ansible-roles/webapps/evoadmin-web/tasks/user.yml

---

- name: Create evoadmin account
  user:
    name: evoadmin
    comment: "Evoadmin Web Account"
    home: "{{ evoadmin_home_dir }}"
    password: "!"

- name: Create www-evoadmin group
  group:
    name: www-evoadmin
    state: present

- name: "Create www-evoadmin and add to group shadow (jessie)"
  user:
    name: www-evoadmin
    groups: shadow
    append: True
  when: ansible_distribution_release == "jessie"

- name: "Create www-evoadmin (Debian 9 or later)"
  user:
    name: www-evoadmin
  when: ansible_distribution_major_version is version_compare('9', '>=')

- name: Is /etc/aliases present?
  stat:
    path: /etc/aliases
  register: etc_aliases

- name: Set evoadmin aliases
  lineinfile:
    dest: /etc/aliases
    line: "{{ item.line }}"
    regexp: "{{ item.regexp }}"
    state: present
  with_items:
    - line: 'evoadmin: root'
      regexp: '^evoadmin:'
    - line: 'www-evoadmin: root'
      regexp: '^www-evoadmin:'
  notify: "newaliases"
  when: etc_aliases.stat.exists

- name: Git is needed to clone the evoadmin repository
  apt:
    name: git
    state: present

- name: "Clone evoadmin repository (jessie)"
  git:
    repo: https://forge.evolix.org/evoadmin-web.git
    dest: "{{ evoadmin_document_root }}"
    version: jessie
    update: False
  when: ansible_distribution_release == "jessie"

- name: "Clone evoadmin repository (Debian 9 or later)"
  git:
    repo: https://forge.evolix.org/evoadmin-web.git
    dest: "{{ evoadmin_document_root }}"
    version: master
    update: False
  when: ansible_distribution_major_version is version_compare('9', '>=')

- name: Change ownership on git repository
  file:
    dest: "{{ evoadmin_document_root }}"
    owner: "{{ evoadmin_username }}"
    group: "{{ evoadmin_username }}"
    recurse: True

- name: Create evoadmin log directory
  file:
    name: "{{ evoadmin_log_dir }}"
    owner: "{{ evoadmin_username }}"
    group: "{{ evoadmin_username }}"
    state: directory

- include_role:
    name: evolix/remount-usr
  when: evoadmin_scripts_dir is search ("/usr")

- name: "Create {{ evoadmin_scripts_dir }}"
  file:
    dest: "{{ evoadmin_scripts_dir }}"
    # recurse: True
    mode: "0700"
    state: directory

- name: Install scripts like web-add.sh
  shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
  args:
    creates: "{{ evoadmin_scripts_dir }}/web-add.sh"

# we use a shell command to have a "changed" that really reflects the result.
- name: Fix permissions
  command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
  register: command_result
  changed_when: "'changed' in command_result.stdout"
  # failed_when: False
  args:
    warn: False

- name: Add evoadmin sudoers file
  template:
    src: "{{ item }}"
    dest: /etc/sudoers.d/evoadmin
    mode: "0600"
    force: "{{ evoadmin_sudoers_conf_force }}"
    validate: "visudo -cf %s"
  with_first_found:
    - "templates/evoadmin-web/sudoers.{{ inventory_hostname }}.j2"
    - "templates/evoadmin-web/sudoers.{{ host_group }}.j2"
    - "templates/evoadmin-web/sudoers.j2"
    - "sudoers.j2"
  register: evoadmin_sudoers_conf

- name: Modify bashrc skel file
  lineinfile:
    dest: /etc/skel/.bashrc
    line: "alias php='sudo /usr/local/bin/phpContainer'"
  when: evoadmin_multi_php
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`---`

			`- name: Create evoadmin account`
			`user:`
			`name: evoadmin`
			`comment: "Evoadmin Web Account"`
Pass evoadmin-web role through yamllint and ansible-lint Recommends using true or false values directly instead of the truthy and falsie yes True and etc. This also means that we can get rid of the cast to booleans in some of the checks. The other fixes are mostly in the realm of indentation and whitespace. 2019-08-27 15:58:08 +02:00			`home: "{{ evoadmin_home_dir }}"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`password: "!"`

