configpolicy/roles/websites/nratonpass.com/tasks/main.yml

- name: ensure rsync is installed
  package:
    name=rsync
    state=present
  tags:
  - install

- name: ensure app group exists
  group:
    name=webapp.nratonpass
    state=present
- name: ensure app user exists
  user:
    name=webapp.nratonpass
    group=webapp.nratonpass
    home=/srv/www/nratonpass.com
    createhome=yes
    state=present

- name: ensure app home directory permissions are set
  file:
    path=/srv/www/nratonpass.com
    mode=0755
    state=directory

- name: ensure publisher keys are trusted
  authorized_key:
    key: "{{ nratonpass_publisher_keys|join('\n') }}"
    user: webapp.nratonpass
    exclusive: true
- name: ensure authorized_keys file permissions are correct
  file:
    path: /srv/www/nratonpass.com/.ssh/authorized_keys
    mode: '0600'
    owner: webapp.nratonpass
    group: webapp.nratonpass
    setype: ssh_home_t

- name: ensure apache is configured to serve nratonpass.com
  copy:
    src=nratonpass.com.httpd.conf
    dest=/etc/httpd/conf.d/nratonpass.com.conf
    mode=0644
  notify: reload httpd