|
|
@ -1,3 +1,43 @@ |
|
|
|
# For media server SFTP access to audio files. |
|
|
|
- name: create user media |
|
|
|
user: name=media |
|
|
|
append=yes |
|
|
|
password="*" |
|
|
|
tags: |
|
|
|
- audio_server |
|
|
|
|
|
|
|
- name: lock down SSH options for media |
|
|
|
lineinfile: |
|
|
|
dest: /etc/ssh/sshd_config |
|
|
|
line: "{{ item }}" |
|
|
|
with_items: |
|
|
|
- "Match User media" |
|
|
|
- " ForceCommand internal-sftp" |
|
|
|
- " PubkeyAuthentication yes" |
|
|
|
- " AuthorizedKeysFile /home/media/.ssh/authorized_keys" |
|
|
|
notify: reload SSH |
|
|
|
tags: |
|
|
|
- audio_server |
|
|
|
|
|
|
|
- name: passwordless SSH for media |
|
|
|
authorized_key: |
|
|
|
user: media |
|
|
|
key: "{{ item }}" |
|
|
|
with_file: |
|
|
|
- public_keys/media-root |
|
|
|
tags: |
|
|
|
- audio_server |
|
|
|
|
|
|
|
# Help prevent SFTP breakouts. |
|
|
|
- name: remove user media write access to its home directory |
|
|
|
file: |
|
|
|
path: /home/media |
|
|
|
state: directory |
|
|
|
mode: '0500' |
|
|
|
recurse: yes |
|
|
|
tags: |
|
|
|
- audio_server |
|
|
|
|
|
|
|
- name: run audio_server containers |
|
|
|
docker_compose: |
|
|
|
project_name: audio_server |
|
|
|