diff --git a/dhcp.yml b/dhcp.yml new file mode 100644 index 0000000..8434f06 --- /dev/null +++ b/dhcp.yml @@ -0,0 +1,16 @@ +--- +# Deploy DHCP +- hosts: dhcp-pacaterie.adm.auro.re + vars: + service_repo: https://gitlab.federez.net/re2o/dhcp.git + service_name: dhcp + service_version: master + service_config: + hostname: re2o-server.adm.auro.re + username: service-user + password: "{{ vault_serviceuser_passwd }}" + dhcp: + authoritative: true + roles: + - re2o-service + - isc-dhcp-server diff --git a/dns.yml b/dns.yml new file mode 100644 index 0000000..601993a --- /dev/null +++ b/dns.yml @@ -0,0 +1,13 @@ +--- +# Deploy DNS +- hosts: serge.adm.auro.re + vars: + service_repo: https://gitlab.crans.org/nounous/re2o-dns.git + service_name: dns + service_version: crans + service_config: + hostname: re2o-server.adm.auro.re + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 116e51c..55723c2 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,116 +1,121 @@ $ANSIBLE_VAULT;1.1;AES256 -65623637663363313664336437353136643563306565616336366530636530316161356665336233 -3534346635396434386363386466383463666164343065310a343739663162646432303131316564 -33633833323534623039336131383262663236396465663162666566316465613832623131363430 -3930353730636363650a626132323139636130343065633933303435616163353666313233343930 -34616636633465313034666539303837373839363437393639363837613266363733366334323063 -64306335633537613831623433306532393664353662613433356531626339343664306366613636 -36393533626662353630616335396337333562303666616165613464376431646633653335623330 -39356637303630316262343638313565663335363832616463323163316665333766313338613137 -64623936616239303535636533333130333733666466643634356336633064663734383664386666 -35636637306434306166633063326265373437636532376335356365343839646438643263346361 -66343261653031636431333131303930346536346662613463393233306535646165336563633639 -35363633386366316534373936626139666665353937373638663162636638323235613434303239 -34393065346334303865613737306332356436643862373234376333313164303830353061393131 -65646438323335633838626438643834663839613630333131326664313263666238646531616334 -31326530303262366231653139613461653039306530356134336366383431326466373833633865 -65303664343035636464383462613265336535646266393339363363373131623832616562396565 -35636261393038656338306461643364363462376135376535326138356561303464346235656334 -65373432336536393464336436363031363037373039666237626666613331396630336437653837 -62373536376234333962303465633065376431353832313661643864353938643062303464666364 -36393239643166623764643939626336643564316364343732303232626265303238353031363636 -34366639643834393666346161306630383131633236366337316231633666336662393364383061 -36346331636662616333323739663736303663323566323864626135386363313231363864313432 -31633437376437633630343837393537613037623537356531306435663739346137376639333666 -66633366316338333365376466376334623133653132323064343764303363346663616438656633 -31636132663239343032616330373735373962633662616237643131383932303531623132376263 -63366665343834326639386465643465623330323832656237386335633938636164313963626635 -38636562343463383233393938353932303932333265303162366533643166306636326366373233 -66373839623631616162613439663565333633353864323833653335653834343461363063613432 -34633864633232303566613235336563616136353031653634333432346566633139396332386165 -63333264366539356636636537366630623034363563373436646639316461653861666334316662 -34393931363533363436323966656435353266373839616466333034643335343838333063323032 -35303261636133663738643939666631623139383638363261643961306138353563393439313635 -61653436653135343866353538336263363735393038383862316639356462383535663633393461 -30316362306363326235633235343837316661646630613962376464313932336462313435643134 -39373765656462323935363732653365663737643665353039323362613461356362373262316163 -62343334343536376461613633343037653733326164636636316631353830663362383766653538 -38333535343865666131646264323138363036333066316532623438313363303537326131633865 -34626166346665326461656132396237393736313132336263316161343336386431356433393931 -61356636346539613264366465616439356531336166633930633130333361653566333538356436 -38653561386365333262623932616136343836383532383764333537306130326562386662623631 -32313464323234663131613364353631313639306464353162393766303839383030333831656534 -32636362656234336134656235666335656138643330383033313435663035383835666236333564 -66386539333833323165386136336661363033353461336164623734633061386461313935663531 -39326230383233316131616362376133313137656431373463373232356363363964323038356233 -63316132313032333438643664663762333064646337363033366262313433623364623739366131 -32363031656539303261373431666566363266396663373665346639653066303966396266316631 -31363331336464393063373662663065353131303438663433383238663966316264356134633636 -62363433333737366162386265363766623438646337633137653436626130613566626236633837 -65623563363537663261373932326131376236656534616330663131643264333930386331623438 -31376263393662643938633862396665353363613539363039633966313161616338353666653130 -63663761373165363463323831336239616562646432346630393764633362643434626564653433 -39383634376238613833326131373438323937383138656531346435633562396437623163646566 -34643237383331376630333862613164343465373266613338633931636662626364613964613639 -32316365396639313635306261616439386162613366636362633763626135313462326662363834 -34636261353935343436316263623530393362343164373737356539663066336232303530643131 -33303136363431363232636238396233333236663933396639643233376562396234376639356564 -66346338386562646431373232356363303035366365383661356132643963376134323935386333 -39363162343938353135383530646662613139616639393230343363653661306431383633393035 -66303832306465373632343530333737393432623366353639616434346532653337346361363339 -35643937656337316566313534343762393338353830356266386165633262393964386635636430 -32346630383639623433623930323832643132613565376135363161663966646433343335323863 -35376631313864313362346637383932663633346565626231316533356561313637326336373931 -32336461313036356166613166303066303230383166303463373533346130336663386535376635 -37383239356139646335643662636234313666623062633163373931363761326130313537653665 -39393561626165323431386537656665326334373735346562326666623865303432623966366539 -39386431633363323735356230653465633433353937343566653331323334613032333831656432 -31336165633532383066663465306535643637306536646362306235366364643536663134643465 -66383965656133663161393138313963383436373630633761613839383136393865323438333833 -39366166663834633737316666303661653132336563343334373333386261353030343562346536 -31333662663834366466373834646430393964613866336162393162313135373335303533326265 -36373766653865313566643030326633363136323639366238366634626632333836323764363235 -31316531626335333932643164323066303233343233303063316532313236303639323432366463 -64386537666162636134303161366266383639396134333165663231623965386137343662333861 -36343331346361663331646161323331656164363737386336393136343532626661303965333763 -31663731646462356338363664303937316138666337313036643836626631343430363234326430 -39626363633962633138306135636238373230613030323238353264633239383933333666643866 -38656135613035616366346431323934396237623237656561313739616163366138393437333439 -37313732323934636236316533393064316433643232653338633665376565633933623861666335 -61636363613539376337383835623834383164336163393465623861653336313934373539613933 -66306435396163336233363934653263353662396534636537613062393462643932326561313364 -64353232653731636639303938626435656535333935353865386238333464313333646132643039 -33326336643863393835643738323739636139366635343366663335623432333564663661613962 -38336133636532343431353430333466656638316563613764656438316532393234663235396434 -35346133396263653364393038613936373835396430663861333036353639326636616362333030 -65663832353061336665376432353436626332333931303666636464666564336437313434646333 -65303533653832386236633239306263343064393935616238616435346634333063623765336366 -34373161303536666132626531663162633636393436363062613539613337353232363934303735 -34353830616137383237373465313034383663336234303361343432613064663662363438666164 -30636464616262383234396364306638386433643539303066376135633466336135343565383662 -39303166646330393931343066323662633233353637373464626263666337613139393961653761 -64303231353535656438363363393735363066363738316163373331353334313438363564633535 -63323539383637353935653334383637613433353166333630383366616661613366346233666466 -38643332326639633335626365653736646163653063306362356430323031383137366564376165 -66303963323761653364363564653637653032613739396130646166363539363463666130626631 -34613165303261323133303336613837383862663362343533343839313362323334303238633238 -31306664343032383365393035346331646636663663623263643863636233356235323332656339 -39356636386134396561323865363536613764633861323238336531326331616239386530663464 -33336131653936636434636563653538616536316335643636376134343131613665636532326566 -39363436336638393963343637393133613831636364653363613737316636626133333238646362 -36313264353335666461353135376435346161376138623639663337626337376236346230333330 -62353563343335656632393938363363363936643765383063363935383266353037353562363833 -64633661353564333064616264653130646133303662373630396638373833333763306638653661 -34393430353236303465636335383733656162343139613765663732353837313365323466386664 -35323464626663333866376138396132333039313962356439303838373835653837643364363339 -62303062663931646232643234666132363239373035633262623135633531636330373065333435 -36393163393638613663353133666632353639653064353139363134383764666530623834326531 -32653931316539666539656565313462396535346439393534313139393735633437333935396466 -35316165363839396562613130623964626531373337343166656630666638363039376162396336 -30373730353231663534316333336538366661363332316531653334383635356133393266666232 -35366337653131376131396232323332623063626135333630346564343663326532616263333262 -66613436396337353636643866353562366231333933353465306461376138333564656562646261 -66303263356565656431353064343361396131323134323234316230363761373362663234633735 -35663365376264343763333731393363336231366534393933333536356437653837303832646339 -66376262616634376438613864323665356539376139396130376661613930393131363465313063 -333664323830636666653933303034333630 +38643063333866653931396630643166643964356265363939356638346266333030356538336533 +6364383530613232326566646335663632323937306364300a636337353338333138326534626139 +66386265383261643538353765663965623035663962663061613534623931376434623237383736 +3065323934373065380a633738363137326239333362656266396537623838356663663231353535 +65636633356433636666383133303233643736636134343365313461363866383361623830663831 +61633662626437376537613737363032626638666236313331623631656338306666656537313637 +30303464373331336264356166373531393662363861313034626161633539373134626330363565 +36383735363664386231356261613839396630373831646533393933636638343765633731306464 +30393139626530393165613865396464366165363335333337383064623664646461393462313234 +36343763306334646666376236663136626238326466383731613865316566356462353662313238 +32353166313665316536396233376666653936643439373664303762303832343833616439376164 +35373634316264376639323563643633623466653238656464613938303332663030356138303339 +33636339323339636362643562643238313131343234326438643464333333313130646366343931 +66393735383034346235636337383566336634633331396331666437643738626362663935653933 +66363234363138633362663433653033636666323464376334303864343935333466326432343339 +31393333383033663064343230653434376538343861323639343135353837373438613935323262 +63643164663966346134623861663033626238623331626534613134363166353263366534383232 +33613665333434356264353230623038663232336363646332376533663365316235393436303631 +62623330343132333861663063383733623064303962333833656435376262353063373737623134 +35306361373465393036383764353735303333376130373736303239616462393638653261356366 +66613030653330663763303833656130616639643530623439646133623565626639353762613739 +38613235643034316131666364633535356638653364386635376464356530393637383434616162 +32353937313132626437313338386236663638653830306262333061313064316365336233373264 +64643230613333623037663365306365356334303737623264626635643762616231316133316631 +37633361373737376134623630313834383033663335336338663936326133343233643963656237 +31666339366339333234326233613533636566643639333063306530663239373634636131646534 +66646566393935653533656365346663376532656336373563333535313830633764646434376332 +33616338336362323563393935623938313330386566316531653162653234643633316236396536 +34396166346230346637303635653233626264383061303766343737356131616331363161646330 +30666236643232386539333333363332396238643635656536303130646433323664383262643465 +30323139643335336438643864366239386166393965386137396364633230306666376366626632 +31353762316637626566333830326539663562396531383436303336323261653638663337323833 +39313363306338346435343835386230306465623137633836323662663938653334353936313830 +37366534383265323466656565633831393766353637316464626362643362383639373634633961 +61323032396530636433346463643837643463653565323735653062343164333538376266323930 +62303138333035323233663765306335633037376664626439666365333565303566613834383861 +33623339313962643530313538366362306466633037643532626631393733333338653633383566 +34366466336535663138633464376138386165356665396661633265386562366333356163633563 +63383735663936346339373836373765383536343337656133346132363465373538646134313639 +65623934353365613334623532373334653530353563396338323136623333656235613762376531 +61613562643733323933363263373239663031666364313430353061666530656135666262333462 +38343032343263336237653161383334313664666637663164343935656161353539356162653031 +32656362393732646235366232313937616130323030613934323563363736383331373032303061 +36656231663365643865346634663638306437396562653661303162333361636633383034363136 +65663233623230356265656232373963636263353939303531383235666535316533666439306162 +37646564363566366536323766353935333535306338316437636165316233383231656535626565 +34336633316464323665393365313963636138336661386332313830383039396461383664393833 +61623630626265303861623363663435323164386466316338306331363438643765313234613763 +63333335383033306336663835333536343832613438636331646532373962643434303266336666 +64346662353133313931316631666363353439323935356165336637353366386639616233653630 +64393662326266343366353365303263396436313563646230363963343461343535633437613866 +36313739656335383763366636373330393764333963396237633463663062616130653261363465 +36303965306266366435333663333037633738623431653339323733623765646265613963313235 +63346136303630643563346431306438376535376537396438613463646233333131616261386436 +61643265323636316563363765366534313638656566303339303431396433393663653735373132 +34646432663135623137316532663065303339626633613231353061616261323861663165366136 +39626466393161363166306237323633366130333930653665313937306461363263386637366435 +37666363633463343636656465323939306363646431643130613935633935346132623161613231 +32303362383036306431303036636265636436303066303662633035313332396666643932393364 +31633631653264636539316138666237366630333039393366306233356639323639326333326430 +61393837343863616339336566363339366163363837393238613961373864353564313335326561 +39336236636538373133643063393933636166306361373631323465633638353130343466336534 +35303031666462336635653438633136653461313731336362303438343132303666396634383635 +36656266653365303566326332623963396431623465616161396332633833356565623931626632 +62346132353064333232336162393366623365323635373238643561343236653435363166393166 +32376537383031646333366664346138333531613463386135616364646161363132633065336435 +61653861633737373162346339396130333735393266396661316637306161393536353163623138 +63306362386364363333373633343264653966313763323433366634646264643963626636396637 +38636435326564366536366138373437383962653737383764303066383162383262306661396539 +64366662616166653539623462323538366365396133313639383139636435633638646166373236 +61383262366438383764313262323938363263386334316663363630323133626634616466636363 +33326130326363383739363132393739353735393135316437393036653830333439623265393436 +33373333323564623137313037633165393235366462353932623834333133373932343235623834 +34393137373035663462343063663265646636633334356533646161376534656265646163316533 +37383938373234373861353635616138346639653866353136353166383764393966653738376265 +63366530626562613836393839343536643362613936643339373633313732353663343932386564 +61616166313366313133613866376637306461636362376437663165616436616136626132383461 +30653666393833333933336561663233373131656437313633373964323934313633623235323061 +66363332646630363436386631636137366237356539633663376263656535343438613437316432 +63636436396363323034393262383936623166326462373961616262363438646161353462353334 +66616131343636366161643037613561346661383133383332633661393031343936396333633061 +34626138366632336665383438303033326435326466383634316531303565646365616531663730 +61633137306532643862643963636564626163323331303861316463666639383031663031383866 +62623064616430666366636666373361663638366639623862613930303263336561613566626665 +39313036643233643937623739343731663739343461656134383833643364313238303938373363 +36396134306530303739353636636137303038633635373438306330376536316565356361343766 +61336136653434316262373131663062636161326264663738373363656538303666646266373035 +36366337663661643934363136383266323734613835393837363363376365633237663562373664 +61643865613861666362353539656637316537363963633064383137313536353037336639613262 +33313333643065366534386630633064343638663531636431613539333534656435343163666132 +30306132653836613133393633383432623833633635363535386164353235333861356138336339 +62656535386437393462323261393662376635386131633463653565363038343366626637336430 +33643932653462353231663962316639336263396230616461643538363063363139396364383231 +64333837326662313639386135393133613237613036653837303231333865373131356134656636 +30353139343363373134303933343039656665323833633339663964346132356535313632343563 +36383366636438376362326638653838613830333836636539323734383337393662316234373435 +33616537653333626637613865666461636361373565336536316462383861326132346563313435 +38613366653764303965376335646234316138353964386361356436393064363037636365383639 +35633834636464653464626231323639323361663961366230383336346331386430663133323632 +34343462356461396164666131633433643236623261316139643735336434623234306638326235 +63366234303662633962633232336165313265633232373265643264636238363537383837623963 +31333863326539616434613233343361316334353062653364353335383961613065323930303939 +36313730363335626165626233373265333337363931316462646230643436323764656231663361 +33613363643838323830653561383334313539336234386534646461643931366664623235636136 +35653239616135633962613965306361316464643438653163323339373138336266343935656663 +62393765633337616639306666636633623665346330626163353164376234346164633830366561 +62396138306564343735356538656337393565316336633064333935353135656135633263663466 +63383135323338313334366563633038356262333964353864386662393236666165316461613430 +37366463653662643334303261323530396138383662656431376561356665346639643039383864 +38356537643133633436316231633437653532356333653239303434323339636563646334386662 +65366536323536353537376436646534633061396232376333616532643934376332313635356232 +35303236393635666333663039316234643831353136353061333139366432363531303630626334 +33616334643636336232356562343631376634386633343530336539373137353766643166393231 +35623237663433613835653261363761336238303934616165643364303839333932616562396139 +64343962353162366231303131643965616164623334396637373535373063633763373636306162 +31316231396663313930633936623164336137666466303733393939373937373633323534393438 +65656366653165636363383061653163303564306137626365326633393066376463303765663535 +30323163633231376531323832333938396335636164613962343533326664386132616636663033 +35663837383131613461653433643664366439343531393665333631346162623362626631646433 +61613339303032323261 diff --git a/hosts b/hosts index db1abc6..ebf3386 100644 --- a/hosts +++ b/hosts @@ -45,6 +45,7 @@ ldap-replica-pacaterie.adm.auro.re dhcp-pacaterie.adm.auro.re dns-pacaterie.adm.auro.re prometheus-pacaterie.adm.auro.re +radius-pacaterie.adm.auro.re [edc-pve] leodagan.adm.auro.re diff --git a/proxmox.yml b/proxmox.yml index f2cf5c2..47edd29 100644 --- a/proxmox.yml +++ b/proxmox.yml @@ -29,11 +29,17 @@ memory: 1024 # M disksize: 16 # G installiso: debian-buster-DI-rc1-amd64-netinst.iso + - name: radius-pacaterie + virtu: mordred + cores: 2 # 2 mimimum, 10 maximum + memory: 1024 # M + disksize: 16 # G + installiso: debian-buster-DI-rc1-amd64-netinst.iso vars_prompt: - name: "password" prompt: "Enter LDAP password for your user" - private: yes + private: true roles: - proxmox-vm diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml new file mode 100644 index 0000000..0004081 --- /dev/null +++ b/roles/isc-dhcp-server/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Install isc-dhcp-server + apt: + update_cache: true + name: isc-dhcp-server + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure isc-dhcp-server + template: + src: dhcp/dhcpd.conf.j2 + dest: /etc/dhcp/dhcpd.conf + mode: 0600 + +- name: Ensure that isc-dhcp-server is started + systemd: + name: isc-dhcp-server + state: started + enabled: true diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 new file mode 100644 index 0000000..3b0da57 --- /dev/null +++ b/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 @@ -0,0 +1,33 @@ +# dhcpd.conf +# {{ ansible_managed }} + +# option definitions common to all supported networks... +#option domain-name "example.org"; +#option domain-name-servers ns1.example.org, ns2.example.org; + +# We have tagged network so use last 4 bytes for tag (1500 max) +option interface-mtu 1496; + +default-lease-time 600; +max-lease-time 7200; + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +{% if dhcp.authoritative %} +authoritative; +{% else %} +#authoritative; +{% endif %} + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +#log-facility local7; + +# Aurore topology +# TODO diff --git