Initial commit

2020-01-01 19:34:48 +01:00
commit c4cb305fa0
32 changed files with 2010 additions and 0 deletions
--- a/roles/common/templates/etc/defaultdomain.j2
+++ b/roles/common/templates/etc/defaultdomain.j2
@ -0,0 +1 @@
+{{ nis_domain }}
--- a/roles/common/templates/etc/exports.j2
+++ b/roles/common/templates/etc/exports.j2
@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+
+# /etc/exports: the access control list for filesystems which may be exported
+#   to NFS clients.  See exports(5).
+#
+# Example for NFSv2 and NFSv3:
+# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
+#
+# Example for NFSv4:
+# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
+# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
+#
+
+{% set count = namespace(nfs_exports=100) %}
+{% for export in nfs_exports %}
+
+{% set export_str= namespace(nfs_exports = export.src.split(":")[1]) %}
+
+{%    set count.nfs_exports = count.nfs_exports + 10 %}
+{%    for network in export.export_networks %}
+{%       if export.fs_encrypted is defined and export.fs_encrypted is sameas true %}
+{%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~",fsid="~count.nfs_exports~")" %}
+#{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }},fsid={{ count.nfs_exports }})
+{%       else %}
+{%          set export_str.nfs_exports = export_str.nfs_exports~" "~network~"("~export.export_opt~")" %}
+#{{          export.src.split(":")[1] }} {{ network }}({{ export.export_opt }})
+{%       endif %}
+{%    endfor %}
+
+{{ export_str.nfs_exports }}
+{% endfor %}
--- a/roles/common/templates/etc/sudoers.d/50-user.j2
+++ b/roles/common/templates/etc/sudoers.d/50-user.j2
@ -0,0 +1,34 @@
+# {{ ansible_managed }}
+
+{% for item in sudoers_file_defaults | default([]) %}
+Defaults {{ item }}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_file_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_file_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_file_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_file_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+
+{# rules for nis users #}
+{% for item in nis_user | default([]) %}
+{{ item.name }}    ALL=(root)NOPASSWD: MOUNT
+{% endfor %}
+
+# Group privilege specification
--- a/roles/common/templates/etc/sudoers.j2
+++ b/roles/common/templates/etc/sudoers.j2
@ -0,0 +1,56 @@
+# {{ ansible_managed }}
+
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+{% for item in sudoers_defaults %}
+{% if item != '' %}
+Defaults {{ item }}
+{% endif %}
+{% endfor %}
+
+# Host alias specification
+{% for item in sudoers_host_aliases | default([]) %}
+Host_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User alias specification
+{% for item in sudoers_user_aliases | default([]) %}
+User_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Cmnd alias specification
+{% for item in sudoers_cmnd_aliases | default([]) %}
+Cmnd_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# Runas alias specification
+{% for item in sudoers_runas_aliases | default([]) %}
+Runas_Alias {{ item.name }} = {{ item.entry }}
+{% endfor %}
+
+# User privilege specification
+{% for item in sudoers_user_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# Members of the admin group may gain root privileges
+%admin ALL=(ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) ALL
+
+# Group privilege specification
+
+{% for item in sudoers_group_privileges | default([]) %}
+{{ item.name }} {{ item.entry }}
+{% endfor %}
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+
--- a/roles/common/templates/etc/yp.conf.j2
+++ b/roles/common/templates/etc/yp.conf.j2
@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+# /etc/yp.conf - ypbind configuration file
+# Valid entries are
+#
+# domain NISDOMAIN server HOSTNAME
+#       Use server HOSTNAME for the domain NISDOMAIN.
+#
+# domain NISDOMAIN broadcast
+#       Use  broadcast  on  the local net for domain NISDOMAIN
+#
+# domain NISDOMAIN slp
+#       Query local SLP server for ypserver supporting NISDOMAIN
+#
+# ypserver HOSTNAME
+#       Use server HOSTNAME for the  local  domain.  The
+#       IP-address of server must be listed in /etc/hosts.
+#
+# broadcast
+#       If no server for the default domain is specified or
+#       none of them is rechable, try a broadcast call to
+#       find a server.
+#
+domain {{ nis_domain }} server {{ nis_server_address }}
--- a/roles/common/templates/user_homedirs/dot.profile.j2
+++ b/roles/common/templates/user_homedirs/dot.profile.j2
@ -0,0 +1,128 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+#. /usr/lib/mc/bin/mc.sh
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ] ; then
+   source /usr/share/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+# 
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+SERVER="{{ samba_server }}"
+USER="{{ item.name }}"
+PASSWORD='{{ item.password }}'
+VERSION="1.0"
+
+# Use NTLMv2 password hashing and force packet signing
+#
+#    SEC="ntlmv2i"
+#
+# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+#
+#    SEC="ntlmsspi"
+#
+SEC="ntlmsspi"
+
+# - uid/guid of the user at fielserver
+# -
+_UID="$(id -u)"
+_GID="$(id -g)"
+
+
+# Logfile to see what happened..
+#
+_logfile=/tmp/profile_${USER}.log
+
+
+echo "" > $_logfile
+echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+# Network present
+#
+_network=false
+
+if [  "X$_addr" = "X" ] ; then
+   echo "no inet address assigned yet.." >> $_logfile
+   declare -i count=1
+   while  ! $_network && [[ $count -lt 5 ]] ; do
+      echo "sleeping 2 seconds.." >> $_logfile
+      sleep 2
+      _addr="$(hostname --ip-address)"
+      if [ "X$_addr" != "X" ] ; then
+         _network=true
+         echo "inet address present: $_addr" >> $_logfile
+      fi
+      ((count++))
+   done
+fi
+
+for dir in $(ls /mnt/$USER) ; do
+   MOUNT_POINT=/mnt/$USER/$dir
+   SHARE=$dir
+
+   [ ! -d $MOUNT_POINT ] && continue
+
+   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+      echo "Going to mount share '${SHARE}' .." >> $_logfile
+      if [ -x /usr/bin/smb4k_mount ]; then
+         ## - Ubuntu <= 12.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      else
+         ## - Ubuntu Version >= 14.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      fi
+   else
+      echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+   fi
+
+done
+