From 32e0b4cecdc03050d08405a5247abb6798c6d2e1 Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Mon, 30 Mar 2026 17:55:29 +0200 Subject: [PATCH] Make server profile user configurable --- README.md | 22 ++++++++++++++++++++ ansible/inventory/group_vars/all.yml | 3 +++ ansible/inventory/group_vars/server.yml | 9 +++++++- ansible/roles/dotfiles_common/tasks/main.yml | 16 +++++++------- ansible/roles/packages_ubuntu/tasks/main.yml | 2 +- ansible/roles/profile_server/tasks/main.yml | 12 +++++------ 6 files changed, 48 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 6c4082f..c57e858 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,22 @@ Lo stato attuale del profilo server include: - abilitazione dei servizi systemd dichiarati in inventory/group vars - copia dei dotfiles server e rendering dei template server - attivazione del firewall UFW con regola SSH esplicita + +Utente del profilo server: + +- il profilo usa `server_username`, `server_user_group` e `server_user_home` definiti in `ansible/inventory/group_vars/server.yml` +- per default `server_username` eredita `username`, ma puo essere sovrascritto per tutti gli host server via inventory oppure a runtime con extra vars +- esempio override da CLI: + +```bash +ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser +``` + +- se necessario puoi passare anche: + +```bash +ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser -e server_user_group=mygroup -e server_user_home=/srv/myuser +``` --- @@ -294,6 +310,12 @@ ansible-lint ansible/roles yamllint ansible/ ``` +Per testare un override dell'utente server senza modificare l'inventory: + +```bash +ansible-playbook ansible/site.yml --limit prometheus --check --diff -e server_username=myuser +``` + Per validazioni piu mirate: ```bash diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml index 969aad3..3839726 100644 --- a/ansible/inventory/group_vars/all.yml +++ b/ansible/inventory/group_vars/all.yml @@ -4,6 +4,9 @@ username: fscotto user_group: fscotto user_home: "/home/{{ username }}" user_shell: /bin/bash +effective_username: "{{ username }}" +effective_user_group: "{{ user_group }}" +effective_user_home: "{{ user_home }}" xdg_user_directories: - Desktop diff --git a/ansible/inventory/group_vars/server.yml b/ansible/inventory/group_vars/server.yml index cafef65..a6ffbc2 100644 --- a/ansible/inventory/group_vars/server.yml +++ b/ansible/inventory/group_vars/server.yml @@ -1,4 +1,11 @@ --- +server_username: "{{ username }}" +server_user_group: "{{ server_username }}" +server_user_home: "/home/{{ server_username }}" +effective_username: "{{ server_username }}" +effective_user_group: "{{ server_user_group }}" +effective_user_home: "{{ server_user_home }}" + profile_packages: - avahi-daemon - dmidecode @@ -35,4 +42,4 @@ server_sshd_settings: PermitRootLogin: "no" server_sshd_allow_users: - - "{{ username }}" + - "{{ server_username }}" diff --git a/ansible/roles/dotfiles_common/tasks/main.yml b/ansible/roles/dotfiles_common/tasks/main.yml index d0ea112..13e50df 100644 --- a/ansible/roles/dotfiles_common/tasks/main.yml +++ b/ansible/roles/dotfiles_common/tasks/main.yml @@ -8,10 +8,10 @@ - name: Ensure XDG user directories exist tags: [dotfiles, dotfiles:common] ansible.builtin.file: - path: "{{ user_home }}/{{ item }}" + path: "{{ effective_user_home }}/{{ item }}" state: directory - owner: "{{ username }}" - group: "{{ user_group }}" + owner: "{{ effective_username }}" + group: "{{ effective_user_group }}" mode: "0755" loop: "{{ xdg_user_directories | default([]) }}" @@ -19,9 +19,9 @@ tags: [dotfiles, dotfiles:common] ansible.builtin.copy: src: "{{ playbook_dir }}/../dotfiles/common/{{ item.src }}" - dest: "{{ user_home }}/{{ item.dest }}" - owner: "{{ username }}" - group: "{{ user_group }}" + dest: "{{ effective_user_home }}/{{ item.dest }}" + owner: "{{ effective_username }}" + group: "{{ effective_user_group }}" mode: "{{ item.mode }}" loop: "{{ common_dotfiles | default([]) }}" loop_control: @@ -31,7 +31,7 @@ tags: [dotfiles, dotfiles:common] ansible.builtin.command: cmd: "{{ 'batcat' if ansible_facts.os_family == 'Debian' else 'bat' }} cache --build" - become_user: "{{ username }}" + become_user: "{{ effective_username }}" environment: - HOME: "{{ user_home }}" + HOME: "{{ effective_user_home }}" changed_when: false diff --git a/ansible/roles/packages_ubuntu/tasks/main.yml b/ansible/roles/packages_ubuntu/tasks/main.yml index 40d9b37..ff811aa 100644 --- a/ansible/roles/packages_ubuntu/tasks/main.yml +++ b/ansible/roles/packages_ubuntu/tasks/main.yml @@ -202,7 +202,7 @@ - name: Add user to docker group tags: [packages] ansible.builtin.user: - name: "{{ username }}" + name: "{{ effective_username }}" groups: docker append: true when: (ubuntu_docker_packages | default([])) | length > 0 diff --git a/ansible/roles/profile_server/tasks/main.yml b/ansible/roles/profile_server/tasks/main.yml index 0468688..d2d3903 100644 --- a/ansible/roles/profile_server/tasks/main.yml +++ b/ansible/roles/profile_server/tasks/main.yml @@ -4,9 +4,9 @@ tags: [dotfiles, dotfiles:server] ansible.builtin.copy: src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}" - dest: "{{ user_home }}/{{ item.dest }}" - owner: "{{ username }}" - group: "{{ user_group }}" + dest: "{{ server_user_home }}/{{ item.dest }}" + owner: "{{ server_username }}" + group: "{{ server_user_group }}" mode: "{{ item.mode }}" loop: "{{ server_dotfiles | default([]) }}" loop_control: @@ -16,9 +16,9 @@ tags: [dotfiles, dotfiles:server] ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ user_home }}/{{ item.dest }}" - owner: "{{ username }}" - group: "{{ user_group }}" + dest: "{{ server_user_home }}/{{ item.dest }}" + owner: "{{ server_username }}" + group: "{{ server_user_group }}" mode: "{{ item.mode }}" loop: "{{ server_templates | default([]) }}" loop_control: