it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set sticky bit (restricted deletion flag) to allow PAM mount as user.

Browse source
This commit is contained in:
Andreas B. Mundt 2023-09-06 08:50:52 +02:00
parent a1e47cf64b
commit b518b9a206
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
roles/lmn_vm/tasks/main.yml
View file

@ -49,25 +49,31 @@
dest: /usr/local/sbin/pam-umount.sh dest: /usr/local/sbin/pam-umount.sh
mode: "0755" mode: "0755"
- name: autostart default network for VMs - name: Autostart default network for VMs
file: file:
src: /etc/libvirt/qemu/networks/default.xml src: /etc/libvirt/qemu/networks/default.xml
dest: /etc/libvirt/qemu/networks/autostart/default.xml dest: /etc/libvirt/qemu/networks/autostart/default.xml
state: link state: link
- name: create system-user syncing VM-files and others - name: Create system-user syncing VM-files and others
ansible.builtin.user: ansible.builtin.user:
name: lmnsynci name: lmnsynci
comment: lmn sync user comment: lmn sync user
system: true system: true
create_home: false create_home: false
- name: create vm directory - name: Create /lmn directory
file: file:
path: /lmn path: /lmn
state: directory state: directory
- name: create vm directory - name: Create /lmn/media directory
file:
path: /lmn/media
state: directory
mode: '1777'
- name: Create vm directory
file: file:
path: /lmn/vm path: /lmn/vm
state: directory state: directory
@ -75,26 +81,26 @@
group: lmnsynci group: lmnsynci
mode: 0755 mode: 0755
- name: install squid - name: Install squid
apt: apt:
name: name:
- squid - squid
state: latest state: latest
autoremove: true autoremove: true
- name: disable squid - name: Disable squid
systemd: systemd:
name: squid name: squid
enabled: false enabled: false
state: stopped state: stopped
- name: deploy squid user mode configuration - name: Deploy squid user mode configuration
template: template:
src: squid-usermode.conf.j2 src: squid-usermode.conf.j2
dest: /etc/squid/squid-usermode.conf dest: /etc/squid/squid-usermode.conf
mode: '0644' mode: '0644'
- name: deploy sudo configurations - name: Deploy sudo configurations
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/sudoers.d/90-{{ item }}" dest: "/etc/sudoers.d/90-{{ item }}"
@ -108,7 +114,7 @@
- lmn-link-images - lmn-link-images
- lmn-startvirtiofsd - lmn-startvirtiofsd
- name: deploy vmimages scripts - name: Deploy vmimages scripts
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: /usr/local/bin/ dest: /usr/local/bin/
@ -178,7 +184,7 @@
- /usr/local/share/desktop-directories - /usr/local/share/desktop-directories
notify: Run update-desktop-database notify: Run update-desktop-database
- name: set owner lmnsynci for menu entry directory - name: Set owner lmnsynci for menu entry directory
file: file:
path: /usr/local/share/applications path: /usr/local/share/applications
state: directory state: directory
@ -196,7 +202,7 @@
dest: /etc/xdg/menus/applications-merged/ dest: /etc/xdg/menus/applications-merged/
notify: Run update-desktop-database notify: Run update-desktop-database
- name: sync .torrent, .xml and .desktop files and run update-desktop-database - name: Sync .torrent, .xml and .desktop files and run update-desktop-database
command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t command: sudo -u lmnsynci /usr/local/bin/sync-vm.sh -t
register: result register: result
changed_when: result.stdout | length > 0 changed_when: result.stdout | length > 0