-# Generated by ansible for site {{ item.url }} 
+# Generated by ansible for site {{ site.url }} 
-# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}
 
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};
 
   # Let's Encrypt
   include snippets/letsencrypt.conf;
 
   location / {
-{% if item.redirect_to_www %}
+{% if site.redirect_to_www %}
-    return 301 https://www.{{ item.url }}$request_uri;
+    return 301 https://www.{{ site.url }}$request_uri;
 {% else %}
-    return 301 https://{{ item.url }}$request_uri;
+    return 301 https://{{ site.url }}$request_uri;
 {% endif %}
   }
 }
@@ -21,20 +21,20 @@ server {
 server {
   listen 443 ssl;
   listen [::]:443 ssl;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};
 
-  access_log  /var/log/nginx/{{ item.slug }}-access.log;
+  access_log  /var/log/nginx/{{ site.slug }}-access.log;
   error_log   /var/log/nginx/error.log;
 
-{% if item.redirect_to_www %}
+{% if site.redirect_to_www %}
   # Redirect non-www to www
-  if ($host = {{ item.url }}) {
+  if ($host = {{ site.url }}) {
-    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
+    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
   }
 {% else %}
   # Redirect www to non-www
-  if ($host = www.{{ item.url }}) {
+  if ($host = www.{{ site.url }}) {
-    rewrite ^ https://{{ item.url }}$request_uri permanent;
+    rewrite ^ https://{{ site.url }}$request_uri permanent;
   }
 {% endif %}
 
@@ -42,14 +42,14 @@ server {
   include snippets/letsencrypt.conf;
 
   include snippets/ssl-params.conf;
-  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
+  ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
   
   include snippets/header-params_server.conf;
   location / {
     include snippets/header-params_location.conf;
   
-    proxy_pass http://{{ item.subnet_site_ip }}:80;
+    proxy_pass http://{{ site.subnet_site_ip }}:80;
   }
 }
 

deployer/roles/build/templates/gitea/docker-compose.yml.j2

@@ -0,0 +1,52 @@
+version: '3'
+
+# Generated by ansible for site {{ item.url }} 
+# On network {{ item.subnet_cidr_address }}:
+# - web server (nginx) at {{ item.subnet_nginx_ip }}
+# - site (gitea) at {{ item.subnet_site_ip }}
+
+services:
+  site:
+    # build: site
+    image: gitea/gitea:1.11.4
+    restart: always
+    environment:
+      APP_NAME: "Gitea: git with a cup of coffee"
+      DOMAIN: "{{ item.url }}"
+      ROOT_URL: "{{ item.url }}"
+      USER_UID: "{{ item.user_uid }}"
+      USER_GID: "{{ item.user_gid }}"
+      DB_TYPE: mysql
+      DB_HOST: "{{ item.subnet_gateway_ip }}"
+      DB_USER: "{{ item.mysql_username }}"
+      DB_PASSWD: "{{ item.mysql_password }}"
+      DB_NAME: "{{ item.mysql_database }}"
+    volumes: 
+      - "{{ site_data_path }}:/data"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+    networks:
+      net:
+        ipv4_address: "{{ item.subnet_site_ip }}"
+
+  nginx:
+    build: nginx
+    restart: always
+    depends_on:
+      - site
+    volumes:
+      - "{{ site_data_path }}:/data"
+    networks:
+      net:
+        ipv4_address: "{{ item.subnet_nginx_ip }}"
+
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: "{{ item.subnet_cidr_address }}"
+
+volumes:
+  html_data:

