Add music user and enable samba
This commit is contained in:
parent
d4dfe02153
commit
9ca69f5966
@ -3,7 +3,8 @@
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_additional_tcp_ports: "{{
|
||||
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten }}"
|
||||
services_host_services | dict2items | map(attribute='value.tcp', default=[]) | flatten |
|
||||
union(system_base_tcp_ports) }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:var
|
||||
|
@ -17,6 +17,18 @@ system_zfs_zpools_load_key:
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
system_base_additional_ssh_users:
|
||||
- "music"
|
||||
system_base_udp_ports:
|
||||
- 137 # samba
|
||||
- 138 # samba
|
||||
system_base_tcp_ports:
|
||||
- 139 # samba
|
||||
- 445 # samba
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:var
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
@ -73,6 +85,19 @@ backups_snapshots_sanoid_system_datasets:
|
||||
recursive: true
|
||||
children_only: true
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# music:rip
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
music_user_name: "music"
|
||||
music_user_password: "{{ vault_music_user_password }}"
|
||||
music_user_samba_password: "{{ vault_music_user_samba_password }}"
|
||||
|
||||
music_user_home_directory: "{{ system_var_home_directory }}/{{ music_user_name }}"
|
||||
music_user_data_directory: "{{ system_var_data_directory }}/{{ music_user_name }}"
|
||||
|
||||
music_user_home_dataset: "rpool{{ music_user_home_directory }}"
|
||||
music_user_data_dataset: "rpool{{ music_user_data_directory }}"
|
||||
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# services
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
17
playbooks/music.yml
Normal file
17
playbooks/music.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: "music : yggdrasil"
|
||||
hosts: "yggdrasil"
|
||||
roles:
|
||||
- role: "music/datasets"
|
||||
tags: "music:datasets"
|
||||
- role: "music/rip"
|
||||
tags: "music:rip"
|
||||
vars:
|
||||
music_rip_public_key_file: "\
|
||||
{% if (the_nine_worlds_production | bool) %}\
|
||||
~/.ssh/yggdrasil.pub\
|
||||
{% else %}\
|
||||
~/.ssh/debian-virt.pub\
|
||||
{% endif %}"
|
||||
# - role: "music/org"
|
||||
# tags: "music:org"
|
13
playbooks/roles/music/datasets/meta/argument_specs.yml
Normal file
13
playbooks/roles/music/datasets/meta/argument_specs.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
music_user_home_dataset:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_data_dataset:
|
||||
type: "str"
|
||||
required: true
|
27
playbooks/roles/music/datasets/tasks/main.yml
Normal file
27
playbooks/roles/music/datasets/tasks/main.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
- name: "create home dataset"
|
||||
community.general.zfs:
|
||||
name: "{{ music_user_home_dataset }}"
|
||||
state: "present"
|
||||
register: music_datasets_user_zfs_home
|
||||
|
||||
- name: "populate home dataset with skeleton"
|
||||
ansible.builtin.copy:
|
||||
src: "/etc/skel/"
|
||||
dest: "{{ music_user_home_directory }}"
|
||||
mode: "preserve"
|
||||
remote_src: true
|
||||
when:
|
||||
music_datasets_user_zfs_home.changed
|
||||
|
||||
- name: "create data dataset"
|
||||
community.general.zfs:
|
||||
name: "{{ music_user_data_dataset }}"
|
||||
state: "present"
|
||||
extra_zfs_properties:
|
||||
canmount: "off"
|
||||
|
||||
- name: "create music volume dataset"
|
||||
community.general.zfs:
|
||||
name: "{{ music_user_data_dataset }}/flac"
|
||||
state: "present"
|
22
playbooks/roles/music/rip/meta/argument_specs.yml
Normal file
22
playbooks/roles/music/rip/meta/argument_specs.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
music_user_name:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_password:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_samba_password:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_home_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
music_user_data_directory:
|
||||
type: "str"
|
||||
required: true
|
||||
music_rip_public_key_file:
|
||||
type: "str"
|
||||
required: true
|
24
playbooks/roles/music/rip/tasks/include/directories.yml
Normal file
24
playbooks/roles/music/rip/tasks/include/directories.yml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
- name: "directories : create data directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ music_user_data_directory }}"
|
||||
state: "directory"
|
||||
owner: "{{ music_user_name }}"
|
||||
