ansible-edda/playbooks/roles/services/setup/user/tasks/include/user.yml

---
- name: "{{ services_service_name }} : setup : create system user"
  ansible.builtin.user:
    name: "{{ services_service_user_name }}"
    create_home: true
    home: "{{ services_service_user_home }}"
    system: true
  register: services_base_user_create

- name: "{{ services_service_name }} : setup : set default shell"
  ansible.builtin.user:
    name: "{{ services_service_user_name }}"
    shell: "/usr/sbin/nologin"

- block:

    - name: "{{ services_service_name }} : setup : set home directory ownership"
      ansible.builtin.file:
        path: "{{ services_service_user_home }}"
        state: "directory"
        owner: "{{ services_service_user_name }}"
        group: "{{ services_service_user_name }}"
        recurse: true

    - name: "{{ services_service_name }} : setup : configure subuids and subgids"
      ansible.builtin.shell: |
          set -o pipefail
          export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
          export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
          usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
                  --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
          {{ services_service_user_name }}
      args:
        executable: "/usr/bin/bash"

    - name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
      ansible.builtin.shell: |
        echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
        {{ services_service_user_home }}/.bashrc

    - name: "{{ services_service_name }} : setup : enable lingering"
      ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"

  when:
    services_base_user_create.changed
Introduce yamllint 2022-12-18 23:43:40 +01:00			`---`
Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : create system user"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.user:`
			`name: "{{ services_service_user_name }}"`
			`create_home: true`
			`home: "{{ services_service_user_home }}"`
			`system: true`
			`register: services_base_user_create`

Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : set default shell"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.user:`
			`name: "{{ services_service_user_name }}"`
Move baldur and valkyrie var directory 2023-07-22 23:51:34 +02:00			`shell: "/usr/sbin/nologin"`
Add services:base:user 2022-12-11 00:41:50 +01:00
			`- block:`

Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : set home directory ownership"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.file:`
			`path: "{{ services_service_user_home }}"`
			`state: "directory"`
			`owner: "{{ services_service_user_name }}"`
			`group: "{{ services_service_user_name }}"`
			`recurse: true`

Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : configure subuids and subgids"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.shell: \|`
Fix lints 2023-11-04 21:19:09 +01:00			`set -o pipefail`
Add services:base:user 2022-12-11 00:41:50 +01:00			`export NEW_SUBUID=$(($(tail -1 /etc/subuid \| awk -F ":" '{print $2}')+65536))`
			`export NEW_SUBGID=$(($(tail -1 /etc/subgid \| awk -F ":" '{print $2}')+65536))`
			`usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \`
			`--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \`
			`{{ services_service_user_name }}`
Fix lints 2023-11-04 21:19:09 +01:00			`args:`
			`executable: "/usr/bin/bash"`
Add services:base:user 2022-12-11 00:41:50 +01:00
Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.shell: \|`
			`echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \`
			`{{ services_service_user_home }}/.bashrc`

Be explicit about services in playbook 2022-12-12 23:49:20 +01:00			`- name: "{{ services_service_name }} : setup : enable lingering"`
Add services:base:user 2022-12-11 00:41:50 +01:00			`ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"`

			`when:`
			`services_base_user_create.changed`