diff --git a/roles/mgrote.zfs_health/defaults/main.yml b/roles/mgrote.zfs_health/defaults/main.yml index 37f159dd..49447bae 100644 --- a/roles/mgrote.zfs_health/defaults/main.yml +++ b/roles/mgrote.zfs_health/defaults/main.yml @@ -1,3 +1,7 @@ --- + ### when should the script be run zfs_extra_cron_minutes_zfs_health: "0,15,30,45" zfs_extra_cron_hours_zfs_health: "*" + ### under which user the script is run + zfs_health_user_group: "root" + zfs_health_user: "zfs-health" diff --git a/roles/mgrote.zfs_health/tasks/main.yml b/roles/mgrote.zfs_health/tasks/main.yml index 54f41053..383da670 100644 --- a/roles/mgrote.zfs_health/tasks/main.yml +++ b/roles/mgrote.zfs_health/tasks/main.yml @@ -1,16 +1,22 @@ --- - - name: copy "zfs-health.sh" + - name: include user tasks + include_tasks: user.yml + + - name: template script become: yes ansible.builtin.template: src: zfs-health.sh dest: /usr/local/bin/zfs-health.sh - mode: "+x" + mode: 0744 + owner: "{{ zfs_health_user }}" + group: "{{ zfs_health_user_group }}" - - name: add cronjob "zfs-health.sh" + - name: ensure cronjob exists become: yes ansible.builtin.cron: - name: zfs-health + name: zfs_health state: present job: "/usr/local/bin/zfs-health.sh" minute: "{{ zfs_extra_cron_minutes_zfs_health }}" hour: "{{ zfs_extra_cron_hours_zfs_health }}" + user: "{{ zfs_health_user }}" diff --git a/roles/mgrote.zfs_health/tasks/user.yml b/roles/mgrote.zfs_health/tasks/user.yml new file mode 100644 index 00000000..6d211807 --- /dev/null +++ b/roles/mgrote.zfs_health/tasks/user.yml @@ -0,0 +1,18 @@ +--- + - name: ensure group exists + become: true + ansible.builtin.group: + name: "{{ zfs_health_user_group }}" + state: present + when: + - zfs_health_user_group is defined + + - name: ensure user exists + become: true + ansible.builtin.user: + name: "{{ zfs_health_user }}" + group: "{{ zfs_health_user_group }}" + shell: /usr/sbin/nologin + when: + - zfs_health_user_group is defined + - zfs_health_user is defined