From 8a4da8c61517b9252233b760f19670dcaa3d9202 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 27 Oct 2025 23:17:40 +0100 Subject: [PATCH] update.. --- ansible.cfg | 12 +- group_vars/all/main.yml | 5 + group_vars/flr.yml | 9 + group_vars/sprachenatelier.yml | 7 + roles/common/tasks/apt.yml | 10 +- roles/common/tasks/nis-user-systemfiles.yml | 223 +++++---- roles/common/tasks/samba-install.yml | 85 ++-- .../common/tasks/system-user-systemfiles.yml | 425 ++++++++++++------ 8 files changed, 483 insertions(+), 293 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 684dafb..288f879 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -10,7 +10,17 @@ [defaults] -ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** +# [DEPRECATION WARNING] 'ansible_managed' used in ansible.cfg +# +# The `ansible_managed` variable can be set just like any other variable, or a different +# variable can be used. +# +# Alternatives: Set the `ansible_managed` variable, or use any custom variable in templates. +# +# This feature will be removed from ansible-core version 2.23. +# +#ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] *** + #gathering = smart #fact_caching = jsonfile #fact_caching_connection = ~/.cache/ diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index f371cef..b907273 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,5 +1,10 @@ --- +ansible_managed: > + *** ANSIBLE MANAGED FILE - DO NOT EDIT *** + This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }} + + ansible_python_interpreter: /usr/bin/python3 diff --git a/group_vars/flr.yml b/group_vars/flr.yml index bff7d5d..d0ec0a9 100644 --- a/group_vars/flr.yml +++ b/group_vars/flr.yml @@ -259,6 +259,15 @@ remove_nis_users: [] nis_user: + - name: ckubu-test + groups: + - amif + - foerderung + - quali + - team + is_samba_user: true + password: '20/cku-bu.test_24%' + - name: chris groups: - team diff --git a/group_vars/sprachenatelier.yml b/group_vars/sprachenatelier.yml index 219820d..b8f45e2 100644 --- a/group_vars/sprachenatelier.yml +++ b/group_vars/sprachenatelier.yml @@ -162,6 +162,13 @@ nis_user: is_samba_user: true password: 's2016bp' + - name: buero2 + groups: + - intern + - buero + is_samba_user: true + password: 's2025bp2' + - name: chema groups: - intern diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 1bc0522..bfd4248 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -30,13 +30,11 @@ - apt-webserver-pkgs -- name: (apt.yml) dpkg --configure - command: > - dpkg --configure -a - #args: - # warn: false - changed_when: _dpkg_configure.stdout_lines +- name: (apt.yml) Configure any half-installed packages 'dpkg --configure -a' + ansible.builtin.command: dpkg --configure -a register: _dpkg_configure + changed_when: (_dpkg_configure.stdout | default('')) | length > 0 + failed_when: _dpkg_configure.rc != 0 when: apt_dpkg_configure|bool tags: - apt-dpkg-configure diff --git a/roles/common/tasks/nis-user-systemfiles.yml b/roles/common/tasks/nis-user-systemfiles.yml index 706ad02..2a06d91 100644 --- a/roles/common/tasks/nis-user-systemfiles.yml +++ b/roles/common/tasks/nis-user-systemfiles.yml @@ -51,37 +51,36 @@ tags: - profile -- name: (nis-user-systemfiles.yml) copy .profile if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}" - dest: "~{{ item.item.name }}/.profile" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" - loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') - tags: - - profile -- name: (nis-user-systemfiles.yml) copy default .profile if it exists - template: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2') }}" - dest: "~{{ item.item.name }}/.profile" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" +# 1) Für jeden NIS-User prüfen, ob eine lokale _profile existiert +- name: (nis-user-systemfiles.yml) stat user _profile + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_profile" + delegate_to: localhost + become: false + loop: "{{ nis_user }}" + register: profile_stats loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists == false - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2') - tags: - - profile + label: "{{ item.name }}" + +# 2) Falls NIS-User _profile vorhanden, kopieren +- name: (nis-user-systemfiles.yml) copy .profile if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_profile" + dest: "~{{ user.name }}/.profile" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ nis_user | zip(profile_stats.results) | list }}" + loop_control: + label: "{{ user.name }}" + when: + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] # -- @@ -107,92 +106,118 @@ tags: - bashrc -- name: (nis-user-systemfiles.yml) copy .bashrc if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}" - dest: "~{{ item.item.name }}/.bashrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" +# 1) Für jeden NIS-User prüfen, ob eine lokale _bashrc existiert +- name: (system-user-systemfiles.yml) stat user _bashrc + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc" + delegate_to: localhost + become: false + loop: "{{ nis_user }}" + register: bashrc_stats loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') - tags: - - bashrc + label: "{{ item.name }}" -- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists - copy: - src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_bashrc' }}" - dest: "~{{ item.item.name }}/.bashrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" +# 2) Falls User _bashrc vorhanden, kopieren +- name: (system-user-systemfiles.yml) copy .bashrc if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc" + dest: "~{{ user.name }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ nis_user | zip(bashrc_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists == false - tags: - - bashrc + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] # -- # Copy .vimrc # --- -- name: (nis-user-systemfiles.yml) copy .vimrc if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}" - dest: "~{{ item.item.name }}/.vimrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" - loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') - tags: - - vimrc - -- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users - local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim - with_items: "{{ nis_user }}" +# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert +- name: (system-user-systemfiles.yml) stat user _vimrc + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc" + delegate_to: localhost + become: false + loop: "{{ nis_user }}" + register: vimrc_stats loop_control: label: '{{ item.name }}' - register: local_template_dir_dotvim_default_user -- name: (nis-user-systemfiles.yml) copy .vim directory if it exists - copy: - src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}" - dest: "~{{ item.item.name }}" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - with_items: "{{ local_template_dir_dotvim_default_user.results }}" +# 2. Falls vorhanden, Datei kopieren +- name: (system-user-systemfiles.yml) copy .vimrc if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc" + dest: "~{{ user.name }}/.vimrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0644' + loop: "{{ nis_user | zip(vimrc_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists + - stat_result.stat.exists + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" tags: - - vimrc + - bash -- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists - copy: - src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_vimrc' }}" - dest: "~{{ item.item.name }}/.vimrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_nis_user.results }}" + +# 1) Lokal prüfen, ob ~/.vim existiert +- name: (system-user-systemfiles.yml) stat local .vim for each user + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim" + delegate_to: localhost + become: false + loop: "{{ nis_user }}" + register: dotvim_stats loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists == false - tags: - - vimrc + label: "{{ item.name }}" + +# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren +- name: (system-user-systemfiles.yml) copy .vim directory if it exists + ansible.builtin.copy: + # Wichtig: KEINE verschachtelten {{ ... }} im String + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim" + dest: "~{{ user.name }}/" + mode: preserve # oder weglassen; 0644 wäre für Verzeichnisse falsch + become: true + loop: "{{ nis_user | zip(dotvim_stats.results) | list }}" + loop_control: + label: "{{ user.name }}" + when: + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [vim] + + +# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich) +- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively + ansible.builtin.file: + path: "~{{ user.name }}/.vim" + owner: "{{ user.name }}" + group: "{{ user.name }}" + recurse: true + state: directory + become: true + loop: "{{ nis_user | zip(dotvim_stats.results) | list }}" + loop_control: + label: "{{ user.name }}" + when: + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [vim] diff --git a/roles/common/tasks/samba-install.yml b/roles/common/tasks/samba-install.yml index 25c8ff2..66e738a 100644 --- a/roles/common/tasks/samba-install.yml +++ b/roles/common/tasks/samba-install.yml @@ -107,76 +107,73 @@ - samba-server -- name: (samba-install.yml) Check if cleaning up trash dirs is configured - lineinfile: +- name: (samba-config-server.yml) Check if cleaning up trash dirs is configured + ansible.builtin.lineinfile: path: /root/bin/samba/conf/clean_samba_trash.conf - regexp: "^trash_dirs=*" + regexp: '^trash_dirs=*' state: absent - check_mode: yes + check_mode: true changed_when: false register: clean_samba_trash_dirs - when: - - "groups['samba_server']|string is search(inventory_hostname)" - tags: - - samba-server - - -- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs - cron: - name: '{{ samba_cronjob_trash_dirs.name }}' - minute: '{{ samba_cronjob_trash_dirs.minute }}' + when: + - inventory_hostname in groups['samba_server'] + tags: [samba-server, samba-cron] + + +- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs + ansible.builtin.cron: + name: "{{ samba_cronjob_trash_dirs.name }}" + minute: "{{ samba_cronjob_trash_dirs.minute }}" hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}" - day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}" - month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}" - weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}" + day: "{{ samba_cronjob_trash_dirs.day | default('*') }}" + month: "{{ samba_cronjob_trash_dirs.month | default('*') }}" + weekday: "{{ samba_cronjob_trash_dirs.weekday | default('*') }}" user: "{{ samba_cronjob_trash_dirs.user | default('root') }}" job: "{{ samba_cronjob_trash_dirs.job }}" when: - - "groups['samba_server']|string is search(inventory_hostname)" - - clean_samba_trash_dirs.found - tags: - - samba-server + - inventory_hostname in groups['samba_server'] + - clean_samba_trash_exists.stat.exists | bool + - (clean_samba_trash_dirs.found | int) > 0 + tags: [samba-server, samba-cron] # --- # Cronjob for setting permissions on samba shares # --- -- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists - stat: +- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists + ansible.builtin.stat: path: /root/bin/samba/set_permissions_samba_shares.sh register: set_permissions_on_samba_shares_exists when: - - "groups['samba_server']|string is search(inventory_hostname)" - tags: - - samba-server + - inventory_hostname in groups['samba_server'] + tags: [samba-server, samba-cron] + -- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh' - template: +- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh' + ansible.builtin.template: dest: /root/bin/samba/conf/set_permissions_samba_shares.conf src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2 when: - - "groups['samba_server']|string is search(inventory_hostname)" - - set_permissions_on_samba_shares_exists.stat.exists|bool - tags: - - samba-server - - -- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs - cron: - name: '{{ samba_cronjob_permissions.name }}' - minute: '{{ samba_cronjob_permissions.minute }}' + - inventory_hostname in groups['samba_server'] + - set_permissions_on_samba_shares_exists.stat.exists | bool + tags: [samba-server, samba-cron] + + +- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs + ansible.builtin.cron: + name: "{{ samba_cronjob_permissions.name }}" + minute: "{{ samba_cronjob_permissions.minute }}" hour: "{{ samba_cronjob_permissions.hour | default('*') }}" day: "{{ samba_cronjob_permissions.day | default('*') }}" - month: "{{ samba_cronjob_permissions.month| default('*') }}" - weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}" + month: "{{ samba_cronjob_permissions.month | default('*') }}" + weekday: "{{ samba_cronjob_permissions.weekday | default('*') }}" user: "{{ samba_cronjob_permissions.user | default('root') }}" job: "{{ samba_cronjob_permissions.job }}" when: - - "groups['samba_server']|string is search(inventory_hostname)" - - clean_samba_trash_dirs.found - tags: - - samba-server + - inventory_hostname in groups['samba_server'] + - (clean_samba_trash_dirs.found | int) > 0 # << int -> bool + tags: [samba-server, samba-cron] # --- diff --git a/roles/common/tasks/system-user-systemfiles.yml b/roles/common/tasks/system-user-systemfiles.yml index f369e33..26aaf6d 100644 --- a/roles/common/tasks/system-user-systemfiles.yml +++ b/roles/common/tasks/system-user-systemfiles.yml @@ -18,9 +18,9 @@ register: local_template_dir_root -# -- -# Copy .profile -# --- +# -- +# Copy .profile +# --- - name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists stat: @@ -42,64 +42,102 @@ tags: - profile +# 1) Für jeden User prüfen, ob eine lokale _profile existiert +- name: (system-user-systemfiles.yml) stat user _profile + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_profile" + delegate_to: localhost + become: false + loop: "{{ default_user }}" + register: profile_stats + loop_control: + label: "{{ item.name }}" + +# 2) Prüfe ob eine lokale default _baschrc existiert +- name: stat DEFAULT _profile + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile" + delegate_to: localhost + become: false + register: default_profile_stat + +# 2) Falls User _profile vorhanden, kopieren - name: (system-user-systemfiles.yml) copy .profile if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}" - dest: "~{{ item.item.name }}/.profile" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_profile" + dest: "~{{ user.name }}/.profile" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ default_user | zip(profile_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') - tags: - - profile + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] -- name: (system-user-systemfiles.yml) copy default .profile if it exists - template: - src: files/{{ nis_domain }}/homedirs/DEFAULT/_profile - dest: "~{{ item.item.name }}/.profile" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" +# 3) Falls nicht vorhanden, DEFAULT nutzen +- name: (system-user-systemfiles.yml) copy default .profile + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile" + dest: "~{{ user.name }}/.profile" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ default_user | zip(profile_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists == false - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile') - tags: - - profile + - not stat_result.stat.exists + - default_profile_stat.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] +# --- # -- root user +# --- + - name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists stat: path: /root/.profile.ORIG register: profile_root_orig_exists tags: - - profile + - bash -- name: (system-user-systemfiles.yml) Backup existing users .profile file - command: cp -a /root/.profile /root/.profile.ORIG +- name: (system-user-systemfiles.yml) Backup /root/.profile file + command: cp /root/.profile /root/.profile.ORIG when: profile_root_orig_exists.stat.exists == False tags: - - profile + - bash -- name: (system-user-systemfiles.yml) copy .profile for user root - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile') }}" - dest: "/root/.profile" +# 1) Prüfen ob die _profile für root auf dem Control-Node existiert +- name: (system-user-systemfiles.yml) stat root _profile on control node + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile" + delegate_to: localhost + become: false + register: profile_root_stat + +# 2) Wenn vorhanden, kopieren wir sie nach /root/.profile auf dem Zielhost +- name: copy root .profile if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile" + dest: /root/.profile owner: root group: root - mode: 0644 - when: - - local_template_dir_root.