1
0
Fork 0

Use homeassistant_become and homeassistant_become_user variables

This commit is contained in:
Daniele Tricoli 2021-05-28 00:38:38 +02:00
parent 3a4e7c0e24
commit 4526839207
2 changed files with 92 additions and 84 deletions

View File

@ -1,4 +1,7 @@
---
homeassistant_become: true
homeassistant_become_user: root
homeassistant_dir: /srv/homeassistant
is_a_raspberrypi: false

View File

@ -1,97 +1,102 @@
---
- name: install homeassistant dependencies
apt:
name:
- autoconf
- build-essential
- libffi-dev
- libopenjp2-7
- libssl-dev
- libtiff5
- python3
- python3-dev
- python3-pip
- virtualenv
update_cache: true
cache_valid_time: 3600
- block:
- name: ensure homeassistant group exits
group:
name: homeassistant
system: true
- name: install homeassistant dependencies
apt:
name:
- autoconf
- build-essential
- libffi-dev
- libopenjp2-7
- libssl-dev
- libtiff5
- python3
- python3-dev
- python3-pip
- virtualenv
update_cache: true
cache_valid_time: 3600
- name: ensure homeassistant user exists and has restrictive settings
user:
name: homeassistant
groups: homeassistant
password: "*"
home: "{{ homeassistant_dir }}"
system: true
shell: /usr/sbin/nologin
- name: ensure homeassistant group exits
group:
name: homeassistant
system: true
- name: get available groups
getent:
database: group
- name: ensure homeassistant user exists and has restrictive settings
user:
name: homeassistant
groups: homeassistant
password: "*"
home: "{{ homeassistant_dir }}"
system: true
shell: /usr/sbin/nologin
- name: add homeassistant user to ssl-cert group
user:
name: homeassistant
groups: ssl-cert
append: true
become: true
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
- name: get available groups
getent:
database: group
- name: add homeassistant user to dialout, gpio and i2c groups
user:
name: homeassistant
groups: dialout,gpio,i2c
append: true
when: is_a_raspberrypi
- name: add homeassistant user to ssl-cert group
user:
name: homeassistant
groups: ssl-cert
append: true
become: true
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
- name: install wheel and homeassistant inside a virtualenv
pip:
name:
- wheel
- homeassistant
virtualenv: "{{ homeassistant_dir }}"
- name: add homeassistant user to dialout, gpio and i2c groups
user:
name: homeassistant
groups: dialout,gpio,i2c
append: true
when: is_a_raspberrypi
- name: ensure homeassistant owns "{{ homeassistant_dir }}"
file:
path: "{{ homeassistant_dir }}"
state: directory
recurse: true
owner: homeassistant
group: homeassistant
- name: install wheel and homeassistant inside a virtualenv
pip:
name:
- wheel
- homeassistant
virtualenv: "{{ homeassistant_dir }}"
- name: install homeassistant systemd unit file
template:
src: etc/systemd/system/homeassistant.service.j2
dest: /etc/systemd/system/homeassistant.service
notify:
- systemctl daemon-reload
- name: ensure homeassistant owns "{{ homeassistant_dir }}"
file:
path: "{{ homeassistant_dir }}"
state: directory
recurse: true
owner: homeassistant
group: homeassistant
- name: systemctl enable homeassistant
systemd:
name: homeassistant
enabled: true
- name: install homeassistant systemd unit file
template:
src: etc/systemd/system/homeassistant.service.j2
dest: /etc/systemd/system/homeassistant.service
notify:
- systemctl daemon-reload
- name: ensure homeassistant is running
systemd:
name: homeassistant
state: started
- name: systemctl enable homeassistant
systemd:
name: homeassistant
enabled: true
- name: Wait for port 8123
wait_for:
port: 8123
delay: 10
- name: ensure homeassistant is running
systemd:
name: homeassistant
state: started
- name: add custom TLS settings in configuration.yaml
blockinfile:
path: /srv/homeassistant/.homeassistant/configuration.yaml
marker: "# {mark} ANSIBLE TLS SETTINGS"
block: |
http:
ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
notify: systemctl restart homeassistant
- name: Wait for port 8123
wait_for:
port: 8123
delay: 10
- name: add custom TLS settings in configuration.yaml
blockinfile:
path: /srv/homeassistant/.homeassistant/configuration.yaml
marker: "# {mark} ANSIBLE TLS SETTINGS"
block: |
http:
ssl_certificate: /var/lib/dehydrated/certs/{{ domains[0].cname }}/chain.pem
ssl_key: /var/lib/dehydrated/certs/{{ domains[0].cname }}/privkey.pem
when: homeassistant_add_to_ssl_cert_group and "ssl-cert" in ansible_facts.getent_group
notify: systemctl restart homeassistant
become: "{{ homeassistant_become }}"
become_user: "{{ homeassistant_become_user }}"