Browse Source

Add media user to audio server for Kodi mounting of music files.

master
Dan Helfman 1 year ago
parent
commit
0108fb448f
3 changed files with 42 additions and 0 deletions
  1. +1
    -0
      public_keys/media-root
  2. +1
    -0
      roles/audio_server/meta/main.yml
  3. +40
    -0
      roles/audio_server/tasks/main.yml

+ 1
- 0
public_keys/media-root View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfJDmO865V64xeAXlB7ITSyA/YHlH/Yx6sQFGu52P2fDlC03yFVf9tThvOAMbcqbCLlVmHlN/cpgLIr3Q/h/e1Bpmjesyi5BmvwWpZRXAWDmBkATha7d113JoYdh7TZnjdW1HudoMGmFvaXp/1DOdxM5klSjMyi5hcc1WYADVMFBEuGJRgw1nyuwtt9O5c9f3zRXAL6N6ksPkS4dITKZkbNgMGLScqzknwtOK6iBABXzINTjQyqZBktCX+aQU0X3Mk4Xiib4pI2JrJBO0bhbf6e376nAjuTf4u7rMUijLtTtPpyBC721a1/GoRThTyz4Y1ebbIcE97urpqMAd39I0X root@media

+ 1
- 0
roles/audio_server/meta/main.yml View File

@@ -1,3 +1,4 @@
dependencies:
- role: docker_compose
- role: web_server
- role: common

+ 40
- 0
roles/audio_server/tasks/main.yml View File

@@ -1,3 +1,43 @@
# For media server SFTP access to audio files.
- name: create user media
user: name=media
append=yes
password="*"
tags:
- audio_server

- name: lock down SSH options for media
lineinfile:
dest: /etc/ssh/sshd_config
line: "{{ item }}"
with_items:
- "Match User media"
- " ForceCommand internal-sftp"
- " PubkeyAuthentication yes"
- " AuthorizedKeysFile /home/media/.ssh/authorized_keys"
notify: reload SSH
tags:
- audio_server

- name: passwordless SSH for media
authorized_key:
user: media
key: "{{ item }}"
with_file:
- public_keys/media-root
tags:
- audio_server

# Help prevent SFTP breakouts.
- name: remove user media write access to its home directory
file:
path: /home/media
state: directory
mode: '0500'
recurse: yes
tags:
- audio_server

- name: run audio_server containers
docker_compose:
project_name: audio_server


Loading…
Cancel
Save