From 8e5b9f6b30955d536612de12b28700aa1ffadd24 Mon Sep 17 00:00:00 2001 From: polyfloyd Date: Fri, 16 May 2025 17:35:47 +0200 Subject: [PATCH] music/trollibox: Run as a distinct user --- roles/music/defaults/main.yaml | 1 + roles/music/handlers/main.yaml | 2 +- roles/music/tasks/trollibox.yaml | 30 ++++++++++++++++--------- roles/music/templates/trollibox.service | 3 +-- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml index 40cc34e..d08ae0b 100644 --- a/roles/music/defaults/main.yaml +++ b/roles/music/defaults/main.yaml @@ -1,6 +1,7 @@ music_audio_user: audio music_audio_group: audio music_librespot_user: librespot +music_trollibox_user: trollibox music_pulse_server: /tmp/pipewire-pulse-socket diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 19193d6..d4465ab 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -8,7 +8,7 @@ state: restarted daemon_reload: true -- name: Restart trollibox +- name: restart trollibox ansible.builtin.systemd: name: trollibox state: restarted diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 0b20b4a..34b3df2 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,4 +1,10 @@ --- +- name: Create trollibox user + user: + name: "{{ music_trollibox_user }}" + system: true + home: /var/lib/trollibox + - name: Install Trollibox config ansible.builtin.template: src: trollibox.yaml @@ -6,27 +12,29 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Get latest Trollibox version from Github API - ansible.builtin.get_url: + uri: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" - dest: "/tmp/_ansible_trollibox_latest_release.json" + return_content: true + register: response + changed_when: false + check_mode: false + failed_when: "response is failed or 'json' not in response" -- name: Get download url - ansible.builtin.shell: - cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name - | contains("linux-amd64")) | .browser_download_url -r - register: "trollibox_download_url" +- name: Format trollibox latest version + set_fact: + trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}" - name: Download Trollibox ansible.builtin.unarchive: - src: "{{ trollibox_download_url.stdout }}" + src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz" remote_src: yes dest: /usr/local/bin include: [ trollibox ] mode: "0755" - notify: Restart trollibox + notify: restart trollibox - name: Install service file ansible.builtin.template: @@ -35,7 +43,7 @@ owner: root group: root mode: "0644" - notify: Restart trollibox + notify: restart trollibox - name: Enable Trollibox ansible.builtin.systemd: diff --git a/roles/music/templates/trollibox.service b/roles/music/templates/trollibox.service index ddddd2f..66d581d 100644 --- a/roles/music/templates/trollibox.service +++ b/roles/music/templates/trollibox.service @@ -10,8 +10,7 @@ Type=simple Restart=always RestartSec=2s ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml -User={{ music_audio_user }} -Group={{ music_audio_user }} +User={{ music_trollibox_user }} [Install] WantedBy=multi-user.target