--- # samba/nfs-api/tasks/main.yml - name: ensure the deploy key is available copy: src: "{{ nfs_api_deploy_key }}" dest: /root/.ssh/nfsapi owner: root group: root mode: 0600 tags: - user-scripts - nfsapi - webservices # https://github.com/ansible/ansible/issues/27699 - name: ensure fucking git module is able to clone command: mount -o remount,exec /tmp tags: - userscripts - nfsapi - webservices - name: ensure we have the program git: repo: git@git.fsmpi.rwth-aachen.de:infra/user-scripts.git dest: "{{ nfs_api_web_root }}/program" accept_hostkey: True # TODO remove this key_file: /root/.ssh/nfsapi notify: - restart uwsgi for nfsapi tags: - userscripts - nfsapi - webservices - name: ensure fucking git module is not able to clone anymore command: mount -o remount,noexec /tmp tags: - userscripts - nfsapi - webservices - name: ensure we have a virtualenv pip: requirements: "{{ nfs_api_web_root }}/program/requirements-nfs.txt" virtualenv: "{{ nfs_api_web_root }}/program/venv" virtualenv_python: python3 notify: - restart uwsgi for nfsapi tags: - userscripts - nfsapi - webservices - name: ensure we have our config template: src: config.py dest: "{{nfs_api_web_root}}/program/config.py" owner: root group: nfsapi mode: 0640 notify: - restart uwsgi for nfsapi tags: - userscripts - nfsapi - webservices - name: ensure nfsapi can create homedirs template: src: sudoers dest: /etc/sudoers.d/nfsapi owner: root group: root mode: 0440 tags: - sudo - usercripts - nfsapi - webservices - name: check the sudo config command: visudo -q -c -f /etc/sudoers changed_when: no tags: - sudo - userscripts - nfsapi - webservices - name: ensure we have a unit file copy: src: nfsapi.service dest: /etc/systemd/system/nfsapi.service owner: root group: root mode: 0644 notify: - reload systemd service files - restart uwsgi for nfsapi tags: - userscripts - nfsapi - webservices - meta: flush_handlers - name: ensure the service is enabled systemd: name=nfsapi enabled=yes tags: - userscripts - nfsapi - webservices