From 30ae977365d6b8ab1c309f5f18589b803f82a45f Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Sat, 26 Dec 2020 16:02:45 +0100
Subject: [PATCH] [home] add role to deploy home creation script

---
 roles/home/tasks/main.yml              | 46 ++++++++++++++++++++++++++
 roles/home/templates/cron.d/home.j2    |  2 ++
 roles/home/templates/home/config.py.j2 | 10 ++++++
 3 files changed, 58 insertions(+)
 create mode 100644 roles/home/tasks/main.yml
 create mode 100644 roles/home/templates/cron.d/home.j2
 create mode 100644 roles/home/templates/home/config.py.j2

diff --git a/roles/home/tasks/main.yml b/roles/home/tasks/main.yml
new file mode 100644
index 00000000..019fb9e0
--- /dev/null
+++ b/roles/home/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+- name: Install home dependencies
+  apt:
+    update_cache: true
+    install_recommends: false
+    name:
+      - python3-ldap
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Create dns directory
+  file:
+    path: /var/local/home
+    state: directory
+    mode: '2775'
+    owner: root
+    group: nounou
+
+- name: Set ACL for dns directory
+  acl:
+    path: /var/local/home
+    default: true
+    entity: nounou
+    etype: group
+    permissions: rwx
+    state: query
+
+- name: Clone dns repository
+  git:
+    repo: 'http://gitlab.adm.crans.org/nounous/home.git'
+    dest: /var/local/home
+    umask: '002'
+
+- name: Deploy re2o config
+  template:
+    src: dns/config.py.j2
+    dest: /var/local/home/config.py
+    mode: 0600
+    owner: root
+    group: root
+
+- name: Deploy cron for dns
+  template:
+    src: cron.d/home.j2
+    dest: /etc/cron.d/home
diff --git a/roles/home/templates/cron.d/home.j2 b/roles/home/templates/cron.d/home.j2
new file mode 100644
index 00000000..f26e2e46
--- /dev/null
+++ b/roles/home/templates/cron.d/home.j2
@@ -0,0 +1,2 @@
+{{ ansible_header | comment }}
+* * * * * root /usr/bin/python3 /var/local/home/main.py
diff --git a/roles/home/templates/home/config.py.j2 b/roles/home/templates/home/config.py.j2
new file mode 100644
index 00000000..457b0293
--- /dev/null
+++ b/roles/home/templates/home/config.py.j2
@@ -0,0 +1,10 @@
+{{ ansible_header | comment }}
+
+ldap_server = 'ldap://re2o-ldap.adm.crans.org'
+binddn = 'cn=home,ou=service-users,dc=crans,dc=org'
+password = '{{ home.ldap_password }}'
+rootdn = 'cn=Utilisateurs,dc=crans,dc=org'
+home_dir = '/pool/home'
+mail_dir = '/pool/mail'
+home_quota = 'zfs set userquota@{user}=30G pool/home'
+mail_quota = 'zfs set userquota@{user}=10G pool/mail'
-- 
GitLab