From 02b66b01b3ae5ef99d9a59e40a7a3058c22a544e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Fri, 20 Oct 2023 15:57:34 +0200
Subject: [PATCH] feat: install chmod service/timer for correcting permissions
 of SIPs uploaded via SFTP

---
 tasks/configure_sftp_server.yml               | 29 +++++++++++++++++++
 .../chmod_chown_sftp_uploads.service.j2       | 11 +++++++
 .../system/chmod_chown_sftp_uploads.timer.j2  | 14 +++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2
 create mode 100644 templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2

diff --git a/tasks/configure_sftp_server.yml b/tasks/configure_sftp_server.yml
index 2a108a5..7e85b7c 100644
--- a/tasks/configure_sftp_server.yml
+++ b/tasks/configure_sftp_server.yml
@@ -136,3 +136,32 @@
   when: not external_ftp
   notify:
     - restart sshd
+
+- name: find out if chmod script for correcting permissions of SIPs uploaded via SFTP is installed
+  ansible.builtin.stat:
+    path: "/usr/local/bin/chmod.sh"
+  register: chmod_installed
+
+- name: deploy systemd units for correcting permissions of SIPs uploaded via SFTP
+  ansible.builtin.template:
+    src: "usr/local/lib/systemd/system/chmod_chown_sftp_uploads.{{ item }}.j2"
+    dest: "/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.{{ item }}"
+    mode: "0644"
+  loop:
+    - "timer"
+    - "service"
+  when: chmod_installed.stat.exists
+
+- name: activate chmod systemd units
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: "chmod_chown_sftp_uploads.{{ item.name }}"
+    enabled: "{{ item.enabled | default(true) }}"
+    state: "{{ item.state | default(omit) }}"
+  loop:
+    - name: "service"
+      enabled: true
+    - name: "timer"
+      enabled: true
+      state: started
+  when: chmod_installed.stat.exists
diff --git a/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2 b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2
new file mode 100644
index 0000000..03d4ef3
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2
@@ -0,0 +1,11 @@
+[Unit]
+Description=service: set correct permissions for SIPs that were uploaded via SFTP
+
+[Service]
+Type=oneshot
+Restart=no
+User=root
+ExecStart=/usr/local/bin/chown.sh
+
+[Install]
+WantedBy=default.target
diff --git a/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2 b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2
new file mode 100644
index 0000000..4c7ac42
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description=timer: set correct permissions for SIPs that were uploaded via SFTP
+
+[Timer]
+OnUnitActiveSec=300
+#When activated, it triggers the service immediately if it missed the last start time, for example due to the system being powered off
+Persistent=true
+#Unit to activate when the timer elapses. (default is set to the same name as the timer unit, except for the suffix)
+Unit=chmod_chown_sftp_uploads.service
+
+[Install]
+#is requires to activate the timer permanently
+#on first init a symbolic link of /etc/systemd/system/basic.target.wants will be created
+WantedBy=default.target
-- 
GitLab