web-logs: Use logsync user for syncing logs

2021-09-19 15:00:58 +00:00 · 2021-09-19 15:00:58 +00:00 · 283a16a97b
commit 283a16a97b
parent 663038ced2
2 changed files with 27 additions and 7 deletions
--- a/roles/web-logs/tasks/main.yml
+++ b/roles/web-logs/tasks/main.yml
@ -6,6 +6,21 @@
  with_items:
    - rclone

+- name: create logsync group
+  group:
+    name: logsync
+    system: true
+
+- name: create logsync user
+  user:
+    name: logsync
+    comment: Service logsync
+    createhome: false
+    group: logsync
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+
 - name: create ssh known_hosts
  template:
    dest: /etc/ssh/ssh_known_hosts
@ -18,9 +33,9 @@
  file:
    path: "{{ item }}"
    state: directory
-    mode: 0755
-    owner: root
-    group: "{{ ansible_wheel }}"
+    mode: 0750
+    owner: logsync
+    group: logsync
  with_items:
    - /var/cache/sync-http-logs

@ -28,8 +43,8 @@
  file:
    path: /var/log/rclone
    state: directory
-    mode: 0755
-    owner: root
+    mode: 0750
+    owner: logsync
    group: "{{ ansible_wheel }}"

 - name: copy logsync script
@ -59,7 +74,7 @@
 - name: add log sync cron job
  cron:
    name: sync-http-logs
-    user: root
+    user: logsync
    hour: "3"
    minute: "0"
    job: /usr/local/bin/sync-http-logs