Add music user and enable samba
This commit is contained in:
parent
d4dfe02153
commit
9ca69f5966
@ -3,7 +3,8 @@
|
|||||||
# system:base
|
# system:base
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_base_additional_tcp_ports: "{{
|
system_base_additional_tcp_ports: "{{
|
||||||
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
|
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten |
|
||||||
|
union(system_base_tcp_ports) }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:var
|
# system:var
|
||||||
|
@ -17,6 +17,18 @@ system_zfs_zpools_load_key:
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# system:base
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
system_base_additional_ssh_users:
|
||||||
|
- "music"
|
||||||
|
system_base_udp_ports:
|
||||||
|
- 137 # samba
|
||||||
|
- 138 # samba
|
||||||
|
system_base_tcp_ports:
|
||||||
|
- 139 # samba
|
||||||
|
- 445 # samba
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:var
|
# system:var
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
@ -73,6 +85,19 @@ backups_snapshots_sanoid_system_datasets:
|
|||||||
recursive: true
|
recursive: true
|
||||||
children_only: true
|
children_only: true
|
||||||
|
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
# music:rip
|
||||||
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
music_user_name: "music"
|
||||||
|
music_user_password: "{{ vault_music_user_password }}"
|
||||||
|
music_user_samba_password: "{{ vault_music_user_samba_password }}"
|
||||||
|
|
||||||
|
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
|
||||||
|
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
|
||||||
|
|
||||||
|
music_user_home_dataset: "rpool{{ music_user_home_directory }}"
|
||||||
|
music_user_data_dataset: "rpool{{ music_user_data_directory }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# services
|
# services
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
17
playbooks/music.yml
Normal file
17
playbooks/music.yml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
- name: "music : yggdrasil"
|
||||||
|
hosts: "yggdrasil"
|
||||||
|
roles:
|
||||||
|
- role: "music/datasets"
|
||||||
|
tags: "music:datasets"
|
||||||
|
- role: "music/rip"
|
||||||
|
tags: "music:rip"
|
||||||
|
vars:
|
||||||
|
music_rip_public_key_file: "\
|
||||||
|
{% if (the_nine_worlds_production | bool) %}\
|
||||||
|
~/.ssh/yggdrasil.pub\
|
||||||
|
{% else %}\
|
||||||
|
~/.ssh/debian-virt.pub\
|
||||||
|
{% endif %}"
|
||||||
|
# - role: "music/org"
|
||||||
|
# tags: "music:org"
|
13
playbooks/roles/music/datasets/meta/argument_specs.yml
Normal file
13
playbooks/roles/music/datasets/meta/argument_specs.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
options:
|
||||||
|
music_user_home_dataset:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_home_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_dataset:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
27
playbooks/roles/music/datasets/tasks/main.yml
Normal file
27
playbooks/roles/music/datasets/tasks/main.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
- name: "create home dataset"
|
||||||
|
community.general.zfs:
|
||||||
|
name: "{{ music_user_home_dataset }}"
|
||||||
|
state: "present"
|
||||||
|
register: music_datasets_user_zfs_home
|
||||||
|
|
||||||
|
- name: "populate home dataset with skeleton"
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "/etc/skel/"
|
||||||
|
dest: "{{ music_user_home_directory }}"
|
||||||
|
mode: "preserve"
|
||||||
|
remote_src: true
|
||||||
|
when:
|
||||||
|
music_datasets_user_zfs_home.changed
|
||||||
|
|
||||||
|
- name: "create data dataset"
|
||||||
|
community.general.zfs:
|
||||||
|
name: "{{ music_user_data_dataset }}"
|
||||||
|
state: "present"
|
||||||
|
extra_zfs_properties:
|
||||||
|
canmount: "off"
|
||||||
|
|
||||||
|
- name: "create music volume dataset"
|
||||||
|
community.general.zfs:
|
||||||
|
name: "{{ music_user_data_dataset }}/flac"
|
||||||
|
state: "present"
|
22
playbooks/roles/music/rip/meta/argument_specs.yml
Normal file
22
playbooks/roles/music/rip/meta/argument_specs.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
argument_specs:
|
||||||
|
main:
|
||||||
|
options:
|
||||||
|
music_user_name:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_password:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_samba_password:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_home_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_user_data_directory:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
||||||
|
music_rip_public_key_file:
|
||||||
|
type: "str"
|
||||||
|
required: true
|
24
playbooks/roles/music/rip/tasks/include/directories.yml
Normal file
24
playbooks/roles/music/rip/tasks/include/directories.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
