Commonise systemd tasks for user services
This commit is contained in:
parent
67b6a9a3f9
commit
fac7456fa1
@ -8,3 +8,5 @@
|
|||||||
when: is_zfs
|
when: is_zfs
|
||||||
- import_tasks: tasks/services/setup/01-directories.yml
|
- import_tasks: tasks/services/setup/01-directories.yml
|
||||||
- import_tasks: tasks/services/setup/02-nameserver.yml
|
- import_tasks: tasks/services/setup/02-nameserver.yml
|
||||||
|
- import_tasks: tasks/services/setup/03-systemd-veth.yml
|
||||||
|
- import_tasks: tasks/services/setup/04-systemd-user.yml
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Prune dangling podman images
|
|
||||||
Documentation=man:podman-image-prune(1)
|
|
||||||
|
|
||||||
[Timer]
|
|
||||||
OnCalendar=Fri *-*-* 08:00:00
|
|
||||||
Persistent=true
|
|
||||||
RandomizedDelaySec=1h
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=timers.target
|
|
@ -12,33 +12,32 @@
|
|||||||
- "01-user.d/shell/{{ service_name }}.yml"
|
- "01-user.d/shell/{{ service_name }}.yml"
|
||||||
- "01-user.d/shell/_default.yml"
|
- "01-user.d/shell/_default.yml"
|
||||||
|
|
||||||
- name: Ensure the home directory belongs to the user {{ service_user_name }}
|
- block:
|
||||||
file:
|
|
||||||
path: "{{ service_home }}"
|
|
||||||
state: directory
|
|
||||||
owner: "{{ service_user_name }}"
|
|
||||||
group: "{{ service_user_name }}"
|
|
||||||
recurse: yes
|
|
||||||
|
|
||||||
- name: Configure subuids and subgids for user {{ service_user_name }}
|
- name: Ensure the home directory belongs to the user {{ service_user_name }}
|
||||||
shell: |
|
file:
|
||||||
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
|
path: "{{ service_home }}"
|
||||||
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
|
state: directory
|
||||||
usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
|
owner: "{{ service_user_name }}"
|
||||||
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
|
group: "{{ service_user_name }}"
|
||||||
{{ service_user_name }}
|
recurse: yes
|
||||||
when:
|
|
||||||
user_create is changed
|
|
||||||
|
|
||||||
- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
|
- name: Configure subuids and subgids for user {{ service_user_name }}
|
||||||
shell: |
|
shell: |
|
||||||
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
|
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
|
||||||
{{ service_home }}/.bashrc
|
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
|
||||||
when:
|
usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
|
||||||
user_create is changed
|
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
|
||||||
|
{{ service_user_name }}
|
||||||
|
|
||||||
|
- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
|
||||||
|
shell: |
|
||||||
|
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
|
||||||
|
{{ service_home }}/.bashrc
|
||||||
|
|
||||||
|
- name: Enable lingering for user {{ service_user_name }}
|
||||||
|
command: loginctl enable-linger {{ service_user_name }}
|
||||||
|
|
||||||
- name: Enable lingering for user {{ service_user_name }}
|
|
||||||
command: loginctl enable-linger {{ service_user_name }}
|
|
||||||
when:
|
when:
|
||||||
user_create is changed
|
user_create is changed
|
||||||
|
|
||||||
@ -93,34 +92,10 @@
|
|||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
|
|
||||||
- name: Copy systemd auto-update service for user {{ service_user_name }}
|
|
||||||
copy:
|
|
||||||
src: "/usr/lib/systemd/system/podman-auto-update.service"
|
|
||||||
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.service"
|
|
||||||
remote_src: yes
|
|
||||||
register: user_systemd_podman_auto_update_service_file
|
|
||||||
|
|
||||||
- name: Copy systemd auto-update timer for user {{ service_user_name }}
|
|
||||||
copy:
|
|
||||||
src: "/usr/lib/systemd/system/podman-auto-update.timer"
|
|
||||||
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.timer"
|
|
||||||
remote_src: yes
|
|
||||||
