67664ec0e2
Recommends using true or false values directly instead of the truthy and falsie yes True and etc. This also means that we can get rid of the cast to booleans in some of the checks. The other fixes are mostly in the realm of indentation and whitespace.
119 lines
3 KiB
YAML
119 lines
3 KiB
YAML
---
|
|
|
|
- name: Create evoadmin account
|
|
user:
|
|
name: evoadmin
|
|
comment: "Evoadmin Web Account"
|
|
home: "{{ evoadmin_home_dir }}"
|
|
password: "!"
|
|
|
|
- name: Create www-evoadmin group
|
|
group:
|
|
name: www-evoadmin
|
|
state: present
|
|
|
|
- name: "Create www-evoadmin and add to group shadow (jessie)"
|
|
user:
|
|
name: www-evoadmin
|
|
groups: shadow
|
|
append: true
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Create www-evoadmin (Debian 9 or later)"
|
|
user:
|
|
name: www-evoadmin
|
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
|
|
|
- name: Is /etc/aliases present?
|
|
stat:
|
|
path: /etc/aliases
|
|
register: etc_aliases
|
|
|
|
- name: Set evoadmin aliases
|
|
lineinfile:
|
|
dest: /etc/aliases
|
|
line: "{{ item.line }}"
|
|
regexp: "{{ item.regexp }}"
|
|
state: present
|
|
with_items:
|
|
- line: 'evoadmin: root'
|
|
regexp: '^evoadmin:'
|
|
- line: 'www-evoadmin: root'
|
|
regexp: '^www-evoadmin:'
|
|
notify: "newaliases"
|
|
when: etc_aliases.stat.exists
|
|
|
|
- name: Git is needed to clone the evoadmin repository
|
|
apt:
|
|
name: git
|
|
state: present
|
|
|
|
- name: "Clone evoadmin repository (jessie)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root }}"
|
|
version: jessie
|
|
update: false
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Clone evoadmin repository (Debian 9 or later)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root }}"
|
|
version: master
|
|
update: false
|
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
|
|
|
- name: Change ownership on git repository
|
|
file:
|
|
dest: "{{ evoadmin_document_root }}"
|
|
owner: "{{ evoadmin_username }}"
|
|
group: "{{ evoadmin_username }}"
|
|
recurse: true
|
|
|
|
- name: Create evoadmin log directory
|
|
file:
|
|
name: "{{ evoadmin_log_dir }}"
|
|
owner: "{{ evoadmin_username }}"
|
|
group: "{{ evoadmin_username }}"
|
|
state: directory
|
|
|
|
- include_role:
|
|
name: remount-usr
|
|
when: evoadmin_scripts_dir | search ("/usr")
|
|
|
|
- name: "Create {{ evoadmin_scripts_dir }}"
|
|
file:
|
|
dest: "{{ evoadmin_scripts_dir }}"
|
|
# recurse: yes
|
|
mode: "0700"
|
|
state: directory
|
|
|
|
- name: Install scripts like web-add.sh
|
|
shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
|
|
args:
|
|
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
|
|
|
|
# we use a shell command to have a "changed" that really reflects the result.
|
|
- name: Fix permissions
|
|
command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
# failed_when: false
|
|
args:
|
|
warn: false
|
|
|
|
- name: Add evoadmin sudoers file
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: /etc/sudoers.d/evoadmin
|
|
mode: "0600"
|
|
force: "{{ evoadmin_sudoers_conf_force }}"
|
|
validate: "visudo -cf %s"
|
|
with_first_found:
|
|
- "templates/evoadmin-web/sudoers.{{ inventory_hostname }}.j2"
|
|
- "templates/evoadmin-web/sudoers.{{ host_group }}.j2"
|
|
- "templates/evoadmin-web/sudoers.j2"
|
|
- "sudoers.j2"
|
|
register: evoadmin_sudoers_conf
|