Initial DHCP re2o service

dhcp.yml

@@ -0,0 +1,8 @@
+---
+# Deploy DHCP
+- hosts: dhcp-pacaterie.adm.auro.re
+  vars:
+    service_repo: https://gitlab.federez.net/re2o/dhcp.git
+    service_name: dhcp
+  roles:
+    - re2o-service

roles/re2o-service/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+service_user: re2o-services
+service_homedir: /var/local/re2o-services

roles/re2o-service/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+# Create service user
+- include_tasks: service_user.yml
+
+- name: "Clone re2o {{ service_name }} project"
+  git:
+    repo: "{{ service_repo }}"
+    dest: "{{ service_homedir }}/{{ service_name }}"
+    version: master
+  become: true
+  become_user: "{{ service_user }}"
+
+- name: Indicate in motd service location
+  template:
+    src: update-motd.d/05-service.j2
+    dest: "/etc/update-motd.d/05-re2o-{{ service_name }}"
+    mode: 0755
+
+- name: Indicate in motd service user
+  template:
+    src: update-motd.d/06-service-user.j2
+    dest: "/etc/update-motd.d/06-service-user"
+    mode: 0755
+

roles/re2o-service/tasks/service_user.yml

@@ -0,0 +1,19 @@
+---
+# Having a custom group is useless so use nogroup
+- name: "Create {{ service_user }} user"
+  user:
+    name: "{{ service_user }}"
+    group: nogroup
+    home: "{{ service_homedir }}"
+    system: true
+    shell: /bin/false
+    state: present
+
+# Only service user should be able to go there
+- name: "Secure {{ service_user }} home directory"
+  file:
+    path: "{{ service_homedir }}"
+    state: directory
+    owner: "{{ service_user }}"
+    group: nogroup
+    mode: 0700

roles/re2o-service/templates/update-motd.d/05-service.j2

@@ -0,0 +1,3 @@
+#!/bin/sh
+# {{ ansible_managed }}
+echo "✨ Le service re2o {{ service_name }} est dans {{ service_homedir }}/{{ service_name }}."

roles/re2o-service/templates/update-motd.d/06-service-user.j2

@@ -0,0 +1,3 @@
+#!/bin/sh
+# {{ ansible_managed }}
+echo "   Pour y accéder, vous devez impersonifier {{ service_user }}."