aboutsummaryrefslogtreecommitdiffstats
path: root/roles/doorputer/tasks/lockserver.yml
blob: a9122d1f9ad7fc61d98b43005ccec815bc60d2c2 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
---
- name: Create doorman user
  user:
    comment: 'Doorman Doris'
    name: doorman
    shell: '/bin/bash'
    uid: 3000
    group: users
    groups:
    - dialout
    - gpio

- name: Check out lockserver repo
  git:
    dest: '~doorman/lockserver'
    repo: 'https://github.com/labitat/lockserver.git'
    accept_hostkey: yes
    clone: yes
    update: yes
    remote: origin

- name: Make sure doorman owns git repo
  file:
    dest: '~doorman/lockserver'
    owner: doorman
    group: users
    recurse: yes

- name: Initialize database
  command:
    argv:
    - '/usr/bin/sqlite3'
    - 'users.db'
    - '.read lockserver/structure.sql'
  become_user: doorman
  args:
    chdir: '/home/doorman'
    creates: '/home/doorman/users.db'

- name: Make sure ~doorman/.config exists
  file:
    dest: '~doorman/.config'
    state: directory
    owner: doorman
    group: users
    mode: 0700

- name: Create lockserver.ini
  vars:
    lockserver_conf: '{{ lockserver_conf_role|combine(lockserver_conf_secrets) }}'
  ini_file:
    path: '~doorman/.config/lockserver.ini'
    section: "{{ item.key.split('.',1)[0] }}"
    option:  "{{ item.key.split('.',1)[1] }}"
    value:   "{{ item.value|ternary(item.value,omit) }}"
    state:   "{{ item.value|ternary('present','absent') }}"
    owner: doorman
    group: users
    mode: 0600
  with_dict: '{{ lockserver_conf }}'
  when: lockserver_conf_secrets|length > 0

- name: Install lockserver service
  copy:
    dest: '/etc/systemd/system/lockserver.service'
    src: lockserver.service
    owner: root
    group: root
    mode: 0644
  register: lockserver_service

- name: Reload systemd
  command: systemctl daemon-reload
  when: lockserver_service is changed

- name: Enable lockserver service
  systemd:
    name: lockserver.service
    enabled: yes
    masked: no
    state: started

# vim: set ts=2 sw=2 et: