ansible/mbr-bln
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2020-10-14 18:07:09 +02:00
parent cbf4d7b452
commit 76f24d9900
91 changed files with 23093 additions and 2155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
roles/common/tasks/apt.yml
View File

@ -8,10 +8,13 @@
group: root
mode: 0644
register: apt_config_updated
when: apt_manage_sources_list|bool
when:
- ansible_facts['distribution'] == "Debian"
- apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
@ -26,6 +29,7 @@
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
@ -41,6 +45,7 @@
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
@ -54,6 +59,7 @@
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
@ -64,6 +70,7 @@
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
@ -74,12 +81,39 @@
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ microcode_package }}"
name: "{{ apt_initial_install_bionic }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (xenial)
apt:
name: "{{ apt_initial_install_xenial }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
tags:
- apt-initial-install
# ---
# Microcode
# ---
- name: (apt.yml) Ensure we have CPU microcode from backports for Intel CPU (debian stretch)
apt:
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- apt_backports_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
@ -87,9 +121,26 @@
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster)
- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
apt:
name: "{{ microcode_package }}"
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- apt_backports_enable
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
apt:
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@ -100,6 +151,109 @@
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for AMD CPU (debian buster)
apt:
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu bionic)
apt:
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for AMD CPU (ubuntu bionic)
apt:
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (ubuntu xenial)
apt:
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel AMD (ubuntu xenial)
apt:
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
# ---
# Firmware
# ---
- name: (apt.yml) Install Firmware packages
apt:
name: "{{ firmware_non_free_packages }}"
state: present
default_release: "{{ ansible_distribution_release }}"
tags:
- apt-initial-install
- apt-firmware
- name: (apt.yml) Install non-free Firmware packages
apt:
name: "{{ firmware_non_free_packages }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
tags:
- apt-initial-install
- apt-firmware
# ---
# unwanted packages
# ---
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"

37
roles/common/tasks/basic.yml
View File

@ -14,6 +14,7 @@
tags:
- locales
- name: (basic.yml) Create a symbolic link /bin/sh -> bash
file:
src: bash
@ -21,9 +22,12 @@
owner: root
group: root
state: link
when:
- "groups['file_server']|string is search(inventory_hostname)"
tags:
- symlink-sh
- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
stat:
path: /etc/systemd/system
@ -31,6 +35,7 @@
when:
- set_default_limit_nofile|bool == true
- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
lineinfile:
dest: /etc/systemd/system.conf
@ -44,6 +49,7 @@
tags:
- systemd-nofiles
- name: (basic.yml) Check file '/etc/security/limits.conf.ORIG' exists
stat:
path: /etc/security/limits.conf.ORIG
@ -57,6 +63,7 @@
tags:
- limits-conf
- name: (basic.yml) Create new sshd_config from template limits.conf.j2
template:
src: etc/security/limits.conf.j2
@ -66,3 +73,33 @@
mode: 0644
tags:
- limits-conf
# - /etc/hosts
- name: (basic.yml) Check file '/etc/hosts.ORIG' exists
stat:
path: /etc/hosts.ORIG
register: etc_hosts_ORIG
when:
- "groups['file_server']|string is search(inventory_hostname)"
tags:
- etc_hosts
- name: (basic.yml) Backup installation version of file '/etc/hosts'
command: cp -a /etc/hosts /etc/hosts.ORIG
when:
- "groups['file_server']|string is search(inventory_hostname)"
- etc_hosts_ORIG.stat.exists == False
tags:
- etc_hosts
- name: (basic.yml) addjust '/etc/hosts' add nis-server ..
lineinfile:
path: /etc/hosts
regexp: '^192\.168\.'
line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
when:
- "groups['nis_server']|string is search(inventory_hostname)"
tags:
- etc_hosts

152
roles/common/tasks/cups-install.yml Normal file
View File

@ -0,0 +1,152 @@
---
# ---
# Cups Server
# ---
- name: (cups-install.yml) Ensure CUPS packages server (buster) are installed.
package:
pkg: '{{ apt_install_server_cups_buster }}'
state: present
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- cups-server
# ---
# Cups clients
# ---
- name: (cups.yml) Ensure CUPS packages clients are installed.
package:
pkg: "{{ apt_install_client_cups }}"
state: present
when:
- ansible_distribution_version == "18.04"
- ansible_architecture == "x86_64"
tags:
- cups-client
# -- file /etc/cups/cups-browsed.conf
- name: (cups.yml) Check if file '/etc/cups/cups-browsed.conf.ORIGi' exists
stat:
path: /etc/cups/cups-browsed.conf.ORIG
register: cups_browsed_conf_orig_exists
tags:
- cups-server
- cups-client
- name: (cups.yml) Backup /etc/cups/cups-browsed.conf file
command: cp /etc/cups/cups-browsed.conf /etc/cups/cups-browsed.conf.ORIG
when: cups_browsed_conf_orig_exists.stat.exists == False
tags:
- cups-server
- cups-client
- name: (cups.yml) update configuration file server - /etc/cups/cups-browsed.conf
template:
src: "etc/cups/cups-browsed.conf.server.j2"
dest: /etc/cups/cups-browsed.conf
owner: root
group: root
mode: 0644
notify:
Restart cups-browsed
when:
- groups['file_server']|string is search(inventory_hostname)
tags:
- cups-server
- name: (cups.yml) update configuration file client - /etc/cups/cups-browsed.conf
template:
src: "etc/cups/cups-browsed.conf.client.j2"
dest: /etc/cups/cups-browsed.conf
owner: root
group: root
mode: 0644
notify:
Restart cups-browsed
when:
- groups['client_pc']|string is search(inventory_hostname)
tags:
- cups-client
# -- file /etc/cups/cupsd.conf
- name: (cups.yml) Check if file '/etc/cups/cupsd.conf.ORIG' exists
stat:
path: /etc/cups/cupsd.conf.ORIG
register: cupsd_conf_orig_exists
tags:
- cups-server
- cups-client
- name: (cups.yml) Backup /etc/cups/cupsd.conf file
command: cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.ORIG
when: cupsd_conf_orig_exists.stat.exists == False
tags:
- cups-server
- cups-client
- name: (cups.yml) update configuration file server - /etc/cups/cupsd.conf
template:
src: "etc/cups/cupsd.conf.server.j2"
dest: /etc/cups/cupsd.conf
owner: root
group: root
mode: 0644
notify:
Restart cups
when:
- groups['file_server']|string is search(inventory_hostname)
tags:
- cups-server
- name: (cups.yml) update configuration file client - /etc/cups/cupsd.conf
template:
src: "etc/cups/cupsd.conf.client.j2"
dest: /etc/cups/cupsd.conf
owner: root
group: root
mode: 0644
notify:
Restart cups
when:
- groups['client_pc']|string is search(inventory_hostname)
tags:
- cups-server
# -- file /etc/cups/cups-files.conf
- name: (cups.yml) Check if file '/etc/cups/cups-files.conf.ORIGi' exists
stat:
path: /etc/cups/cups-files.conf.ORIG
register: cups_files_conf_orig_exists
tags:
- cups-server
- cups-client
- name: (cups.yml) Backup /etc/cups/cups-files.conf file
command: cp /etc/cups/cups-files.conf /etc/cups/cups-files.conf.ORIG
when: cups_files_conf_orig_exists.stat.exists == False
tags:
- cups-server
- cups-client
- name: (cups.yml) update configuration file server - /etc/cups/cups-files.conf
template:
src: "etc/cups/cups-files.conf.j2"
dest: /etc/cups/cups-files.conf
owner: root
group: root
mode: 0644
notify:
Restart cups
tags:
- cups-server
- cups-client

