From 4d1dd6cd7a4d8f5ffcd3de8bf28a0ef5ce191760 Mon Sep 17 00:00:00 2001 From: FollieHiyuki Date: Sun, 30 Oct 2022 00:35:50 +0700 Subject: [PATCH] cron: add other implementations of crond Supports cronie, fcron and busybox's crond. --- README.md | 2 ++ requirements/accepted_variables.yml | 5 ----- roles/cron/tasks/busybox.yml | 7 +++++++ roles/cron/tasks/cronie.yml | 32 +++++++++++++++++++++++++++++ roles/cron/tasks/fcron.yml | 30 +++++++++++++++++++++++++++ roles/cron/tasks/main.yml | 8 ++------ 6 files changed, 73 insertions(+), 11 deletions(-) create mode 100644 roles/cron/tasks/busybox.yml create mode 100644 roles/cron/tasks/cronie.yml create mode 100644 roles/cron/tasks/fcron.yml diff --git a/README.md b/README.md index 62be5c5..1efd744 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,8 @@ $ sudo ansible-playbook -v setup.yml - This playbook assumes that the person running it is me 😃. It might do specific tasks that you don't like. Use with your own risks. +- The playbook assumes it's only run once, so it doesn't take into account conflicted services when switching options in later runs. + - The playbook is intended to be run as **root**. It is separated from [dotfiles-ansible](/FollieHiyuki/dotfiles-ansible), which should only be run as a normal user. ## 📄 License diff --git a/requirements/accepted_variables.yml b/requirements/accepted_variables.yml index c93ac5b..5949492 100644 --- a/requirements/accepted_variables.yml +++ b/requirements/accepted_variables.yml @@ -50,7 +50,6 @@ audit_daemon: crond_provider: - busybox - cronie - - dcron - fcron syslog_provider: @@ -66,7 +65,3 @@ ntp_client: dns_resolver: - dnscrypt-proxy - unbound - -rootless_container_cli: - - podman - - nerdctl diff --git a/roles/cron/tasks/busybox.yml b/roles/cron/tasks/busybox.yml new file mode 100644 index 0000000..92ff4f1 --- /dev/null +++ b/roles/cron/tasks/busybox.yml @@ -0,0 +1,7 @@ +--- +- name: crond | Add crond service to runlevel 'default' + service: + name: crond + runlevel: default + enabled: true + state: started diff --git a/roles/cron/tasks/cronie.yml b/roles/cron/tasks/cronie.yml new file mode 100644 index 0000000..be44adb --- /dev/null +++ b/roles/cron/tasks/cronie.yml @@ -0,0 +1,32 @@ +--- +- name: cronie | Install cronie package + community.general.packaging.os.apk: + name: cronie + state: present + +- name: cronie | Allow only {{ username }} and root to access crontabs + copy: + content: | + {{ username }} + dest: /etc/cron.allow + owner: root + group: root + mode: 0644 + +# btrbk runs btrfs command directly (without specifying /sbin prefix), +# hence we need to inherit PATH here +- name: cronie | Configure command options for cronie service + copy: + content: | + CRON_OPTS="-s -P" + dest: /etc/conf.d/cronie + owner: root + group: root + mode: 0644 + +- name: cronie | Start cronie service in runlevel default + service: + name: cronie + runlevel: default + state: started + enabled: true diff --git a/roles/cron/tasks/fcron.yml b/roles/cron/tasks/fcron.yml new file mode 100644 index 0000000..9b16423 --- /dev/null +++ b/roles/cron/tasks/fcron.yml @@ -0,0 +1,30 @@ +--- +- name: fcron | Install fcron package + community.general.packaging.os.apk: + name: fcron + state: present + +- name: fcron | Deny all users except root to access crontabs + copy: + content: | + all + dest: /etc/fcron/fcron.deny + owner: root + group: root + mode: 0644 + +- name: fcron | Allow {{ username }} to access crontabs + copy: + content: | + {{ username }} + dest: /etc/fcron/fcron.allow + owner: root + group: root + mode: 0644 + +- name: fcron | Start fcron service on runlevel default + service: + name: fcron + runlevel: default + state: started + enabled: true diff --git a/roles/cron/tasks/main.yml b/roles/cron/tasks/main.yml index d3719c5..95c50ab 100644 --- a/roles/cron/tasks/main.yml +++ b/roles/cron/tasks/main.yml @@ -30,9 +30,5 @@ name: logrotate, cpulimit state: present -- name: cron | Add crond service to runlevel 'default' - service: - name: crond - runlevel: default - enabled: true - state: started +- name: cron | Import tasks specific to {{ crond_provider }} + include_tasks: '{{ crond_provider }}.yml'