Use homeassistant_become and homeassistant_become_user variables

2021-05-28 00:38:38 +02:00 · 2021-05-28 00:38:38 +02:00 · 4526839207
parent 3a4e7c0e24
commit 4526839207
2 changed files with 92 additions and 84 deletions
--- a/roles/homeassistant/defaults/main.yml
+++ b/roles/homeassistant/defaults/main.yml
@ -1,4 +1,7 @@
 ---
 homeassistant_become: true
 homeassistant_become_user: root
 homeassistant_dir: /srv/homeassistant
 is_a_raspberrypi: false
--- a/roles/homeassistant/tasks/main.yml
+++ b/roles/homeassistant/tasks/main.yml
@ -1,97 +1,102 @@
 ---
- name: install homeassistant dependencies
+- block:
  apt:
    name:
      - autoconf
      - build-essential
      - libffi-dev
      - libopenjp2-7
      - libssl-dev
      - libtiff5
      - python3
      - python3-dev
      - python3-pip
      - virtualenv
    update_cache: true
    cache_valid_time: 3600
- name: ensure homeassistant group exits
+  - name: install homeassistant dependencies
-  group:
+    apt:
-    name: homeassistant
+      name:
-    system: true
+        - autoconf
        - build-essential
        - libffi-dev
        - libopenjp2-7
        - libssl-dev
        - libtiff5
        - python3
        - python3-dev
        - python3-pip
        - virtualenv
      update_cache: true
      cache_valid_time: 3600
- name: ensure homeassistant user exists and has restrictive settings
+  - name: ensure homeassistant group exits
-  user:
+    group:
-    name: homeassistant
+      name: homeassistant
-    groups: homeassistant
+      system: true
    password: "*"
    home: "{{ homeassistant_dir }}"
    system: true
    shell: /usr/sbin/nologin
- name: get available groups
+  - name: ensure homeassistant user exists and has restrictive settings
-  getent:
+    user:
-    database: group
+      name: homeassistant
      groups: homeassistant
      password: "*"
      home: "{{ homeassistant_dir }}"
      system: true
      shell: /usr/sbin/nologin
- name: add homeassistant user to ssl-cert group
+  - name: get available groups
-  user:
+    getent:
-    name: homeassistant
+      database: group
    groups: ssl-cert
    append: true
  become: true
  when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
- name: add homeassistant user to dialout, gpio and i2c groups
+  - name: add homeassistant user to ssl-cert group
-  user:
+    user:
-    name: homeassistant
+      name: homeassistant
-    groups: dialout,gpio,i2c
+      groups: ssl-cert
-    append: true
+      append: true
-  when: is_a_raspberrypi
+    become: true
    when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
- name: install wheel and homeassistant inside a virtualenv
+  - name: add homeassistant user to dialout, gpio and i2c groups
-  pip:
+    user:
-    name:
+      name: homeassistant
-      - wheel
+      groups: dialout,gpio,i2c
-      - homeassistant
+      append: true
-    virtualenv: "{{ homeassistant_dir }}"
+    when: is_a_raspberrypi
- name: ensure homeassistant owns "{{ homeassistant_dir }}"
+  - name: install wheel and homeassistant inside a virtualenv
-  file:
+    pip:
-    path: "{{ homeassistant_dir }}"
+      name:
-    state: directory
+        - wheel
-    recurse: true
+        - homeassistant
-    owner: homeassistant
+      virtualenv: "{{ homeassistant_dir }}"
    group: homeassistant
- name: install homeassistant systemd unit file
+  - name: ensure homeassistant owns "{{ homeassistant_dir }}"
-  template:
+    file:
-    src: etc/systemd/system/homeassistant.service.j2
+      path: "{{ homeassistant_dir }}"
-    dest: /etc/systemd/system/homeassistant.service
+      state: directory
-  notify:
+      recurse: true
-    - systemctl daemon-reload
+      owner: homeassistant
      group: homeassistant
- name: systemctl enable homeassistant
+  - name: install homeassistant systemd unit file
-  systemd:
+    template:
-    name: homeassistant
+      src: etc/systemd/system/homeassistant.service.j2
-    enabled: true
+      dest: /etc/systemd/system/homeassistant.service
    notify:
      - systemctl daemon-reload
- name: ensure homeassistant is running
+  - name: systemctl enable homeassistant
-  systemd:
+    systemd:
-    name: homeassistant
+      name: homeassistant
-    state: started
+      enabled: true
- name: Wait for port 8123
+  - name: ensure homeassistant is running
-  wait_for:
+    systemd:
-    port: 8123
+      name: homeassistant
-    delay: 10
+      state: started
- name: add custom TLS settings in configuration.yaml
+  - name: Wait for port 8123
-  blockinfile:
+    wait_for:
-    path: /srv/homeassistant/.homeassistant/configuration.yaml
+      port: 8123
-    marker: "# {mark} ANSIBLE TLS SETTINGS"
+      delay: 10
-    block: |
+
-      http:
+  - name: add custom TLS settings in configuration.yaml
-        ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
+    blockinfile:
-        ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
+      path: /srv/homeassistant/.homeassistant/configuration.yaml
-  when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
+      marker: "# {mark} ANSIBLE TLS SETTINGS"
-  notify: systemctl restart homeassistant
+      block: |
        http:
          ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
          ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
    when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
    notify: systemctl restart homeassistant
  become: "{{ homeassistant_become }}"
  become_user: "{{ homeassistant_become_user }}"