66
roles/common/tasks/git.yml Normal file
View File

@ -0,0 +1,66 @@
---
# ---
# Default reposotories
# ---
- name: (git.yml) Install/Update default repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_default_repositories }}'
loop_control:
label: "{{ item.name }}"
tags:
- git-default-repositories
# ---
# Group [file_server] reposotories
# ---
- name: (git.yml) Install/Update file_server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_oopen_server_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- git-file-server-repositories
# ---
# Group [samba_server] reposotories
# ---
- name: (git.yml) Install/Update samba server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_samba_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['samba_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
- git-samba-server-repositories
# ---
# Group [gateway_server] reposotories
# ---
- name: (git.yml) Install/Update gateway repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_gateway_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['gateway_server']|string is search(inventory_hostname)"
tags:
- git-gateway-server-repositories

9
roles/common/tasks/luks.yml
View File

@ -1,9 +1,6 @@
- name: (luks.ym) add new key to the LUKS container (container has to exist)
luks_device:
#device: "{{ luks_device }}"
#keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
#new_keyfile: "{{ role_path + '/files/vault/luks_new_passwd' }}"
device: "/dev/sda3"
keyfile: "/vault/luks_default_passwd"
new_keyfile: "/vault/luks_new_passwd"
device: "{{ luks_device }}"
keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
new_keyfile: "{{ role_path + '/files/vault/luks_chris_passwd' }}"

184
roles/common/tasks/main.yml
View File

@ -1,6 +1,5 @@
---
# tags supported inside basic.yml
#
# timezone
@ -10,12 +9,14 @@
tags:
- basic
# tags supported inside sshd.yml
#
# sshd-config
- import_tasks: sshd.yml
tags: sshd
# tags supported inside apt.yml
#
# apt-update
@ -29,6 +30,42 @@
- import_tasks: apt.yml
tags: apt
# tags supportetd inside git.yml
#
# git-default-repositories
# git-file-server-repositories
# git-gateway-server-repositories
- import_tasks: git.yml
tags: git
# tags supported inside ntp.yml:
#
# ntp-server
- import_tasks: ntp.yml
tags:
- ntp
# tags supported inside cups-install.yml:
#
# cups-server
# cups-client
- import_tasks: cups-install.yml
tags:
- cups
# tags supported inside pure-ftpd-install.yml:
#
- import_tasks: pure-ftpd-install.yml
when:
- groups['ftp_server']|string is search(inventory_hostname)
tags:
- pure-ftpd
# tags supported inside nfs.yml:
#
# nfs-server
@ -37,68 +74,132 @@
tags:
- nfs
# tags supported inside nfs.yml:
# tags supported inside samba-install.yml:
#
# samba-server
# samba-client
- import_tasks: samba-install.yml
tags:
- samba-install
- samba
# tags supported inside samba-remove-user.yml:
#
- import_tasks: samba-remove-user.yml
tags:
- samba-remove-user
# tags supported inside system-user.yml:
#
# system-user
- import_tasks: system-user.yml
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- system-user
# tags supported inside nis-install-server.yml:
#
# nis-install-server
- import_tasks: nis-install-server.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-install
- nis-install-server
# tags supported inside nfs.yml:
# tags supported inside nis-user.yml:
#
# nis-user
- import_tasks: nis-user.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-user
# tags supported inside nis-install-client.yml:
#
# nis-install-client
- import_tasks: nis-install-client.yml
when: "groups['nis_client']|string is search(inventory_hostname)"
tags:
- nis-install
- nis-install-client
# tags supported inside nis_user.yml:
#
# nis-user
# system-user
- import_tasks: nis_user.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-user
# tags supported inside samba_user.yml:
# tags supported inside samba-user.yml:
#
# samba-user
- import_tasks: samba_user.yml
- import_tasks: samba-user.yml
when: "groups['samba_server']|string is search(inventory_hostname)"
tags:
- nis-samba-user
- import_tasks: user-systemfiles.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- user-systemfiles
# tags supported inside sudoers.yml:
# tags supported inside mount_samba_shares.yml:
#
# sudoers-remove
# sudoers-file-configuration
# sudoers-global-configuration
- import_tasks: sudoers.yml
when: "groups['client_pc']|string is search(inventory_hostname)"
tags:
- sudoers
# tags supported inside samba-server-shares.yml:
#
# samba-shares
# samba-config
- import_tasks: samba-server.yml
when: "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
#- import_tasks: mount_samba_shares.yml
# when: "groups['client_pc']|string is search(inventory_hostname)"
# tags:
# - samba-shares
# tags supported system-user-systemfiles.yml:
# profile
# bashrc
# vimrc
- import_tasks: system-user-systemfiles.yml
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- user-systemfiles
# tags supported nis-user-systemfiles.yml:
# profile
# bashrc
# vimrc
- import_tasks: nis-user-systemfiles.yml
when: "groups['nis_server']|string is search(inventory_hostname)"
tags:
- user-systemfiles
- nis-user-systemfiles
# tags supported root-files-scripts.yml:
# wakeup_lan
- import_tasks: root-files-scripts.yml
tags:
- root-files-scripts
# tags supported inside sudoers-pc.yml:
#
# sudoers-remove
# sudoers-file-configuration
# sudoers-global-configuration
- import_tasks: sudoers-pc.yml
when: "groups['client_pc']|string is search(inventory_hostname)"
tags:
- sudoers
# tags supported inside sudoers-server.yml:
#
# sudoers-remove
# sudoers-file-configuration
# sudoers-global-configuration
- import_tasks: sudoers-server.yml
when: "groups['file_server']|string is search(inventory_hostname)"
tags:
- sudoers
# Tasks: Configure VNC (x11vnc) for Ubuntu systems
#
# Supported OS:
@ -125,14 +226,9 @@
- x11vnc-1804
- finish-client-install
#- name: "Configure LUKS"
# import_tasks: luks.yml
# when: "groups['client_pc']|string is search(inventory_hostname)"
# tags:
# - luks
- import_tasks: root-systemfiles.yml
when: "groups['nis_client']|string is search(inventory_hostname)"
- name: "Configure LUKS"
import_tasks: luks.yml
when: "groups['client_pc']|string is search(inventory_hostname)"
tags:
- root-systemfiles
- finish-client-install
- luks

