ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update...

Browse Source
This commit is contained in:
Christoph
2025-04-21 11:03:43 +02:00
parent 4ca783c392
commit 1b53d23b9b
123 changed files with 26575 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
roles/common/tasks/default-users.yml Normal file
View File

@ -0,0 +1,243 @@
---
# ---
# - default user/groups
# ---
- name: (default-users.yml) Ensure default groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
tags:
- groups-exists
- name: (default-users.yml) Ensure default users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
group: '{{ item.group | default(omit) }}'
#group: '{{ item.name | default(omit) }}'
home: '{{ item.home | default(omit) }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- users-exists
- name: (default-users.yml) Ensure authorized_key files for default users are present
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- '{{ default_user }}'
- ssh_keys
loop_control:
label: "{{ item.0.name }}"
tags:
- authorized_key
# ---
# - extra user/groups
# ---
- name: (default-users.yml) Ensure extra groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ extra_user }}"
loop_control:
label: '{{ item.name }}'
when:
- extra_user is defined and extra_user|length > 0
tags:
- groups-exists
- name: (default-users.yml) Ensure extra users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
group: '{{ item.name | default(omit) }}'
home: '{{ item.home | default(omit) }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
loop: "{{ extra_user }}"
loop_control:
label: '{{ item.name }}'
when: extra_user is defined and extra_user|length > 0
tags:
- users-exists
- name: (default-users.yml) Ensure authorized_key files for extra users are present
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- '{{ extra_user }}'
- ssh_keys
loop_control:
label: "{{ item.0.name }}"
when: extra_user is defined and extra_user|length > 0
tags:
- authorized_key
- name: (default-users.yml) other entries authorized_key files
authorized_key:
user: "{{ item.user }}"
key: "{{ item.key }}"
state: present
loop: "{{ entries_authorized_key }}"
loop_control:
label: "{{ item.user }}"
when:
- entries_authorized_key is defined
- entries_authorized_key|length > 0
# ---
# - extra system user
# ---
- name: (default-users.yml) extra system user exists?
user:
name: '{{ item.name }}'
state: present
system: yes
home: '{{ item.home }}'
shell: '{{ item.shell|d("/usr/sbin/nologin") }}'
groups: '{{ item.groups | default(omit) }}'
loop: "{{ extra_system_user }}"
loop_control:
label: '{{ item.name }}'
when: extra_system_user is defined and extra_system_user|length > 0
tags:
- user-exists
# ---
# - extra system groups 'sftp_users'
# ---
- name: (default-users.yml) Extra system group sftp_users
group:
name: 'sftp_users'
state: present
system: yes
when:
- create_sftp_group is defined and create_sftp_group > 0
tags:
- groups-exists
# =======================================================
# ---
# - Allow connection via ssh to backup host
# ---
- name: Ensure root's .ssh directory exists
file:
path: /root/.ssh
state: directory
- name: (default-users.yml) Copy (backup) ed25519 ssh private key to user root
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: root
group: root
mode: '0600'
when:
- insert_keypair_backup_client|bool
- ssh_keypair_backup_client is defined
- ssh_keypair_backup_client|length > 0
loop: "{{ ssh_keypair_backup_client }}"
loop_control:
label: 'dest: {{ item.priv_key_dest }}'
tags:
- insert_ssh_keypair_backup_server
- name: (default-users.yml) Copy (backup) ed25519 ssh public key to user root
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: root
group: root
mode: '0644'
when:
- insert_keypair_backup_client|bool
- ssh_keypair_backup_client is defined
- ssh_keypair_backup_client|length > 0
loop: "{{ ssh_keypair_backup_client }}"
loop_control:
label: 'dest: {{ item.pub_key_dest }}'
tags:
- insert_ssh_keypair_backup_server
- name: (default-users.yml) Ensure authorized_key (root) on backup hosts contains public key
authorized_key:
user: root
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
loop: "{{ ssh_keypair_backup_client }}"
loop_control:
label: 'authorized_keys - user: root'
when:
- inventory_hostname == item.target
- ssh_keypair_backup_client is defined
- ssh_keypair_backup_client|length > 0
tags:
- authorized_key
- ssh-keypair-backup-server
- name: (default-users.yml) Copy further ssh private key(s) to user root
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: root
group: root
mode: '0600'
loop: "{{ root_ssh_keypair }}"
loop_control:
label: 'dest: {{ item.priv_key_dest }}'
when:
- insert_root_ssh_keypair|bool
- root_ssh_keypair is defined
- root_ssh_keypair|length > 0
tags:
- insert_root_ssh_keypair
- root-defaut-ssh-keypair
- name: (default-users.yml) Copy further ssh public key(s) to user root
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: root
group: root
mode: '0644'
loop: "{{ root_ssh_keypair }}"
loop_control:
label: 'dest: {{ item.pub_key_dest }}'
when:
- insert_root_ssh_keypair|bool
- root_ssh_keypair is defined
- root_ssh_keypair|length > 0
tags:
- insert_root_ssh_keypair
- root-defaut-ssh-keypair

22
roles/common/tasks/main.yml
View File

@ -31,6 +31,10 @@
tags: apt
- import_tasks: default-users.yml
tags: default-user
# tags supported inside systemd-resolved.yml
#
# systemd-resolved
@ -52,6 +56,15 @@
tags: git
# tags supported inside cups-install.yml:
#
# cups-server
# cups-client
- import_tasks: cups-install.yml
tags:
- cups
# tags supported inside nis-user.yml:
#
# nis-user
@ -69,15 +82,6 @@
- ntp
# tags supported inside cups-install.yml:
#
# cups-server
# cups-client
- import_tasks: cups-install.yml
tags:
- cups
# tags supported inside pure-ftpd-install.yml:
#
- import_tasks: pure-ftpd-install.yml

36
roles/common/tasks/system-user-systemfiles.yml
View File

@ -6,7 +6,7 @@
# system_user
- name: (system-user-systemfiles.yml) Check if local template directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}
local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
@ -14,7 +14,7 @@
# root
- name: (system-user-systemfiles.yml) Check if local template directory exists for root
local_action: stat path={{ inventory_dir }}/files/homedirs/root
local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root
register: local_template_dir_root
@ -44,7 +44,7 @@
- name: (system-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
@ -54,13 +54,13 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (system-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/homedirs/DEFAULT/_profile
src: files/{{ nis_domain }}/homedirs/DEFAULT/_profile
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
@ -70,7 +70,7 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
- lookup('fileglob', inventory_dir + '/files/homedirs/DEFAULT/_profile')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile')
tags:
- profile
@ -90,14 +90,14 @@
- name: (system-user-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile') }}"
dest: "/root/.profile"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_profile')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile')
tags:
- profile
@ -126,7 +126,7 @@
- name: (system-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
@ -136,7 +136,7 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
@ -171,14 +171,14 @@
- name: (system-user-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_bashrc')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc')
tags:
- bash
@ -188,7 +188,7 @@
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
@ -198,12 +198,12 @@
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
with_items: "{{ system_users }}"
loop_control:
label: '{{ item.name }}'
@ -211,7 +211,7 @@
- name: (system-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
@ -242,14 +242,14 @@
- name: (system-user-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc') }}"
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/root/_vimrc')
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc')
tags:
- vimrc