mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 18:29:21 +00:00
Kevin Veen-Birkenbach
05d7ddc491
- Replace Bash pull-specific-host.sh with Python pull-specific-host.py (argparse, identical logic) - Update role vars and runner template to call python script - Add __init__.py files for test discovery/imports - Add unittest: tests/unit/roles/svc-bkp-rmt-2-loc/files/test_pull_specific_host.py (mocks subprocess/os/time; covers success, no types, find-fail, retry-exhaustion) - Backup provider SSH wrapper: align allowed ls path (backup-docker-to-local) - Split user role tasks: 01_core (sudoers), 02_permissions_ssh (SSH keys + wrapper), 03_permissions_folders (ownership + default ACLs + depth-limited chown/chmod) - Ensure default ACLs grant rwx to 'backup' and none to group/other; keep sudo rsync working Ref: ChatGPT discussion (2025-10-14) — https://chatgpt.com/share/68ee920a-9b98-800f-8806-ddcfe0255149
19 lines
359 B
YAML
19 lines
359 B
YAML
- name: create backup user
|
|
user:
|
|
name: backup
|
|
create_home: yes
|
|
|
|
- name: grant backup sudo rights
|
|
copy:
|
|
src: "backup"
|
|
dest: /etc/sudoers.d/backup
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
notify: sshd restart
|
|
|
|
- include_tasks: 02_permissions_ssh.yml
|
|
|
|
- include_tasks: 03_permissions_folders.yml
|
|
|
|
- include_tasks: utils/run_once.yml |