From 7c20e9c5097611ed18e57c3a9f87794f2064cd62 Mon Sep 17 00:00:00 2001
From: Matej Focko <me@mfocko.xyz>
Date: Mon, 3 Jun 2024 21:53:44 +0200
Subject: [PATCH] feat(user/tmpfiles): create role for user's tmpdir

Signed-off-by: Matej Focko <me@mfocko.xyz>
---
 playbooks/bootstrap.yml                 | 5 +++++
 roles/user/tmpfiles/defaults/main.yml   | 2 ++
 roles/user/tmpfiles/handlers/main.yml   | 5 +++++
 roles/user/tmpfiles/tasks/main.yml      | 7 +++++++
 roles/user/tmpfiles/templates/user.conf | 1 +
 5 files changed, 20 insertions(+)
 create mode 100644 roles/user/tmpfiles/defaults/main.yml
 create mode 100644 roles/user/tmpfiles/handlers/main.yml
 create mode 100644 roles/user/tmpfiles/tasks/main.yml
 create mode 100644 roles/user/tmpfiles/templates/user.conf

diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
index d2e2ab5..e074ac7 100644
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@@ -46,6 +46,11 @@
     - role: user/editors/neovim
       tags: neovim
 
+    # Directory for temporary files
+    - role: user/tmpfiles
+      become: true
+      tags: tmpfiles
+
     # Configure git
     - role: user/git
       tags: git
diff --git a/roles/user/tmpfiles/defaults/main.yml b/roles/user/tmpfiles/defaults/main.yml
new file mode 100644
index 0000000..0c538c0
--- /dev/null
+++ b/roles/user/tmpfiles/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+user_tmpfiles_retention: "7d"
diff --git a/roles/user/tmpfiles/handlers/main.yml b/roles/user/tmpfiles/handlers/main.yml
new file mode 100644
index 0000000..ce8e312
--- /dev/null
+++ b/roles/user/tmpfiles/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Create the temporary directory
+  ansible.builtin.command:
+    cmd: systemd-tmpfiles --create
+    creates: /var/tmp/{{ target_user }}
diff --git a/roles/user/tmpfiles/tasks/main.yml b/roles/user/tmpfiles/tasks/main.yml
new file mode 100644
index 0000000..94139db
--- /dev/null
+++ b/roles/user/tmpfiles/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+- name: Create tmpfiles config
+  ansible.builtin.template:
+    src: templates/user.conf
+    dest: /etc/tmpfiles.d/user.conf
+    mode: 0644
+  notify: "Create the temporary directory"
diff --git a/roles/user/tmpfiles/templates/user.conf b/roles/user/tmpfiles/templates/user.conf
new file mode 100644
index 0000000..03853b7
--- /dev/null
+++ b/roles/user/tmpfiles/templates/user.conf
@@ -0,0 +1 @@
+d /var/tmp/{{ target_user }} 0640 {{ target_user }} {{ target_group }} {{ user_tmpfiles_retention }}