17
roles/common/tasks/nfs.yml
View File

@ -44,6 +44,23 @@
tags:
- nfs-server
- name: Enable service rpc-statd and ensure it is not masked
systemd:
name: rpc-statd
enabled: yes
masked: no
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Make sure service rpc-statd is running
systemd:
state: started
name: rpc-statd
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
# ---
# NFS clients
# ---

6
roles/common/tasks/nis-install-client.yml
View File

@ -145,7 +145,7 @@
- name: (nis-install-client.yml) Add nis-server to file /etc/hosts
lineinfile:
path: /etc/hosts
line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[1] }}'
line: '{{ nis_server_address }} {{ nis_server_name }} {{ nis_server_name.split(".")[0] }}'
insertafter: EOF
state: present
owner: root
@ -160,7 +160,7 @@
# /etc/nsswitch.conf
# ---
- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
- name: (nis-install-client.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
stat:
path: /etc/nsswitch.conf.ORIG
register: nsswitch_conf_orig_exists
@ -168,7 +168,7 @@
- nis-install
- nis-install-client
- name: (nis.yml) Backup existing file /etc/nsswitch.conf
- name: (nis-install-client.yml) Backup existing file /etc/nsswitch.conf
command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
when:
- nsswitch_conf_orig_exists.stat.exists == False

35
roles/common/tasks/nis-install-server.yml
View File

@ -4,6 +4,16 @@
# Install nis
# ---
- name: (nis-install-server.yml) Install nis common packages
package:
name: "{{ item }}"
state: present
with_items: "{{ nis_common_packages }}"
register: nis_installed
tags:
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
template:
dest: /etc/defaultdomain
@ -15,15 +25,16 @@
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Install nis common packages
package:
name: "{{ item }}"
state: present
with_items: "{{ nis_common_packages }}"
register: nis_installed
- name: (nis-install-server.yml) Create preconfigured /etc/yp.conf on nis clients
template:
dest: /etc/yp.conf
src: etc/yp.conf.j2
owner: root
group: root
mode: 0644
tags:
- nis-install
- nis-install-server
- nis-install-client
# ---
@ -85,14 +96,14 @@
- nis-install
- nis-install-server
- name: (nis-install-client.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
replace:
path: /etc/ypserv.securenets
regexp: '^(0.0.0.0\s+.*)'
replace: '#\1'
tags:
- nis-install
- nis-install-client
- nis-install-server
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
lineinfile:
@ -105,7 +116,7 @@
mode: '0644'
tags:
- nis-install
- nis-install-client
- nis-install-server
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
lineinfile:
@ -134,13 +145,13 @@
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
file:
path: '{{ nis_base_home}}'
path: '{{ nis_base_home }}'
owner: root
group: root
mode: '0755'
state: directory
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- "groups['nis_server']|string is search(inventory_hostname)"
tags:
- nis-install
- nis-install-server

183
roles/common/tasks/nis-user-systemfiles.yml Normal file
View File

@ -0,0 +1,183 @@
---
# ---
# Check if local template directories exists
# ---
# nis_users
- name: (nis-user-systemfiles.yml) Check if local template directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
with_items: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_nis_user
# --
# Copy .profile
# ---
- name: (nis-user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- profile
- name: (nis-user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == False
tags:
- profile
- name: (nis-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (nis-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/homedirs/DEFAULT/_profile.j2
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- profile
# --
# Copy .bashrc
# ---
- name: (nis-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- bashrc
- name: (nis-user-systemfiles.yml) Backup existing users .bashrc file
command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
loop: "{{ bashrc_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- bashrc
- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: files/homedirs/DEFAULT/_bashrc
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- bashrc
# --
# Copy .vimrc
# ---
- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
with_items: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
tags:
- vimrc
- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: files/homedirs/DEFAULT/_vimrc
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- vimrc

21
roles/common/tasks/nis_user.yml → roles/common/tasks/nis-user.yml
View File

@ -9,7 +9,7 @@
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
@ -21,7 +21,7 @@
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
@ -48,25 +48,20 @@
#- meta: end_host
- name: (nis_user.yml) Check if nis (system) user exists
shell: "getent passwd {{ item.name }}"
register: nis_user_exists
changed_when: "nis_user_exists.rc == 2"
failed_when: "nis_user_exists.rc > 2"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
ignore_errors: true
- name: (nis_user.yml) Get database of nis (system) users
getent:
database: passwd
tags:
- nis-user
- system-user
- name: (nis_user.yml) Add nis (system) users
- name: (nis_user.yml) Add nis (system) users if not yet exists..
shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when: nis_user_exists is changed
when:
- item.name not in getent_passwd
notify: Renew nis databases
tags:
- nis-user

