152 lines
4.4 KiB
YAML
152 lines
4.4 KiB
YAML
---
|
|
# tasks file for hass
|
|
|
|
- name: create hass user
|
|
become: yes
|
|
user:
|
|
name: "{{hass_username}}" # required. Name of the user to create, remove or modify.
|
|
create_home: yes
|
|
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
|
|
shell: /usr/bin/nologin
|
|
home: "{{ hass_conf_folder }}"
|
|
comment: "Home Assistant daemon user"
|
|
|
|
|
|
- name: ensure venv folder exist
|
|
file:
|
|
name: "{{hass_venv_location}}"
|
|
state: directory
|
|
owner: "{{hass_username}}"
|
|
group: "{{hass_username}}"
|
|
mode: "0777"
|
|
become: yes
|
|
|
|
|
|
- name: create venv
|
|
pip:
|
|
name: "{{hass_python_package}}"
|
|
virtualenv: "{{hass_venv_location}}"
|
|
virtualenv_command: /usr/bin/python -m venv
|
|
become: true
|
|
become_user: "{{hass_username}}"
|
|
|
|
|
|
|
|
- name: add user to hass group
|
|
become: true
|
|
user:
|
|
name: "{{ item }}"
|
|
groups:
|
|
- "{{hass_username}}"
|
|
append: true
|
|
with_items: "{{ hass_users }}"
|
|
|
|
|
|
- name: select specific Database tasks
|
|
include_tasks: "database_{{hass_db_type}}.yml"
|
|
|
|
|
|
- name: check repo
|
|
become: yes
|
|
stat:
|
|
path: "{{hass_conf_folder}}/.git" # required. The full path of the file/object to get the facts of.
|
|
register: hass_repo_exist
|
|
|
|
- name: clean conf folder if repo not exist
|
|
become: yes
|
|
file:
|
|
path: "{{hass_conf_folder}}"
|
|
state: absent
|
|
when: hass_repo_exist.stat.exists == false
|
|
|
|
- name: recreate conf folder
|
|
become: yes
|
|
file:
|
|
path: "{{hass_conf_folder}}"
|
|
state: directory
|
|
owner: "{{user.name}}"
|
|
when: hass_repo_exist.stat.exists == false
|
|
|
|
|
|
- name: install conf file
|
|
git:
|
|
accept_hostkey: yes
|
|
dest: "{{hass_conf_folder}}" # required. The path of where the repository should be checked out. This parameter is required, unless C(clone) is set to C(no).
|
|
repo: "{{hass_repo}}" # required. git, SSH, or HTTP(S) protocol address of the git repository.
|
|
clone: yes # not required. If C(no), do not clone the repository if it does not exist locally
|
|
version: "{{hass_repo_branch}}"
|
|
notify: restart hass
|
|
become: true
|
|
when: hass_repo_exist.stat.exists == false
|
|
|
|
- name: change owner
|
|
become: yes
|
|
file:
|
|
state: directory
|
|
dest: "{{hass_conf_folder}}"
|
|
owner: hass
|
|
group: hass
|
|
mode: "0770"
|
|
recurse: yes
|
|
|
|
- name: create .ssh folder
|
|
file:
|
|
state: directory
|
|
dest: "{{hass_conf_folder}}/.ssh/"
|
|
owner: hass
|
|
group: hass
|
|
mode: "0700"
|
|
recurse: yes
|
|
become: yes
|
|
|
|
- name: create ssh key pair
|
|
openssh_keypair:
|
|
path: "{{hass_conf_folder}}/.ssh/id_rsa"
|
|
owner: "{{hass_username}}"
|
|
become: yes
|
|
register: hass_SSH_creation
|
|
|
|
- name: print ssh public key
|
|
debug:
|
|
msg: "{{ hass_SSH_creation }}"
|
|
|
|
- name: copy failtoban config
|
|
template:
|
|
src: fail2ban/hass.local.j2
|
|
dest: /etc/fail2ban/jail.d/hass.local
|
|
notify: restart fail2ban
|
|
become: yes
|
|
|
|
- name: create cron for hass
|
|
cron:
|
|
job: "sh {{hass_conf_folder}}/backup_git.sh"
|
|
user: root # not required. The specific user whose crontab should be modified.
|
|
minute: "0" # not required. Minute when the job should run ( 0-59, *, */2, etc )
|
|
hour: "3"
|
|
name: "auto commit HASS config" # not required. Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones.
|
|
become: yes
|
|
|
|
- name: copy systemd file
|
|
template:
|
|
src: home-assistant.service.j2
|
|
dest: /etc/systemd/system/home-assistant.service
|
|
notify:
|
|
- restart hass
|
|
become: yes
|
|
register: hass_service_changed
|
|
|
|
- name: Reload systemd
|
|
systemd:
|
|
daemon_reload: yes
|
|
become: yes
|
|
when: hass_service_changed.changed
|
|
|
|
- name: enable HASS
|
|
service:
|
|
name: home-assistant # required. Name of the service.
|
|
enabled: true # not required. Whether the service should start on boot. B(At least one of state and enabled are required.)
|
|
state: started # not required. choices: reloaded;restarted;started;stopped. C(started)/C(stopped) are idempotent actions that will not run commands unless necessary. C(restarted) will always bounce the service. C(reloaded) will always reload. B(At least one of state and enabled are required.) Note that reloaded will start the service if it is not already started, even if your chosen init system wouldn't normally.
|
|
become: yes
|
|
|
|
|