Initial DHCP re2o service
This commit is contained in:
parent
aab2daf5b7
commit
81ca7a177d
6 changed files with 60 additions and 0 deletions
8
dhcp.yml
Normal file
8
dhcp.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
# Deploy DHCP
|
||||
- hosts: dhcp-pacaterie.adm.auro.re
|
||||
vars:
|
||||
service_repo: https://gitlab.federez.net/re2o/dhcp.git
|
||||
service_name: dhcp
|
||||
roles:
|
||||
- re2o-service
|
3
roles/re2o-service/defaults/main.yml
Normal file
3
roles/re2o-service/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
service_user: re2o-services
|
||||
service_homedir: /var/local/re2o-services
|
24
roles/re2o-service/tasks/main.yml
Normal file
24
roles/re2o-service/tasks/main.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
# Create service user
|
||||
- include_tasks: service_user.yml
|
||||
|
||||
- name: "Clone re2o {{ service_name }} project"
|
||||
git:
|
||||
repo: "{{ service_repo }}"
|
||||
dest: "{{ service_homedir }}/{{ service_name }}"
|
||||
version: master
|
||||
become: true
|
||||
become_user: "{{ service_user }}"
|
||||
|
||||
- name: Indicate in motd service location
|
||||
template:
|
||||
src: update-motd.d/05-service.j2
|
||||
dest: "/etc/update-motd.d/05-re2o-{{ service_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: Indicate in motd service user
|
||||
template:
|
||||
src: update-motd.d/06-service-user.j2
|
||||
dest: "/etc/update-motd.d/06-service-user"
|
||||
mode: 0755
|
||||
|
19
roles/re2o-service/tasks/service_user.yml
Normal file
19
roles/re2o-service/tasks/service_user.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Having a custom group is useless so use nogroup
|
||||
- name: "Create {{ service_user }} user"
|
||||
user:
|
||||
name: "{{ service_user }}"
|
||||
group: nogroup
|
||||
home: "{{ service_homedir }}"
|
||||
system: true
|
||||
shell: /bin/false
|
||||
state: present
|
||||
|
||||
# Only service user should be able to go there
|
||||
- name: "Secure {{ service_user }} home directory"
|
||||
file:
|
||||
path: "{{ service_homedir }}"
|
||||
state: directory
|
||||
owner: "{{ service_user }}"
|
||||
group: nogroup
|
||||
mode: 0700
|
3
roles/re2o-service/templates/update-motd.d/05-service.j2
Executable file
3
roles/re2o-service/templates/update-motd.d/05-service.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
# {{ ansible_managed }}
|
||||
echo "✨ Le service re2o {{ service_name }} est dans {{ service_homedir }}/{{ service_name }}."
|
3
roles/re2o-service/templates/update-motd.d/06-service-user.j2
Executable file
3
roles/re2o-service/templates/update-motd.d/06-service-user.j2
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
# {{ ansible_managed }}
|
||||
echo " Pour y accéder, vous devez impersonifier {{ service_user }}."
|
Loading…
Reference in a new issue