register: user_systemd_podman_auto_update_timer_file
|
|
||||||
|
|
||||||
- name: Copy systemd image prune service for user {{ service_user_name }}
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service"
|
|
||||||
dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.service"
|
|
||||||
register: user_systemd_podman_image_prune_service_file
|
|
||||||
|
|
||||||
- name: SystemD daemon reload
|
- name: SystemD daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
scope: user
|
scope: user
|
||||||
when:
|
|
||||||
user_systemd_podman_auto_update_service_file is changed or
|
|
||||||
user_systemd_podman_auto_update_timer_file is changed or
|
|
||||||
user_systemd_podman_image_prune_service_file is changed
|
|
||||||
|
|
||||||
- name: Enable podman auto-update
|
- name: Enable podman auto-update
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -13,27 +13,6 @@
|
|||||||
fi'
|
fi'
|
||||||
register: veth_service_intf
|
register: veth_service_intf
|
||||||
|
|
||||||
- name: Configure connect-pod-service
|
|
||||||
copy:
|
|
||||||
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service"
|
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
|
||||||
mode: 0644
|
|
||||||
register: systemd_connect_pod_service_service
|
|
||||||
|
|
||||||
- name: Configure connect-pod-service path trigger
|
|
||||||
template:
|
|
||||||
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2"
|
|
||||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
|
||||||
mode: 0644
|
|
||||||
register: systemd_connect_pod_service_path
|
|
||||||
|
|
||||||
- name: SystemD daemon reload
|
|
||||||
systemd:
|
|
||||||
daemon_reload: true
|
|
||||||
when:
|
|
||||||
systemd_connect_pod_service_service is changed or
|
|
||||||
systemd_connect_pod_service_path is changed
|
|
||||||
|
|
||||||
- name: Enable the path trigger service for {{ service_name }}
|
- name: Enable the path trigger service for {{ service_name }}
|
||||||
systemd:
|
systemd:
|
||||||
name: "connect-pod-service@{{ service_name }}.path"
|
name: "connect-pod-service@{{ service_name }}.path"
|
||||||
|
20
playbooks/tasks/services/setup/03-systemd-veth.yml
Normal file
20
playbooks/tasks/services/setup/03-systemd-veth.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
- name: Configure connect-pod-service
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service"
|
||||||
|
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||||
|
mode: 0644
|
||||||
|
register: systemd_connect_pod_service_service
|
||||||
|
|
||||||
|
- name: Configure connect-pod-service path trigger
|
||||||
|
template:
|
||||||
|
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2"
|
||||||
|
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||||
|
mode: 0644
|
||||||
|
register: systemd_connect_pod_service_path
|
||||||
|
|
||||||
|
- name: SystemD daemon reload
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
when:
|
||||||
|
systemd_connect_pod_service_service is changed or
|
||||||
|
systemd_connect_pod_service_path is changed
|
16
playbooks/tasks/services/setup/04-systemd-user.yml
Normal file
16
playbooks/tasks/services/setup/04-systemd-user.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
- name: Copy systemd auto-update service for user
|
||||||
|
copy:
|
||||||
|
src: "/usr/lib/systemd/system/podman-auto-update.service"
|
||||||
|
dest: "/etc/systemd/user/podman-auto-update.service"
|
||||||
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: Copy systemd auto-update timer for user
|
||||||
|
copy:
|
||||||
|
src: "/usr/lib/systemd/system/podman-auto-update.timer"
|
||||||
|
dest: "/etc/systemd/user/podman-auto-update.timer"
|
||||||
|
remote_src: yes
|
||||||
|
|
||||||
|
- name: Copy systemd image prune service for user
|
||||||
|
copy:
|
||||||
|
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
|
||||||
|
dest: "/etc/systemd/user/podman-image-prune.service"
|
Loading…
Reference in New Issue
Block a user