ansible-roles/webapps/evoadmin-web/tasks/user.yml

119 lines
3.1 KiB
YAML

---
- name: Create evoadmin account
user:
name: evoadmin
comment: "Evoadmin Web Account"
home: "{{ evoadmin_home_dir }}"
password: "!"
system: yes
- name: Create www-evoadmin group
group:
name: www-evoadmin
state: present
- name: "Create www-evoadmin and add to group shadow (jessie)"
user:
name: www-evoadmin
groups: shadow
append: True
when: ansible_distribution_release == "jessie"
- name: "Create www-evoadmin (Debian 9 or later)"
user:
name: www-evoadmin
system: yes
when: ansible_distribution_major_version is version('9', '>=')
- name: Is /etc/aliases present?
stat:
path: /etc/aliases
register: etc_aliases
- name: Set evoadmin aliases
lineinfile:
dest: /etc/aliases
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
state: present
loop:
- { line: 'evoadmin: root', regexp: '^evoadmin:' }
- { line: 'www-evoadmin: root', regexp: '^www-evoadmin:' }
notify: "newaliases"
when: etc_aliases.stat.exists
- name: Git is needed to clone the evoadmin repository
apt:
name: git
state: present
- name: "Clone evoadmin repository (jessie)"
git:
repo: https://forge.evolix.org/evoadmin-web.git
dest: "{{ evoadmin_document_root }}"
version: jessie
update: False
when: ansible_distribution_release == "jessie"
- name: "Clone evoadmin repository (Debian 9 or later)"
git:
repo: https://forge.evolix.org/evoadmin-web.git
dest: "{{ evoadmin_document_root }}"
version: master
update: False
when: ansible_distribution_major_version is version('9', '>=')
- name: Change ownership on git repository
file:
dest: "{{ evoadmin_document_root }}"
owner: "{{ evoadmin_username }}"
group: "{{ evoadmin_username }}"
recurse: True
- name: Create evoadmin log directory
file:
name: "{{ evoadmin_log_dir }}"
owner: "{{ evoadmin_username }}"
group: "{{ evoadmin_username }}"
state: directory
- include_role:
name: evolix/remount-usr
when: evoadmin_scripts_dir is search("/usr")
- name: "Create {{ evoadmin_scripts_dir }}"
file:
dest: "{{ evoadmin_scripts_dir }}"
# recurse: True
mode: "0700"
state: directory
- name: Install scripts like web-add.sh
shell: "cp {{ evoadmin_document_root }}/scripts/* {{ evoadmin_scripts_dir }}/"
args:
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
# we use a shell command to have a "changed" that really reflects the result.
- name: Fix permissions
command: "chmod -R --verbose u=rwX,g=rX,o= {{ evoadmin_document_root }}"
register: command_result
changed_when: "'changed' in command_result.stdout"
# failed_when: False
- name: Add evoadmin sudoers file
template:
src: "{{ item }}"
dest: /etc/sudoers.d/evoadmin
mode: "0600"
force: "{{ evoadmin_sudoers_conf_force }}"
validate: "visudo -cf %s"
loop: "{{ query('first_found', templates) }}"
vars:
templates:
- "templates/evoadmin-web/sudoers.{{ inventory_hostname }}.j2"
- "templates/evoadmin-web/sudoers.{{ host_group | default('all') }}.j2"
- "templates/evoadmin-web/sudoers.j2"
- "templates/sudoers.j2"
register: evoadmin_sudoers_conf