diff options
Diffstat (limited to 'roles/nfs_server/tasks/homedirs.yml')
-rw-r--r-- | roles/nfs_server/tasks/homedirs.yml | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/roles/nfs_server/tasks/homedirs.yml b/roles/nfs_server/tasks/homedirs.yml new file mode 100644 index 0000000..0241a6e --- /dev/null +++ b/roles/nfs_server/tasks/homedirs.yml @@ -0,0 +1,112 @@ +- name: create parent zfs datasets for home directories + zfs: + name: '{{ item }}' + state: present + loop: + - '{{ nfs_homedir_user_dataset }}' + - '{{ nfs_homedir_group_dataset }}' + +- name: collect zfs mountpoints + shell: "zfs list -Hp -o name,mountpoint | sed 's/\t/: /'" + changed_when: false + register: zfs_list_mountpoints + +- name: set zfs_mountpoints fact + set_fact: + zfs_mountpoints: '{{ zfs_list_mountpoints.stdout | from_yaml }}' + +- name: set selinux context for home directories + sefcontext: + target: '{{ item }}' + setype: samba_share_t + state: present + loop: + - '{{ zfs_mountpoints[nfs_homedir_group_dataset] }}(/.*)?' + - '{{ zfs_mountpoints[nfs_homedir_user_dataset] }}(/.*)?' + register: nfs_homedir_sefcontext + +- name: apply selinux context to home directories + command: 'restorecon -R {{ zfs_mountpoints[nfs_homedir_group_dataset] }} {{ zfs_mountpoints[nfs_homedir_user_dataset] }}' + when: nfs_homedir_sefcontext.changed + +- name: check which home directories already exist + stat: + path: '{{ zfs_mountpoints[nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset] }}/{{ item.group if item.group is defined else item.user }}/priv' + loop: '{{ nfs_homedirs }}' + register: nfs_homedir_stat + +- name: create zfs datasets for public home directories + zfs: + name: '{{ nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset }}/{{ item.group if item.group is defined else item.user }}/pub' + state: present + extra_zfs_properties: + refquota: '{{ item.pub_quota | default(nfs_homedir_pub_quota) }}' + loop: '{{ nfs_homedirs }}' + loop_control: + label: '{{ item }}' + +- name: create zfs datasets for private home directories + zfs: + name: '{{ nfs_homedir_group_dataset if item.group is defined else nfs_homedir_user_dataset }}/{{ item.group if item.group is defined else item.user }}/priv' + state: present + extra_zfs_properties: + refquota: '{{ item.priv_quota | default(nfs_homedir_priv_quota) }}' + loop: '{{ nfs_homedirs }}' + loop_control: + label: '{{ item }}' + +- name: copy skel files into any newly-created home directories + copy: + src: /etc/skel/ + dest: '{{ zfs_mountpoints[nfs_homedir_user_dataset] }}/{{ item.user }}/priv' + remote_src: yes + owner: '{{ item.user }}' + group: '{{ item.user }}' + mode: preserve + when: + - item.user is defined + - not nfs_homedir_stat.results[index].stat.exists + loop: '{{ nfs_homedirs }}' + loop_control: + index_var: index + +- name: set directory permissions for user home directories + file: + path: "{{ zfs_mountpoints[nfs_homedir_user_dataset] }}/{{ item.0 }}/{{ item.1.name }}" + state: directory + owner: '{{ item.0 }}' + group: '{{ item.0 }}' + mode: '{{ item.1.mode }}' + setype: _default + loop: "{{ nfs_homedirs | selectattr('user', 'defined') | map(attribute='user') | product(subdirs) }}" + vars: + subdirs: + - { name: pub, mode: '755' } + - { name: priv, mode: '700' } + +- name: set directory permissions for group directories + file: + path: "{{ zfs_mountpoints[nfs_homedir_group_dataset] }}/{{ item.0 }}/{{ item.1.name }}" + state: directory + owner: root + group: '{{ item.0 }}' + mode: '{{ item.1.mode }}' + setype: _default + loop: "{{ nfs_homedirs | selectattr('group', 'defined') | map(attribute='group') | product(subdirs) }}" + vars: + subdirs: + - { name: pub, mode: '02775' } + - { name: priv, mode: '02770' } + +- name: set directory ACLs for group directories + acl: + path: '{{ zfs_mountpoints[nfs_homedir_group_dataset] }}/{{ item.0 }}/{{ item.1 }}' + default: yes + entity: '{{ item.0 }}' + etype: group + permissions: rwX + recalculate_mask: mask + state: present + loop: "{{ nfs_homedirs | selectattr('group', 'defined') | map(attribute='group') | product(['pub', 'priv']) }}" + loop_control: + label: '{{ item.0 }}: {{ item.1 }}' |