Parametrise ipfs user and group.

dokterbob · dokterbob · commit da623b69be8b · 2020-04-05T18:36:02.000+01:00
diff --git a/roles/ipfs/defaults/main.yml b/roles/ipfs/defaults/main.yml
@@ -3,6 +3,8 @@ binary_url: "https://dist.ipfs.io/go-ipfs/v0.4.23/go-ipfs_v0.4.23_linux-amd64.ta
 binary_sha512: "5eebebd4d4628a01c3b6615d96123a5c744f64da18fc0950e00d99a36abb02eee694c1bb67549341a645ebb99f30de9198c33b556cdee2609013409a510d1d2b"
 ipfs_path: "/var/lib/ipfs"
 ipfs_binary: "/usr/local/bin/ipfs"
+ipfs_user: "ipfs"
+ipfs_group: "ipfs"
 peer_id: "QmfPZcnVAEjXABiA7StETRUKkS8FzNt968Z8HynbJR7oci"
 peer_key: "CAASpwkwggSjAgEAAoIBAQDg1RDX3n2YAzPV228d9g43LfKtBxsJQhA253xCCqz+iWDGxJIdum9+vhVnG8KK567yP06M5t9Gn8UvEO/qWk0USpGyjJupPzodK7aRnGK4AyZ5toXaS4Q6A6e3lvJPrXDADsbzgyjn2H9WOOV5pRqKSWQ6FZ+NThvZM/d7Kd4d/s/R6Qj6K1IcNnGtCAAev0VWvj/ysE8q07J9nnBsYJ+QgPe52UzcaewNPQ8/Ip2DZDap+jjdW9DxfpRDjuBo32l3jH0RVlAw5dt5Pvoq5N/KmpcTh4O9tavgY0R1uZ4dITe8gfaT+7J9Ikvdf+P1l30jUyecJ+ZOxVxPdnZhKZwDAgMBAAECggEAKU37ci0l1a+A7mEJ4O87XVfLpY4QoXrJj8ynP1rGvVxvsxSZ42xE33v8Ypzu+KXntgl7XNdtXYQsraDm8p70Wi345lx+nHFJM+K7/7RDTpsFjobBwIDvIdlaDphkm865UA9m7YXDFhToD+cUAW0bmxwwlZszXLpk01qAtNfUPp4hV0/IeUWFY6TvRvGf4bxCelN5fPyyRB+lQpGBZ0NcrjJUM1Om70CVxYjnOAId+6qwz0bKixjkXdTwkExSiSY4ekl9lJnzCx4DFcGVDWL8mY48O97W+dSjucsDECpA2kZ5VuaSpmAErnJuIX42Hc5zXBsyDmTmRIiITlJv+gYUgQKBgQDsu6qPbvH40aWvA5ddqbOAuOXRu4VE5c0sg+I5hTh7gsyFCpaYcdH4q31NH0GtqKnOx5tsPCNsD719ucWJ2tPLIcNo7RXb1XXYLVKk4ZahMZiSwiHVCXJGY4XJh2yNLUObiUS4B4uhkx/ZZ5GXoJBshJixFS9o/DFXO7JCeEK2ywKBgQDzIXJcGBvzNOnUnCctL+W/CIqdJzeks+PLKLV/AkV79kCPJB9Go+1nbgY/o4Hk2FUZ79ERT1RNQ9+9dvi8VAZ7HRm1b8k44nloFecAFp13/qrNgEeDp5lZRh6x+cE4+/UBzjOvj0XQ/T/tBORw0XGFw6u0EctQYsNf706HrI7QqQKBgQCsiXadBXpcI8hCzzZB8I5AcgImIyrVdTtdh12ZGKx68HDJQldSEhq7x5kSXYaL4BKq/7YaY5ZZivtLp9r+Rzv3n8sBLVKyH1i9TwMd4sDbCP+vbsgjsbfU73Ix2H7YQjY1JQ2tpuowv78Fv8NQJJk+TkHPRqaAONZpQrwAUBAnkwKBgDKe2x2bk24urSSsImgBGfeNQrb3rFkpbxskba10/pyRp91lqvFdPheTy89CLtBDzmwpB0FwX9/6asIa3Czx3auSYoDpNl8WoCpwrPjSvJR4PH2u4LTjl0UEGW36zyUbKGbo1NAPp3yczct+gkWPBfDQzZYfQlKJTZ5Sx+ntnoqJAoGAZSvZdmUTp4Ld/Jr8d2g1Aayj62JBwg/b3QrX8igq9R+8CBFBc8fI2+HCEigdiVf70nUvAXGlChZ2+PaPph+7tkKd+5Eu7uDkeVJnYAl5mucd4TFvCggHTR8boxL48Pxj6/5GdgHHy+CscXaFNAFC9dGREpegVOOoHHnOAOwWMZk="
 ipfs_memlimit: 2G
diff --git a/roles/ipfs/tasks/main.yml b/roles/ipfs/tasks/main.yml
@@ -21,7 +21,7 @@
   environment:
     IPFS_PATH: "{{ ipfs_path }}"
   become: true
-  become_user: ipfs
+  become_user: "{{ ipfs_user }}"
 # TODO: SECURITY: This requires that we trust ipify to provide the correct public IP. We could run our own ipify server.
 - name: Get my public IP from ipify.org
   ipify_facts:
@@ -33,4 +33,11 @@
 - name: Enable IPFS service
   systemd: name=ipfs daemon_reload=yes state=started enabled=yes
 - name: Enable IPFS garbage collection
-  cron: name="ipfs collect garbage" cron_file=/etc/crontab minute="*/9" hour="*" backup="yes" user=ipfs job="env IPFS_PATH=/var/lib/ipfs ipfs repo gc > /dev/null"
+  cron:
+    name: "ipfs collect garbage"
+    cron_file: /etc/crontab
+    minute: "*/9"
+    hour: "*"
+    backup: "yes"
+    user: "{{ ipfs_user }}"
+    job: "env IPFS_PATH={{ ipfs_path }} ipfs repo gc > /dev/null"
diff --git a/roles/ipfs/templates/ipfs.service b/roles/ipfs/templates/ipfs.service
@@ -6,8 +6,8 @@ ExecStart={{ ipfs_binary }} daemon --manage-fdlimit --migrate
 PermissionsStartOnly=true
 ExecStartPost=/bin/bash -c "echo 0 > /sys/fs/cgroup/memory/system.slice/ipfs.service/memory.swappiness"
 Restart=on-failure
-User=ipfs
-Group=ipfs
+User={{ ipfs_user }}
+Group={{ ipfs_group }}
 Environment="IPFS_PATH={{ ipfs_path }}"
 DevicePolicy=closed
 DeviceAllow=/dev/fuse