- name: "directories : create data directory"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_data_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "directories : create volume \"flac\""
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_data_directory }}/flac"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: "directories : create directory \"rip\""
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_home_directory }}/rip"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
mode: 0755
|
54
playbooks/roles/music/rip/tasks/include/samba.yml
Normal file
54
playbooks/roles/music/rip/tasks/include/samba.yml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
---
|
||||||
|
- name: "samba : install samba"
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- "samba"
|
||||||
|
- "samba-client"
|
||||||
|
|
||||||
|
- name: "samba : configure samba share"
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: "/etc/samba/smb.conf"
|
||||||
|
mode: 0644
|
||||||
|
insertafter: "EOF"
|
||||||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK MUSIC:RIP"
|
||||||
|
block: |
|
||||||
|
[music-rip]
|
||||||
|
comment = Music drive
|
||||||
|
path = {{ music_user_home_directory }}/rip
|
||||||
|
browseable = yes
|
||||||
|
read only = no
|
||||||
|
guest ok = no
|
||||||
|
create mask = 0644
|
||||||
|
directory mask = 0755
|
||||||
|
register: music_rip_samba_config
|
||||||
|
|
||||||
|
- name: "samba : check for \"{{ music_user_name }}\" user"
|
||||||
|
ansible.builtin.shell: "pdbedit --user={{ music_user_name }} || /usr/bin/true"
|
||||||
|
changed_when: false
|
||||||
|
register: music_rip_samba_pdb_state
|
||||||
|
|
||||||
|
- name: "samba : add \"{{ music_user_name }}\" user"
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
(echo '{{ music_user_samba_password }}'; echo '{{ music_user_samba_password }}') |
|
||||||
|
smbpasswd -a {{ music_user_name }}
|
||||||
|
when:
|
||||||
|
not music_rip_samba_pdb_state.stdout is match('^' ~ music_user_name ~ ':')
|
||||||
|
|
||||||
|
- name: "samba : enable samba"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "smbd"
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: "samba : start samba"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "smbd"
|
||||||
|
state: "started"
|
||||||
|
register: music_rip_samba_start
|
||||||
|
|
||||||
|
- name: "samba : restart samba"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "smbd"
|
||||||
|
state: "restarted"
|
||||||
|
when:
|
||||||
|
music_rip_samba_config.changed and
|
||||||
|
not music_rip_samba_start.changed
|
37
playbooks/roles/music/rip/tasks/include/user.yml
Normal file
37
playbooks/roles/music/rip/tasks/include/user.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
- name: "user : create user"
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ music_user_name }}"
|
||||||
|
create_home: true
|
||||||
|
home: "{{ music_user_home_directory }}"
|
||||||
|
password: "{{ music_user_password }}"
|
||||||
|
register: music_rip_user_create
|
||||||
|
|
||||||
|
- name: "rip : set default shell"
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ music_user_name }}"
|
||||||
|
shell: "/usr/bin/rbash"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: "user : set home directory ownership"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ music_user_home_directory }}"
|
||||||
|
state: "directory"
|
||||||
|
owner: "{{ music_user_name }}"
|
||||||
|
group: "{{ music_user_name }}"
|
||||||
|
recurse: true
|
||||||
|
|
||||||
|
- name: "user : ensure XDG_RUNTIME_DIR is set"
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
|
||||||
|
{{ music_user_home_directory }}/.bashrc
|
||||||
|
|
||||||
|
when:
|
||||||
|
music_rip_user_create.changed
|
||||||
|
|
||||||
|
- name: "user : set authorized key"
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ music_user_name }}"
|
||||||
|
state: "present"
|
||||||
|
key: "{{ lookup('ansible.builtin.file', music_rip_public_key_file) }}"
|
15
playbooks/roles/music/rip/tasks/main.yml
Normal file
15
playbooks/roles/music/rip/tasks/main.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
- name: "play:music : role:rip : tasks:user"
|
||||||
|
ansible.builtin.import_tasks: "include/user.yml"
|
||||||
|
tags:
|
||||||
|
- "music:rip:user"
|
||||||
|
|
||||||
|
- name: "play:music : role:rip : tasks:directories"
|
||||||
|
ansible.builtin.import_tasks: "include/directories.yml"
|
||||||
|
tags:
|
||||||
|
- "music:rip:directories"
|
||||||
|
|
||||||
|
- name: "play:music : role:rip : tasks:samba"
|
||||||
|
ansible.builtin.import_tasks: "include/samba.yml"
|
||||||
|
tags:
|
||||||
|
- "music:rip:samba"
|
@ -1,4 +1,5 @@
|
|||||||
ansible
|
ansible
|
||||||
keyring
|
keyring
|
||||||
libvirt-python
|
libvirt-python
|
||||||
|
passlib
|
||||||
requests
|
requests
|
||||||
|
Loading…
Reference in New Issue
Block a user