121
roles/common/tasks/nis_samba_user.yml
View File

@ -1,121 +0,0 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
# ---
# - default user/groups
# ---
- name: (nis_samba_user.yml) Ensure nis groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ nis_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- nis-user
- system-user
#- meta: end_host
- name: (nis_samba_user.yml) Ensure nis users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
#group: '{{ item.0.name | default(omit) }}'
groups: "{{ item.groups|join(', ') }}"
home: '{{ nis_base_home }}/{{ item.name }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password | password_hash('sha512') }}"
update_password: on_create
append: yes
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
notify: Renew nis databases
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user

47
roles/common/tasks/ntp.yml Normal file
View File

@ -0,0 +1,47 @@
---
# ---
# NTP Server
# ---
- name: (ntp.yml) Ensure ntp package is installed.
apt:
name:
- ntp
state: present
when:
- ansible_os_family == "Debian"
- groups['file_server']|string is search(inventory_hostname)
tags:
- ntp-server
- name: (ntp.yml) Check file '/etc/ntp.conf.ORIG' exists
stat:
path: /etc/ntp.conf.ORIG
register: etc_ntp_conf_ORIG
when:
- groups['file_server']|string is search(inventory_hostname)
tags:
- ntp-server
- name: (ntp.yml) Backup installation version of file '/etc/ntp.conf'
command: cp -a /etc/ntp.conf /etc/ntp.conf.ORIG
when:
- groups['file_server']|string is search(inventory_hostname)
- etc_ntp_conf_ORIG.stat.exists == False
tags:
- ntp-server
- name: (ntp.yml) Update '/etc/ntp.conf'
template:
src: "etc/ntp.conf.j2"
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
notify: Restart ntp
when:
- groups['file_server']|string is search(inventory_hostname)
tags:
- ntp-server

52
roles/common/tasks/pure-ftpd-install.yml Normal file
View File

@ -0,0 +1,52 @@
---
# ==========
#
# mostly copied from:
# https://github.com/gcoop-libre/ansible-role-pure-ftpd
#
# git clone https://github.com/gcoop-libre/ansible-role-pure-ftpd.git
#
# ==========
# ---
# Install PureFTP Daemon
# ---
- include: pure-ftpd/setup.yml
# ---
# Configure PureFTP Daemon
# ---
- include: pure-ftpd/configure.yml
# ---
# Authentication Configuration
# ---
- include: pure-ftpd/authentication.yml
# ---
# Virtual user
# ---
- include: pure-ftpd/virtual-users.yml
# ---
# TLS Certificate
# ---
- include: pure-ftpd/tls-certificate.yml
- name: (pure-ftpd-install.yml) Ensure Pure-FTPd service is started enabled on startup.
service:
name: pure-ftpd
state: started
enabled: yes

66
roles/common/tasks/pure-ftpd/authentication.yml Normal file
View File

@ -0,0 +1,66 @@
---
# ---
# Authentication Configuration
# ---
- name: (pure-ftpd-install.yml) Get current authentications.
command: ls -1 {{ pureftpd_config_auth_dir }}
register: pureftpd_current_auth
changed_when: false
- name: (pure-ftpd-install.yml) Define empty pureftpd_authentications variable.
set_fact:
pureftpd_authentications: []
- name: (pure-ftpd-install.yml) Enable PureDB authentication.
file:
src: "{{ pureftpd_config_conf_dir }}/PureDB"
dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_puredb }}pure"
state: link
when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined
notify: restart Pure-FTPd
- name: (pure-ftpd-install.yml) Add PureDB to Pure-FTPd authentications.
set_fact:
pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_puredb }}pure']"
when: pureftpd_auth_puredb > 0 and pureftpd_config['PureDB'] is defined
- name: (pure-ftpd-install.yml) Add PAM to Pure-FTPd authentications.
set_fact:
pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_pam }}pam']"
when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined
- name: (pure-ftpd-install.yml) Enable UNIX authentication.
file:
src: "{{ pureftpd_config_conf_dir }}/UnixAuthentication"
dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_unix }}unix"
state: link
when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined
notify: restart Pure-FTPd
- name: (pure-ftpd-install.yml) Add UnixAuthentication to Pure-FTPd authentications.
set_fact:
pureftpd_authentications: "{{ pureftpd_authentications }} + ['{{ pureftpd_auth_unix }}unix']"
when: pureftpd_auth_unix > 0 and pureftpd_config['UnixAuthentication'] is defined
- name: (pure-ftpd-install.yml) Enable PAM authentication.
file:
src: "{{ pureftpd_config_conf_dir }}/PAMAuthentication"
dest: "{{ pureftpd_config_auth_dir }}/{{ pureftpd_auth_pam }}pam"
state: link
when: pureftpd_auth_pam > 0 and pureftpd_config['PAMAuthentication'] is defined
notify: restart Pure-FTPd
# Delete unused authentification if exists
- name: (pure-ftpd-install.yml) Delete old authentications.
file:
path: "{{ pureftpd_config_auth_dir }}/{{ item }}"
state: absent
when: item not in pureftpd_authentications
with_items: "{{ pureftpd_current_auth.stdout_lines }}"
notify: restart Pure-FTPd

