--- # tasks file for hass - name: create hass user become: yes user: name: "{{hass_username}}" # required. Name of the user to create, remove or modify. create_home: yes state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. shell: /usr/bin/nologin home: "{{ hass_conf_folder }}" comment: "Home Assistant daemon user" - name: ensure venv folder exist file: name: "{{hass_venv_location}}" state: directory owner: "{{hass_username}}" group: "{{hass_username}}" mode: "0777" become: yes - name: create venv pip: name: "{{hass_python_package}}" virtualenv: "{{hass_venv_location}}" virtualenv_command: /usr/bin/python -m venv become: true become_user: "{{hass_username}}" - name: add user to hass group become: true user: name: "{{ item }}" groups: - "{{hass_username}}" append: true with_items: "{{ hass_users }}" - name: select specific Database tasks include_tasks: "database_{{hass_db_type}}.yml" - name: check repo become: yes stat: path: "{{hass_conf_folder}}/.git" # required. The full path of the file/object to get the facts of. register: hass_repo_exist - name: clean conf folder if repo not exist become: yes file: path: "{{hass_conf_folder}}" state: absent when: hass_repo_exist.stat.exists == false - name: recreate conf folder become: yes file: path: "{{hass_conf_folder}}" state: directory owner: "{{user.name}}" when: hass_repo_exist.stat.exists == false - name: install conf file git: accept_hostkey: yes dest: "{{hass_conf_folder}}" # required. The path of where the repository should be checked out. This parameter is required, unless C(clone) is set to C(no). repo: "{{hass_repo}}" # required. git, SSH, or HTTP(S) protocol address of the git repository. clone: yes # not required. If C(no), do not clone the repository if it does not exist locally version: "{{hass_repo_branch}}" notify: restart hass become: true when: hass_repo_exist.stat.exists == false - name: change owner become: yes file: state: directory dest: "{{hass_conf_folder}}" owner: hass group: hass mode: "0770" recurse: yes - name: create .ssh folder file: state: directory dest: "{{hass_conf_folder}}/.ssh/" owner: hass group: hass mode: "0700" recurse: yes become: yes - name: create ssh key pair openssh_keypair: path: "{{hass_conf_folder}}/.ssh/id_rsa" owner: "{{hass_username}}" become: yes register: hass_SSH_creation - name: print ssh public key debug: msg: "{{ hass_SSH_creation }}" - name: copy failtoban config template: src: fail2ban/hass.local.j2 dest: /etc/fail2ban/jail.d/hass.local notify: restart fail2ban become: yes - name: create cron for hass cron: job: "sh {{hass_conf_folder}}/backup_git.sh" user: root # not required. The specific user whose crontab should be modified. minute: "0" # not required. Minute when the job should run ( 0-59, *, */2, etc ) hour: "3" name: "auto commit HASS config" # not required. Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones. become: yes - name: copy systemd file template: src: home-assistant.service.j2 dest: /etc/systemd/system/home-assistant.service notify: - restart hass become: yes register: hass_service_changed - name: Reload systemd systemd: daemon_reload: yes become: yes when: hass_service_changed.changed - name: enable HASS service: name: home-assistant # required. Name of the service. enabled: true # not required. Whether the service should start on boot. B(At least one of state and enabled are required.) state: started # not required. choices: reloaded;restarted;started;stopped. C(started)/C(stopped) are idempotent actions that will not run commands unless necessary. C(restarted) will always bounce the service. C(reloaded) will always reload. B(At least one of state and enabled are required.) Note that reloaded will start the service if it is not already started, even if your chosen init system wouldn't normally. become: yes