diff --git a/files/homedirs/DEFAULT/_profile.j2 b/files/homedirs/DEFAULT/_profile.j2 index f5a8c46..fa85a4c 100644 --- a/files/homedirs/DEFAULT/_profile.j2 +++ b/files/homedirs/DEFAULT/_profile.j2 @@ -46,7 +46,7 @@ export LANG="de_DE.utf8" SERVER="{{ samba_server }}" USER="{{ item.item.name }}" PASSWORD='{{ item.item.password }}' -VERSION="1.0" +#VERSION="1.0" # Use NTLMv2 password hashing and force packet signing # diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 30afb74..7505448 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -675,11 +675,13 @@ microcode_intel_package: microcode_amd_package: - amd64-microcode -firmware_packages: - - firmware-linux - - firmware-linux-free +firmware_packages_ubuntu: + - linux-firmware -firmware_non_free_packages: +firmware_packages_debian: + - firmware-linux + +firmware_non_free_packages_debian: - firmware-linux-nonfree apt_install_state: latest @@ -1094,7 +1096,9 @@ nis_groups: #nis_deleted_user: remove_nis_users: - - name: frank + - name: anna + - name: birgit + - name: jonas nis_user: - name: chris @@ -1113,16 +1117,6 @@ nis_user: 3865353333373661390a643564386432643532396632323664383330646430613033643130626430 6139 - - name: anna - groups: - - intern - - verwaltung - - transfer - - scans - - lpadmin - is_samba_user: true - password: 'an20na11' - - name: buero groups: - intern @@ -1161,16 +1155,6 @@ nis_user: is_samba_user: true password: '20jib15ran' - - name: jonas - groups: - - intern - - verwaltung - - transfer - - scans - - lpadmin - is_samba_user: true - password: '20jo11nas' - - name: julia groups: - verwaltung @@ -1223,13 +1207,6 @@ nis_user: is_samba_user: true password: '20_thomas/19-!' - - name: birgit - groups: - - verwaltung - - scans - is_samba_user: true - password: '20-birgit_20%' - - name: stefan groups: - verwaltung @@ -1313,7 +1290,6 @@ samba_shares: vfs_object_recycle: true recycle_path: '@Recycle.Bin' user: - - anna - buero - chris - jibran @@ -1334,10 +1310,7 @@ samba_shares: vfs_object_recycle: true recycle_path: '@Recycle.Bin' user: - - anna - - jonas - buero - - birgit - chris - jibran - praktikum @@ -1357,9 +1330,7 @@ samba_shares: vfs_object_recycle: true recycle_path: '@Recycle.Bin' user: - - anna - buero - - birgit - chris - jibran - praktikum @@ -1440,16 +1411,6 @@ samba_shares: recycle_path: '@Recycle.Bin' user: - thomas - - name: Birgit_Scans - path: /data/samba/Scans/Birgit_Scans - group_valid_users: scans - group_write_list: scans - file_create_mask: '0660' - dir_create_mask: '2770' - vfs_object_recycle: true - recycle_path: '@Recycle.Bin' - user: - - birgit - name: Stefan_Scans path: /data/samba/Scans/Stefan_Scans group_valid_users: scans @@ -1469,7 +1430,6 @@ samba_shares: vfs_object_recycle: false recycle_path: '@Recycle.Bin' user: - - anna - buero - chris - kamera @@ -1486,7 +1446,6 @@ samba_shares: vfs_object_recycle: false recycle_path: '@Recycle.Bin' user: - - anna - buero - chris - kamera diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index b9e8308..8d113ca 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -65,7 +65,7 @@ name: "{{ apt_initial_install_stretch }}" state: "{{ apt_install_state }}" when: - - - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0 + - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0 - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "9" tags: @@ -138,10 +138,11 @@ - name: (apt.yml) Install CPU microcode (debian buster/bullseye) apt: - name: "{{ microcode_package }}" + name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: + - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" - ansible_facts['processor']|string is search("Intel") @@ -226,9 +227,21 @@ # Firmware # --- -- name: (apt.yml) Install Firmware packages +- name: (apt.yml) Install Firmware packages (Ubuntu) apt: - name: "{{ firmware_packages }}" + name: "{{ firmware_packages_ubuntu }}" + state: present + default_release: "{{ ansible_distribution_release }}" + when: + - ansible_facts['distribution'] == "Ubuntu" + tags: + - apt-initial-install + - apt-firmware + + +- name: (apt.yml) Install Firmware packages (Debian) + apt: + name: "{{ firmware_packages_debian }}" state: present default_release: "{{ ansible_distribution_release }}" when: @@ -238,14 +251,14 @@ - apt-firmware -- name: (apt.yml) Install non-free Firmware packages +- name: (apt.yml) Install non-free Firmware packages (Debian) apt: - name: "{{ firmware_non_free_packages }}" + name: "{{ firmware_non_free_packages_debian }}" state: present default_release: "{{ ansible_distribution_release }}" when: - - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Debian" + - apt_debian_contrib_nonfree_enable tags: - apt-initial-install - apt-firmware diff --git a/roles/common/tasks/apt.yml.NEW b/roles/common/tasks/apt.yml.NEW deleted file mode 100644 index 44920f8..0000000 --- a/roles/common/tasks/apt.yml.NEW +++ /dev/null @@ -1,275 +0,0 @@ ---- - -- name: (apt.yml) update configuration file - /etc/apt/sources.list - template: - src: "etc/apt/sources.list.{{ ansible_distribution }}.j2" - dest: /etc/apt/sources.list - owner: root - group: root - mode: 0644 - register: apt_config_updated - when: apt_manage_sources_list|bool - tags: - - apt-configuration - -- name: (apt.yml) apt update - apt: - update_cache: true - cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}" - when: apt_update|bool - tags: - - apt-update - - apt-upgrade - - apt-dpkg-configure - - apt-initial-install - - apt-microcode - - apt-compiler-pkgs - - apt-webserver-pkgs - -- name: (apt.yml) dpkg --configure - command: > - dpkg --configure -a - args: - warn: false - changed_when: _dpkg_configure.stdout_lines | length - register: _dpkg_configure - when: apt_dpkg_configure|bool - tags: - - apt-dpkg-configure - - apt-initial-install - - apt-microcode - - apt-compiler-pkgs - - apt-webserver-pkgs - -- name: (apt.yml) apt upgrade - apt: - upgrade: "{{ apt_upgrade_type }}" - update_cache: true - dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" - when: apt_upgrade|bool - tags: - - apt-upgrade - - apt-initial-install - - apt-microcode - - apt-compiler-pkgs - - apt-webserver-pkgs - -- name: (apt.yml) Initial install debian packages (stretch) - apt: - name: "{{ apt_initial_install_stretch }}" - state: "{{ apt_install_state }}" - when: - - - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0 - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "9" - tags: - - apt-initial-install - -- name: (apt.yml) Initial install debian packages (buster) - apt: - name: "{{ apt_initial_install_buster }}" - state: "{{ apt_install_state }}" - when: - - apt_initial_install_buster is defined and apt_initial_install_buster|length > 0 - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "10" - tags: - - apt-initial-install - -- name: (apt.yml) Initial install debian packages (bullseye) - apt: - name: "{{ apt_initial_install_bullseye }}" - state: "{{ apt_install_state }}" - when: - - apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0 - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "11" - tags: - - apt-initial-install - -- name: (apt.yml) Initial install ubuntu packages (bionic) - apt: - name: "{{ apt_initial_install_bionic }}" - state: "{{ apt_install_state }}" - when: - - ansible_facts['distribution'] == "Ubuntu" - - ansible_facts['distribution_release'] == "bionic" - tags: - - apt-initial-install - -- name: (apt.yml) Initial install ubuntu packages (xenial) - apt: - name: "{{ apt_initial_install_xenial }}" - state: "{{ apt_install_state }}" - when: - - ansible_facts['distribution'] == "Ubuntu" - - ansible_facts['distribution_release'] == "xenial" - tags: - - apt-initial-install - -- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch) - apt: - name: "{{ microcode_package }}" - state: present - default_release: "{{ ansible_distribution_release }}-backports" - when: - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "9" - - ansible_facts['processor']|string