Add diun user to docker group only if specified

2022-09-15 20:04:06 +02:00 · 2022-09-15 20:04:06 +02:00 · db99324b62
parent 52a6992f7d
commit db99324b62
4 changed files with 23 additions and 2 deletions
--- a/roles/diun/README.md
+++ b/roles/diun/README.md
@ -11,6 +11,7 @@ Install and configure [Diun](https://crazymax.dev/diun/).
 * `diun_version` - Default: `v4.22.0`.
 * `diun_dir` - Default: `/srv/diun`.
 * `diun_tz` - Default: `Europe/Rome`.
+* `diun_is_docker_used` - Default: `true`. Add the diun user to docker group.

 Variable `diun_config` is mandatory and it doesn't have a default.

--- a/roles/diun/defaults/main.yml
+++ b/roles/diun/defaults/main.yml
@ -26,4 +26,5 @@ diun_download_url: "https://github.com/crazy-max/diun/releases/download/{{ diun_

 diun_dir: /srv/diun
 diun_tz: Europe/Rome
+diun_is_docker_used: true
 diun_config: "{{ undef(hint='You must specify your diun configuration.') }}"
--- a/roles/diun/tasks/main.yml
+++ b/roles/diun/tasks/main.yml
@ -9,12 +9,19 @@
  - name: ensure diun user exists and has restrictive settings
    ansible.builtin.user:
      name: diun
-      groups: diun, docker
+      groups: diun
      password: "*"
      create_home: false
      system: true
      shell: /usr/sbin/nologin

+  - name: add 'diun' user to docker group
+    ansible.builtin.user:
+      name: diun
+      groups: docker
+      append: true
+    when: diun_is_docker_used
+
  - name: ensure that the directory where we deploy diun exists
    ansible.builtin.file:
      path: "{{ diun_dir }}"
--- a/tests/test.yml
+++ b/tests/test.yml
@ -68,6 +68,18 @@
    radicale_ssl_trusted_certificate: /var/lib/snakeoil/certs/radicale.example.org/fullchain.pem
    mailserver_tls_cert_file: "/var/lib/snakeoil/certs/{{ mailserver_mailname }}/fullchain.pem"
    mailserver_tls_key_file: "/var/lib/snakeoil/certs/{{ mailserver_mailname }}/privkey.pem"
+    diun_config: |
+      db:
+        path: {{ diun_dir }}/diun.db
+
+      watch:
+        workers: 10
+        schedule: "0 */6 * * *"
+        firstCheckNotif: false
+
+      providers:
+        docker:
+          watchStopped: true
  roles:
    # - ../roles/apt_dist_upgrade
    # - ../roles/common
@ -82,7 +94,7 @@
    # - ../roles/nginx
    # - ../roles/headscale
    # - ../roles/admin
-    # - ../roles/docker
+    - ../roles/docker
    - ../roles/diun
    # - ../roles/mailserver
    # - {role: ../roles/weechat}