fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 15:39:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make server profile user configurable

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-03-30 17:55:29 +02:00
parent 51caffbf26
commit 32e0b4cecd
6 changed files with 48 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@@ -140,6 +140,22 @@ Lo stato attuale del profilo server include:
- abilitazione dei servizi systemd dichiarati in inventory/group vars - abilitazione dei servizi systemd dichiarati in inventory/group vars
- copia dei dotfiles server e rendering dei template server - copia dei dotfiles server e rendering dei template server
- attivazione del firewall UFW con regola SSH esplicita - attivazione del firewall UFW con regola SSH esplicita
Utente del profilo server:
- il profilo usa `server_username`, `server_user_group` e `server_user_home` definiti in `ansible/inventory/group_vars/server.yml`
- per default `server_username` eredita `username`, ma puo essere sovrascritto per tutti gli host server via inventory oppure a runtime con extra vars
- esempio override da CLI:
```bash
ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser
```
- se necessario puoi passare anche:
```bash
ansible-playbook ansible/site.yml --limit prometheus -e server_username=myuser -e server_user_group=mygroup -e server_user_home=/srv/myuser
```
--- ---
@@ -294,6 +310,12 @@ ansible-lint ansible/roles
yamllint ansible/ yamllint ansible/
``` ```
Per testare un override dell'utente server senza modificare l'inventory:
```bash
ansible-playbook ansible/site.yml --limit prometheus --check --diff -e server_username=myuser
```
Per validazioni piu mirate: Per validazioni piu mirate:
```bash ```bash

3
ansible/inventory/group_vars/all.yml
View File

@@ -4,6 +4,9 @@ username: fscotto
user_group: fscotto user_group: fscotto
user_home: "/home/{{ username }}" user_home: "/home/{{ username }}"
user_shell: /bin/bash user_shell: /bin/bash
effective_username: "{{ username }}"
effective_user_group: "{{ user_group }}"
effective_user_home: "{{ user_home }}"
xdg_user_directories: xdg_user_directories:
- Desktop - Desktop

9
ansible/inventory/group_vars/server.yml
View File

@@ -1,4 +1,11 @@
--- ---
server_username: "{{ username }}"
server_user_group: "{{ server_username }}"
server_user_home: "/home/{{ server_username }}"
effective_username: "{{ server_username }}"
effective_user_group: "{{ server_user_group }}"
effective_user_home: "{{ server_user_home }}"
profile_packages: profile_packages:
- avahi-daemon - avahi-daemon
- dmidecode - dmidecode
@@ -35,4 +42,4 @@ server_sshd_settings:
PermitRootLogin: "no" PermitRootLogin: "no"
server_sshd_allow_users: server_sshd_allow_users:
- "{{ username }}" - "{{ server_username }}"

16
ansible/roles/dotfiles_common/tasks/main.yml
View File

@@ -8,10 +8,10 @@
- name: Ensure XDG user directories exist - name: Ensure XDG user directories exist
tags: [dotfiles, dotfiles:common] tags: [dotfiles, dotfiles:common]
ansible.builtin.file: ansible.builtin.file:
path: "{{ user_home }}/{{ item }}" path: "{{ effective_user_home }}/{{ item }}"
state: directory state: directory
owner: "{{ username }}" owner: "{{ effective_username }}"
group: "{{ user_group }}" group: "{{ effective_user_group }}"
mode: "0755" mode: "0755"
loop: "{{ xdg_user_directories | default([]) }}" loop: "{{ xdg_user_directories | default([]) }}"
@@ -19,9 +19,9 @@
tags: [dotfiles, dotfiles:common] tags: [dotfiles, dotfiles:common]
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ playbook_dir }}/../dotfiles/common/{{ item.src }}" src: "{{ playbook_dir }}/../dotfiles/common/{{ item.src }}"
dest: "{{ user_home }}/{{ item.dest }}" dest: "{{ effective_user_home }}/{{ item.dest }}"
owner: "{{ username }}" owner: "{{ effective_username }}"
group: "{{ user_group }}" group: "{{ effective_user_group }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
loop: "{{ common_dotfiles | default([]) }}" loop: "{{ common_dotfiles | default([]) }}"
loop_control: loop_control:
@@ -31,7 +31,7 @@
tags: [dotfiles, dotfiles:common] tags: [dotfiles, dotfiles:common]
ansible.builtin.command: ansible.builtin.command:
cmd: "{{ 'batcat' if ansible_facts.os_family == 'Debian' else 'bat' }} cache --build" cmd: "{{ 'batcat' if ansible_facts.os_family == 'Debian' else 'bat' }} cache --build"
become_user: "{{ username }}" become_user: "{{ effective_username }}"
environment: environment:
HOME: "{{ user_home }}" HOME: "{{ effective_user_home }}"
changed_when: false changed_when: false

2
ansible/roles/packages_ubuntu/tasks/main.yml
View File

@@ -202,7 +202,7 @@
- name: Add user to docker group - name: Add user to docker group
tags: [packages] tags: [packages]
ansible.builtin.user: ansible.builtin.user:
name: "{{ username }}" name: "{{ effective_username }}"
groups: docker groups: docker
append: true append: true
when: (ubuntu_docker_packages | default([])) | length > 0 when: (ubuntu_docker_packages | default([])) | length > 0

12
ansible/roles/profile_server/tasks/main.yml
View File

@@ -4,9 +4,9 @@
tags: [dotfiles, dotfiles:server] tags: [dotfiles, dotfiles:server]
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}" src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}"
dest: "{{ user_home }}/{{ item.dest }}" dest: "{{ server_user_home }}/{{ item.dest }}"
owner: "{{ username }}" owner: "{{ server_username }}"
group: "{{ user_group }}" group: "{{ server_user_group }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
loop: "{{ server_dotfiles | default([]) }}" loop: "{{ server_dotfiles | default([]) }}"
loop_control: loop_control:
@@ -16,9 +16,9 @@
tags: [dotfiles, dotfiles:server] tags: [dotfiles, dotfiles:server]
ansible.builtin.template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ user_home }}/{{ item.dest }}" dest: "{{ server_user_home }}/{{ item.dest }}"
owner: "{{ username }}" owner: "{{ server_username }}"
group: "{{ user_group }}" group: "{{ server_user_group }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
loop: "{{ server_templates | default([]) }}" loop: "{{ server_templates | default([]) }}"
loop_control: loop_control: