mike/infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed some file permission issues

Browse Source
This commit is contained in:
Mike Wilson
2023-02-22 19:36:39 -05:00
parent f4bc174d87
commit b9228588a8
9 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/gitea/files/ssh_shim.sh Normal file
View File

@@ -0,0 +1 @@
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"

30
ansible/roles/gitea/tasks/main.yml
View File

@@ -1,10 +1,27 @@
- name: Create service user - name: Create service user
user: user:
name: "{{ role_name }}" name: git
system: true password_lock: yes
generate_ssh_key: yes
ssh_key_comment: Gitea Host Key
register: service_user register: service_user
become: true become: true
- name: Add user git's ssh key to its own authorized_key file
ansible.posix.authorized_key:
user: git
key: "{{ service_user.ssh_public_key }}"
become: true
- name: Install SSH shim script
copy:
src: ssh_shim.sh
dest: /usr/local/bin/gitea
owner: "{{ service_user.uid }}"
group: "{{ service_user.group }}"
mode: 711
become: true
- name: Create install directory - name: Create install directory
file: file:
path: "{{ install_directory }}/{{ role_name }}" path: "{{ install_directory }}/{{ role_name }}"
@@ -13,15 +30,6 @@
mode: "{{ docker_compose_directory_mask }}" mode: "{{ docker_compose_directory_mask }}"
become: true become: true
- name: Create config directory
file:
path: "{{ data_dir }}/{{ role_name }}"
state: directory
owner: "{{ service_user.uid }}"
group: "{{ service_user.uid }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
- name: Copy docker-compose file to destination - name: Copy docker-compose file to destination
template: template:
src: docker-compose.yml src: docker-compose.yml

18
ansible/roles/gitea/templates/docker-compose.yml
View File

@@ -16,18 +16,24 @@ services:
networks: networks:
- traefik - traefik
- default - default
ports:
- "127.0.0.1:2222:2222"
environment: environment:
- "USER_UID={{ service_user.uid }}" - "USER_UID={{ service_user.uid }}"
- "USER_GID={{ service_user.uid }}" - "USER_GID={{ service_user.group }}"
- GITEA_database__DB_TYPE=postgres - GITEA__database__DB_TYPE=postgres
- GITEA_database__HOST=db:5432 - GITEA__database__HOST=db:5432
- GITEA_database__NAME=gitea - GITEA__database__NAME=gitea
- GITEA_database__USER=gitea - GITEA__database__USER=gitea
- GITEA_database__PASSWD=gitea - GITEA__database__PASSWD=gitea
- GITEA__server__START_SSH_SERVER=true
- GITEA__server__BUILTIN_SSH_SERVER_USER=git
- GITEA__server__SSH_LISTEN_PORT=2222
volumes: volumes:
- "{{ data_dir }}/gitea:/data" - "{{ data_dir }}/gitea:/data"
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /home/git/.ssh:/data/git/.ssh # For SSH passthrough
labels: labels:
traefik.enable: true traefik.enable: true
traefik.http.routers.gitea.rule: "Host(`git.{{ personal_domain }}`)" traefik.http.routers.gitea.rule: "Host(`git.{{ personal_domain }}`)"

1
ansible/roles/lidarr/templates/docker-compose.yml
View File

@@ -15,6 +15,7 @@ services:
- "PUID={{ service_user.uid }}" - "PUID={{ service_user.uid }}"
- "PGID={{ media_gid }}" - "PGID={{ media_gid }}"
- "TZ={{ timezone }}" - "TZ={{ timezone }}"
- "UMASK=002"
volumes: volumes:
- "{{ data_dir }}/{{ role_name }}:/config" - "{{ data_dir }}/{{ role_name }}:/config"
- "{{ media_storage_mnt }}/data:/data" - "{{ media_storage_mnt }}/data:/data"

1
ansible/roles/prowlarr/templates/docker-compose.yml
View File

@@ -15,6 +15,7 @@ services:
- "PUID={{ service_user.uid }}" - "PUID={{ service_user.uid }}"
- "PGID={{ media_gid }}" - "PGID={{ media_gid }}"
- "TZ={{ timezone }}" - "TZ={{ timezone }}"
- "UMASK=002"
volumes: volumes:
- "{{ data_dir }}/{{ role_name }}:/config" - "{{ data_dir }}/{{ role_name }}:/config"
- "{{ media_storage_mnt }}/data:/data" - "{{ media_storage_mnt }}/data:/data"

4
ansible/roles/pve/tasks/media-share.yml
View File

@@ -8,9 +8,7 @@
- name: Set media directory permissions - name: Set media directory permissions
ansible.builtin.file: ansible.builtin.file:
path: "{{ media_storage_mnt }}/data" path: "{{ media_storage_mnt }}/data"
state: directory
owner: "{{ primary_gid }}"
group: media group: media
mode: 0775 mode: "a=,a+rX,u+w,g+w"
recurse: yes recurse: yes
become: true become: true

1
ansible/roles/qbittorrent/templates/docker-compose.yml
View File

@@ -10,6 +10,7 @@ services:
- "PUID={{ service_user.uid }}" - "PUID={{ service_user.uid }}"
- "PGID={{ media_gid }}" - "PGID={{ media_gid }}"
- "TZ={{ timezone }}" - "TZ={{ timezone }}"
- "UMASK=002"
#- DOCKER_MODS=arafatamim/linuxserver-io-mod-vuetorrent #- DOCKER_MODS=arafatamim/linuxserver-io-mod-vuetorrent
volumes: volumes:
- "{{ data_dir }}/{{ role_name }}:/config" - "{{ data_dir }}/{{ role_name }}:/config"

1
ansible/roles/radarr/templates/docker-compose.yml
View File

@@ -18,6 +18,7 @@ services:
- "PUID={{ service_user.uid }}" - "PUID={{ service_user.uid }}"
- "PGID={{ media_gid }}" - "PGID={{ media_gid }}"
- "TZ={{ timezone }}" - "TZ={{ timezone }}"
- "UMASK=002"
volumes: volumes:
- "{{ data_dir }}/{{ role_name }}:/config" - "{{ data_dir }}/{{ role_name }}:/config"
- "{{ media_storage_mnt }}/data:/data" - "{{ media_storage_mnt }}/data:/data"

1
ansible/roles/sonarr/templates/docker-compose.yml
View File

@@ -18,6 +18,7 @@ services:
- "PUID={{ service_user.uid }}" - "PUID={{ service_user.uid }}"
- "PGID={{ media_gid }}" - "PGID={{ media_gid }}"
- "TZ={{ timezone }}" - "TZ={{ timezone }}"
- "UMASK=002"
volumes: volumes:
- "{{ data_dir }}/{{ role_name }}:/config" - "{{ data_dir }}/{{ role_name }}:/config"
- "{{ media_storage_mnt }}/data:/data" - "{{ media_storage_mnt }}/data:/data"