is search("Intel") - tags: - - apt-initial-install - - apt-microcode - -- name: (apt.yml) Install CPU microcode (debian buster/bullseye) - apt: - name: "{{ microcode_package }}" - state: present - default_release: "{{ ansible_distribution_release }}" - when: - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" - - ansible_facts['processor']|string is search("Intel") - tags: - - apt-initial-install - - apt-microcode - -- name: (apt.yml) Install CPU microcode (ubuntu bionic) - apt: - name: "{{ microcode_package }}" - state: present - default_release: "{{ ansible_distribution_release }}" - when: - - ansible_facts['distribution'] == "Ubuntu" - - ansible_facts['distribution_release'] == "bionic" - - ansible_facts['processor']|string is search("Intel") - tags: - - apt-initial-install - - apt-microcode - -- name: (apt.yml) Install CPU microcode (ubuntu xenial) - apt: - name: "{{ microcode_package }}" - state: present - default_release: "{{ ansible_distribution_release }}" - when: - - ansible_facts['distribution'] == "Ubuntu" - - ansible_facts['distribution_release'] == "xenial" - - ansible_facts['processor']|string is search("Intel") - tags: - - apt-initial-install - - apt-microcode - -- name: (apt.yml) Install lxc_host related packages - apt: - name: "{{ apt_lxc_host_pkgs }}" - state: "{{ apt_install_state }}" - when: apt_install_lxc_host_pkgs|bool - tags: - - apt-lxc-hosts-pkgs - -- name: (apt.yml) Install compiler related packages - apt: - name: "{{ apt_compiler_pkgs }}" - state: "{{ apt_install_state }}" - when: apt_install_compiler_pkgs|bool - tags: - - apt-compiler-pkgs - -- name: (apt.yml) Install postgresql_server related packages - apt: - name: "{{ apt_postgresql_pkgs }}" - state: "{{ apt_install_state }}" - when: apt_install_postgresql_pkgs|bool - tags: - - apt-postgresql-server-pkgs - -- name: (apt.yml) Install webserver related packages - apt: - name: "{{ apt_webserver_pkgs }}" - state: "{{ apt_install_state }}" - when: apt_install_webserver_pkgs|bool - tags: - - apt-webserver-pkgs - -- name: (apt.yml) Install extra packages - apt: - name: "{{ apt_extra_pkgs }}" - state: "{{ apt_install_state }}" - when: apt_install_extra_pkgs|bool - tags: - - apt-extra-pkgs - -- name: (apt.yml) Remove unwanted packages - apt: - name: "{{ apt_remove }}" - state: absent - purge: "{{ apt_remove_purge }}" - tags: - - apt-remove - -- name: (apt.yml) autoremove - apt: - autoremove: true - dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}" - when: apt_autoremove|bool - tags: - - apt-autoremove - - apt-initial-install - - apt-microcode - - apt-compiler-pkgs - - apt-webserver-pkgs - -- name: (apt.yml) clean - command: apt-get -y clean - args: - warn: false - changed_when: false - when: apt_clean|bool - tags: - - apt-clean - - apt-initial-install - - apt-microcode - - apt-compiler-pkgs - - apt-mysql-server-pkgs - - apt-webserver-pkgs - -# Fix error if install/update of repository mysql-/mariadb-client breaks -# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source -# -- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists - stat: - path: /usr/local/mysql/etc/my.cnf - register: usr_local_mysql_etc_my_cnf - when: groups['mysql_server']|string is search(inventory_hostname) or - groups['apache2_webserver']|string is search(inventory_hostname) or - groups['nextcloud_server']|string is search(inventory_hostname) - tags: - - apt-webserver-pkgs - - apt-mysql-server-pkgs - - check_mysql_cnf - -#- name: debug -# debug: -# msg: -# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }} -# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}" -# tags: -# - check_mysql_cnf - -- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf - file: - src: /usr/local/mysql/etc/my.cnf - dest: /etc/mysql/my.cnf - owner: root - group: root - state: link - when: - - (groups['mysql_server']|string is search(inventory_hostname) or - groups['apache2_webserver']|string is