diff --git a/roles/ympc-app/meta/main.yml b/roles/ympc-app/meta/main.yml index 3e93ef7..3ad0de9 100644 --- a/roles/ympc-app/meta/main.yml +++ b/roles/ympc-app/meta/main.yml @@ -4,3 +4,4 @@ dependencies: - { role: nodesource.node } - { role: redis } - { role: nginx } + - { role: ympc-user } diff --git a/roles/ympc-app/tasks/main.yml b/roles/ympc-app/tasks/main.yml index a3d55f6..d9dd05b 100644 --- a/roles/ympc-app/tasks/main.yml +++ b/roles/ympc-app/tasks/main.yml @@ -16,6 +16,13 @@ retries: 5 delay: 2 +- name: update ownership + file: + path={{ APP_INSTALL_PATH }} + owner={{ YMPC_USER }} + group={{ YMPC_USER }} + recurse=yes + - name: deploy config file template: src=config.j2 dest={{ APP_CONFIG_PATH }} diff --git a/roles/ympc-app/templates/systemd-unit.j2 b/roles/ympc-app/templates/systemd-unit.j2 index de8bf1a..6fb7b7c 100644 --- a/roles/ympc-app/templates/systemd-unit.j2 +++ b/roles/ympc-app/templates/systemd-unit.j2 @@ -6,3 +6,5 @@ Environment="YO_PORT={{APP_PORT}}" Environment="YO_APIKEY={{YO_APIKEY}}" Restart=always ExecStart=/usr/bin/node {{ APP_INSTALL_PATH }}/server.js +User={{ YMPC_USER }} +Group={{ YMPC_USER }} diff --git a/roles/ympc-dispatcher/meta/main.yml b/roles/ympc-dispatcher/meta/main.yml index 85620cf..bfd1223 100644 --- a/roles/ympc-dispatcher/meta/main.yml +++ b/roles/ympc-dispatcher/meta/main.yml @@ -3,3 +3,4 @@ dependencies: - { role: systemd } - { role: nodesource.node } - { role: redis } + - { role: ympc-user } diff --git a/roles/ympc-dispatcher/tasks/main.yml b/roles/ympc-dispatcher/tasks/main.yml index ab06d6a..de1c8a2 100644 --- a/roles/ympc-dispatcher/tasks/main.yml +++ b/roles/ympc-dispatcher/tasks/main.yml @@ -16,6 +16,13 @@ retries: 5 delay: 2 +- name: update ownership + file: + path={{ DISPATCHER_INSTALL_PATH }} + owner={{ YMPC_USER }} + group={{ YMPC_USER }} + recurse=yes + - name: deploy config file template: src=config.j2 dest={{ DISPATCHER_CONFIG_PATH }} diff --git a/roles/ympc-dispatcher/templates/systemd-unit.j2 b/roles/ympc-dispatcher/templates/systemd-unit.j2 index 5db0634..6b3691a 100644 --- a/roles/ympc-dispatcher/templates/systemd-unit.j2 +++ b/roles/ympc-dispatcher/templates/systemd-unit.j2 @@ -5,3 +5,5 @@ Description=YOMYPOPCORN Dispatcher Environment="YO_APIKEY={{YO_APIKEY}}" Restart=always ExecStart={{ DISPATCHER_INSTALL_PATH }}/bin/cli.js --debug info +User={{ YMPC_USER }} +Group={{ YMPC_USER }} diff --git a/roles/ympc-kueui/meta/main.yml b/roles/ympc-kueui/meta/main.yml index 85620cf..bfd1223 100644 --- a/roles/ympc-kueui/meta/main.yml +++ b/roles/ympc-kueui/meta/main.yml @@ -3,3 +3,4 @@ dependencies: - { role: systemd } - { role: nodesource.node } - { role: redis } + - { role: ympc-user } diff --git a/roles/ympc-kueui/tasks/main.yml b/roles/ympc-kueui/tasks/main.yml index a6920a5..8371f64 100644 --- a/roles/ympc-kueui/tasks/main.yml +++ b/roles/ympc-kueui/tasks/main.yml @@ -16,6 +16,13 @@ retries: 5 delay: 2 +- name: update ownership + file: + path={{ KUEUI_INSTALL_PATH }} + owner={{ YMPC_USER }} + group={{ YMPC_USER }} + recurse=yes + - name: deploy config file template: src=config.j2 dest={{ KUEUI_CONFIG_PATH }} diff --git a/roles/ympc-kueui/templates/systemd-unit.j2 b/roles/ympc-kueui/templates/systemd-unit.j2 index b0ae4c7..e02bcb5 100644 --- a/roles/ympc-kueui/templates/systemd-unit.j2 +++ b/roles/ympc-kueui/templates/systemd-unit.j2 @@ -4,3 +4,5 @@ Description=YOMYPOPCORN Kue UI [Service] Restart=always ExecStart={{ KUEUI_INSTALL_PATH }}/bin/cli.js --debug info +User={{ YMPC_USER }} +Group={{ YMPC_USER }} diff --git a/roles/ympc-scanner/meta/main.yml b/roles/ympc-scanner/meta/main.yml index 85620cf..bfd1223 100644 --- a/roles/ympc-scanner/meta/main.yml +++ b/roles/ympc-scanner/meta/main.yml @@ -3,3 +3,4 @@ dependencies: - { role: systemd } - { role: nodesource.node } - { role: redis } + - { role: ympc-user } diff --git a/roles/ympc-scanner/tasks/main.yml b/roles/ympc-scanner/tasks/main.yml index c5f2e25..29f4b36 100644 --- a/roles/ympc-scanner/tasks/main.yml +++ b/roles/ympc-scanner/tasks/main.yml @@ -16,6 +16,13 @@ retries: 5 delay: 2 +- name: update ownership + file: + path={{ SCANNER_INSTALL_PATH }} + owner={{ YMPC_USER }} + group={{ YMPC_USER }} + recurse=yes + - name: deploy config file template: src=config.j2 dest={{ SCANNER_CONFIG_PATH }} diff --git a/roles/ympc-scanner/templates/systemd-unit.j2 b/roles/ympc-scanner/templates/systemd-unit.j2 index 455f610..e896792 100644 --- a/roles/ympc-scanner/templates/systemd-unit.j2 +++ b/roles/ympc-scanner/templates/systemd-unit.j2 @@ -4,3 +4,5 @@ Description=YOMYPOPCORN Scanner [Service] Restart=always ExecStart={{ SCANNER_INSTALL_PATH }}/bin/cli.js --debug info +User={{ YMPC_USER }} +Group={{ YMPC_USER }} diff --git a/roles/ympc-user/tasks/main.yml b/roles/ympc-user/tasks/main.yml new file mode 100644 index 0000000..e8df5af --- /dev/null +++ b/roles/ympc-user/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: create user + user: + state=present + name={{ YMPC_USER }} + comment="YOMYPOPCORN apps" + system=yes + home={{ BASE_INSTALL_PATH }} + shell=/bin/false diff --git a/vars.yml b/vars.yml index 8c9f7ca..3355c0b 100644 --- a/vars.yml +++ b/vars.yml @@ -9,7 +9,9 @@ ADMINS: - teuteberg - MathisB -BASE_INSTALL_PATH: /root/yomypopcorn +YMPC_USER: ympc + +BASE_INSTALL_PATH: /opt/yomypopcorn # app APP_SERVICE_NAME: ympc-app