deployer/roles/build/templates/gitea/nginx.host.j2

@@ -0,0 +1,54 @@
+# Generated by ansible for site {{ item.url }} 
+# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ item.url }} www.{{ item.url }};
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  location / {
+{% if item.redirect_to_www %}
+    return 301 https://www.{{ item.url }}$request_uri;
+{% else %}
+    return 301 https://{{ item.url }}$request_uri;
+{% endif %}
+  }
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name {{ item.url }} www.{{ item.url }};
+
+  access_log  /var/log/nginx/{{ item.slug }}-access.log;
+  error_log   /var/log/nginx/{{ item.slug }}-error.log;
+
+{% if item.redirect_to_www %}
+  # Redirect non-www to www
+  if ($host = {{ item.url }}) {
+    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
+  }
+{% else %}
+  # Redirect www to non-www
+  if ($host = www.{{ item.url }}) {
+    rewrite ^ https://{{ item.url }}$request_uri permanent;
+  }
+{% endif %}
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  include snippets/ssl-params.conf;
+  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
+  
+  include snippets/header-params_server.conf;
+  location / {
+    include snippets/header-params_location.conf;
+  
+    proxy_pass http://{{ item.subnet_nginx_ip }}:80;
+  }
+}

deployer/roles/build/templates/gitea/nginx/nginx.conf.j2

@@ -0,0 +1,67 @@
+user  www-data www-data;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+  worker_connections  1024;
+}
+
+
+http {
+  charset utf-8;
+
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  set_real_ip_from {{ item.subnet_gateway_ip }};
+  log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  access_log  /var/log/nginx/access.log  main;
+
+  ##
+  # Basic Settings
+  ##
+
+  sendfile    on;
+  tcp_nopush  on;
+  tcp_nodelay on;
+  keepalive_timeout   15s;
+  types_hash_max_size 2048;
+  server_tokens   off;
+  client_max_body_size    10M;
+  client_body_timeout     60;
+  # server_names_hash_bucket_size 64;
+  server_name_in_redirect off;
+
+
+  ##
+  # Gzip Settings
+  ##
+
+  gzip on;
+  gzip_disable "msie6";
+
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
+  include /etc/nginx/conf.d/*.conf;
+
+
+  server {
+    listen 80 default;
+    listen [::]:80 default;
+    server_name {{ item.url }} www.{{ item.url }};
+
+    location / {
+      proxy_pass http://{{ item.subnet_site_ip }}:3000;
+    }
+}

deployer/roles/build/templates/wordpress/docker-compose.yml.j2

@@ -1,25 +1,25 @@
 version: '3'
 
-# Generated by ansible for site {{ item.url }} 
+# Generated by ansible for site {{ site.url }} 
-# On network {{ item.subnet_cidr_address }}:
+# On network {{ site.subnet_cidr_address }}:
-# - web server (nginx) at {{ item.subnet_nginx_ip }}
+# - web server (nginx) at {{ site.subnet_nginx_ip }}
-# - php-fpm (wordpress) at {{ item.subnet_site_ip }}
+# - php-fpm (wordpress) at {{ site.subnet_site_ip }}
 
 services:
   site:
     build: site
     restart: always
     environment:
-      WORDPRESS_DB_HOST: "{{ item.subnet_gateway_ip }}"
+      WORDPRESS_DB_HOST: "{{ site.subnet_gateway_ip }}"
-      WORDPRESS_DB_USER: "{{ item.mysql_username }}"
+      WORDPRESS_DB_USER: "{{ site.mysql_username }}"
-      WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}"
+      WORDPRESS_DB_PASSWORD: "{{ site.mysql_password }}"
-      WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
+      WORDPRESS_DB_NAME: "{{ site.mysql_database }}"
     volumes: 
       - "html_data:/var/www/html"
       - "{{ site_data_path }}:/var/www/html/wp-content"
     networks:
       net:
-        ipv4_address: "{{ item.subnet_site_ip }}"
+        ipv4_address: "{{ site.subnet_site_ip }}"
 
   nginx:
     build: nginx
@@ -31,7 +31,7 @@ services:
       - "{{ site_data_path }}:/var/www/html/wp-content"
     networks:
       net:
-        ipv4_address: "{{ item.subnet_nginx_ip }}"
+        ipv4_address: "{{ site.subnet_nginx_ip }}"
 
 
 networks:
@@ -39,7 +39,7 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: "{{ item.subnet_cidr_address }}"
+        - subnet: "{{ site.subnet_cidr_address }}"
 
 volumes:
   html_data:

deployer/roles/build/templates/wordpress/nginx.host.j2

@@ -1,19 +1,19 @@
-# Generated by ansible for site {{ item.url }} 
+# Generated by ansible for site {{ site.url }} 
-# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
+# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}
 
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};
 
   # Let's Encrypt
   include snippets/letsencrypt.conf;
 
   location / {
-{% if item.redirect_to_www %}
+{% if site.redirect_to_www %}
-    return 301 https://www.{{ item.url }}$request_uri;
+    return 301 https://www.{{ site.url }}$request_uri;
 {% else %}
-    return 301 https://{{ item.url }}$request_uri;
+    return 301 https://{{ site.url }}$request_uri;
 {% endif %}
   }
 }
@@ -21,20 +21,20 @@ server {
 server {
   listen 443 ssl;
   listen [::]:443 ssl;
-  server_name {{ item.url }} www.{{ item.url }};
+  server_name {{ site.url }} www.{{ site.url }};
 
-  access_log  /var/log/nginx/{{ item.slug }}-access.log;
+  access_log  /var/log/nginx/{{ site.slug }}-access.log;
   error_log   /var/log/nginx/error.log;
 
-{% if item.redirect_to_www %}
+{% if site.redirect_to_www %}
   # Redirect non-www to www
-  if ($host = {{ item.url }}) {
+  if ($host = {{ site.url }}) {
-    rewrite ^ https://www.{{ item.url }}$request_uri permanent;
+    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
   }
 {% else %}
   # Redirect www to non-www
-  if ($host = www.{{ item.url }}) {
+  if ($host = www.{{ site.url }}) {
-    rewrite ^ https://{{ item.url }}$request_uri permanent;
+    rewrite ^ https://{{ site.url }}$request_uri permanent;
   }
 {% endif %}
 
@@ -42,14 +42,14 @@ server {
   include snippets/letsencrypt.conf;
 
   include snippets/ssl-params.conf;
-  ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
+  ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
   
   include snippets/header-params_server.conf;
   location / {
     include snippets/header-params_location.conf;
   
-    proxy_pass http://{{ item.subnet_nginx_ip }}:80;
+    proxy_pass http://{{ site.subnet_nginx_ip }}:80;
   }
 }
 

deployer/roles/build/templates/wordpress/nginx/nginx.conf.j2

@@ -15,7 +15,7 @@ http {
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
 
-  set_real_ip_from {{ item.subnet_gateway_ip }};
+  set_real_ip_from {{ site.subnet_gateway_ip }};
   log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
@@ -59,7 +59,7 @@ http {
   server {
     listen 80 default;
     listen [::]:80 default;
-    server_name {{ item.url }} www.{{ item.url }};
+    server_name {{ site.url }} www.{{ site.url }};
 
     root /var/www/html;
     index index.php;

deployer/roles/build/templates/wordpress/site/Dockerfile.j2

@@ -8,15 +8,15 @@ RUN echo "sendmail_path = /usr/bin/msmtp -t " > /usr/local/etc/php/conf.d/sendma
 
 # RUN "cat << EOF > /etc/msmtprc
 # account default
-# host {{ item.subnet_gateway_ip }}
+# host {{ site.subnet_gateway_ip }}
 # port 25
 # EOF"
 
 RUN echo "\
 account default\n\
-host {{ item.subnet_gateway_ip }}\n\
+host {{ site.subnet_gateway_ip }}\n\
 port 25\n\
-from php@{{ item.url }}\n" > /etc/msmtprc
+from php@{{ site.url }}\n" > /etc/msmtprc
 
 # Should be UID & GID=33
 # USER www-data:www-data