45
roles/common/tasks/pure-ftpd/configure.yml Normal file
View File

@ -0,0 +1,45 @@
---
# ---
# Configure PureFTP Daemon
# ---
# Remove old current configurations if exists
- name: Upload Pure-FTPd global configuration file.
template:
src: etc/default/pure-ftpd-common.j2
dest: "{{ pureftpd_global_config_file }}"
owner: root
group: root
mode: '0644'
notify: restart Pure-FTPd
- name: (pure-ftpd-install.yml) Compile Pure-FTPd configurations (set fact..).
set_fact:
pureftpd_config_compiled: "{{ pureftpd_config }}"
- name: (pure-ftpd-install.yml) Get current configuration.
command: ls -1 {{ pureftpd_config_conf_dir }}
register: pureftpd_current_config
changed_when: false
- name: (pure-ftpd-install.yml) Delete old configuration.
file:
path: "{{ pureftpd_config_conf_dir }}/{{ item }}"
state: absent
when: pureftpd_config_compiled[item] is not defined
with_items: "{{ pureftpd_current_config.stdout_lines }}"
notify: restart Pure-FTPd
# write new configuration
- name: (pure-ftpd-install.yml) Write configuration.
template:
src: etc/pure-ftpd/conf/config.j2
dest: "{{ pureftpd_config_conf_dir }}/{{ item.key }}"
owner: root
group: root
mode: '0644'
with_dict: '{{ pureftpd_config_compiled }}'
notify: restart Pure-FTPd

34
roles/common/tasks/pure-ftpd/create-virtual-ftp-user.yml Normal file
View File

@ -0,0 +1,34 @@
---
# ---
# Add virtual ftp users
# ---
- name: "(create-virtual-ftp-user.yml) Verify if virtual ftp user {{ user.name }} exists"
command: pure-pw show {{ user.name }}
register: pureftpd_virtual_user_exists
changed_when: "pureftpd_virtual_user_exists.rc != 0"
failed_when:
- "pureftpd_virtual_user_exists.rc != 0"
- "pureftpd_virtual_user_exists.rc != 16"
ignore_errors: true
loop_control:
label: '{{ user.name }}'
- name: "(create-virtual-ftp-user.yml) Create virtual ftp user {{ user.name }} ."
shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw useradd {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}"
#when: pureftpd_virtual_user_exists.failed is defined and pureftpd_virtual_user_exists.failed
when: pureftpd_virtual_user_exists.changed
notify: reload Pure-FTPd users
- name: "User {{ user.name }}: Update virtual user"
command: "pure-pw usermod {{ user.name }} -u {{ user.uid | default(pureftpd_virtual_users_user) }} -g {{ user.gid | default(pureftpd_virtual_users_group) }} -d {{ user.homedir }} -n {{ user.quota_files | default('\"\"') }} -N {{ user.quota_size | default('\"\"') }} -t {{ user.bandwidth_dl | default('\"\"') }} -T {{ user.bandwidth_ul | default('\"\"') }} -q {{ user.ratio_ul | default('\"\"') }} -Q {{ user.ratio_dl | default('\"\"') }}"
#when: pureftpd_virtual_user_exists.failed is defined and not pureftpd_virtual_user_exists.failed
when: not pureftpd_virtual_user_exists.changed
notify: reload Pure-FTPd users
- name: "User {{ user.name }}: Update virtual user password"
shell: "(echo {{ user.password }}; echo {{ user.password }}) | pure-pw passwd {{ user.name }}"
when: not pureftpd_virtual_user_exists.changed
notify: reload Pure-FTPd users

19
roles/common/tasks/pure-ftpd/remove-virtual-user.yml Normal file
View File

@ -0,0 +1,19 @@
---
# ---
# Remove virtual ftp users
# ---
- name: "User {{ user.name }}: Verify if it exists"
command: pure-pw show {{ user.name }}
register: pureftpd_virtual_user_exists
changed_when: "pureftpd_virtual_user_exists.rc == 0"
failed_when:
- "pureftpd_virtual_user_exists.rc != 0"
- "pureftpd_virtual_user_exists.rc != 16"
ignore_errors: true
- name: "User {{ user.name }}: Remove virtual user"
shell: "pure-pw userdel {{ user.name }}"
when: pureftpd_virtual_user_exists.changed
notify: reload Pure-FTPd users

21
roles/common/tasks/pure-ftpd/setup.yml Normal file
View File

@ -0,0 +1,21 @@
---
# ---
# Install PureFTP Daemon
# ---
- name: (pure-ftpd-install.yml) Ensure Pure-FTPd is installed.
apt:
name: "{{ pureftpd_packages }}"
state: present
cache_valid_time: 3600
update_cache: yes
- name: (pure-ftpd-install.yml) Upload Pure-FTPd global configuration file.
template:
src: etc/default/pure-ftpd-common.j2
dest: "{{ pureftpd_global_config_file }}"
owner: root
group: root
mode: '0644'
notify: restart Pure-FTPd

40
roles/common/tasks/pure-ftpd/tls-certificate.yml Normal file
View File

@ -0,0 +1,40 @@
---
# ---
# TLS Certificate
# ---
# - method 'generate'
- name: Generate Pure-FTPd TLS certificate.
command: openssl req -x509 -nodes -newkey rsa:{{ pureftpd_tls_certificate_openssl.size | default(4096) }} -sha256 -days {{ pureftpd_tls_certificate_openssl.days | default(365) }} -keyout {{ pureftpd_tls_certificate_pem }} -out {{ pureftpd_tls_certificate_pem }} -subj "/C={{ pureftpd_tls_certificate_openssl.country | default('') }}/ST={{ pureftpd_tls_certificate_openssl.state | default('') }}/L={{ pureftpd_tls_certificate_openssl.locality | default('') }}/O={{ pureftpd_tls_certificate_openssl.organization | default('') }}/OU={{ pureftpd_tls_certificate_openssl.unit | default('') }}/CN={{ pureftpd_tls_certificate_openssl.fqdn }}"
args:
creates: "{{ pureftpd_tls_certificate_pem }}"
when:
- pureftpd_tls_certificate_method == 'generate'
- pureftpd_tls_certificate_openssl | length > 0
notify: restart Pure-FTPd
- name: Ensure Pure-FTPd TLS certificate permissions.
file:
path: "{{ pureftpd_tls_certificate_pem }}"
owner: root
group: root
mode: '0600'
state: file
when:
- pureftpd_tls_certificate_method == 'generate'
- pureftpd_tls_certificate_openssl | length > 0
# - final checks
- name: (pure-ftpd-install.yml) Verify TLS certificate exists.
stat:
path: "{{ pureftpd_tls_certificate_pem }}"
register: pureftpd_tls_certificate
- name: (pure-ftpd-install.yml) Fail when no certificate is found.
fail:
msg: |
The certificate file was not found at {{ pureftpd_tls_certificate_pem }}
when: not pureftpd_tls_certificate.stat.exists | default(False)

57
roles/common/tasks/pure-ftpd/virtual-users.yml Normal file
View File

@ -0,0 +1,57 @@
---
# Default virtual users/group
- name: (pure-ftpd-install.yml) Ensure Pure-FTPd group exists.
group:
name: "{{ pureftpd_virtual_users_group }}"
gid: "{{ pureftpd_virtual_users_gid | default(omit) }}"
system: no
state: present
when: pureftpd_virtual_users | length > 0
- name: (pure-ftpd-install.yml) Ensure Pure-FTPd user exists.
user:
name: "{{ pureftpd_virtual_users_user }}"
uid: "{{ pureftpd_virtual_users_uid | default(omit) }}"
group: "{{ pureftpd_virtual_users_group }}"
home: /dev/null
shell: /usr/sbin/nologin
system: no
state: present
when: pureftpd_virtual_users | length > 0
# user databas
- name: (pure-ftpd-install.yml) Verify virtual users database existence.
stat:
path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
register: pureftpd_virtual_users_database
- name: (pure-ftpd-install.yml) Ensure virtual users database exists.
file:
path: "{{ pureftpd_config_dir }}/pureftpd.passwd"
owner: root
group: root
mode: '0600'
state: touch
when: (pureftpd_virtual_users | length > 0) and not pureftpd_virtual_users_database.stat.exists | default(False)
# - Cretate virtual user
- include_tasks: create-virtual-ftp-user.yml
vars:
user: "{{ item }}"
with_items: "{{ pureftpd_virtual_users }}"
when: pureftpd_virtual_users | length > 0
no_log: true
# Remove virtual user
# -
- include_tasks: remove-virtual-user.yml
vars:
user: "{{ item }}"
with_items: "{{ pureftpd_virtual_deleted_users }}"
when: pureftpd_virtual_deleted_users | length > 0

51
roles/common/tasks/root-files-scripts.yml Normal file
View File

@ -0,0 +1,51 @@
---
- name: (root_files_scripts.yml) Ensure directory /root/bin exists
file:
path: /root/bin
owner: root
group: root
mode: '0700'
state: directory
when:
- groups['file_server']|string is search(inventory_hostname)
- name: (root_files_scripts.yml) Ensure script 'wakeup_lan.sh' is present
template:
src: "root/bin/wakeup_lan.sh.j2"
dest: /root/bin/wakeup_lan.sh
owner: root
group: root
mode: 0755
when:
- groups['file_server']|string is search(inventory_hostname)
tags:
- wakeup_lan
- name: (root_files_scripts.yml) Check file '/etc/motd.ORIG' exists
stat:
path: /etc/motd.ORIG
register: etc_motd_ORIG
when:
- "groups['file_server']|string is search(inventory_hostname)"
tags:
- etc_motd
- name: (basic.yml) Backup installation version of file '/etc/motd'
command: cp -a /etc/motd /etc/motd.ORIG
when:
- "groups['file_server']|string is search(inventory_hostname)"
- etc_motd_ORIG.stat.exists == False
tags:
- etc_motd
- name: (root_files_scripts.yml) Write new '/etc/motd' file..
shell: >
figlet '{{ nis_server_name.split(".")[0] }}' > /etc/motd
when:
- "groups['file_server']|string is search(inventory_hostname)"
- etc_motd_ORIG.stat.exists == False
tags:
- etc_motd

88
roles/common/tasks/root-systemfiles.yml
View File

@ -1,88 +0,0 @@
---
# ---
# Check if local template directories exists
# ---
# root
- name: (root-systemfiles.yml) Check if local template directory exists for root
local_action: stat path={{ role_path }}/files/root
register: local_template_dir_root
# --
# Copy .bashrc
# ---
- name: (root-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
register: bashrc_root_orig_exists
tags:
- bash
- name: (root-systemfiles.yml) Backup /root/.bashrc file
command: cp /root/.bashrc /root/.bashrc.ORIG
when: bashrc_root_orig_exists.stat.exists == False
tags:
- bash
- name: (root-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ role_path + '/files/root/_bashrc' }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', role_path + '/files/root/_bashrc')
tags:
- bash
# --
# Copy .profile
# ---
- name: (root-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- name: (root-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (root-systemfiles.yml) copy .profile for user root
copy:
src: "{{ role_path + '/files/root/_profile' }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', role_path + '/files/root/_profile')
tags:
- profile
# --
# Copy .vimrc
# ---
- name: (root-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ role_path + '/files/root/_vimrc' }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', role_path + '/files/root/_vimrc')
tags:
- vim

