Add music user and enable samba

This commit is contained in:
Wojciech Kozlowski 2023-02-19 21:12:16 +01:00
parent d4dfe02153
commit 9ca69f5966
11 changed files with 237 additions and 1 deletions

View File

@ -3,7 +3,8 @@
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_tcp_ports: "{{
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten |
union(system_base_tcp_ports) }}"
# --------------------------------------------------------------------------------------------------
# system:var

View File

@ -17,6 +17,18 @@ system_zfs_zpools_load_key:
# --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
# --------------------------------------------------------------------------------------------------
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_ssh_users:
- "music"
system_base_udp_ports:
- 137 # samba
- 138 # samba
system_base_tcp_ports:
- 139 # samba
- 445 # samba
# --------------------------------------------------------------------------------------------------
# system:var
# --------------------------------------------------------------------------------------------------
@ -73,6 +85,19 @@ backups_snapshots_sanoid_system_datasets:
recursive: true
children_only: true
# --------------------------------------------------------------------------------------------------
# music:rip
# --------------------------------------------------------------------------------------------------
music_user_name: "music"
music_user_password: "{{ vault_music_user_password }}"
music_user_samba_password: "{{ vault_music_user_samba_password }}"
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
music_user_home_dataset: "rpool{{ music_user_home_directory }}"
music_user_data_dataset: "rpool{{ music_user_data_directory }}"
# --------------------------------------------------------------------------------------------------
# services
# --------------------------------------------------------------------------------------------------

17
playbooks/music.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: "music : yggdrasil"
hosts: "yggdrasil"
roles:
- role: "music/datasets"
tags: "music:datasets"
- role: "music/rip"
tags: "music:rip"
vars:
music_rip_public_key_file: "\
{% if (the_nine_worlds_production | bool) %}\
~/.ssh/yggdrasil.pub\
{% else %}\
~/.ssh/debian-virt.pub\
{% endif %}"
# - role: "music/org"
# tags: "music:org"

View File

@ -0,0 +1,13 @@
---
argument_specs:
main:
options:
music_user_home_dataset:
type: "str"
required: true
music_user_home_directory:
type: "str"
required: true
music_user_data_dataset:
type: "str"
required: true

View File

@ -0,0 +1,27 @@
---
- name: "create home dataset"
community.general.zfs:
name: "{{ music_user_home_dataset }}"
state: "present"
register: music_datasets_user_zfs_home
- name: "populate home dataset with skeleton"
ansible.builtin.copy:
src: "/etc/skel/"
dest: "{{ music_user_home_directory }}"
mode: "preserve"
remote_src: true
when:
music_datasets_user_zfs_home.changed
- name: "create data dataset"
community.general.zfs:
name: "{{ music_user_data_dataset }}"
state: "present"
extra_zfs_properties:
canmount: "off"
- name: "create music volume dataset"
community.general.zfs:
name: "{{ music_user_data_dataset }}/flac"
state: "present"

View File

@ -0,0 +1,22 @@
---
argument_specs:
main:
options:
music_user_name:
type: "str"
required: true
music_user_password:
type: "str"
required: true
music_user_samba_password:
type: "str"
required: true
music_user_home_directory:
type: "str"
required: true
music_user_data_directory:
type: "str"
required: true
music_rip_public_key_file:
type: "str"
required: true

View File

@ -0,0 +1,24 @@
---
- name: "directories : create data directory"
ansible.builtin.file:
path: "{{ music_user_data_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "directories : create volume \"flac\""
ansible.builtin.file:
path: "{{ music_user_data_directory }}/flac"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755
- name: "directories : create directory \"rip\""
ansible.builtin.file:
path: "{{ music_user_home_directory }}/rip"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
mode: 0755

View File

@ -0,0 +1,54 @@
---
- name: "samba : install samba"
ansible.builtin.apt:
name:
- "samba"
- "samba-client"
- name: "samba : configure samba share"
ansible.builtin.blockinfile:
path: "/etc/samba/smb.conf"
mode: 0644
insertafter: "EOF"
marker: "# {mark} ANSIBLE MANAGED BLOCK MUSIC:RIP"
block: |
[music-rip]
comment = Music drive
path = {{ music_user_home_directory }}/rip
browseable = yes
read only = no
guest ok = no
create mask = 0644
directory mask = 0755
register: music_rip_samba_config
- name: "samba : check for \"{{ music_user_name }}\" user"
ansible.builtin.shell: "pdbedit --user={{ music_user_name }} || /usr/bin/true"
changed_when: false
register: music_rip_samba_pdb_state
- name: "samba : add \"{{ music_user_name }}\" user"
ansible.builtin.shell: |
(echo '{{ music_user_samba_password }}'; echo '{{ music_user_samba_password }}') |
smbpasswd -a {{ music_user_name }}
when:
not music_rip_samba_pdb_state.stdout is match('^' ~ music_user_name ~ ':')
- name: "samba : enable samba"
ansible.builtin.systemd:
name: "smbd"
enabled: true
- name: "samba : start samba"
ansible.builtin.systemd:
name: "smbd"
state: "started"
register: music_rip_samba_start
- name: "samba : restart samba"
ansible.builtin.systemd:
name: "smbd"
state: "restarted"
when:
music_rip_samba_config.changed and
not music_rip_samba_start.changed

View File

@ -0,0 +1,37 @@
---
- name: "user : create user"
ansible.builtin.user:
name: "{{ music_user_name }}"
create_home: true
home: "{{ music_user_home_directory }}"
password: "{{ music_user_password }}"
register: music_rip_user_create
- name: "rip : set default shell"
ansible.builtin.user:
name: "{{ music_user_name }}"
shell: "/usr/bin/rbash"
- block:
- name: "user : set home directory ownership"
ansible.builtin.file:
path: "{{ music_user_home_directory }}"
state: "directory"
owner: "{{ music_user_name }}"
group: "{{ music_user_name }}"
recurse: true
- name: "user : ensure XDG_RUNTIME_DIR is set"
ansible.builtin.shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
{{ music_user_home_directory }}/.bashrc
when:
music_rip_user_create.changed
- name: "user : set authorized key"
ansible.posix.authorized_key:
user: "{{ music_user_name }}"
state: "present"
key: "{{ lookup('ansible.builtin.file', music_rip_public_key_file) }}"

View File

@ -0,0 +1,15 @@
---
- name: "play:music : role:rip : tasks:user"
ansible.builtin.import_tasks: "include/user.yml"
tags:
- "music:rip:user"
- name: "play:music : role:rip : tasks:directories"
ansible.builtin.import_tasks: "include/directories.yml"
tags:
- "music:rip:directories"
- name: "play:music : role:rip : tasks:samba"
ansible.builtin.import_tasks: "include/samba.yml"
tags:
- "music:rip:samba"

View File

@ -1,4 +1,5 @@
ansible
keyring
libvirt-python
passlib
requests