group: "{{ music_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "directories : create volume \"flac\""
|
||||
ansible.builtin.file:
|
||||
path: "{{ music_user_data_directory }}/flac"
|
||||
state: "directory"
|
||||
owner: "{{ music_user_name }}"
|
||||
group: "{{ music_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "directories : create directory \"rip\""
|
||||
ansible.builtin.file:
|
||||
path: "{{ music_user_home_directory }}/rip"
|
||||
state: "directory"
|
||||
owner: "{{ music_user_name }}"
|
||||
group: "{{ music_user_name }}"
|
||||
mode: 0755
|
54
playbooks/roles/music/rip/tasks/include/samba.yml
Normal file
54
playbooks/roles/music/rip/tasks/include/samba.yml
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
- name: "samba : install samba"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- "samba"
|
||||
- "samba-client"
|
||||
|
||||
- name: "samba : configure samba share"
|
||||
ansible.builtin.blockinfile:
|
||||
path: "/etc/samba/smb.conf"
|
||||
mode: 0644
|
||||
insertafter: "EOF"
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK MUSIC:RIP"
|
||||
block: |
|
||||
[music-rip]
|
||||
comment = Music drive
|
||||
path = {{ music_user_home_directory }}/rip
|
||||
browseable = yes
|
||||
read only = no
|
||||
guest ok = no
|
||||
create mask = 0644
|
||||
directory mask = 0755
|
||||
register: music_rip_samba_config
|
||||
|
||||
- name: "samba : check for \"{{ music_user_name }}\" user"
|
||||
ansible.builtin.shell: "pdbedit --user={{ music_user_name }} || /usr/bin/true"
|
||||
changed_when: false
|
||||
register: music_rip_samba_pdb_state
|
||||
|
||||
- name: "samba : add \"{{ music_user_name }}\" user"
|
||||
ansible.builtin.shell: |
|
||||
(echo '{{ music_user_samba_password }}'; echo '{{ music_user_samba_password }}') |
|
||||
smbpasswd -a {{ music_user_name }}
|
||||
when:
|
||||
not music_rip_samba_pdb_state.stdout is match('^' ~ music_user_name ~ ':')
|
||||
|
||||
- name: "samba : enable samba"
|
||||
ansible.builtin.systemd:
|
||||
name: "smbd"
|
||||
enabled: true
|
||||
|
||||
- name: "samba : start samba"
|
||||
ansible.builtin.systemd:
|
||||
name: "smbd"
|
||||
state: "started"
|
||||
register: music_rip_samba_start
|
||||
|
||||
- name: "samba : restart samba"
|
||||
ansible.builtin.systemd:
|
||||
name: "smbd"
|
||||
state: "restarted"
|
||||
when:
|
||||
music_rip_samba_config.changed and
|
||||
not music_rip_samba_start.changed
|
37
playbooks/roles/music/rip/tasks/include/user.yml
Normal file
37
playbooks/roles/music/rip/tasks/include/user.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: "user : create user"
|
||||
ansible.builtin.user:
|
||||
name: "{{ music_user_name }}"
|
||||
create_home: true
|
||||
home: "{{ music_user_home_directory }}"
|
||||
password: "{{ music_user_password }}"
|
||||
register: music_rip_user_create
|
||||
|
||||
- name: "rip : set default shell"
|
||||
ansible.builtin.user:
|
||||
name: "{{ music_user_name }}"
|
||||
shell: "/usr/bin/rbash"
|
||||
|
||||
- block:
|
||||
|
||||
- name: "user : set home directory ownership"
|
||||
ansible.builtin.file:
|
||||
path: "{{ music_user_home_directory }}"
|
||||
state: "directory"
|
||||
owner: "{{ music_user_name }}"
|
||||
group: "{{ music_user_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: "user : ensure XDG_RUNTIME_DIR is set"
|
||||
ansible.builtin.shell: |
|
||||
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
|
||||
{{ music_user_home_directory }}/.bashrc
|
||||
|
||||
when:
|
||||
music_rip_user_create.changed
|
||||
|
||||
- name: "user : set authorized key"
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ music_user_name }}"
|
||||
state: "present"
|
||||
key: "{{ lookup('ansible.builtin.file', music_rip_public_key_file) }}"
|
15
playbooks/roles/music/rip/tasks/main.yml
Normal file
15
playbooks/roles/music/rip/tasks/main.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
- name: "play:music : role:rip : tasks:user"
|
||||
ansible.builtin.import_tasks: "include/user.yml"
|
||||
tags:
|
||||
- "music:rip:user"
|
||||
|
||||
- name: "play:music : role:rip : tasks:directories"
|
||||
ansible.builtin.import_tasks: "include/directories.yml"
|
||||
tags:
|
||||
- "music:rip:directories"
|
||||
|
||||
- name: "play:music : role:rip : tasks:samba"
|
||||
ansible.builtin.import_tasks: "include/samba.yml"
|
||||
tags:
|
||||
- "music:rip:samba"
|
@ -1,4 +1,5 @@
|
||||
ansible
|
||||
keyring
|
||||
libvirt-python
|
||||
passlib
|
||||
requests
|
||||
|
Loading…
Reference in New Issue
Block a user