73 lines
1.7 KiB
YAML
73 lines
1.7 KiB
YAML
---
|
|
# cezen-ttyd role: browser-based terminal via ttyd, bound to localhost
|
|
|
|
- name: Install ttyd
|
|
apt:
|
|
name: ttyd
|
|
state: present
|
|
update_cache: yes
|
|
|
|
- name: Create cezen-console restricted user
|
|
user:
|
|
name: cezen-console
|
|
shell: /bin/bash
|
|
comment: "Cezen Web Console User"
|
|
groups: "{{ cezen_user }}"
|
|
append: yes
|
|
state: present
|
|
create_home: yes
|
|
|
|
- name: Set cezen-console password
|
|
# Change this password after first login or use PAM/SSO integration
|
|
shell: echo "cezen-console:CezenConsole2024!" | chpasswd
|
|
changed_when: false
|
|
no_log: true
|
|
|
|
- name: Restrict cezen-console home directory
|
|
file:
|
|
path: /home/cezen-console
|
|
owner: cezen-console
|
|
group: cezen-console
|
|
mode: "0750"
|
|
|
|
- name: Add useful aliases for console user
|
|
copy:
|
|
dest: /home/cezen-console/.bashrc
|
|
owner: cezen-console
|
|
group: cezen-console
|
|
mode: "0644"
|
|
content: |
|
|
# Cezen Web Console — restricted shell environment
|
|
PS1='\[\033[01;32m\]cezen-console\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
|
|
|
# Useful shortcuts
|
|
alias ll='ls -lah --color=auto'
|
|
alias logs='journalctl -u cezen-api -f'
|
|
alias api-status='systemctl status cezen-api'
|
|
alias ollama-ps='ollama ps'
|
|
alias gpu='nvidia-smi'
|
|
alias ports='ss -tlnp'
|
|
|
|
# Prevent accidental system damage
|
|
alias rm='rm -i'
|
|
alias mv='mv -i'
|
|
alias cp='cp -i'
|
|
|
|
- name: Install ttyd systemd service
|
|
copy:
|
|
src: cezen-ttyd.service
|
|
dest: /etc/systemd/system/cezen-ttyd.service
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify:
|
|
- Reload systemd
|
|
- Restart cezen-ttyd
|
|
|
|
- name: Enable and start ttyd service
|
|
systemd:
|
|
name: cezen-ttyd
|
|
enabled: yes
|
|
state: started
|
|
daemon_reload: yes
|