system: simplify usage of system_user, make it compatible with other …

…collections/roles
artyorsh · Jun 20, 2024 · 1e87b93 · 1e87b93
1 parent 14abdb9
commit 1e87b93
Show file tree

Hide file tree

Showing 11 changed files with 45 additions and 47 deletions.
diff --git a/host_vars/github_ci/vars.yml b/host_vars/github_ci/vars.yml
@@ -1,27 +1,29 @@
 ---
 ansible_user: "runner_42"
 
-system_user_name: "{{ ansible_user }}"
-system_user_password: "test4242"
-system_timezone: "Europe/Amsterdam"
+system_user:
+  name: "{{ ansible_user }}"
+  password: "changeme"
+  group: "{{ ansible_user }}"
+  uid: "4242"
+  gid: "4242"
 
-system_user_uid: "4242"
-system_user_gid: "4242"
+system_timezone: "Europe/Amsterdam"
 
 #################################
 # docker                        #
 #################################
 
 docker_bridge_network_settings:
   network: "docker-network-main"
-  puid: "{{ system_user_uid }}"
-  pgid: "{{ system_user_gid }}"
+  puid: "{{ system_user.uid }}"
+  pgid: "{{ system_user.gid }}"
   tz: "{{ system_timezone }}"
 
 docker_host_network_settings:
   network: "host"
   puid: "host"
-  pgid: "{{ system_user_gid }}"
+  pgid: "{{ system_user.gid }}"
   tz: "{{ system_timezone }}"
 
 # TODO: with this variable being "false", Watchtower installation is ignored, making it not testable
@@ -33,9 +35,7 @@ docker_autoupdate_enabled: false
 #################################
 
 yams_docker_settings: "{{ docker_bridge_network_settings }}"
-yams_user:
-  name: "{{ system_user_name }}"
-  password: "{{ system_user_password }}"
+yams_user: "{{ system_user }}"
 
 immich_port: 3001
 

diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml
@@ -3,8 +3,8 @@
   ansible.builtin.template:
     src: "notify.sh.j2"
     dest: "/etc/glances-notify.sh"
-    owner: "{{ system_user_name }}"
-    group: "{{ system_user_group }}"
+    owner: "{{ system_user.name }}"
+    group: "{{ system_user.group }}"
     mode: "0740"
 
 - name: "Install and configure Glances"

diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml
@@ -7,9 +7,8 @@
   ansible.builtin.include_role:
     name: "geerlingguy.security"
   vars:
-    security_ssh_allowed_users: ["{{ system_user_name }}"]
-    security_sudoers_passwordless: ["{{ system_user_name }}"]
-    security_autoupdate_mail_to: "{{ system_user_email }}"
+    security_ssh_allowed_users: ["{{ system_user.name }}"]
+    security_sudoers_passwordless: ["{{ system_user.name }}"]
 
 - name: "Uninstall UFW"
   ansible.builtin.include_tasks: "uninstall-ufw.yml"

diff --git a/roles/security/tasks/ssh.yml b/roles/security/tasks/ssh.yml
@@ -2,7 +2,7 @@
 - name: "Authorize ssh key"
   when: security_ssh_public_key is defined
   ansible.posix.authorized_key:
-    user: "{{ system_user_name }}"
+    user: "{{ system_user.name }}"
     key: "{{ security_ssh_public_key }}"
 
 - name: "Update ssh.socket ListenStream"

diff --git a/roles/storage/defaults/main.yml b/roles/storage/defaults/main.yml
@@ -1,5 +1,4 @@
 ---
 storage_smb_share_address: "" # e.g "//192.168.0.1/path/to/shared"
-storage_smb_share_user: "{{ system_user_name }}"
-storage_smb_share_password: "{{ system_user_password }}"
+storage_smb_share_user: "{{ system_user }}"
 storage_smb_share_local_dir: "/mnt/data"
diff --git a/roles/storage/tasks/smb.yml b/roles/storage/tasks/smb.yml
@@ -2,22 +2,22 @@
 - name: "Prepare task variables"
   ansible.builtin.set_fact:
     smb_share_permissions: "0740"
-    smb_share_cerdentials_file: "/home/{{ system_user_name }}/.smb"
+    smb_share_cerdentials_file: "/home/{{ system_user.name }}/.smb"
 
 - name: "Ensure media directory exists"
   ansible.builtin.file:
     path: "{{ storage_smb_share_local_dir }}"
-    owner: "{{ system_user_name }}"
-    group: "{{ system_user_group }}"
+    owner: "{{ system_user.name }}"
+    group: "{{ system_user.group }}"
     mode: "{{ smb_share_permissions }}"
     state: "directory"
 
