Make server profile user configurable

2026-05-30 15:39:58 +00:00 · 2026-03-30 17:55:29 +02:00
parent 51caffbf26
commit 32e0b4cecd
6 changed files with 48 additions and 16 deletions
--- a/README.md
+++ b/README.md
@@ -141,6 +141,22 @@ Lo stato attuale del profilo server include:
 - copia dei dotfiles server e rendering dei template server
 - attivazione del firewall UFW con regola SSH esplicita
 Utente del profilo server:
 - il profilo usa `server_username`, `server_user_group` e `server_user_home` definiti in `ansible/inventory/group_vars/server.yml`
 - per default `server_username` eredita `username`, ma puo essere sovrascritto per tutti gli host server via inventory oppure a runtime con extra vars
 - esempio override da CLI:
 ```bash
 ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser
 ```
 - se necessario puoi passare anche:
 ```bash
 ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser -e server_user_group=mygroup -e server_user_home=/srv/myuser
 ```
 ---
 # Composizione della configurazione
@@ -294,6 +310,12 @@ ansible-lint ansible/roles
 yamllint ansible/
 ```
 Per testare un override dell'utente server senza modificare l'inventory:
 ```bash
 ansible-playbook ansible/site.yml --limit prometheus --check --diff -e server_username=myuser
 ```
 Per validazioni piu mirate:
 ```bash
--- a/ansible/inventory/group_vars/all.yml
+++ b/ansible/inventory/group_vars/all.yml
@@ -4,6 +4,9 @@ username: fscotto
 user_group: fscotto
 user_home: "/home/{{ username }}"
 user_shell: /bin/bash
 effective_username: "{{ username }}"
 effective_user_group: "{{ user_group }}"
 effective_user_home: "{{ user_home }}"
 xdg_user_directories:
  - Desktop
--- a/ansible/inventory/group_vars/server.yml
+++ b/ansible/inventory/group_vars/server.yml
@@ -1,4 +1,11 @@
 ---
 server_username: "{{ username }}"
 server_user_group: "{{ server_username }}"
 server_user_home: "/home/{{ server_username }}"
 effective_username: "{{ server_username }}"
 effective_user_group: "{{ server_user_group }}"
 effective_user_home: "{{ server_user_home }}"
 profile_packages:
  - avahi-daemon
  - dmidecode
@@ -35,4 +42,4 @@ server_sshd_settings:
  PermitRootLogin: "no"
 server_sshd_allow_users:
-  - "{{ username }}"
+  - "{{ server_username }}"
--- a/ansible/roles/dotfiles_common/tasks/main.yml
+++ b/ansible/roles/dotfiles_common/tasks/main.yml
@@ -8,10 +8,10 @@
 - name: Ensure XDG user directories exist
  tags: [dotfiles, dotfiles:common]
  ansible.builtin.file:
-    path: "{{ user_home }}/{{ item }}"
+    path: "{{ effective_user_home }}/{{ item }}"
    state: directory
-    owner: "{{ username }}"
+    owner: "{{ effective_username }}"
-    group: "{{ user_group }}"
+    group: "{{ effective_user_group }}"
    mode: "0755"
  loop: "{{ xdg_user_directories | default([]) }}"
@@ -19,9 +19,9 @@
  tags: [dotfiles, dotfiles:common]
  ansible.builtin.copy:
    src: "{{ playbook_dir }}/../dotfiles/common/{{ item.src }}"
-    dest: "{{ user_home }}/{{ item.dest }}"
+    dest: "{{ effective_user_home }}/{{ item.dest }}"
-    owner: "{{ username }}"
+    owner: "{{ effective_username }}"
-    group: "{{ user_group }}"
+    group: "{{ effective_user_group }}"
    mode: "{{ item.mode }}"
  loop: "{{ common_dotfiles | default([]) }}"
  loop_control:
@@ -31,7 +31,7 @@
  tags: [dotfiles, dotfiles:common]
  ansible.builtin.command:
    cmd: "{{ 'batcat' if ansible_facts.os_family == 'Debian' else 'bat' }} cache --build"
-  become_user: "{{ username }}"
+  become_user: "{{ effective_username }}"
  environment:
-    HOME: "{{ user_home }}"
+    HOME: "{{ effective_user_home }}"
  changed_when: false
--- a/ansible/roles/packages_ubuntu/tasks/main.yml
+++ b/ansible/roles/packages_ubuntu/tasks/main.yml
@@ -202,7 +202,7 @@
 - name: Add user to docker group
  tags: [packages]
  ansible.builtin.user:
-    name: "{{ username }}"
+    name: "{{ effective_username }}"
    groups: docker
    append: true
  when: (ubuntu_docker_packages | default([])) | length > 0
--- a/ansible/roles/profile_server/tasks/main.yml
+++ b/ansible/roles/profile_server/tasks/main.yml
@@ -4,9 +4,9 @@
  tags: [dotfiles, dotfiles:server]
  ansible.builtin.copy:
    src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}"
-    dest: "{{ user_home }}/{{ item.dest }}"
+    dest: "{{ server_user_home }}/{{ item.dest }}"
-    owner: "{{ username }}"
+    owner: "{{ server_username }}"
-    group: "{{ user_group }}"
+    group: "{{ server_user_group }}"
    mode: "{{ item.mode }}"
  loop: "{{ server_dotfiles | default([]) }}"
  loop_control:
@@ -16,9 +16,9 @@
  tags: [dotfiles, dotfiles:server]
  ansible.builtin.template:
    src: "{{ item.src }}"
-    dest: "{{ user_home }}/{{ item.dest }}"
+    dest: "{{ server_user_home }}/{{ item.dest }}"
-    owner: "{{ username }}"
+    owner: "{{ server_username }}"
-    group: "{{ user_group }}"
+    group: "{{ server_user_group }}"
    mode: "{{ item.mode }}"
  loop: "{{ server_templates | default([]) }}"
  loop_control: