From ed4cdc3a0cb2cfac5dbbba2cb6ddab5f15212f9c Mon Sep 17 00:00:00 2001
From: Vladimir Still <git@vstill.eu>
Date: Sun, 13 Feb 2022 21:23:50 +0100
Subject: [PATCH] ansible: Export homes to anna RO, only webs RW

---
 ansible/roles/pds_mount/defaults/main.yml     |  5 ++-
 ansible/roles/pds_mount/handlers/main.yml     |  8 +++--
 ansible/roles/pds_mount/tasks/main.yml        | 33 +++++++++++++++++++
 .../roles/pds_mount/templates/home.exports.j2 |  8 ++++-
 4 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/pds_mount/defaults/main.yml b/ansible/roles/pds_mount/defaults/main.yml
index ca9159b..e92f0c0 100644
--- a/ansible/roles/pds_mount/defaults/main.yml
+++ b/ansible/roles/pds_mount/defaults/main.yml
@@ -3,11 +3,14 @@ mount:
   export_to:
     - antea.fi.muni.cz
     - arke.fi.muni.cz
-    - anna.fi.muni.cz
     - pontos*.fi.muni.cz
     - pythia*.fi.muni.cz
     - pheme*.fi.muni.cz
     - pandora*.fi.muni.cz
+  export_ro_to:
+    - anna.fi.muni.cz
+  export_web_to:  # must be full hostnames
+    - anna.fi.muni.cz
   home:
     pontos:
       "01":
diff --git a/ansible/roles/pds_mount/handlers/main.yml b/ansible/roles/pds_mount/handlers/main.yml
index 0285e84..cbbee99 100644
--- a/ansible/roles/pds_mount/handlers/main.yml
+++ b/ansible/roles/pds_mount/handlers/main.yml
@@ -1,7 +1,9 @@
+- name: export nfs
+  command: exportfs -rav
+  notify:
+    - restart autofs
+
 - name: restart autofs
   systemd:
     name: autofs
     state: restarted
-
-- name: export nfs
-  command: exportfs -rav
diff --git a/ansible/roles/pds_mount/tasks/main.yml b/ansible/roles/pds_mount/tasks/main.yml
index 811a667..3c0a7fe 100644
--- a/ansible/roles/pds_mount/tasks/main.yml
+++ b/ansible/roles/pds_mount/tasks/main.yml
@@ -15,6 +15,14 @@
       loop: "{{home.results | map(attribute='item')}}"
       register: home_created
 
+    - name: "Create public_html dir"
+      file:
+        state: directory
+        path: "/export/home/{{item}}/public_html"
+        owner: "{{item}}"
+        group: "paradise"
+      loop: "{{home.results | map(attribute='item')}}"
+
     - name: "Copy skeleton"
       copy:
         src: "/etc/skel/{{item.1}}"
@@ -78,3 +86,28 @@
   loop: ['home', 'pontos', 'antea']
   notify:
     - restart autofs
+
+- name: Web autofs mounts
+  block:
+    - name: Userweb directory
+      file:
+        state: directory
+        path: /srv/userweb
+
+    - name: Master autofs for web
+      copy:
+        content: |
+          # managed by ansible
+          /srv/userweb/ {{autofs_prefix}}/auto.userweb -t 300,strictexpire
+        dest: '{{autofs_prefix}}/auto.master.d/userweb.autofs'
+      notify:
+        - restart autofs
+
+    - name:
+      template:
+        src: 'auto.userweb.j2'
+        dest: '{{autofs_prefix}}/auto.userweb'
+        lstrip_blocks: true
+      notify:
+        - restart autofs
+  when: inventory_hostname in mount.export_web_to
diff --git a/ansible/roles/pds_mount/templates/home.exports.j2 b/ansible/roles/pds_mount/templates/home.exports.j2
index 911a3bc..bd19d0b 100644
--- a/ansible/roles/pds_mount/templates/home.exports.j2
+++ b/ansible/roles/pds_mount/templates/home.exports.j2
@@ -3,7 +3,13 @@
 {% if "pontos" + num + ".fi.muni.cz" == inventory_hostname %}
 {% for usr in homes %}
 {% for to in mount.export_to %}
-/export/home/{{usr}} -rw,no_subtree_check,root_squash,async,mp=/home {{to}}
+/export/home/{{usr}} -rw,no_subtree_check,root_squash,async,mp=/export/home {{to}}
+{% endfor %}
+{% for to in mount.export_ro_to %}
+/export/home/{{usr}} -ro,no_subtree_check,root_squash,async,mp=/export/home {{to}}
+{% endfor %}
+{% for to in mount.export_web_to %}
+/export/home/{{usr}}/public_html -rw,no_subtree_check,root_squash,async,mp=/export/home {{to}}
 {% endfor %}
 {% endfor %}
 {% endif %}
-- 
GitLab