ansible-edda/playbooks/roles/services/setup/user/tasks/include/user.yml
2023-11-04 21:19:09 +01:00

46 lines
1.7 KiB
YAML

---
- name: "{{ services_service_name }} : setup : create system user"
ansible.builtin.user:
name: "{{ services_service_user_name }}"
create_home: true
home: "{{ services_service_user_home }}"
system: true
register: services_base_user_create
- name: "{{ services_service_name }} : setup : set default shell"
ansible.builtin.user:
name: "{{ services_service_user_name }}"
shell: "/usr/sbin/nologin"
- block:
- name: "{{ services_service_name }} : setup : set home directory ownership"
ansible.builtin.file:
path: "{{ services_service_user_home }}"
state: "directory"
owner: "{{ services_service_user_name }}"
group: "{{ services_service_user_name }}"
recurse: true
- name: "{{ services_service_name }} : setup : configure subuids and subgids"
ansible.builtin.shell: |
set -o pipefail
export NEW_SUBUID=$(($(tail -1 /etc/subuid | awk -F ":" '{print $2}')+65536))
export NEW_SUBGID=$(($(tail -1 /etc/subgid | awk -F ":" '{print $2}')+65536))
usermod --add-subuids ${NEW_SUBUID}-$((${NEW_SUBUID}+65535)) \
--add-subgids ${NEW_SUBGID}-$((${NEW_SUBGID}+65535)) \
{{ services_service_user_name }}
args:
executable: "/usr/bin/bash"
- name: "{{ services_service_name }} : setup : ensure XDG_RUNTIME_DIR is set"
ansible.builtin.shell: |
echo '\nexport XDG_RUNTIME_DIR=/run/user/$(id -u)' >> \
{{ services_service_user_home }}/.bashrc
- name: "{{ services_service_name }} : setup : enable lingering"
ansible.builtin.command: "loginctl enable-linger {{ services_service_user_name }}"
when:
services_base_user_create.changed