			`- name: Create www-evoadmin group`
			`group:`
			`name: www-evoadmin`
			`state: present`

we need www-evoadmin user in Debian 9 2017-09-18 22:36:14 +02:00			`- name: "Create www-evoadmin and add to group shadow (jessie)"`
			`user:`
			`name: www-evoadmin`
			`groups: shadow`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`append: True`
we need www-evoadmin user in Debian 9 2017-09-18 22:36:14 +02:00			`when: ansible_distribution_release == "jessie"`

			`- name: "Create www-evoadmin (Debian 9 or later)"`
			`user:`
			`name: www-evoadmin`
Change "\|version_compare" with "is version_compare" 2019-12-31 10:18:19 +01:00			`when: ansible_distribution_major_version is version_compare('9', '>=')`
we need www-evoadmin user in Debian 9 2017-09-18 22:36:14 +02:00
webapps/evoadmin-web: add users to /etc/aliases 2018-09-09 23:42:15 +02:00			`- name: Is /etc/aliases present?`
			`stat:`
			`path: /etc/aliases`
			`register: etc_aliases`

			`- name: Set evoadmin aliases`
			`lineinfile:`
			`dest: /etc/aliases`
			`line: "{{ item.line }}"`
			`regexp: "{{ item.regexp }}"`
			`state: present`
			`with_items:`
Pass evoadmin-web role through yamllint and ansible-lint Recommends using true or false values directly instead of the truthy and falsie yes True and etc. This also means that we can get rid of the cast to booleans in some of the checks. The other fixes are mostly in the realm of indentation and whitespace. 2019-08-27 15:58:08 +02:00			`- line: 'evoadmin: root'`
			`regexp: '^evoadmin:'`
			`- line: 'www-evoadmin: root'`
			`regexp: '^www-evoadmin:'`
webapps/evoadmin-web: add users to /etc/aliases 2018-09-09 23:42:15 +02:00			`notify: "newaliases"`
			`when: etc_aliases.stat.exists`

evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`- name: Git is needed to clone the evoadmin repository`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`apt:`
			`name: git`
			`state: present`

we don't need anymore shadow group in Debian 9 or later 2017-09-08 04:03:04 +02:00			`- name: "Clone evoadmin repository (jessie)"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`git:`
			`repo: https://forge.evolix.org/evoadmin-web.git`
whitespaces 2018-04-20 10:22:11 +02:00			`dest: "{{ evoadmin_document_root }}"`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`version: jessie`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`update: False`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`when: ansible_distribution_release == "jessie"`

we don't need anymore shadow group in Debian 9 or later 2017-09-08 04:03:04 +02:00			`- name: "Clone evoadmin repository (Debian 9 or later)"`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`git:`
			`repo: https://forge.evolix.org/evoadmin-web.git`
whitespaces 2018-04-20 10:22:11 +02:00			`dest: "{{ evoadmin_document_root }}"`
First step to use new evoadmin / FPM 2017-08-23 04:28:21 +02:00			`version: master`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`update: False`
Change "\|version_compare" with "is version_compare" 2019-12-31 10:18:19 +01:00			`when: ansible_distribution_major_version is version_compare('9', '>=')`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00
evoadmin-web: stay privileged Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files. 2017-10-07 21:48:00 +02:00			`- name: Change ownership on git repository`
			`file:`
whitespaces 2018-04-20 10:22:11 +02:00			`dest: "{{ evoadmin_document_root }}"`
evoadmin-web: stay privileged Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files. 2017-10-07 21:48:00 +02:00			`owner: "{{ evoadmin_username }}"`
evoadmin-web: document root should belong to group too 2017-10-07 23:05:20 +02:00			`group: "{{ evoadmin_username }}"`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`recurse: True`
evoadmin-web: stay privileged Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files. 2017-10-07 21:48:00 +02:00
packweb-apache: install evoadmin as a dependency A bug in Ansible 2.2 disables some included roles when dependencies have a conditional evaluated to false. 2018-04-20 10:23:35 +02:00			`- name: Create evoadmin log directory`
			`file:`
			`name: "{{ evoadmin_log_dir }}"`
			`owner: "{{ evoadmin_username }}"`
			`group: "{{ evoadmin_username }}"`
			`state: directory`