181
roles/common/tasks/samba-install.yml Normal file
View File

@ -0,0 +1,181 @@
---
# ---
# Samba Server
# ---
- name: (samba-install.yml) Ensure samba packages server (buster) are installed.
package:
pkg: '{{ apt_install_server_samba }}'
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- name: (samba-install.yml) Ensure samba share directories exists
file:
path: "{{ item.path }}"
owner: "root"
group: "{{ item.group_write_list }}"
mode: '2770'
state: directory
with_items: "{{ samba_shares }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-shares
# ---
# /etc/samba/smb.conf
# ---
- name: (samba-install.yml) Check if file '/etc/samba/smb.conf.ORIG exists'
stat:
path: /etc/samba/smb.conf.ORIG
register: smb_conf_exists
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- smb_conf_exists.stat.exists == False
tags:
- samba-server
- name: (samba-install.yml) /etc/samba/smb.conf
template:
dest: /etc/samba/smb.conf
src: etc/samba/smb.conf.j2
owner: root
group: root
mode: 0644
when:
- "groups['samba_server']|string is search(inventory_hostname)"
notify:
- Restart smbd
- Restart nmbd
tags:
- samba-server
- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
copy:
src: "{{ role_path + '/files/etc/samba/users.map' }}"
dest: /etc/samba/users.map
owner: root
group: root
mode: 0644
when:
- "groups['samba_server']|string is search(inventory_hostname)"
notify:
- Restart smbd
- Restart nmbd
tags:
- samba-server
# ---
# Cronjob for cleaning up samba trash dirs
# ---
- name: (samba-install.yml) Check if file '/root/bin/samba/clean_samba_trash.sh' exists
stat:
path: /root/bin/samba/clean_samba_trash.sh
register: clean_samba_trash_exists
- name: (samba-install.yml) Adjust configuration for script 'clean_samba_trash.sh'
template:
dest: /root/bin/samba/conf/clean_samba_trash.conf
src: root/bin/samba/conf/clean_samba_trash.conf.j2
when:
- clean_samba_trash_exists.stat.exists|bool
tags:
- samba-server
- name: Check if cleaning up trash dirs is configured
lineinfile:
path: /root/bin/samba/conf/clean_samba_trash.conf
regexp: "^trash_dirs=*"
state: absent
check_mode: yes
changed_when: false
register: clean_samba_trash_dirs
- name: Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_trash_dirs.name }}'
minute: '{{ samba_cronjob_trash_dirs.minute }}'
hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
job: "{{ samba_cronjob_trash_dirs.job }}"
when:
- clean_samba_trash_dirs.found
# ---
# Cronjob for setting permissions on samba shares
# ---
- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
stat:
path: /root/bin/samba/set_permissions_samba_shares.sh
register: set_permissions_on_samba_shares_exists
- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
template:
dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
when:
- set_permissions_on_samba_shares_exists.stat.exists|bool
tags:
- samba-server
- name: Check if cleaning up trash dirs is configured
lineinfile:
path: /root/bin/samba/conf/clean_samba_trash.conf
regexp: "^trash_dirs=*"
state: absent
check_mode: yes
changed_when: false
register: set_permissions_samba_shares
- name: Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_permissions.name }}'
minute: '{{ samba_cronjob_permissions.minute }}'
hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
day: "{{ samba_cronjob_permissions.day | default('*') }}"
month: "{{ samba_cronjob_permissions.month| default('*') }}"
weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
user: "{{ samba_cronjob_permissions.user | default('root') }}"
job: "{{ samba_cronjob_permissions.job }}"
when:
- set_permissions_samba_shares.found
# ---
# Samba clients
# ---
- name: (samba-install.yml) Ensure samba packages clients are installed.
package:
pkg: "{{ apt_install_client_samba }}"
state: present
when:
- "groups['nis_client']|string is search(inventory_hostname)"
- ansible_distribution == "Ubuntu"
tags:
- samba-client

57
roles/common/tasks/samba-remove-user.yml Normal file
View File

@ -0,0 +1,57 @@
---
# ---
# - Remove unwanted users
# ---
- name: (samba-remove-user.yml) Check if samba user exists for removable system user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_remove_system_users_present
changed_when: "samba_remove_system_users_present.rc == 0"
failed_when: "samba_remove_system_users_present.rc > 1"
with_items:
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba-remove-user.yml) Remove (old) system users from samba
shell: >
smbpasswd -s -x {{ item.item.name }}
with_items:
- "{{ samba_remove_system_users_present.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.changed
tags:
- samba-user
- name: (samba-remove-user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_remove_nis_users_present
changed_when: "samba_remove_nis_users_present.rc == 0"
failed_when: "samba_remove_nis_users_present.rc > 1"
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba-remove-user.yml) Remove (old) nis users from samba
shell: >
smbpasswd -s -x {{ item.item.name }}
with_items:
- "{{ samba_remove_nis_users_present.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.changed
tags:
- samba-user

41
roles/common/tasks/samba-server.yml
View File

@ -1,41 +0,0 @@
---
- name: (samba-server.yml) Ensure samba share directories exists
file:
path: "/data/shares/{{ item.name }}"
owner: "root"
group: "{{ item.group }}"
mode: '2770'
state: directory
with_items: "{{ samba_shares }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-shares
- name: (samba-server.yml) Checki if file '/etc/samba/smbconf.ORIG' exists
stat:
path: /etc/samba/smb.conf.ORIG
register: etc_samba_smb_conf_ORIG
tags:
- samba-config
- name: (samba-server.yml) Backup installation version of file '/etc/samba/smb.conf'
command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
when: etc_samba_smb_conf_ORIG.stat.exists == False
tags:
- samba-config
- name: (samba-server.yml) Create new smb.conf from template smb.conf.j2
template:
src: etc/samba/smb.conf.j2
dest: /etc/samba/smb.conf
owner: root
group: root
mode: 0644
#backup: yes
notify: "Reload samba config"
tags:
- samba-config

30
roles/common/tasks/samba-user.yml Normal file
View File

@ -0,0 +1,30 @@
---
# ---
# - default user/groups
# ---
- name: (samba-user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc == 1"
failed_when: "samba_nis_user_present.rc > 1"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (samba-user.yml) Add nis user to samba (with nis users password)
shell: >
(echo '{{ item.item.password }}'; echo '{{ item.item.password }}')
| smbpasswd -s -a {{ item.item.name }}
loop: "{{ samba_nis_user_present.results }}"
when: item.changed
loop_control:
label: '{{ item.item.name }}'
tags:
- samba-user

60
roles/common/tasks/samba_user.yml
View File

@ -1,60 +0,0 @@
---
# ---
# - Remove unwanted users
# ---
- name: (samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
# ---
# - default user/groups
# ---
- name: (samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user

1
roles/common/tasks/sshd.yml
View File

@ -13,6 +13,7 @@
tags:
- sshd-config
- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
template:
src: etc/ssh/sshd_config.j2

