--- # cezen-ttyd role: browser-based terminal via ttyd, bound to localhost - name: Install ttyd apt: name: ttyd state: present update_cache: yes - name: Create cezen-console restricted user user: name: cezen-console shell: /bin/bash comment: "Cezen Web Console User" groups: "{{ cezen_user }}" append: yes state: present create_home: yes - name: Set cezen-console password # Change this password after first login or use PAM/SSO integration shell: echo "cezen-console:CezenConsole2024!" | chpasswd changed_when: false no_log: true - name: Restrict cezen-console home directory file: path: /home/cezen-console owner: cezen-console group: cezen-console mode: "0750" - name: Add useful aliases for console user copy: dest: /home/cezen-console/.bashrc owner: cezen-console group: cezen-console mode: "0644" content: | # Cezen Web Console — restricted shell environment PS1='\[\033[01;32m\]cezen-console\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' # Useful shortcuts alias ll='ls -lah --color=auto' alias logs='journalctl -u cezen-api -f' alias api-status='systemctl status cezen-api' alias ollama-ps='ollama ps' alias gpu='nvidia-smi' alias ports='ss -tlnp' # Prevent accidental system damage alias rm='rm -i' alias mv='mv -i' alias cp='cp -i' - name: Install ttyd systemd service copy: src: cezen-ttyd.service dest: /etc/systemd/system/cezen-ttyd.service owner: root group: root mode: "0644" notify: - Reload systemd - Restart cezen-ttyd - name: Enable and start ttyd service systemd: name: cezen-ttyd enabled: yes state: started daemon_reload: yes