Move /usr rw remount into remount-usr role 2017-11-07 12:18:02 +01:00			`- include_role:`
Add evolix prefix to include_role 2019-11-29 14:00:25 +01:00			`name: evolix/remount-usr`
Change "\|search" with "is search" 2019-12-31 15:32:40 +01:00			`when: evoadmin_scripts_dir is search ("/usr")`
Remount /usr rw before writing on it 2017-08-03 22:15:27 +02:00
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`- name: "Create {{ evoadmin_scripts_dir }}"`
			`file:`
			`dest: "{{ evoadmin_scripts_dir }}"`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`# recurse: True`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`mode: "0700"`
			`state: directory`

			`- name: Install scripts like web-add.sh`
whitespaces 2018-04-20 10:22:11 +02:00			`shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`args:`
			`creates: "{{ evoadmin_scripts_dir }}/web-add.sh"`

typo 2018-09-09 23:25:53 +02:00			`# we use a shell command to have a "changed" that really reflects the result.`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`- name: Fix permissions`
evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`register: command_result`
			`changed_when: "'changed' in command_result.stdout"`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`# failed_when: False`
evoadmin-web: clarify ansible code 2017-10-07 23:04:47 +02:00			`args:`
evoadmin-web: use python/yaml native values 2019-09-23 21:57:08 +02:00			`warn: False`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00
			`- name: Add evoadmin sudoers file`
			`template:`
Make it possible to overwrite the default evoadmin-web templates The templates can also be forced to update if so desired. 2019-05-06 22:00:45 +02:00			`src: "{{ item }}"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`dest: /etc/sudoers.d/evoadmin`
			`mode: "0600"`
Pass evoadmin-web role through yamllint and ansible-lint Recommends using true or false values directly instead of the truthy and falsie yes True and etc. This also means that we can get rid of the cast to booleans in some of the checks. The other fixes are mostly in the realm of indentation and whitespace. 2019-08-27 15:58:08 +02:00			`force: "{{ evoadmin_sudoers_conf_force }}"`
evoadmin/packweb: end of first pass 2017-07-03 18:22:24 +02:00			`validate: "visudo -cf %s"`
Make it possible to overwrite the default evoadmin-web templates The templates can also be forced to update if so desired. 2019-05-06 22:00:45 +02:00			`with_first_found:`
Pass evoadmin-web role through yamllint and ansible-lint Recommends using true or false values directly instead of the truthy and falsie yes True and etc. This also means that we can get rid of the cast to booleans in some of the checks. The other fixes are mostly in the realm of indentation and whitespace. 2019-08-27 15:58:08 +02:00			`- "templates/evoadmin-web/sudoers.{{ inventory_hostname }}.j2"`
			`- "templates/evoadmin-web/sudoers.{{ host_group }}.j2"`
			`- "templates/evoadmin-web/sudoers.j2"`
			`- "sudoers.j2"`
			`register: evoadmin_sudoers_conf`
Add configuration for multi PHP setup 2019-06-04 15:48:21 +02:00
			`- name: Modify bashrc skel file`
			`lineinfile:`
			`dest: /etc/skel/.bashrc`
			`line: "alias php='sudo /usr/local/bin/phpContainer'"`
Merge branch 'evoadmin-web-template-override' into unstable I had to apply some of the yamllint fixes to the new multi-php tasks as well. Notably it removes the need to explicitely check for the truthy "True" 2019-08-27 16:23:04 +02:00			`when: evoadmin_multi_php`