ansible-edda/playbooks/tasks/services/b-user/service-user/01-user.yml

122 lines
3.7 KiB
YAML
Raw Normal View History

- name: Create system user for {{ service_name }}
user:
name: "{{ service_user_name }}"
create_home: yes
home: "{{ service_home }}"
system: yes
register: user_create
2022-10-24 00:45:52 +02:00
- include_tasks: "{{ item }}"
with_first_found:
- files:
2022-10-30 21:20:45 +01:00
- "01-user.d/shell/{{ service_name }}.yml"
- "01-user.d/shell/_default.yml"
- block:
- name: Ensure the home directory belongs to the user {{ service_user_name }}
file:
path: "{{ service_home }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
recurse: yes
- name: Configure subuids and subgids for user {{ service_user_name }}
shell: |
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
{{ service_user_name }}
- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
{{ service_home }}/.bashrc
- name: Enable lingering for user {{ service_user_name }}
command: loginctl enable-linger {{ service_user_name }}
when:
user_create is changed
- name: Create container directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/containers/{{ service_user_name }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755
2022-11-08 21:09:35 +01:00
- name: Create volume data directory for user {{ service_user_name }}
file:
path: "/var/lib/{{ ansible_hostname }}/data/{{ service_user_name }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
mode: 0755
2022-10-24 00:45:52 +02:00
- include_tasks: "{{ item }}"
with_first_found:
- files:
2022-10-30 21:20:45 +01:00
- "01-user.d/data/{{ service_name }}.yml"
- "01-user.d/data/_default.yml"
- block:
- name: Create configuration directory for user {{ service_user_name }}
file:
path: "{{ service_home }}/.config"
state: directory
mode: 0755
- name: Create container configuration directory for user {{ service_user_name }}
file:
path: "{{ service_home }}/.config/containers"
state: directory
mode: 0755
- name: Configure storage.conf for user {{ service_user_name }}
template:
src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/containers/storage.conf.j2"
dest: "{{ service_home }}/.config/containers/storage.conf"
mode: 0644
register: user_containers_storage
- name: Reset podman
shell: "cd $HOME; yes | podman system reset"
when:
2022-10-26 23:56:59 +02:00
user_containers_storage is changed
2022-10-06 23:15:06 +02:00
- name: Create systemd directory for user {{ service_user_name }}
file:
path: "{{ service_home }}/.config/systemd"
state: directory
mode: 0755
- name: Create systemd service directory for user {{ service_user_name }}
file:
path: "{{ service_home }}/.config/systemd/user"
state: directory
mode: 0755
- name: SystemD daemon reload
systemd:
daemon_reload: true
scope: user
- name: Enable pod-service auto-update
2022-10-06 23:15:06 +02:00
systemd:
name: pod-service-auto-update.timer
2022-10-06 23:15:06 +02:00
enabled: yes
state: started
scope: user
- name: Enable podman image prune
systemd:
name: podman-image-prune.service
2022-10-06 23:15:06 +02:00
enabled: yes
scope: user
become_user: "{{ service_user_name }}"