Use homeassistant_become and homeassistant_become_user variables
This commit is contained in:
parent
3a4e7c0e24
commit
4526839207
|
@ -1,4 +1,7 @@
|
||||||
---
|
---
|
||||||
|
homeassistant_become: true
|
||||||
|
homeassistant_become_user: root
|
||||||
|
|
||||||
homeassistant_dir: /srv/homeassistant
|
homeassistant_dir: /srv/homeassistant
|
||||||
is_a_raspberrypi: false
|
is_a_raspberrypi: false
|
||||||
|
|
||||||
|
|
|
@ -1,97 +1,102 @@
|
||||||
---
|
---
|
||||||
- name: install homeassistant dependencies
|
- block:
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- autoconf
|
|
||||||
- build-essential
|
|
||||||
- libffi-dev
|
|
||||||
- libopenjp2-7
|
|
||||||
- libssl-dev
|
|
||||||
- libtiff5
|
|
||||||
- python3
|
|
||||||
- python3-dev
|
|
||||||
- python3-pip
|
|
||||||
- virtualenv
|
|
||||||
update_cache: true
|
|
||||||
cache_valid_time: 3600
|
|
||||||
|
|
||||||
- name: ensure homeassistant group exits
|
- name: install homeassistant dependencies
|
||||||
group:
|
apt:
|
||||||
name: homeassistant
|
name:
|
||||||
system: true
|
- autoconf
|
||||||
|
- build-essential
|
||||||
|
- libffi-dev
|
||||||
|
- libopenjp2-7
|
||||||
|
- libssl-dev
|
||||||
|
- libtiff5
|
||||||
|
- python3
|
||||||
|
- python3-dev
|
||||||
|
- python3-pip
|
||||||
|
- virtualenv
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
|
||||||
- name: ensure homeassistant user exists and has restrictive settings
|
- name: ensure homeassistant group exits
|
||||||
user:
|
group:
|
||||||
name: homeassistant
|
name: homeassistant
|
||||||
groups: homeassistant
|
system: true
|
||||||
password: "*"
|
|
||||||
home: "{{ homeassistant_dir }}"
|
|
||||||
system: true
|
|
||||||
shell: /usr/sbin/nologin
|
|
||||||
|
|
||||||
- name: get available groups
|
- name: ensure homeassistant user exists and has restrictive settings
|
||||||
getent:
|
user:
|
||||||
database: group
|
name: homeassistant
|
||||||
|
groups: homeassistant
|
||||||
|
password: "*"
|
||||||
|
home: "{{ homeassistant_dir }}"
|
||||||
|
system: true
|
||||||
|
shell: /usr/sbin/nologin
|
||||||
|
|
||||||
- name: add homeassistant user to ssl-cert group
|
- name: get available groups
|
||||||
user:
|
getent:
|
||||||
name: homeassistant
|
database: group
|
||||||
groups: ssl-cert
|
|
||||||
append: true
|
|
||||||
become: true
|
|
||||||
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
|
|
||||||
|
|
||||||
- name: add homeassistant user to dialout, gpio and i2c groups
|
- name: add homeassistant user to ssl-cert group
|
||||||
user:
|
user:
|
||||||
name: homeassistant
|
name: homeassistant
|
||||||
groups: dialout,gpio,i2c
|
groups: ssl-cert
|
||||||
append: true
|
append: true
|
||||||
when: is_a_raspberrypi
|
become: true
|
||||||
|
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
|
||||||
|
|
||||||
- name: install wheel and homeassistant inside a virtualenv
|
- name: add homeassistant user to dialout, gpio and i2c groups
|
||||||
pip:
|
user:
|
||||||
name:
|
name: homeassistant
|
||||||
- wheel
|
groups: dialout,gpio,i2c
|
||||||
- homeassistant
|
append: true
|
||||||
virtualenv: "{{ homeassistant_dir }}"
|
when: is_a_raspberrypi
|
||||||
|
|
||||||
- name: ensure homeassistant owns "{{ homeassistant_dir }}"
|
- name: install wheel and homeassistant inside a virtualenv
|
||||||
file:
|
pip:
|
||||||
path: "{{ homeassistant_dir }}"
|
name:
|
||||||
state: directory
|
- wheel
|
||||||
recurse: true
|
- homeassistant
|
||||||
owner: homeassistant
|
virtualenv: "{{ homeassistant_dir }}"
|
||||||
group: homeassistant
|
|
||||||
|
|
||||||
- name: install homeassistant systemd unit file
|
- name: ensure homeassistant owns "{{ homeassistant_dir }}"
|
||||||
template:
|
file:
|
||||||
src: etc/systemd/system/homeassistant.service.j2
|
path: "{{ homeassistant_dir }}"
|
||||||
dest: /etc/systemd/system/homeassistant.service
|
state: directory
|
||||||
notify:
|
recurse: true
|
||||||
- systemctl daemon-reload
|
owner: homeassistant
|
||||||
|
group: homeassistant
|
||||||
|
|
||||||
- name: systemctl enable homeassistant
|
- name: install homeassistant systemd unit file
|
||||||
systemd:
|
template:
|
||||||
name: homeassistant
|
src: etc/systemd/system/homeassistant.service.j2
|
||||||
enabled: true
|
dest: /etc/systemd/system/homeassistant.service
|
||||||
|
notify:
|
||||||
|
- systemctl daemon-reload
|
||||||
|
|
||||||
- name: ensure homeassistant is running
|
- name: systemctl enable homeassistant
|
||||||
systemd:
|
systemd:
|
||||||
name: homeassistant
|
name: homeassistant
|
||||||
state: started
|
enabled: true
|
||||||
|
|
||||||
- name: Wait for port 8123
|
- name: ensure homeassistant is running
|
||||||
wait_for:
|
systemd:
|
||||||
port: 8123
|
name: homeassistant
|
||||||
delay: 10
|
state: started
|
||||||
|
|
||||||
- name: add custom TLS settings in configuration.yaml
|
- name: Wait for port 8123
|
||||||
blockinfile:
|
wait_for:
|
||||||
path: /srv/homeassistant/.homeassistant/configuration.yaml
|
port: 8123
|
||||||
marker: "# {mark} ANSIBLE TLS SETTINGS"
|
delay: 10
|
||||||
block: |
|
|
||||||
http:
|
- name: add custom TLS settings in configuration.yaml
|
||||||
ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
|
blockinfile:
|
||||||
ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
|
path: /srv/homeassistant/.homeassistant/configuration.yaml
|
||||||
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
|
marker: "# {mark} ANSIBLE TLS SETTINGS"
|
||||||
notify: systemctl restart homeassistant
|
block: |
|
||||||
|
http:
|
||||||
|
ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
|
||||||
|
ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
|
||||||
|
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
|
||||||
|
notify: systemctl restart homeassistant
|
||||||
|
|
||||||
|
become: "{{ homeassistant_become }}"
|
||||||
|
become_user: "{{ homeassistant_become_user }}"
|
||||||
|
|
Loading…
Reference in a new issue