From 7acd34e0bdb64b7bc6ebc04fe1dee8efcfe79945 Mon Sep 17 00:00:00 2001 From: Scott Wallace Date: Tue, 28 May 2019 22:46:03 +0100 Subject: [PATCH] Updated Traccar to run as non-root --- .ansible/roles/common_server/vars/main.yaml | 4 + .ansible/roles/traccar_server/tasks/main.yaml | 96 +++++++++++-------- .ansible/roles/traccar_server/vars/main.yaml | 2 +- 3 files changed, 61 insertions(+), 41 deletions(-) diff --git a/.ansible/roles/common_server/vars/main.yaml b/.ansible/roles/common_server/vars/main.yaml index 2054f4a..7a07953 100644 --- a/.ansible/roles/common_server/vars/main.yaml +++ b/.ansible/roles/common_server/vars/main.yaml @@ -1,10 +1,14 @@ server_packages: + - curl - git - haproxy - letsencrypt - lsof - net-tools - psmisc + - python-simplejson + - python-pip + - python3-pip - rsync - screen - telnet diff --git a/.ansible/roles/traccar_server/tasks/main.yaml b/.ansible/roles/traccar_server/tasks/main.yaml index 503b4fd..81f9106 100644 --- a/.ansible/roles/traccar_server/tasks/main.yaml +++ b/.ansible/roles/traccar_server/tasks/main.yaml @@ -1,47 +1,63 @@ -- name: 'Traccar: Check installed' +- name: 'Traccar' tags: - install - traccar - stat: - path: "/opt/traccar/traccar.run" - register: traccar_app + block: + - name: 'Traccar: Check installed' + stat: + path: "/opt/traccar/traccar.run" + register: traccar_app -- name: 'Traccar: Install' - tags: - - install - - traccar - include_tasks: - file: install.yaml - apply: - tags: - - always - when: not traccar_app.stat.exists + - name: 'Traccar: Install' + include_tasks: + file: install.yaml + apply: + tags: + - always + when: not traccar_app.stat.exists -- name: 'Traccar: Fix perms' - tags: - - install - - traccar - file: - path: "/opt/traccar" - owner: "{{ traccar_owner }}" - group: "{{ traccar_owner }}" - recurse: yes - become: yes + - name: 'Traccar: Tidy installer' + file: + path: "{{ traccar_tmppath }}" + state: absent + become: yes -- name: 'Traccar: Tidy installer' - tags: - - install - - traccar - file: - path: "{{ traccar_tmppath }}" - state: absent - become: yes + - name: 'Traccar: Add group' + group: + name: "{{ traccar_owner }}" + become: yes -- name: 'Traccar: Service running' - tags: - - traccar - systemd: - name: traccar - state: started - enabled: yes - become: yes + - name: 'Traccar: Add user' + user: + name: "{{ traccar_owner }}" + group: "{{ traccar_owner }}" + become: yes + + - name: 'Traccar: Fix perms' + file: + path: '/opt/traccar' + owner: "{{ traccar_owner }}" + group: "{{ traccar_owner }}" + recurse: yes + become: yes + + - name: 'Traccar: systemd override' + block: + - name: 'Traccar: systemd override directory' + file: + path: '/etc/systemd/system/traccar.service.d' + state: directory + force: yes + - name: 'Traccar: systemd override file' + copy: + dest: '/etc/systemd/system/traccar.service.d/override.conf' + content: "[Service]\nUser={{ traccar_owner }}\nGroup={{ traccar_owner }}\n" + become: yes + + - name: 'Traccar: Service running' + systemd: + name: traccar + state: started + daemon_reload: yes + enabled: yes + become: yes diff --git a/.ansible/roles/traccar_server/vars/main.yaml b/.ansible/roles/traccar_server/vars/main.yaml index 0a05428..38a9086 100644 --- a/.ansible/roles/traccar_server/vars/main.yaml +++ b/.ansible/roles/traccar_server/vars/main.yaml @@ -1,2 +1,2 @@ traccar_tmppath: '/srv/tmp/traccar' -traccar_owner: 'scott' +traccar_owner: 'traccar'