Updated Traccar to run as non-root

This commit is contained in:
Scott Wallace 2019-05-28 22:46:03 +01:00
parent c4817f0dd7
commit 7acd34e0bd
3 changed files with 61 additions and 41 deletions

View file

@ -1,10 +1,14 @@
server_packages: server_packages:
- curl
- git - git
- haproxy - haproxy
- letsencrypt - letsencrypt
- lsof - lsof
- net-tools - net-tools
- psmisc - psmisc
- python-simplejson
- python-pip
- python3-pip
- rsync - rsync
- screen - screen
- telnet - telnet

View file

@ -1,15 +1,14 @@
- name: 'Traccar: Check installed' - name: 'Traccar'
tags: tags:
- install - install
- traccar - traccar
block:
- name: 'Traccar: Check installed'
stat: stat:
path: "/opt/traccar/traccar.run" path: "/opt/traccar/traccar.run"
register: traccar_app register: traccar_app
- name: 'Traccar: Install' - name: 'Traccar: Install'
tags:
- install
- traccar
include_tasks: include_tasks:
file: install.yaml file: install.yaml
apply: apply:
@ -17,31 +16,48 @@
- always - always
when: not traccar_app.stat.exists when: not traccar_app.stat.exists
- name: 'Traccar: Fix perms' - name: 'Traccar: Tidy installer'
tags:
- install
- traccar
file:
path: "/opt/traccar"
owner: "{{ traccar_owner }}"
group: "{{ traccar_owner }}"
recurse: yes
become: yes
- name: 'Traccar: Tidy installer'
tags:
- install
- traccar
file: file:
path: "{{ traccar_tmppath }}" path: "{{ traccar_tmppath }}"
state: absent state: absent
become: yes become: yes
- name: 'Traccar: Service running' - name: 'Traccar: Add group'
tags: group:
- traccar name: "{{ traccar_owner }}"
become: yes
- name: 'Traccar: Add user'
user:
name: "{{ traccar_owner }}"
group: "{{ traccar_owner }}"
become: yes
- name: 'Traccar: Fix perms'
file:
path: '/opt/traccar'
owner: "{{ traccar_owner }}"
group: "{{ traccar_owner }}"
recurse: yes
become: yes
- name: 'Traccar: systemd override'
block:
- name: 'Traccar: systemd override directory'
file:
path: '/etc/systemd/system/traccar.service.d'
state: directory
force: yes
- name: 'Traccar: systemd override file'
copy:
dest: '/etc/systemd/system/traccar.service.d/override.conf'
content: "[Service]\nUser={{ traccar_owner }}\nGroup={{ traccar_owner }}\n"
become: yes
- name: 'Traccar: Service running'
systemd: systemd:
name: traccar name: traccar
state: started state: started
daemon_reload: yes
enabled: yes enabled: yes
become: yes become: yes

View file

@ -1,2 +1,2 @@
traccar_tmppath: '/srv/tmp/traccar' traccar_tmppath: '/srv/tmp/traccar'
traccar_owner: 'scott' traccar_owner: 'traccar'