From d43e99a7f34e00ba785fe428073c28997cc9a0c1 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Tue, 20 Nov 2018 23:33:24 +0100
Subject: [PATCH] add tasks to setup system roles and acls

---
 defaults/main.yml      | 15 +++++++++++++++
 tasks/filesystem.yml   | 10 ++++++++++
 tasks/main.yml         |  2 ++
 tasks/users_groups.yml |  9 +++++++++
 4 files changed, 36 insertions(+)
 create mode 100644 tasks/filesystem.yml
 create mode 100644 tasks/users_groups.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 70f4e55..2acbca5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,3 +7,18 @@ ucs_tls_certs_dir: /etc/pki/tls/certs
 ucs_tls_key_dir: /etc/pki/tls/private
 ucs_tls_cert_path: /etc/pki/tls/certs/mycert.pem
 ucs_tls_key_path: /etc/pki/tls/private/mykey.pem
+
+# ucs_filesystem_acl:
+#   - path: /shares/mydocuments # needs to be set
+#     entity: john # needs to be set
+#     etype: user # needs to be set
+#     permissions: rw # needs to be set
+#     state: # defaults to 'query'
+#     recursive: # defaults to 'no'
+
+# ucs_system_groups:
+#   - name: fs-mydocuments-rw # needs to be set
+#     description: # defaults to not set
+#     subpath: # defaults to not set
+#     ou: # defaults to not set
+#     state: # defaults to 'present'
diff --git a/tasks/filesystem.yml b/tasks/filesystem.yml
new file mode 100644
index 0000000..d190214
--- /dev/null
+++ b/tasks/filesystem.yml
@@ -0,0 +1,10 @@
+---
+- name: Set acl for shares
+  acl:
+    path: "{{ item.path }}"
+    entity: "{{ item.entity }}"
+    etype: "{{ item.etype }}"
+    permissions: "{{ item.permissions }}"
+    state: "{{ item.state | default('query') }}"
+    recursive: "{{ item.recursive | default('no') }}"
+  with_items: "{{ ucs_filesystem_acl | default([]) }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 3730440..a9750bc 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,3 +1,5 @@
 ---
+- include_tasks: users_groups.yml
+- include_tasks: filesystem.yml
 - import_tasks: tls.yml
   tags: tls_renewal
diff --git a/tasks/users_groups.yml b/tasks/users_groups.yml
new file mode 100644
index 0000000..97b0a1e
--- /dev/null
+++ b/tasks/users_groups.yml
@@ -0,0 +1,9 @@
+---
+- name: Create system groups
+  udm_group:
+    name: "{{ item.name }}"
+    description: "{{ item.description | default(omit) }}"
+    subpath: "{{ item.subpath | default(omit) }}"
+    ou: "{{ item.ou | default(omit) }}"
+    state: "{{ item.state | default('present') }}"
+  with_items: "{{ ucs_system_groups | default([]) }}"