import readability

2021-10-03 02:21:43 -04:00 · 2021-10-03 02:21:43 -04:00 · 81e2def541
parent 1c3cb51b21
commit 81e2def541
5 changed files with 42 additions and 33 deletions
--- a/roles/ftp/tasks/main.yml
+++ b/roles/ftp/tasks/main.yml
@ -18,13 +18,13 @@
    group: root
    mode: "{{ item.mode }}"
  loop:
-    - { src: blacklist.dat, dest: blacklist.dat, mode: "644" }
-    - { src: ldap.conf, dest: ldap.conf, mode: "600" }
-    - { src: modules.conf, dest: modules.conf, mode: "644" }
-    - { src: proftpd.conf, dest: proftpd.conf, mode: "644" }
-    - { src: sql.conf, dest: sql.conf, mode: "600" }
-    - { src: tls.conf, dest: tls.conf, mode: "644" }
-    - { src: virtuals.conf, dest: virtuals.conf, mode: "644" }
+    - { src: blacklist.dat, dest: blacklist.dat,  mode: "644" }
+    - { src: ldap.conf,     dest: ldap.conf,      mode: "600" }
+    - { src: modules.conf,  dest: modules.conf,   mode: "644" }
+    - { src: proftpd.conf,  dest: proftpd.conf,   mode: "644" }
+    - { src: sql.conf,      dest: sql.conf,       mode: "600" }
+    - { src: tls.conf,      dest: tls.conf,       mode: "644" }
+    - { src: virtuals.conf, dest: virtuals.conf,  mode: "644" }

 - name: create dhparams.pem
  # will not regenerated every playbook run
@ -33,7 +33,7 @@
      openssl dhparam 
      -outform PEM -2|-5 
      1024|1536|2048|3072|4096|6144|7680|8192 
-      >> /etc/proftpd/dhparams.pem
+      > /etc/proftpd/dhparams.pem
    creates: /etc/proftpd/dhparams.pem

 - name: restart and enable proftpd
--- a/roles/mirror/tasks/main.yml
+++ b/roles/mirror/tasks/main.yml
@ -60,13 +60,13 @@
    chdir: "/mirror/merlin/bin"
    creates: "/mirror/merlin/bin/{{ item.dest }}"
  loop:
-    - { src: busybox, dest: cd }
-    - { src: busybox, dest: cp }
-    - { src: busybox, dest: ln }
-    - { src: busybox, dest: ls }
-    - { src: busybox, dest: rm }
-    - { src: busybox, dest: sh }
-    - { src: busybox, dest: sleep }
+    - { src: busybox,   dest: cd }
+    - { src: busybox,   dest: cp }
+    - { src: busybox,   dest: ln }
+    - { src: busybox,   dest: ls }
+    - { src: busybox,   dest: rm }
+    - { src: busybox,   dest: sh }
+    - { src: busybox,   dest: sleep }
    - { src: ../arthur, dest: arthur }

  # https://tldp.org/LDP/lfs/LFS-BOOK-6.1.1-HTML/chapter06/devices.html
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -26,10 +26,10 @@
    group: root
    mode: "{{ item.mode }}"
  loop:
-    - { src: nginx.conf, dest: nginx.conf, mode: "0644" }
-    - { src: mime.types, dest: mime.types, mode: "0644" }
-    - { src: includes/, dest: includes, mode: "0755" }
-    - { src: sites-available/, dest: sites-available, mode: "0755" }
+    - { src: nginx.conf,        dest: nginx.conf,       mode: "0644" }
+    - { src: mime.types,        dest: mime.types,       mode: "0644" }
+    - { src: includes/,         dest: includes,         mode: "0755" }
+    - { src: sites-available/,  dest: sites-available,  mode: "0755" }

 - name: Make new sites-enabled
  file:
--- a/roles/rsync/tasks/main.yml
+++ b/roles/rsync/tasks/main.yml
@ -17,8 +17,8 @@
    group: root
    mode: "0644"
  loop:
-    - { src: "rsyncd.conf", dest: "rsyncd.conf" } 
-    - { src: "rsyncd-filter.conf", dest: "rsyncd-filter.conf" } 
+    - { src: "rsyncd.conf",         dest: "rsyncd.conf" } 
+    - { src: "rsyncd-filter.conf",  dest: "rsyncd-filter.conf" } 

 - name: restart and enable rsync
  systemd:
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@ -3,24 +3,33 @@
    name: "{{ item.group }}"
    gid: "{{ item.gid }}"
  loop:
-    - { group: local, gid: 1000 }
-    - { group: mirror, gid: 1001 }
-    - { group: push, gid: 1002 }
-    - { group: syscom, gid: 10001 }
-    - { group: csc-mirror, gid: 10014 }
+    - { group: local,       gid: 1000 }
+    - { group: mirror,      gid: 1001 }
+    - { group: push,        gid: 1002 }
+    - { group: syscom,      gid: 10001 }
+    - { group: csc-mirror,  gid: 10014 }

- name: create users 
+- name: create push user
+  # push home should be /
+  user:
+    uid: 1002
+    name: push
+    group: push
+    shell: /bin/sh
+    create_home: no
+
+- name: create other users
+  # syscom and csc-mirror homes are on /users
  user:
-    name: "{{ item.user }}"
-    shell: "{{ item.shell }}"
    uid: "{{ item.uid }}"
+    name: "{{ item.user }}"
    group: "{{ item.user }}"
+    shell: /bin/bash
    create_home: "{{ item.home }}"
  loop:
-    - { user: local, uid: 1000 }
-    - { user: mirror, uid: 1001 }
-    - { user: push, uid: 1002, shell: /bin/sh }
-    - { user: syscom, uid: 10001, home: no }
+    - { user: local,      uid: 1000,  home: yes }
+    - { user: mirror,     uid: 1001,  home: yes }
+    - { user: syscom,     uid: 10001, home: no }
    - { user: csc-mirror, uid: 10014, home: no }

 - name: add mirror to push group