--- # --- # Install nis # --- - name: (nis-install-server.yml) Install nis common packages package: name: "{{ item }}" state: present with_items: "{{ nis_common_packages }}" register: nis_installed tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain) template: dest: /etc/defaultdomain src: etc/defaultdomain.j2 owner: root group: root mode: 0644 tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Create preconfigured /etc/yp.conf on nis clients template: dest: /etc/yp.conf src: etc/yp.conf.j2 owner: root group: root mode: 0644 tags: - nis-install - nis-install-client # --- # Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. # # Note: # 'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller # # --- - name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists stat: path: /etc/pam.d/common-password register: file_etc_pam_d_common_password tags: - nis-install - nis-install-server when: - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version']|int >= 11 - name: (nis-install-server.yml) Check if default hash for password is 'yescrypt' shell: "grep -i -q -E '^password.+yescrypt' /etc/pam.d/common-password" register: presence_of_passwprd_hashing_yescrypt changed_when: - presence_of_passwprd_hashing_yescrypt.rc < 1 failed_when: - presence_of_passwprd_hashing_yescrypt.rc >= 2 when: - ansible_facts['distribution'] == "Debian" - ansible_distribution_major_version|int >= 11 - ansible_distribution_major_version|int <= 12 - file_etc_pam_d_common_password.stat.exists == True - name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password when: - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version']|int >= 11 - ansible_facts['distribution_major_version']|int <= 12 - file_etc_pam_d_common_password.stat.exists == True - presence_of_passwprd_hashing_yescrypt is changed # --- # /etc/default/nis # --- - name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists stat: path: /etc/default/nis.ORIG register: default_nis_exists tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Backup existing file /etc/default/nis command: cp -a /etc/default/nis /etc/default/nis.ORIG when: - default_nis_exists.stat.exists == False tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server) replace: path: /etc/default/nis regexp: '^NISSERVER=.*' replace: 'NISSERVER=master' tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server) replace: path: /etc/default/nis regexp: '^NISCLIENT=.*' replace: 'NISCLIENT=false' tags: - nis-install - nis-install-server # --- # /etc/ypserv.securenets # --- - name: (nis-install-server.yml) Check if file '/etc/ypserv.securenets.ORIG' exists stat: path: /etc/ypserv.securenets.ORIG register: ypserv_securenets_orig_exists tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Backup existing file /etc/ypserv.securenets command: cp -a /etc/ypserv.securenets /etc/ypserv.securenets.ORIG when: - ypserv_securenets_orig_exists.stat.exists == False tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets replace: path: /etc/ypserv.securenets regexp: '^(0.0.0.0\s+.*)' replace: '#\1' tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets lineinfile: path: /etc/ypserv.securenets line: '255.255.0.0 192.168.0.0' insertafter: EOF state: present owner: root group: root mode: '0644' tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets lineinfile: path: /etc/ypserv.securenets line: '255.0.0.0 10.0.0.0' insertafter: EOF state: present owner: root group: root mode: '0644' tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Trigger '/usr/lib/yp/ypinit -m' shell: printf '\n' | /usr/lib/yp/ypinit -m when: nis_installed.changed tags: - nis-install - nis-install-server # --- # Base directory containing users' home directory # --- - name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists file: path: '{{ nis_base_home }}' owner: root group: root mode: '0755' state: directory when: - "groups['nis_server']|string is search(inventory_hostname)" tags: - nis-install - nis-install-server # --- # /etc/adduser.conf # --- - name: (nis-install-server.yml) Check if file '/etc/adduser.conf.ORIG exists' stat: path: /etc/adduser.conf.ORIG register: adduser_conf_exists tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Backup existing file /etc/adduser.conf command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG when: - adduser_conf_exists.stat.exists == False tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Adjust file '/etc/adduser.conf' - set 'DHOME' replace: path: /etc/adduser.conf regexp: '^#?DHOME=.*' replace: 'DHOME={{ nis_base_home }}' tags: - nis-install - nis-install-server # --- # /var/yp/Makefile # --- - name: (nis-install-server.yml) Check if file '/var/yp/Makefile.ORIG exists' stat: path: /var/yp/Makefile.ORIG register: adduser_conf_exists tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Backup existing file /var/yp/Makefile command: cp -a /var/yp/Makefile /var/yp/Makefile.ORIG when: - adduser_conf_exists.stat.exists == False tags: - nis-install - nis-install-server - name: (nis-install-server.yml) Adjust file '/var/yp/Makefile' replace: path: /var/yp/Makefile regexp: '^#?{{ item }}=.*' replace: '{{ item }}=true' with_items: - MERGE_PASSWD - MERGE_GROUP notify: - Renew nis databases tags: - nis-install - nis-install-server # TODO: # /var/yp/Makefile