make sprachenatelier working..

roles/common/tasks/cron.yml

@@ -0,0 +1,48 @@
+---
+
+- name: (cron.yml) Set env entries in user crontabs
+  cron:
+    name: '{{ item.name }}'
+    env: 'yes'
+    user: '{{ item.user | default("root", true) }}'
+    job: '{{ item.job }}'
+    insertafter: '{{ item.insertafter | default(omit) }}'
+  loop: "{{ cron_env_entries }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.job is defined
+  tags:
+    - user_crontab
+
+
+- name: (cron.yml) Set special time entries in user crontabs
+  cron:
+    name: '{{ item.name }}'
+    special_time: '{{ item.special_time }}'
+    user: '{{ item.user | default("root", true) }}'
+    job: '{{ item.job }}'
+    state: present
+  loop: "{{ cron_user_special_time_entries }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.job is defined
+  tags:
+    - user_crontab
+
+
+- name: (cron.yml) Set normal entries in user crontabs
+  cron:
+    name: '{{ item.name }}'
+    minute: '{{ item.minute | default(omit) }}'
+    hour: '{{ item.hour | default(omit) }}'
+    day: '{{ day | default(omit) }}'
+    weekday: '{{ item.weekday | default(omit) }}'
+    month: '{{ item.month | default(omit) }}'
+    user: '{{ item.user | default("root", true) }}'
+    job: '{{ item.job }}'
+  loop: "{{ cron_user_entries }}"
+  loop_control:
+    label: '{{ item.name }}'
+  when: item.job is defined
+  tags:
+    - user_crontab

roles/common/tasks/cups-install.yml

@@ -7,11 +7,10 @@
 
 - name: (cups-install.yml) Ensure CUPS packages server (buster) are installed.
   package:
-    pkg: '{{ apt_install_server_cups_buster }}'
+    pkg: '{{ apt_install_server_cups }}'
     state: present
   when:
     - ansible_facts['distribution'] == "Debian"
-    - ansible_facts['distribution_major_version'] == "10"
   tags:
     - cups-server
 
@@ -25,6 +24,7 @@
     pkg: "{{ apt_install_client_cups }}"
     state: present
   when: 
+    - ansible_facts['distribution'] == "Ubuntu"
     - ansible_distribution_version ==  "18.04"
     - ansible_architecture == "x86_64"
   tags:

roles/common/tasks/main.yml

@@ -199,6 +199,12 @@
     - sudoers
 
 
+- import_tasks: cron.yml
+  tags:
+    - cron
+
+
+
 # tags supported inside mount_samba_shares.yml:
 #
 #- import_tasks: mount_samba_shares.yml

roles/common/tasks/nis-user-systemfiles.yml

@@ -39,7 +39,7 @@
 
 - name: (nis-user-systemfiles.yml) copy .profile if it exists
   copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile') }}"
+    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
     dest: "~{{ item.item.name }}/.profile"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"
@@ -49,13 +49,13 @@
     label: '{{ item.item.name }}'
   when:
     - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_profile')
+    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
   tags:
     - profile
 
 - name: (nis-user-systemfiles.yml) copy default .profile if it exists
   template:
-    src: files/homedirs/DEFAULT/_profile.j2
+    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2') }}"
     dest: "~{{ item.item.name }}/.profile"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"
@@ -94,7 +94,7 @@
 
 - name: (nis-user-systemfiles.yml) copy .bashrc if it exists
   copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc') }}"
+    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
     dest: "~{{ item.item.name }}/.bashrc"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"
@@ -104,13 +104,13 @@
     label: '{{ item.item.name }}'
   when:
     - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_bashrc')
+    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
   tags:
     - bashrc
 
 - name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
   copy:
-    src: files/homedirs/DEFAULT/_bashrc
+    src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_bashrc' }}"
     dest: "~{{ item.item.name }}/.bashrc"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"
@@ -145,7 +145,7 @@
     - vimrc
 
 - name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
-  local_action: stat path={{ inventory_dir }}/files/homedirs/{{ item.name }}/.vim
+  local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
   with_items: "{{ nis_user }}"
   loop_control:
     label: '{{ item.name }}'
@@ -153,7 +153,7 @@
 
 - name: (nis-user-systemfiles.yml) copy .vim directory if it exists
   copy:
-    src: "{{ inventory_dir + '/files/homedirs/' + item.item.name + '/.vim' }}"
+    src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
     dest: "~{{ item.item.name }}"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"
@@ -168,7 +168,7 @@
 
