Refactor nis-install-server.yml: standardize file permissions and improve formatting

2026-05-06 16:04:28 +02:00
parent 1a9b1c3faa
commit 7c35a51a9b
1 changed files with 48 additions and 49 deletions
--- a/roles/common/tasks/nis-install-server.yml
+++ b/roles/common/tasks/nis-install-server.yml
@@ -20,7 +20,7 @@
    src: etc/defaultdomain.j2
    owner: root
    group: root
-    mode: 0644
+    mode: 644
  tags:
    - nis-install
    - nis-install-server
@@ -31,7 +31,7 @@
    src: etc/yp.conf.j2
    owner: root
    group: root
-    mode: 0644
+    mode: 644
  tags:
    - nis-install
    - nis-install-client
@@ -42,7 +42,6 @@
    - nis-install
    - nis-install-server
 # ---
 # Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
 #
@@ -73,17 +72,17 @@
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version']|int >= 11
    - file_etc_pam_d_common_password.stat.exists == True
    #- ansible_distribution_major_version|int <= 12
- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
+- name: (nis-install-server.yml) Change default password hash for local system
-  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
+    accounts from SHA-512 to yescrypt
  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/"
    /etc/pam.d/common-password
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version']|int >= 11
    - file_etc_pam_d_common_password.stat.exists == True
    - presence_of_passwprd_hashing_yescrypt is changed
    #- ansible_facts['distribution_major_version']|int <= 12
@@ -107,25 +106,26 @@
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER'
    (server)
  replace:
    path: /etc/default/nis
-    regexp: '^NISSERVER=.*'
+    regexp: "^NISSERVER=.*"
-    replace: 'NISSERVER=master'
+    replace: "NISSERVER=master"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT'
    (server)
  replace:
    path: /etc/default/nis
-    regexp: '^NISCLIENT=.*'
+    regexp: "^NISCLIENT=.*"
-    replace: 'NISCLIENT=false'
+    replace: "NISCLIENT=false"
  tags:
    - nis-install
    - nis-install-server
 # ---
 # /etc/ypserv.securenets
 # ---
@@ -146,37 +146,40 @@
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file
    /etc/ypserv.securenets
  replace:
    path: /etc/ypserv.securenets
-    regexp: '^(0.0.0.0\s+.*)'
+    regexp: "^(0.0.0.0\\s+.*)"
-    replace: '#\1'
+    replace: "#\\1"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file
    /etc/ypserv.securenets
  lineinfile:
    path: /etc/ypserv.securenets
-    line: '255.255.0.0 192.168.0.0'
+    line: "255.255.0.0 192.168.0.0"
    insertafter: EOF
    state: present
    owner: root
    group: root
-    mode: '0644'
+    mode: "0644"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file
    /etc/ypserv.securenets
  lineinfile:
    path: /etc/ypserv.securenets
-    line: '255.0.0.0 10.0.0.0'
+    line: "255.0.0.0 10.0.0.0"
    insertafter: EOF
    state: present
    owner: root
    group: root
-    mode: '0644'
+    mode: "0644"
  tags:
    - nis-install
    - nis-install-server
@@ -188,17 +191,17 @@
    - nis-install
    - nis-install-server
 # ---
 # Base directory containing users' home directory
 # ---
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
+- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually
    /data/home) exists
  file:
-    path: '{{ nis_base_home }}'
+    path: "{{ nis_base_home }}"
    owner: root
    group: root
-    mode: '0755'
+    mode: "0755"
    state: directory
  when:
    - "groups['nis_server']|string is search(inventory_hostname)"
@@ -206,23 +209,22 @@
    - nis-install
    - nis-install-server
 # ---
 # /etc/default/useradd
 # ---
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter Kommentar einfügen
+- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter
    Kommentar einfügen
  ansible.builtin.lineinfile:
    path: /etc/default/useradd
-    regexp: '^HOME='
+    regexp: "^HOME="
-    insertafter: '^#\s*HOME='
+    insertafter: "^#\\s*HOME="
    line: "HOME={{ nis_base_home }}"
    backup: true
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
 # ---
 # /etc/adduser.conf
 # ---
@@ -240,7 +242,6 @@
 - name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
  command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
  when:
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
@@ -249,19 +250,18 @@
    - nis-install
    - nis-install-server
-
+- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter Kommentar einfügen
+    Kommentar einfügen
  ansible.builtin.lineinfile:
    path: /etc/adduser.conf
-    regexp: '^DHOME='
+    regexp: "^DHOME="
-    insertafter: '^#\s*DHOME='
+    insertafter: "^#\\s*DHOME="
    line: "DHOME={{ nis_base_home }}"
    backup: true
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
 # ---
 # /var/yp/Makefile
 # ---
@@ -285,8 +285,8 @@
 - name: (nis-install-server.yml) Adjust file  '/var/yp/Makefile'
  replace:
    path: /var/yp/Makefile
-    regexp: '^#?{{ item }}=.*'
+    regexp: "^#?{{ item }}=.*"
-    replace: '{{ item }}=true'
+    replace: "{{ item }}=true"
  with_items:
    - MERGE_PASSWD
    - MERGE_GROUP
@@ -296,6 +296,5 @@
    - nis-install
    - nis-install-server
 # TODO:
 # /var/yp/Makefile