82 lines
1.7 KiB
YAML
82 lines
1.7 KiB
YAML
---
|
|
- name: Create logsync group
|
|
ansible.builtin.group:
|
|
name: logsync
|
|
system: true
|
|
|
|
- name: Create logsync user
|
|
ansible.builtin.user:
|
|
name: logsync
|
|
comment: Service logsync
|
|
createhome: false
|
|
group: logsync
|
|
home: /var/empty
|
|
shell: /sbin/nologin
|
|
system: true
|
|
|
|
- name: Create logsync ssh key directory
|
|
ansible.builtin.file:
|
|
path: /etc/ssh/logsync
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: logsync
|
|
|
|
- name: Create logsync ssh keys
|
|
ansible.builtin.command:
|
|
argv:
|
|
- ssh-keygen
|
|
- -t
|
|
- ed25519
|
|
- -C
|
|
- "logsync@{{ inventory_hostname }}"
|
|
- -N
|
|
- ""
|
|
- -f
|
|
- /etc/ssh/logsync/id_ed25519
|
|
creates: /etc/ssh/logsync/id_ed25519
|
|
|
|
- name: Fix logsync ssh key permissions
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: root
|
|
group: logsync
|
|
mode: "0640"
|
|
with_items:
|
|
- /etc/ssh/logsync/id_ed25519
|
|
- /etc/ssh/logsync/id_ed25519.pub
|
|
|
|
- name: Import rclone role
|
|
ansible.builtin.import_role:
|
|
name: rclone
|
|
vars:
|
|
local_user: logsync
|
|
remote_user: logsync
|
|
hostgroup: webservers
|
|
destination: /var/cache/sync-http-logs
|
|
private_key: /etc/ssh/logsync/id_ed25519
|
|
|
|
- name: Create cache directory
|
|
ansible.builtin.file:
|
|
path: /var/cache/sync-http-logs
|
|
state: directory
|
|
mode: "0750"
|
|
owner: logsync
|
|
group: logsync
|
|
|
|
- name: Create log directory
|
|
ansible.builtin.file:
|
|
path: /export/web-log
|
|
state: directory
|
|
mode: "0750"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Link data directory
|
|
ansible.builtin.file:
|
|
dest: /srv/web-log
|
|
src: /export/web-log
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|