 - name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
   copy:
-    src: files/homedirs/DEFAULT/_vimrc
+    src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_vimrc' }}"
     dest: "~{{ item.item.name }}/.vimrc"
     owner: "{{ item.item.name }}"
     group: "{{ item.item.name }}"

roles/common/tasks/root-files-scripts.yml

@@ -12,7 +12,7 @@
 
 - name: (root_files_scripts.yml) Ensure script 'wakeup_lan.sh' is present
   template:
-    src: "root/bin/wakeup_lan.sh.j2"
+    src: "{{ role_path + '/files/' + nis_domain + '/root/bin/wakeup_lan.sh' }}"
     dest: /root/bin/wakeup_lan.sh
     owner: root
     group: root

roles/common/tasks/sshd.yml

@@ -1,5 +1,54 @@
 ---
 
+
+# ---
+# Set some facts
+# ---
+
+- name: (sshd.yml) Set fact_sshd_kexalgorithms (comma separated list)
+  set_fact:
+    fact_sshd_kexalgorithms: "{{ sshd_kexalgorithms | join (',') }}"
+  when:
+    - sshd_kexalgorithms is defined and sshd_kexalgorithms | length > 0
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Set fact_sshd_ciphers (comma separated list)
+  set_fact:
+    fact_sshd_ciphers: "{{ sshd_ciphers | join (',') }}"
+  when:
+    - sshd_ciphers is defined and sshd_ciphers | length > 0
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Set fact_sshd_macs 
+  set_fact:
+    fact_sshd_macs: "{{ sshd_macs | join (',') }}"
+  when:
+    - sshd_macs is defined and sshd_macs | length > 0
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Set fact_sshd_hostkeyalgorithms (blank separated list)
+  set_fact:
+    fact_sshd_hostkeyalgorithms: "{{ sshd_hostkeyalgorithms | join (',') }}"
+  when:
+    - sshd_hostkeyalgorithms is defined and sshd_hostkeyalgorithms | length > 0
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Set fact_sshd_allowed_users (blank separated list)
+  set_fact:
+    fact_sshd_allowed_users: "{{ sshd_allowed_users | join (' ') }}"
+  when:
+    - sshd_allowed_users is defined and sshd_allowed_users | length > 0
+  tags:
+    - sshd-config
+
+# ---
+# Create new sshd_config
+# ---
+
 - name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
   stat:
     path: /etc/ssh/sshd_config.ORIG
@@ -24,6 +73,79 @@
     validate: 'sshd -f %s -T'
     #backup: yes
   notify: "Restart ssh"
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
   tags:
     - sshd-config
 
+
+- name: (sshd.yml) Create/Update new sshd_config from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T'
+  notify: "Restart ssh"
+  when:
+    - create_sftp_group is undefined or create_sftp_group is defined and not create_sftp_group
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] <= "10"
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Create/Update sshd_config for chrooted sftp_group from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T -C user=sftp_users'
+  notify: "Restart ssh"
+  when:
+    - create_sftp_group is defined and create_sftp_group
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] <= "10"
+  tags:
+    - sshd-config
+
+
+- name: (sshd.yml) Check if sshd_config contains activ parameter 'Subsystem sftp'..
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^Subsystem\s+sftp(.+)$'
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: sshd_config_sftp
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Ensure directory '/etc/ssh/sshd_config.d' exists
+  file:
+    path: /etc/ssh/sshd_config.d
+    state: directory
+    mode: 0755
+    group: root
+    owner: root
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] > "10"
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Create/Update file '/etc/ssh/sshd_config.d/50-sshd-local.conf' from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config.d/50-sshd-local.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: "Restart ssh"
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] > "10"
+  tags:
+    - sshd-config

roles/common/tasks/ubuntu-x11vnc-1604-amd64.yml

@@ -36,8 +36,13 @@
       src: lib/systemd/system/x11vnc.service.j2
       dest: /lib/systemd/system/x11vnc.service
 
-  - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service"
-    shell: service x11vnc start
+#  - name: "(ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service"
+#    shell: service x11vnc start
+
+  - name: (ubuntu-x11vnc-1604-amd64.yml) Start x11vnc service
+    service:
+      name: x11vnc
+      state: started
 
   - name: "(ubuntu-x11vnc-1604-amd64.yml) Enable x11vnc service on boot"
     systemd: