General ansible script organisation issues

[mbooth]

These points are taken from TODO file in the repo -- if they are still valid, we should consider fixing them or if needed, breaking them out into their own tickets:

• Create users and groups as part of each web service's role rather than having php-fpm role create them indirectly.
• Shorten the merry dance of simlinks involved in the location of mediawiki's LocalSettings?.php file (which involves allowing the execution of php code in several directories that might otherwise be sensible to keep out of php-fpm's path, like /etc/mediawiki)
• Have each role create its own webroot directory, or at least pass owner, group and mode as variables to the nginx role's "configure-nginx-website.yml" playbook. This would avoid having to fix webroot permissions for roles that use php-fpm(e.g. ttrss, mediawiki).
  • Some roles that require nginx (git/znc/ipsilon) require no webroot directory because they simply use nginx to proxy requests to other processes, so it may be better to have the roles that need one create them

[mbooth]

Obviously, we since switched to apache from nginx due to superior SSO support using mod_mellon, so s/nginx/apache/ in the above.