From fd4ebff3474fda0891f697dcc57b37b15b95c751 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 18 Sep 2025 15:43:23 -0700
Subject: [PATCH] anubis: add group/user

Normally the fedora anubis package uses systemd's DynamicUser, which is
fine, but we need to setup a env file only readable by anubis because it
contains a private key.

So, just add group/user here and the unit will use those instead.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/anubis/tasks/main.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/roles/anubis/tasks/main.yml b/roles/anubis/tasks/main.yml
index d96946c845..dcc162e385 100644
--- a/roles/anubis/tasks/main.yml
+++ b/roles/anubis/tasks/main.yml
@@ -6,6 +6,23 @@
   tags:
     - anubis
 
+- name: Add anubis group
+  ansible.builtin.group:
+    name: anubis
+    state: present
+  tags:
+  - config
+  - anubis
+
+- name: Add anubis user
+  ansible.builtin.user:
+    name: anubis
+    group: anubis
+    system: yes
+  tags:
+  - config
+  - anubis
+
 - name: Install httpd config for backend listener
   ansible.builtin.copy:
     src: "httpd/{{ item }}"