diff --git a/bank.yaml b/bank.yaml index c77308d..273fe33 100644 --- a/bank.yaml +++ b/bank.yaml @@ -3,4 +3,5 @@ roles: - common - bank - + vars: + bank_revbank_git: https://github.com/bitlair/revbank.git diff --git a/roles/bank/defaults/main.yaml b/roles/bank/defaults/main.yaml new file mode 100644 index 0000000..136726e --- /dev/null +++ b/roles/bank/defaults/main.yaml @@ -0,0 +1,3 @@ +bank_user: bank +bank_revbank_git: https://github.com/revspace/revbank.git +bank_local_tty: no diff --git a/roles/bank/handlers/main.yaml b/roles/bank/handlers/main.yaml new file mode 100644 index 0000000..68a75c2 --- /dev/null +++ b/roles/bank/handlers/main.yaml @@ -0,0 +1,2 @@ +--- +- import_tasks: ../../common/handlers/main.yaml diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml new file mode 100644 index 0000000..f7cda49 --- /dev/null +++ b/roles/bank/tasks/login.yaml @@ -0,0 +1,52 @@ +--- +- name: Add user + user: + name: bank + password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" + home: /home/{{ bank_user }} + shell: /home/{{ bank_user }}/revbank.git/revbank + update_password: always + +- name: Allow password auth for bank user + blockinfile: + path: /etc/ssh/sshd_config + insertafter: EOF + block: |- + Match User bank + PasswordAuthentication yes + notify: reload sshd + +- name: Clear motd + copy: + content: "" + dest: /etc/motd + +- name: Remove autologin + file: + path: /etc/systemd/system/getty@tty1.service.d/override.conf + state: absent + notify: daemon reload + when: not bank_local_tty + +- when: bank_local_tty + block: + - name: Locate agetty + command: command -v agetty + register: agetty_location_cmd + + - set_fact: + agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}" + + - name: Create getty dir + file: + path: /etc/systemd/system/getty@tty1.service.d + state: directory + + - name: Autologin User + template: + src: tty_autologin.conf + dest: /etc/systemd/system/getty@tty1.service.d/override.conf + owner: root + group: root + mode: 0644 + notify: daemon reload diff --git a/roles/bank/tasks/main.yaml b/roles/bank/tasks/main.yaml index 7cf8a1d..603f1d9 100644 --- a/roles/bank/tasks/main.yaml +++ b/roles/bank/tasks/main.yaml @@ -1,29 +1,6 @@ --- -- tags: bank - block: - - name: Install dependencies - apt: - name: [ libterm-readline-gnu-perl, libcurses-ui-perl ] - state: present +- tags: [ bank, bank_login ] + import_tasks: login.yaml - - name: Add user - user: - name: bank - password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" - home: /home/bank - shell: /home/bank/revbank.git/revbank - update_password: always - - - name: Allow password auth for bank user - blockinfile: - path: /etc/ssh/sshd_config - insertafter: EOF - block: |- - Match User bank - PasswordAuthentication yes - notify: reload sshd - - - name: Clear motd - copy: - content: "" - dest: /etc/motd +- tags: [ bank, bank_revbank ] + import_tasks: revbank.yaml diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml new file mode 100644 index 0000000..f592504 --- /dev/null +++ b/roles/bank/tasks/revbank.yaml @@ -0,0 +1,52 @@ +--- +- name: Install dependencies + apt: + name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] + state: present + +- name: Clone revbank source + git: + repo: "{{ bank_revbank_git }}" + version: master + dest: /home/{{ bank_user }}/revbank.git + accept_hostkey: yes + +- name: Create data files + command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} + args: + creates: /home/{{ bank_user }}/{{ item }} + with_items: + - revbank.accounts + - revbank.market + - revbank.products + +- name: Ensure data file permissions + file: + path: /home/{{ bank_user }}/{{ item }} + state: touch + owner: "{{ bank_user }}" + group: "{{ bank_user }}" + mode: 0644 + with_items: + - revbank.accounts + - revbank.market + - revbank.products + +- name: Link plugins + file: + state: link + path: /home/{{ bank_user }}/{{ item }} + src: /home/{{ bank_user }}/revbank.git/{{ item }} + with_items: + - plugins + - revbank.plugins + +- name: Create git data dir + file: + path: /home/{{ bank_user }}/data.git + state: directory + +- name: Install git cronjob + template: + src: git.cron + dest: /etc/cron.d/revbank-git diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron new file mode 100644 index 0000000..2290e43 --- /dev/null +++ b/roles/bank/templates/git.cron @@ -0,0 +1,4 @@ +SHELL=/bin/bash + +#m h dom mon dow user command + 0 * * * * {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git push --mirror && git gc --auto) diff --git a/roles/bank/templates/tty_autologin.conf b/roles/bank/templates/tty_autologin.conf new file mode 100644 index 0000000..110cf7a --- /dev/null +++ b/roles/bank/templates/tty_autologin.conf @@ -0,0 +1,5 @@ +# Managed by Ansible + +[Service] +ExecStart= +ExecStart=-{{ agetty_location }} --autologin {{ bank_user }} %I $TERM