aipackage/ansible/roles/cezen-ttyd/tasks/main.yml

73 lines
1.7 KiB
YAML

---
# cezen-ttyd role: browser-based terminal via ttyd, bound to localhost
- name: Install ttyd
apt:
name: ttyd
state: present
update_cache: yes
- name: Create cezen-console restricted user
user:
name: cezen-console
shell: /bin/bash
comment: "Cezen Web Console User"
groups: "{{ cezen_user }}"
append: yes
state: present
create_home: yes
- name: Set cezen-console password
# Change this password after first login or use PAM/SSO integration
shell: echo "cezen-console:CezenConsole2024!" | chpasswd
changed_when: false
no_log: true
- name: Restrict cezen-console home directory
file:
path: /home/cezen-console
owner: cezen-console
group: cezen-console
mode: "0750"
- name: Add useful aliases for console user
copy:
dest: /home/cezen-console/.bashrc
owner: cezen-console
group: cezen-console
mode: "0644"
content: |
# Cezen Web Console — restricted shell environment
PS1='\[\033[01;32m\]cezen-console\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# Useful shortcuts
alias ll='ls -lah --color=auto'
alias logs='journalctl -u cezen-api -f'
alias api-status='systemctl status cezen-api'
alias ollama-ps='ollama ps'
alias gpu='nvidia-smi'
alias ports='ss -tlnp'
# Prevent accidental system damage
alias rm='rm -i'
alias mv='mv -i'
alias cp='cp -i'
- name: Install ttyd systemd service
copy:
src: cezen-ttyd.service
dest: /etc/systemd/system/cezen-ttyd.service
owner: root
group: root
mode: "0644"
notify:
- Reload systemd
- Restart cezen-ttyd
- name: Enable and start ttyd service
systemd:
name: cezen-ttyd
enabled: yes
state: started
daemon_reload: yes