From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/photostructure/tasks/freeipa.yml | 47 ++++++++++++++++++++ roles/photostructure/tasks/main.yml | 78 ++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 roles/photostructure/tasks/freeipa.yml create mode 100644 roles/photostructure/tasks/main.yml (limited to 'roles/photostructure/tasks') diff --git a/roles/photostructure/tasks/freeipa.yml b/roles/photostructure/tasks/freeipa.yml new file mode 100644 index 0000000..66d99e7 --- /dev/null +++ b/roles/photostructure/tasks/freeipa.yml @@ -0,0 +1,47 @@ +- name: create user + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ photostructure_user }}' + loginshell: /sbin/nologin + homedir: '{{ photostructure_home }}' + givenname: Photostructure + sn: Service Account + state: present + run_once: yes + +- name: retrieve user keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: '{{ photostructure_user }}' + keytab_path: '{{ photostructure_keytab }}' + +- name: configure gssproxy for kerberized NFS + include_role: + name: gssproxy_client + vars: + gssproxy_name: photostructure + gssproxy_section: service/photostructure + gssproxy_keytab: /etc/krb5.keytab + gssproxy_client_keytab: '{{ photostructure_keytab }}' + gssproxy_cred_usage: initiate + gssproxy_euid: '{{ photostructure_user }}' + +- name: add user to file access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ photostructure_file_access_group }}' + user: '{{ photostructure_user }}' + action: member + state: present + run_once: yes + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ photostructure_access_group }}' + state: present + run_once: yes diff --git a/roles/photostructure/tasks/main.yml b/roles/photostructure/tasks/main.yml new file mode 100644 index 0000000..2b37aed --- /dev/null +++ b/roles/photostructure/tasks/main.yml @@ -0,0 +1,78 @@ +- name: install packages + dnf: + name: '{{ photostructure_packages }}' + state: present + +- import_tasks: freeipa.yml + tags: freeipa + +- name: create home directory + file: + path: '{{ photostructure_home }}' + owner: '{{ photostructure_user }}' + group: '{{ photostructure_user }}' + mode: 0700 + state: directory + +- name: clone git repository + git: + repo: '{{ photostructure_repo }}' + dest: '{{ photostructure_install_dir }}' + update: no + version: '{{ photostructure_version }}' + become: yes + become_user: '{{ photostructure_user }}' + register: photostructure_git + +- name: build photostructure + shell: + cmd: >- + mkdir -p "$HOME/.config/PhotoStructure" && + rm -rf node_modules "$HOME/.electron" "$HOME/.electron-gyp" "$HOME/.npm/_libvips" "$HOME/.node-gyp" "$HOME/.cache/yarn/*/*sharp*" && + npx --yes yarn install --silent + chdir: '{{ photostructure_install_dir }}' + become: true + become_user: '{{ photostructure_user }}' + when: photostructure_git.changed + +- name: create systemd unit file + template: + src: etc/systemd/system/photostructure.service.j2 + dest: /etc/systemd/system/photostructure.service + register: photostructure_unit + notify: restart photostructure + +- name: reload systemd units + systemd: + daemon_reload: yes + when: photostructure_unit.changed + +- name: generate environment file + template: + src: etc/sysconfig/photostructure + dest: /etc/sysconfig/photostructure + owner: root + group: '{{ photostructure_user }}' + notify: restart photostructure + +- name: start photostructure + systemd: + name: photostructure + state: started + enabled: yes + +- name: generate update script + template: + src: '{{ photostructure_home[1:] }}/photostructure-update.sh.j2' + dest: '{{ photostructure_home }}/photostructure-update.sh' + mode: 0555 + +- name: set up photostructure-update timer + include_role: + name: systemd_timer + vars: + timer_name: photostructure-update + timer_description: Update photostructure + timer_after: network.target nss-user-lookup.target + timer_on_calendar: '{{ photostructure_update_on_calendar }}' + timer_exec: '{{ photostructure_home }}/photostructure-update.sh' -- cgit