2019-03-29 19:25:11 +01:00
|
|
|
---
|
|
|
|
# Having a custom group is useless so use nogroup
|
2019-03-30 13:26:20 +01:00
|
|
|
- name: "Create {{ service_user }} user"
|
2019-03-29 19:25:11 +01:00
|
|
|
user:
|
2019-03-30 13:26:20 +01:00
|
|
|
name: "{{ service_user }}"
|
2019-03-29 19:25:11 +01:00
|
|
|
group: nogroup
|
2019-03-30 13:26:20 +01:00
|
|
|
home: "{{ service_homedir }}"
|
2019-03-29 19:25:11 +01:00
|
|
|
system: true
|
|
|
|
shell: /bin/false
|
|
|
|
state: present
|
|
|
|
|
|
|
|
# Only service user should be able to go there
|
2019-03-30 13:26:20 +01:00
|
|
|
- name: "Secure {{ service_user }} home directory"
|
2019-03-29 19:25:11 +01:00
|
|
|
file:
|
2019-03-30 13:26:20 +01:00
|
|
|
path: "{{ service_homedir }}"
|
2019-03-29 19:25:11 +01:00
|
|
|
state: directory
|
2019-03-30 13:26:20 +01:00
|
|
|
owner: "{{ service_user }}"
|
2019-03-29 19:25:11 +01:00
|
|
|
group: nogroup
|
|
|
|
mode: 0700
|