Jérémy Lecour
c4bdd88e27
Becoming an unprivilegied user is problemetic for Ansible. We continue being root, but change the permissions on created files.
84 lines
2.1 KiB
YAML
84 lines
2.1 KiB
YAML
---
|
|
|
|
- name: Create evoadmin account
|
|
user:
|
|
name: evoadmin
|
|
comment: "Evoadmin Web Account"
|
|
home: "{{ evoadmin_home_dir}}"
|
|
password: "!"
|
|
|
|
- name: Create www-evoadmin group
|
|
group:
|
|
name: www-evoadmin
|
|
state: present
|
|
|
|
- name: "Create www-evoadmin and add to group shadow (jessie)"
|
|
user:
|
|
name: www-evoadmin
|
|
groups: shadow
|
|
append: yes
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Create www-evoadmin (Debian 9 or later)"
|
|
user:
|
|
name: www-evoadmin
|
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
|
|
|
- name: Install Git
|
|
apt:
|
|
name: git
|
|
state: present
|
|
|
|
- name: "Clone evoadmin repository (jessie)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root}}"
|
|
version: jessie
|
|
update: no
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: "Clone evoadmin repository (Debian 9 or later)"
|
|
git:
|
|
repo: https://forge.evolix.org/evoadmin-web.git
|
|
dest: "{{ evoadmin_document_root}}"
|
|
version: master
|
|
update: yes
|
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
|
|
|
- name: Change ownership on git repository
|
|
file:
|
|
dest: "{{ evoadmin_document_root}}"
|
|
owner: "{{ evoadmin_username }}"
|
|
recurse: yes
|
|
|
|
- include: remount_usr_rw.yml
|
|
when: evoadmin_scripts_dir | search ("/usr")
|
|
|
|
- name: "Create {{ evoadmin_scripts_dir }}"
|
|
file:
|
|
dest: "{{ evoadmin_scripts_dir }}"
|
|
# recurse: yes
|
|
mode: "0700"
|
|
state: directory
|
|
|
|
- name: Install scripts like web-add.sh
|
|
shell: "cp {{ evoadmin_document_root}}/scripts/* {{ evoadmin_scripts_dir }}/"
|
|
args:
|
|
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
|
|
|
|
# we use a shell command to have a "changed" thet really reflects the result.
|
|
- name: Fix permissions
|
|
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
# failed_when: False
|
|
with_items:
|
|
- "{{ evoadmin_home_dir}}/www"
|
|
|
|
- name: Add evoadmin sudoers file
|
|
template:
|
|
src: sudoers.j2
|
|
dest: /etc/sudoers.d/evoadmin
|
|
mode: "0600"
|
|
validate: "visudo -cf %s"
|