32
roles/common/tasks/sudoers-pc.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: (sudoers-pc.yml) update specific sudoers configuration files (/etc/sudoers.d/)
template:
src: etc/sudoers.d/50-user.pc.j2
dest: /etc/sudoers.d/50-user
validate: visudo -cf %s
owner: root
group: root
mode: 0440
tags:
- sudoers-file-configuration
- name: (sudoers-pc.yml) update global sudoers configuration file
template:
src: etc/sudoers.pc.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
validate: visudo -cf %s
tags:
- sudoers-global-configuration
- name: (sudoers-pc.yml) Ensure all sudo_users are in sudo group
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items: "{{ sudo_pc_users }}"
tags:
- sudo-users

57
roles/common/tasks/sudoers-server.yml Normal file
View File

@ -0,0 +1,57 @@
---
#- name: (sudoers-server.yml) include variables
# include_vars: "{{ item }}"
# with_first_found:
# - "sudoers-{{ inventory_hostname }}.yml"
# - "sudoers-{{ ansible_distribution_release }}.yml"
# - "sudoers-{{ ansible_distribution | lower }}.yml"
# - "sudoers-default.yml"
# tags:
# - sudoers-remove
# - sudoers-file-configuration
# - sudoers-global-configuration
- name: (sudoers-server.yml) Remove user entries in file /etc/sudoers
lineinfile:
dest: /etc/sudoers
state: absent
regexp: '^{{ item }}'
owner: root
group: root
mode: 0440
validate: visudo -cf %s
with_items: '{{ sudoers_server_remove_user }}'
tags:
- sudoers-remove
- name: (sudoers-server.yml) update specific sudoers configuration files (/etc/sudoers.d/)
template:
src: etc/sudoers.d/50-user.server.j2
dest: /etc/sudoers.d/50-user
#validate: visudo -cf %s
owner: root
group: root
mode: 0440
tags:
- sudoers-file-configuration
- name: (sudoers-server.yml) update global sudoers configuration file
template:
src: etc/sudoers.server.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
#validate: visudo -cf %s
tags:
- sudoers-global-configuration
- name: (sudoers-server.yml) Ensure all sudo_users are in sudo group
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items: "{{ sudo_server_users }}"
tags:
- sudo-users

32
roles/common/tasks/sudoers.yml
View File

@ -1,32 +0,0 @@
---
- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
template:
src: etc/sudoers.d/50-user.j2
dest: /etc/sudoers.d/50-user
validate: visudo -cf %s
owner: root
group: root
mode: 0440
tags:
- sudoers-file-configuration
- name: (sudoers.yml) update global sudoers configuration file
template:
src: etc/sudoers.j2
dest: /etc/sudoers
owner: root
group: root
mode: 0440
validate: visudo -cf %s
tags:
- sudoers-global-configuration
#- name: (sudoers.yml) Ensure all sudo_users are in sudo group
# user:
# name: "{{ item }}"
# groups: sudo
# append: yes
# with_items: "{{ sudo_users }}"
# tags:
# - sudo-users

278
roles/common/tasks/system-user-systemfiles.yml Normal file
View File

@ -0,0 +1,278 @@
---
# ---
# Check if local template directories exists
# ---
# system_user
- name: (system-user-systemfiles.yml) Check if local template directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_system_users
# root
- name: (system-user-systemfiles.yml) Check if local template directory exists for root
local_action: stat path={{ inventory_dir }}/files/homedirs/root
register: local_template_dir_root
# --
# Copy .profile
# ---
- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- profile
- name: (user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == False
tags:
- profile
- name: (system-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (system-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/homedirs/DEFAULT/_profile
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
- lookup('fileglob', inventory_dir + '/files/homedirs/DEFAULT/_profile')
tags:
- profile
# -- root user
- name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- name: (system-user-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- name: (system-user-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
tags:
- profile
# --
# Copy .bashrc
# ---
- name: (system-user-systemfiles.yml) Check if users file '.bashrc.ORIG' exists
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- bashrc
- name: (system-user-systemfiles.yml) Backup existing users .bashrc file
command: cp -a ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
loop: "{{ bashrc_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- bashrc
- name: (system-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: files/homedirs/DEFAULT/_bashrc
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- bashrc
# -- root user
- name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
register: bashrc_root_orig_exists
tags:
- bash
- name: (system-user-systemfiles.yml) Backup /root/.bashrc file
command: cp /root/.bashrc /root/.bashrc.ORIG
when: bashrc_root_orig_exists.stat.exists == False
tags:
- bash
- name: (system-user-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
tags:
- bash
# --
# Copy .vimrc
# ---
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
- name: (system-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
tags:
- vimrc
- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: files/homedirs/DEFAULT/_vimrc
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- vimrc
- name: (system-user-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if local template directory .vim exists for user root
local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
register: local_template_dir_vim_root
with_items: 'root'
loop_control:
label: 'root'
- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
dest: "/root"
owner: "root"
group: "root"
mode: 0644
with_items: "{{ local_template_dir_vim_root.results }}"
loop_control:
label: 'root'
when:
- item.stat.exists
tags:
- vim

64
roles/common/tasks/system-user.yml Normal file
View File

@ -0,0 +1,64 @@
---
# ---
# - Remove unwanted users
# ---
- name: (user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- system-user
- name: (user.yml) Remove home directory from deleted users
file:
path: '{{ base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_system_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- system-user
# ---
# - default user/groups
# ---
- name: (user.yml) Ensure system groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ system_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- system-user
#- meta: end_host
- name: (system-user.yml) Get database of nis (system) users
getent:
database: passwd
tags:
- system-user
- name: (system-user.yml) Add (system) users if not yet exists..
shell: "/root/bin/admin-stuff/add_new_user.sh {{ item.name }} '{{ item.password }}'"
loop: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
when:
- item.name not in getent_passwd
notify: Renew nis databases
tags:
- system-user

39
roles/common/tasks/user-systemfiles.yml
View File

@ -1,39 +0,0 @@
---
- name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- profile
- name: (user-systemfiles.yml) Backup existing users .profile file
command: cp -a ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- item.stat.exists == False
tags:
- profile
- name: (user-systemfiles.yml) Create new users .profile file
template:
src: user_homedirs/dot.profile.j2
dest: "~{{ item.name }}/.profile"
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- profile