Permissions on galaxy directory during privilege separation + NGINX access

[hexylena]

During deployment with priv-sep, the permissions for the galaxy directory can become too restrictive.

Overriding them with

--extra-vars "__galaxy_dir_perms='0755'"

solves the issue, but, it is sub-optimal for new admins.

It is set due to

__galaxy_dir_perms: "{{ '0750' if __galaxy_user_group == __galaxy_privsep_user_group else '0755' }}"

But for EU (and others), we have it set such that:

galaxy_separate_privileges: true
galaxy_group: galaxy
galaxy_system_group: galaxy

Thus, given

__galaxy_user_group: "{{ ((galaxy_group | default({})).name | default(galaxy_group)) if galaxy_group is defined else (__galaxy_group_result.results[0].ansible_facts.getent_group.keys() | first) }}"
__galaxy_privsep_user_group: "{{ ((galaxy_group | default({})).name | default(galaxy_group)) if galaxy_group is defined else (__galaxy_group_result.results[1].ansible_facts.getent_group.keys() | first) }}"

In both cases, the galaxy_group variable is set, and so those values are equivalent. But it doesn't account for the fact that nginx still needs access.