search(inventory_hostname) or - groups['nextcloud_server']|string is search(inventory_hostname)) - - usr_local_mysql_etc_my_cnf.stat.exists - tags: - - apt-webserver-pkgs - - apt-mysql-server-pkgs - - check_mysql_cnf - diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 167e1aa..96e5c0f 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -101,6 +101,13 @@ - samba-remove-user +# tags supported inside system-remove-user.yml: +# +- import_tasks: system-remove-user.yml + tags: + - system-remove-user + + # tags supported inside system-user.yml: # # system-user diff --git a/roles/common/tasks/nis-user.yml b/roles/common/tasks/nis-user.yml index 409c438..b7754ed 100644 --- a/roles/common/tasks/nis-user.yml +++ b/roles/common/tasks/nis-user.yml @@ -1,32 +1,32 @@ --- -# --- -# - Remove unwanted users -# --- - -- name: (nis_user.yml) Remove (old) users from system - user: - name: '{{ item.name }}' - state: absent - with_items: - - "{{ remove_nis_users }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user - -- name: (nis_user.yml) Remove home directory from deleted users - file: - path: '{{ nis_base_home }}/{{ item.name }}' - state: absent - with_items: - - "{{ remove_nis_users }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user +## # --- +## # - Remove unwanted users +## # --- +## +## - name: (nis_user.yml) Remove (old) users from system +## user: +## name: '{{ item.name }}' +## state: absent +## with_items: +## - "{{ remove_nis_users }}" +## loop_control: +## label: '{{ item.name }}' +## tags: +## - nis-user +## - system-user +## +## - name: (nis_user.yml) Remove home directory from deleted users +## file: +## path: '{{ nis_base_home }}/{{ item.name }}' +## state: absent +## with_items: +## - "{{ remove_nis_users }}" +## loop_control: +## label: '{{ item.name }}' +## tags: +## - nis-user +## - system-user # --- # - default user/groups diff --git a/roles/common/tasks/samba-remove-user.yml b/roles/common/tasks/samba-remove-user.yml index a246c4e..cdc0288 100644 --- a/roles/common/tasks/samba-remove-user.yml +++ b/roles/common/tasks/samba-remove-user.yml @@ -36,7 +36,7 @@ register: samba_remove_nis_users_present changed_when: "samba_remove_nis_users_present.rc == 0" failed_when: "samba_remove_nis_users_present.rc > 1" - with_items: + with_items: - "{{ remove_nis_users }}" loop_control: label: '{{ item.name }}' @@ -47,11 +47,11 @@ - name: (samba-remove-user.yml) Remove (old) nis users from samba shell: > smbpasswd -s -x {{ item.item.name }} - with_items: + with_items: - "{{ samba_remove_nis_users_present.results }}" loop_control: label: '{{ item.item.name }}' - when: + when: - item.changed tags: - samba-user diff --git a/roles/common/tasks/system-remove-user.yml b/roles/common/tasks/system-remove-user.yml new file mode 100644 index 0000000..97bff14 --- /dev/null +++ b/roles/common/tasks/system-remove-user.yml @@ -0,0 +1,29 @@ +--- + +# --- +# - Remove unwanted users +# --- + +- name: (system-remove-user.yml) Remove (old) users from system + user: + name: '{{ item.name }}' + state: absent + with_items: + - "{{ remove_nis_users }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user + +- name: (system-remove-user.yml) Remove home directory from deleted users + file: + path: '{{ nis_base_home }}/{{ item.name }}' + state: absent + with_items: + - "{{ remove_nis_users }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user diff --git a/roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml b/roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml index 5d67afe..8d97abf 100644 --- a/roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml +++ b/roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml @@ -45,8 +45,10 @@ - name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass" file: - path: "/etc/x11vnc.pass" - mode: 0644 + path: /etc/x11vnc.pass + owner: root + group: root + mode: 0644 - name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" template: