feat: install chmod service/timer for correcting permissions of SIPs uploaded via SFTP

02b66b01 · Jörg Sachse · 34a1eb96 · 02b66b01 · 02b66b01 · 02b66b01
Commit 02b66b01 authored 1 year ago by Jörg Sachse
--- a/tasks/configure_sftp_server.yml
+++ b/tasks/configure_sftp_server.yml
@@ -136,3 +136,32 @@
  when: not external_ftp
  notify:
    - restart sshd
+
+- name: find out if chmod script for correcting permissions of SIPs uploaded via SFTP is installed
+  ansible.builtin.stat:
+    path: "/usr/local/bin/chmod.sh"
+  register: chmod_installed
+
+- name: deploy systemd units for correcting permissions of SIPs uploaded via SFTP
+  ansible.builtin.template:
+    src: "usr/local/lib/systemd/system/chmod_chown_sftp_uploads.{{ item }}.j2"
+    dest: "/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.{{ item }}"
+    mode: "0644"
+  loop:
+    - "timer"
+    - "service"
+  when: chmod_installed.stat.exists
+
+- name: activate chmod systemd units
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: "chmod_chown_sftp_uploads.{{ item.name }}"
+    enabled: "{{ item.enabled | default(true) }}"
+    state: "{{ item.state | default(omit) }}"
+  loop:
+    - name: "service"
+      enabled: true
+    - name: "timer"
+      enabled: true
+      state: started
+  when: chmod_installed.stat.exists
--- a/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2
+++ b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.service.j2
+[Unit]
+Description=service: set correct permissions for SIPs that were uploaded via SFTP
+
+[Service]
+Type=oneshot
+Restart=no
+User=root
+ExecStart=/usr/local/bin/chown.sh
+
+[Install]
+WantedBy=default.target
--- a/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2
+++ b/templates/usr/local/lib/systemd/system/chmod_chown_sftp_uploads.timer.j2
+[Unit]
+Description=timer: set correct permissions for SIPs that were uploaded via SFTP
+
+[Timer]
+OnUnitActiveSec=300
+#When activated, it triggers the service immediately if it missed the last start time, for example due to the system being powered off
+Persistent=true
+#Unit to activate when the timer elapses. (default is set to the same name as the timer unit, except for the suffix)
+Unit=chmod_chown_sftp_uploads.service
+
+[Install]
+#is requires to activate the timer permanently
+#on first init a symbolic link of /etc/systemd/system/basic.target.wants will be created
+WantedBy=default.target