Commonise systemd tasks for user services

This commit is contained in:
Wojciech Kozlowski 2022-10-30 20:45:59 +01:00
parent 67b6a9a3f9
commit fac7456fa1
7 changed files with 61 additions and 80 deletions

View File

@ -8,3 +8,5 @@
when: is_zfs when: is_zfs
- import_tasks: tasks/services/setup/01-directories.yml - import_tasks: tasks/services/setup/01-directories.yml
- import_tasks: tasks/services/setup/02-nameserver.yml - import_tasks: tasks/services/setup/02-nameserver.yml
- import_tasks: tasks/services/setup/03-systemd-veth.yml
- import_tasks: tasks/services/setup/04-systemd-user.yml

View File

@ -1,11 +0,0 @@
[Unit]
Description=Prune dangling podman images
Documentation=man:podman-image-prune(1)
[Timer]
OnCalendar=Fri *-*-* 08:00:00
Persistent=true
RandomizedDelaySec=1h
[Install]
WantedBy=timers.target

View File

@ -12,33 +12,32 @@
- "01-user.d/shell/{{ service_name }}.yml" - "01-user.d/shell/{{ service_name }}.yml"
- "01-user.d/shell/_default.yml" - "01-user.d/shell/_default.yml"
- name: Ensure the home directory belongs to the user {{ service_user_name }} - block:
file:
path: "{{ service_home }}"
state: directory
owner: "{{ service_user_name }}"
group: "{{ service_user_name }}"
recurse: yes
- name: Configure subuids and subgids for user {{ service_user_name }} - name: Ensure the home directory belongs to the user {{ service_user_name }}
shell: | file:
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536)) path: "{{ service_home }}"
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536)) state: directory
usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \ owner: "{{ service_user_name }}"
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \ group: "{{ service_user_name }}"
{{ service_user_name }} recurse: yes
when:
user_create is changed
- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }} - name: Configure subuids and subgids for user {{ service_user_name }}
shell: | shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \ export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
{{ service_home }}/.bashrc export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
when: usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
user_create is changed --add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
{{ service_user_name }}
- name: Ensure XDG_RUNTIME_DIR is set for user {{ service_user_name }}
shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
{{ service_home }}/.bashrc
- name: Enable lingering for user {{ service_user_name }}
command: loginctl enable-linger {{ service_user_name }}
- name: Enable lingering for user {{ service_user_name }}
command: loginctl enable-linger {{ service_user_name }}
when: when:
user_create is changed user_create is changed
@ -93,34 +92,10 @@
state: directory state: directory
mode: 0755 mode: 0755
- name: Copy systemd auto-update service for user {{ service_user_name }}
copy:
src: "/usr/lib/systemd/system/podman-auto-update.service"
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.service"
remote_src: yes
register: user_systemd_podman_auto_update_service_file
- name: Copy systemd auto-update timer for user {{ service_user_name }}
copy:
src: "/usr/lib/systemd/system/podman-auto-update.timer"
dest: "{{ service_home }}/.config/systemd/user/podman-auto-update.timer"
remote_src: yes
register: user_systemd_podman_auto_update_timer_file
- name: Copy systemd image prune service for user {{ service_user_name }}
copy:
src: "./filesystem/common/var/lib/_hostname/home/_service_user_name/.config/systemd/user/podman-image-prune.service"
dest: "{{ service_home }}/.config/systemd/user/podman-image-prune.service"
register: user_systemd_podman_image_prune_service_file
- name: SystemD daemon reload - name: SystemD daemon reload
systemd: systemd:
daemon_reload: true daemon_reload: true
scope: user scope: user
when:
user_systemd_podman_auto_update_service_file is changed or
user_systemd_podman_auto_update_timer_file is changed or
user_systemd_podman_image_prune_service_file is changed
- name: Enable podman auto-update - name: Enable podman auto-update
systemd: systemd:

View File

@ -13,27 +13,6 @@
fi' fi'
register: veth_service_intf register: veth_service_intf
- name: Configure connect-pod-service
copy:
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service"
dest: "/etc/systemd/system/connect-pod-service@.service"
mode: 0644
register: systemd_connect_pod_service_service
- name: Configure connect-pod-service path trigger
template:
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2"
dest: "/etc/systemd/system/connect-pod-service@.path"
mode: 0644
register: systemd_connect_pod_service_path
- name: SystemD daemon reload
systemd:
daemon_reload: true
when:
systemd_connect_pod_service_service is changed or
systemd_connect_pod_service_path is changed
- name: Enable the path trigger service for {{ service_name }} - name: Enable the path trigger service for {{ service_name }}
systemd: systemd:
name: "connect-pod-service@{{ service_name }}.path" name: "connect-pod-service@{{ service_name }}.path"

View File

@ -0,0 +1,20 @@
- name: Configure connect-pod-service
copy:
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.service"
dest: "/etc/systemd/system/connect-pod-service@.service"
mode: 0644
register: systemd_connect_pod_service_service
- name: Configure connect-pod-service path trigger
template:
src: "./filesystem/common/etc/systemd/system/connect-pod-service@.path.j2"
dest: "/etc/systemd/system/connect-pod-service@.path"
mode: 0644
register: systemd_connect_pod_service_path
- name: SystemD daemon reload
systemd:
daemon_reload: true
when:
systemd_connect_pod_service_service is changed or
systemd_connect_pod_service_path is changed

View File

@ -0,0 +1,16 @@
- name: Copy systemd auto-update service for user
copy:
src: "/usr/lib/systemd/system/podman-auto-update.service"
dest: "/etc/systemd/user/podman-auto-update.service"
remote_src: yes
- name: Copy systemd auto-update timer for user
copy:
src: "/usr/lib/systemd/system/podman-auto-update.timer"
dest: "/etc/systemd/user/podman-auto-update.timer"
remote_src: yes
- name: Copy systemd image prune service for user
copy:
src: "./filesystem/common/etc/systemd/user/podman-image-prune.service"
dest: "/etc/systemd/user/podman-image-prune.service"