Patrick Marchand
1c6fdbf85a
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Will cause a hard fail in ansible 2.14, so better get rid of them now. There is no alternative, but the ansible warnings for those modules are not hard failures anyways.
119 lines
3.1 KiB
YAML
119 lines
3.1 KiB
YAML
---
|
|
|
|
- name: Create evoadmin account
|
|
user:
|
|
name: evoadmin
|
|
comment: "Evoadmin Web Account"
|
|
home: "{{ evoadmin_home_dir }}"
|
|
password: "!"
|
|
system: yes
|
|
|
|
- name: Create www-evoadmin group
|
|
group:
|
|
name: www-evoadmin
|
|
state: present
|
|
|
|
- name: "Create www-evoadmin and add to group shadow (jessie)"
|
|
user:
|
|
name: www-evoadmin
|
|
groups: shadow
|
|
append: True
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Create www-evoadmin (Debian 9 or later)"
|
|
user:
|
|
name: www-evoadmin
|
|
system: yes
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: Is /etc/aliases present?
|
|
stat:
|
|
path: /etc/aliases
|
|
register: etc_aliases
|
|
|
|
- name: Set evoadmin aliases
|
|
lineinfile:
|
|
dest: /etc/aliases
|
|
line: "{{ item.line }}"
|
|
regexp: "{{ item.regexp }}"
|
|
state: present
|
|
loop:
|
|
- { line: 'evoadmin: root', regexp: '^evoadmin:' }
|
|
- { line: 'www-evoadmin: root', regexp: '^www-evoadmin:' }
|
|
notify: "newaliases"
|
|
when: etc_aliases.stat.exists
|
|
|
|
- name: Git is needed to clone the evoadmin repository
|
|
apt:
|
|
name: git
|
|
state: present
|
|
|
|
- name: "Clone evoadmin repository (jessie)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root }}"
|
|
version: jessie
|
|
update: False
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Clone evoadmin repository (Debian 9 or later)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root }}"
|
|
version: master
|
|
update: False
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: Change ownership on git repository
|
|
file:
|
|
dest: "{{ evoadmin_document_root }}"
|
|
owner: "{{ evoadmin_username }}"
|
|
group: "{{ evoadmin_username }}"
|
|
recurse: True
|
|
|
|
- name: Create evoadmin log directory
|
|
file:
|
|
name: "{{ evoadmin_log_dir }}"
|
|
owner: "{{ evoadmin_username }}"
|
|
group: "{{ evoadmin_username }}"
|
|
state: directory
|
|
|
|
- include_role:
|
|
name: evolix/remount-usr
|
|
when: evoadmin_scripts_dir is search ("/usr")
|
|
|
|
- name: "Create {{ evoadmin_scripts_dir }}"
|
|
file:
|
|
dest: "{{ evoadmin_scripts_dir }}"
|
|
# recurse: True
|
|
mode: "0700"
|
|
state: directory
|
|
|
|
- name: Install scripts like web-add.sh
|
|
shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
|
|
args:
|
|
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
|
|
|
|
# we use a shell command to have a "changed" that really reflects the result.
|
|
- name: Fix permissions
|
|
command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
# failed_when: False
|
|
|
|
- name: Add evoadmin sudoers file
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: /etc/sudoers.d/evoadmin
|
|
mode: "0600"
|
|
force: "{{ evoadmin_sudoers_conf_force }}"
|
|
validate: "visudo -cf %s"
|
|
loop: "{{ query('first_found', templates) }}"
|
|
vars:
|
|
templates:
|
|
- "templates/evoadmin-web/sudoers.{{ inventory_hostname }}.j2"
|
|
- "templates/evoadmin-web/sudoers.{{ host_group | default('all') }}.j2"
|
|
- "templates/evoadmin-web/sudoers.j2"
|
|
- "templates/sudoers.j2"
|
|
register: evoadmin_sudoers_conf
|