a/roles/matrix-appservice-discord/tasks/main.yml b/roles/matrix-appservice-discord/tasks/main.yml index 0a04b8c..01fc45b 100644 --- a/roles/matrix-appservice-discord/tasks/main.yml +++ b/roles/matrix-appservice-discord/tasks/main.yml @@ -58,7 +58,7 @@ owner: matrix-synapse group: nogroup mode: 0600 - remote_src: yes + remote_src: true # Run - name: "Ensure that {{ service_name }} is started" diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix-appservice-irc/tasks/main.yml index 5c455d7..36d931c 100644 --- a/roles/matrix-appservice-irc/tasks/main.yml +++ b/roles/matrix-appservice-irc/tasks/main.yml @@ -39,7 +39,8 @@ mode: 0644 # TODO generate registration -# node app.js -r -f irc-registration.yaml -u "http://localhost:9999" -c config.yaml -l ircbot +# node app.js -r -f irc-registration.yaml \ +# -u "http://localhost:9999" -c config.yaml -l ircbot - name: Copy appservice registration file copy: @@ -48,7 +49,7 @@ owner: matrix-synapse group: nogroup mode: 0600 - remote_src: yes + remote_src: true # Run - name: "Ensure that {{ service_name }} is started" diff --git a/roles/matrix-appservice-webhooks/tasks/main.yml b/roles/matrix-appservice-webhooks/tasks/main.yml index 75ec367..0afa419 100644 --- a/roles/matrix-appservice-webhooks/tasks/main.yml +++ b/roles/matrix-appservice-webhooks/tasks/main.yml @@ -47,7 +47,7 @@ owner: matrix-synapse group: nogroup mode: 0600 - remote_src: yes + remote_src: true # Run - name: "Ensure that {{ service_name }} is started" diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o-service/defaults/main.yml new file mode 100644 index 0000000..343c392 --- /dev/null +++ b/roles/re2o-service/defaults/main.yml @@ -0,0 +1,3 @@ +--- +service_user: re2o-services +service_homedir: /var/local/re2o-services diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o-service/tasks/main.yml new file mode 100644 index 0000000..3028ce8 --- /dev/null +++ b/roles/re2o-service/tasks/main.yml @@ -0,0 +1,42 @@ +--- +# Create service user +- include_tasks: service_user.yml + +- name: "Clone re2o {{ service_name }} project" + git: + repo: "{{ service_repo }}" + dest: "{{ service_homedir }}/{{ service_name }}" + version: "{{ service_version }}" + become: true + become_user: "{{ service_user }}" + +- name: Configure re2o {{ service_name }} project + ini_file: + path: "{{ service_homedir }}/config.ini" + section: Re2o + option: "{{ item.key }}" + value: "{{ item.value }}" + mode: 0600 + become: true + become_user: "{{ service_user }}" + loop: "{{ service_config|dict2items }}" + +- name: Link config file + file: + src: "{{ service_homedir }}/config.ini" + dest: "{{ service_homedir }}/{{ service_name }}/config.ini" + owner: "{{ service_user }}" + group: nogroup + state: link + +- name: Indicate in motd service location + template: + src: update-motd.d/05-service.j2 + dest: "/etc/update-motd.d/05-re2o-{{ service_name }}" + mode: 0755 + +- name: Indicate in motd service user + template: + src: update-motd.d/06-service-user.j2 + dest: "/etc/update-motd.d/06-service-user" + mode: 0755 diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o-service/tasks/service_user.yml new file mode 100644 index 0000000..389b72e --- /dev/null +++ b/roles/re2o-service/tasks/service_user.yml @@ -0,0 +1,19 @@ +--- +# Having a custom group is useless so use nogroup +- name: "Create {{ service_user }} user" + user: + name: "{{ service_user }}" + group: nogroup + home: "{{ service_homedir }}" + system: true + shell: /bin/false + state: present + +# Only service user should be able to go there +- name: "Secure {{ service_user }} home directory" + file: + path: "{{ service_homedir }}" + state: directory + owner: "{{ service_user }}" + group: nogroup + mode: 0755 diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o-service/templates/update-motd.d/05-service.j2 new file mode 100755 index 0000000..a7b8468 --- /dev/null +++ b/roles/re2o-service/templates/update-motd.d/05-service.j2 @@ -0,0 +1,3 @@ +#!/bin/sh +# {{ ansible_managed }} +echo "✨ Le service re2o {{ service_name }} est dans {{ service_homedir }}/{{ service_name }}." diff --git a/roles/re2o-service/templates/update-motd.d/06-service-user.j2 b/roles/re2o-service/templates/update-motd.d/06-service-user.j2 new file mode 100755 index 0000000..5def259 --- /dev/null +++ b/roles/re2o-service/templates/update-motd.d/06-service-user.j2 @@ -0,0 +1,3 @@ +#!/bin/sh +# {{ ansible_managed }} +echo " Pour y accéder, vous devez impersonifier {{ service_user }}."