From 3c1160cd23bf35d5add2d0de038f9cb4be0aa4f8 Mon Sep 17 00:00:00 2001 From: Tunui Franken Date: Sun, 7 Apr 2024 13:51:31 +0200 Subject: [PATCH] [tunuifranken] Change unix user to tunuifranken --- roles/tunuifranken/defaults/main/plain.yml | 2 - roles/tunuifranken/tasks/main.yml | 48 ++++++++++++++++++---- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/roles/tunuifranken/defaults/main/plain.yml b/roles/tunuifranken/defaults/main/plain.yml index 57eea6a..862459b 100644 --- a/roles/tunuifranken/defaults/main/plain.yml +++ b/roles/tunuifranken/defaults/main/plain.yml @@ -1,7 +1,5 @@ --- tunuifranken_domain: tunuifranken.info -tunuifranken_apache2_owner: "{{ ansible_facts['env']['USER'] }}" -tunuifranken_apache2_group: "{{ ansible_facts['env']['USER'] }}" tunuifranken_server_admin: "{{ vault_tunuifranken_server_admin }}" tunuifranken_ssh_keys: pub: "{{ vault_tunuifranken_ssh_keys_pub }}" diff --git a/roles/tunuifranken/tasks/main.yml b/roles/tunuifranken/tasks/main.yml index 3f59af6..4f56563 100644 --- a/roles/tunuifranken/tasks/main.yml +++ b/roles/tunuifranken/tasks/main.yml @@ -1,4 +1,11 @@ --- +- name: Install needed packages + become: true + ansible.builtin.apt: + name: + - git + - acl # for become_user: forgejo + state: present - name: Get local public IP ansible.builtin.uri: @@ -28,12 +35,28 @@ letsencrypt_email: "{{ tunuifranken_server_admin }}" letsencrypt_post_hook: systemctl restart apache2 +- name: Create tunuifranken group + become: true + ansible.builtin.group: + name: tunuifranken + system: true + +- name: Create tunuifranken user + become: true + ansible.builtin.user: + name: tunuifranken + group: tunuifranken + create_home: true + home: /var/lib/tunuifranken + shell: /bin/false + system: true + - name: Create tunuifranken directory become: true ansible.builtin.file: path: "/var/www/{{ tunuifranken_domain }}" - owner: "{{ tunuifranken_apache2_owner }}" - group: "{{ tunuifranken_apache2_group }}" + owner: tunuifranken + group: tunuifranken state: directory mode: 0775 @@ -52,30 +75,39 @@ changed_when: "'already enabled' not in result.stdout" notify: Reload apache2 service -- name: Install git - become: true - ansible.builtin.apt: - name: git - state: present - - name: Create .ssh dir + become: true + become_user: tunuifranken ansible.builtin.file: path: ~/.ssh + state: directory + owner: tunuifranken + group: tunuifranken mode: 0700 - name: Add SSH public key + become: true + become_user: tunuifranken ansible.builtin.copy: content: "{{ tunuifranken_ssh_keys.pub }}" dest: ~/.ssh/id_rsa.pub + owner: tunuifranken + group: tunuifranken mode: 0644 - name: Add SSH private key + become: true + become_user: tunuifranken ansible.builtin.copy: content: "{{ tunuifranken_ssh_keys.priv }}" dest: ~/.ssh/id_rsa + owner: tunuifranken + group: tunuifranken mode: 0600 - name: Clone tunuifranken.info repo + become: true + become_user: tunuifranken ansible.builtin.git: repo: git@tunuifranken.info:flyingscorpio/tunuifranken.info.git dest: "/var/www/{{ tunuifranken_domain }}"