mirror of
https://github.com/jimeh/ansible-adguardhome.git
synced 2026-02-19 07:06:38 +00:00
refactor: Improve permission handling and overall reliability
This commit is contained in:
@@ -23,7 +23,7 @@
|
||||
copy:
|
||||
src: "{{ adguardhome_unpack_dir }}/{{ adguardhome_bin_name }}"
|
||||
dest: "{{ adguardhome_bin_file }}"
|
||||
mode: "755"
|
||||
mode: "0755"
|
||||
remote_src: yes
|
||||
notify: restart adguardhome
|
||||
|
||||
|
||||
@@ -1,4 +1,9 @@
|
||||
---
|
||||
- name: Install python dependencies
|
||||
pip:
|
||||
name: github3.py
|
||||
state: present
|
||||
|
||||
- name: Lookup latest release
|
||||
github_release:
|
||||
action: latest_release
|
||||
@@ -8,5 +13,6 @@
|
||||
|
||||
- name: Set desired version to version of latest release
|
||||
set_fact:
|
||||
adguardhome_version: "{{ adguardhome_latest_release.tag | regex_replace('^v', '') }}"
|
||||
adguardhome_version: >-
|
||||
{{ adguardhome_latest_release.tag | regex_replace('^v', '') }}
|
||||
when: adguardhome_latest_release.tag is defined
|
||||
|
||||
@@ -7,11 +7,6 @@
|
||||
include_tasks: setup_redhat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
|
||||
- name: Install python dependencies
|
||||
pip:
|
||||
name: github3.py
|
||||
state: present
|
||||
|
||||
- name: Check if binary is installed
|
||||
stat:
|
||||
path: "{{ adguardhome_bin_file }}"
|
||||
@@ -33,16 +28,12 @@
|
||||
changed_when: >-
|
||||
adguardhome_version_check.stdout.find('v' + adguardhome_version) == -1
|
||||
failed_when: >-
|
||||
adguardhome_version_check.rc != 0 and adguardhome_version_check.rc != 141
|
||||
adguardhome_version_check.rc != 0 and
|
||||
adguardhome_version_check.rc != 1 and
|
||||
adguardhome_version_check.rc != 141
|
||||
when: >-
|
||||
adguardhome_binary_check.stat.exists
|
||||
|
||||
- name: "Install binary (v{{ adguardhome_version }} / {{ adguardhome_arch }})"
|
||||
include_tasks: install.yml
|
||||
when: >-
|
||||
adguardhome_version_check.changed
|
||||
or (not adguardhome_binary_check.stat.exists)
|
||||
|
||||
- name: Ensure user exists
|
||||
user:
|
||||
name: "{{ adguardhome_user }}"
|
||||
@@ -50,28 +41,19 @@
|
||||
system: "{{ adguardhome_system_user }}"
|
||||
state: present
|
||||
|
||||
- name: Ensure data directory exists and has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_data_dir }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: "Install binary (v{{ adguardhome_version }} / {{ adguardhome_arch }})"
|
||||
include_tasks: install.yml
|
||||
when: >-
|
||||
adguardhome_version_check.changed
|
||||
or (not adguardhome_binary_check.stat.exists)
|
||||
|
||||
- name: Ensure config directory exists and has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_config_dir }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
- name: Ensure various paths exist with correct permissions
|
||||
include_tasks: paths.yml
|
||||
|
||||
- name: Allow binary to bind to ports lower than 1024 as a non-root user
|
||||
capabilities:
|
||||
path: "{{ adguardhome_bin_file }}"
|
||||
capability: CAP_NET_BIND_SERVICE=+eip
|
||||
capability: cap_net_bind_service+eip
|
||||
state: present
|
||||
when: >-
|
||||
adguardhome_user != "root"
|
||||
@@ -79,7 +61,7 @@
|
||||
- name: Disallow binary to bind to ports lower than 1024 as a non-root user
|
||||
capabilities:
|
||||
path: "{{ adguardhome_bin_file }}"
|
||||
capability: CAP_NET_BIND_SERVICE=+eip
|
||||
capability: cap_net_bind_service+eip
|
||||
state: absent
|
||||
when: >-
|
||||
adguardhome_user == "root"
|
||||
|
||||
47
tasks/paths.yml
Normal file
47
tasks/paths.yml
Normal file
@@ -0,0 +1,47 @@
|
||||
---
|
||||
- name: Ensure binary file has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_bin_file }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "0755"
|
||||
|
||||
- name: Check state of data directory
|
||||
file:
|
||||
path: "{{ adguardhome_data_dir }}"
|
||||
register: adguardhome_data_directory_state
|
||||
|
||||
- name: Ensure data directory exists and has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_data_dir }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "0755"
|
||||
recurse: yes
|
||||
state: directory
|
||||
when: >-
|
||||
adguardhome_data_directory_state.owner != adguardhome_user or
|
||||
adguardhome_data_directory_state.group != adguardhome_group or
|
||||
adguardhome_data_directory_state.mode != "0755"
|
||||
|
||||
- name: Ensure config directory exists and has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_config_dir }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "0755"
|
||||
recurse: no
|
||||
state: directory
|
||||
|
||||
- name: Check if config file exists
|
||||
stat:
|
||||
path: "{{ adguardhome_config_file }}"
|
||||
register: adguardhome_config_file_state
|
||||
|
||||
- name: Ensure config file has correct permissions
|
||||
file:
|
||||
path: "{{ adguardhome_config_file }}"
|
||||
owner: "{{ adguardhome_user }}"
|
||||
group: "{{ adguardhome_group }}"
|
||||
mode: "0644"
|
||||
when: adguardhome_config_file_state.stat.exists
|
||||
@@ -14,7 +14,7 @@
|
||||
template:
|
||||
src: adguardhome.service.j2
|
||||
dest: "/etc/systemd/system/{{ adguardhome_service_name }}.service"
|
||||
mode: "755"
|
||||
mode: "0664"
|
||||
register: adguardhome_systemd_unit
|
||||
notify:
|
||||
- reload systemd daemon
|
||||
|
||||
Reference in New Issue
Block a user