 - name: "Create credentials file"
   ansible.builtin.template:
     src: "smb-credentials.j2"
     dest: "{{ smb_share_cerdentials_file }}"
-    owner: "{{ system_user_name }}"
-    group: "{{ system_user_group }}"
+    owner: "{{ system_user.name }}"
+    group: "{{ system_user.group }}"
     mode: "0440"
 
 - name: "Mount SMB share"
@@ -27,4 +27,4 @@
     path: "{{ storage_smb_share_local_dir }}"
     state: "mounted"
     fstype: "cifs"
-    opts: "credentials={{ smb_share_cerdentials_file }},uid={{ system_user_uid }},gid={{ system_user_gid }},file_mode={{ smb_share_permissions }},dir_mode={{ smb_share_permissions }},sec=ntlmv2,x-systemd.automount"
+    opts: "credentials={{ smb_share_cerdentials_file }},uid={{ system_user.uid }},gid={{ system_user.gid }},file_mode={{ smb_share_permissions }},dir_mode={{ smb_share_permissions }},sec=ntlmv2,x-systemd.automount"
diff --git a/roles/storage/templates/smb-credentials.j2 b/roles/storage/templates/smb-credentials.j2
@@ -1,2 +1,2 @@
-username={{ storage_smb_share_user }}
-password={{ storage_smb_share_password }}
+username={{ storage_smb_share_user.name }}
+password={{ storage_smb_share_user.password }}
diff --git a/roles/system/defaults/main.yml b/roles/system/defaults/main.yml
@@ -2,9 +2,9 @@
 system_locale: "en_US.UTF-8"
 system_timezone: "Etc/UTC"
 
-system_user_name: "{{ ansible_user }}"
-system_user_group: "{{ system_user_name }}"
-system_user_email: "{{ system_user_name }}@example.com"
-
-system_user_uid: "1010"
-system_user_gid: "1010"
+system_user:
+  name: "{{ ansible_user }}"
+  password: "changeme"
+  group: "{{ ansible_user }}"
+  uid: "1010"
+  gid: "1010"
diff --git a/roles/system/tasks/user.yml b/roles/system/tasks/user.yml
@@ -1,26 +1,26 @@
 ---
 - name: "Create a login user"
   ansible.builtin.user:
-    name: "{{ system_user_name }}"
-    password: "{{ system_user_password | string | password_hash('sha512') }}"
-    uid: "{{ system_user_uid }}"
+    name: "{{ system_user.name }}"
+    password: "{{ system_user.password | string | password_hash('sha512') }}"
+    uid: "{{ system_user.uid }}"
     groups:
       - "sudo"
       - "users"
     state: "present"
     append: true
 
-- name: "Ensure group exists: {{ system_user_group }}"
+- name: "Ensure group exists: {{ system_user.group }}"
   ansible.builtin.group:
-    name: "{{ system_user_group }}"
-    gid: "{{ system_user_gid }}"
+    name: "{{ system_user.group }}"
+    gid: "{{ system_user.group }}"
     state: "present"
 
 - name: "Chmod the user home directory"
   ansible.builtin.file:
-    path: "/home/{{ system_user_name }}"
+    path: "/home/{{ system_user.name }}"
     state: "directory"
-    owner: "{{ system_user_name }}"
-    group: "{{ system_user_group }}"
+    owner: "{{ system_user.name }}"
+    group: "{{ system_user.group }}"
     recurse: true
     mode: "0755"
diff --git a/roles/wireguard/tasks/wg-client.yml b/roles/wireguard/tasks/wg-client.yml
@@ -12,8 +12,8 @@
     remote_src: true
     src: "{{ wireguard_client_tunnel_file }}"
     dest: "/etc/wireguard/wg0.conf"
-    owner: "{{ system_user_name }}"
-    group: "{{ system_user_group }}"
+    owner: "{{ system_user.name }}"
+    group: "{{ system_user.group }}"
     mode: "0400"
 
 - name: "Enable and start Wireguard service"

diff --git a/roles/zsh/tasks/zsh.yml b/roles/zsh/tasks/zsh.yml
@@ -5,13 +5,13 @@
     state: "present"
   register: zsh_package_installed
 
-- name: "Set ZSH as default shell for {{ system_user_name }}"
+- name: "Set ZSH as default shell for {{ system_user.name }}"
   block:
     - name: "Write zsh to /etc/shells"
       when: zsh_package_installed.changed
       ansible.builtin.command: "echo $(which zsh) >> /etc/shells"
       changed_when: zsh_package_installed.changed
 
-    - name: "Set ZSH as default shell for {{ system_user_name }}"
-      ansible.builtin.shell: "chsh -s $(which zsh) {{ system_user_name }}"
+    - name: "Set ZSH as default shell for {{ system_user.name }}"
+      ansible.builtin.shell: "chsh -s $(which zsh) {{ system_user.name }}"
       changed_when: zsh_package_installed.changed