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile') + mode: '0644' + become: true + when: profile_root_stat.stat.exists tags: - - profile + - bash + # -- # Copy .bashrc @@ -124,38 +162,68 @@ tags: - bashrc +# 1) Für jeden User prüfen, ob eine lokale _bashrc existiert +- name: (system-user-systemfiles.yml) stat user _bashrc + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc" + delegate_to: localhost + become: false + loop: "{{ default_user }}" + register: bashrc_stats + loop_control: + label: "{{ item.name }}" + +# 2) Prüfe ob eine lokale default _baschrc existiert +- name: stat DEFAULT _bashrc + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc" + delegate_to: localhost + become: false + register: default_bashrc_stat + +# 2) Falls User _bashrc vorhanden, kopieren - name: (system-user-systemfiles.yml) copy .bashrc if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}" - dest: "~{{ item.item.name }}/.bashrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc" + dest: "~{{ user.name }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ default_user | zip(bashrc_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') - tags: - - bashrc + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] -- name: (system-user-systemfiles.yml) copy default .bashrc if it exists - copy: - src: files/homedirs/DEFAULT/_bashrc - dest: "~{{ item.item.name }}/.bashrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" +# 3) Falls nicht vorhanden, DEFAULT nutzen +- name: (system-user-systemfiles.yml) copy default .bashrc + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc" + dest: "~{{ user.name }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: "0644" + become: true + loop: "{{ default_user | zip(bashrc_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists == false - tags: - - bashrc + - not stat_result.stat.exists + - default_bashrc_stat.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [bash] +# --- # -- root user +# --- + - name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists stat: path: /root/.bashrc.ORIG @@ -169,16 +237,24 @@ tags: - bash -- name: (system-user-systemfiles.yml) copy .bashrc for user root - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc') }}" - dest: "/root/.bashrc" +# 1) Prüfen ob die _bashrc für root auf dem Control-Node existiert +- name: stat root _bashrc on control node + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc" + delegate_to: localhost + become: false + register: bashrc_root_stat + +# 2) Wenn vorhanden, kopieren wir sie nach /root/.bashrc auf dem Zielhost +- name: copy root .bashrc if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc" + dest: /root/.bashrc owner: root group: root - mode: 0644 - when: - - local_template_dir_root.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc') + mode: '0644' + become: true + when: bashrc_root_stat.stat.exists tags: - bash @@ -186,93 +262,156 @@ # Copy .vimrc # --- -- name: (system-user-systemfiles.yml) copy .vimrc if it exists - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc') }}" - dest: "~{{ item.item.name }}/.vimrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" - loop_control: - label: '{{ item.item.name }}' - when: - - item.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc') - tags: - - vimrc - -- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users - local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim - with_items: "{{ system_users }}" +# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert +- name: (system-user-systemfiles.yml) stat user _vimrc + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc" + delegate_to: localhost + become: false + loop: "{{ default_user }}" + register: vimrc_stats loop_control: label: '{{ item.name }}' - register: local_template_dir_dotvim_default_user +# 2. Falls vorhanden, Datei kopieren +- name: (system-user-systemfiles.yml) copy .vimrc if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc" + dest: "~{{ user.name }}/.vimrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0644' + loop: "{{ default_user | zip(vimrc_stats.results) | list }}" + loop_control: + label: "{{ user.name }}" + when: + - stat_result.stat.exists + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: + - bash + + +# 1) Lokal prüfen, ob ~/.vim existiert +- name: (system-user-systemfiles.yml) stat local .vim for each user + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim" + delegate_to: localhost + become: false + loop: "{{ default_user }}" + register: dotvim_stats + loop_control: + label: "{{ item.name }}" + +# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren - name: (system-user-systemfiles.yml) copy .vim directory if it exists - copy: - src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}" - dest: "~{{ item.item.name }}" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - with_items: "{{ local_template_dir_dotvim_default_user.results }}" + ansible.builtin.copy: + # Wichtig: KEINE verschachtelten {{ ... }} im String + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim" + dest: "~{{ user.name }}/" + mode: preserve # oder weglassen; 0644 wäre für Verzeichnisse falsch + become: true + loop: "{{ default_user | zip(dotvim_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists - tags: - - vimrc + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [vim] -- name: (system-user-systemfiles.yml) copy default .vimrc if it exists - copy: - src: files/homedirs/DEFAULT/_vimrc - dest: "~{{ item.item.name }}/.vimrc" - owner: "{{ item.item.name }}" - group: "{{ item.item.name }}" - mode: 0644 - loop: "{{ local_template_dir_system_users.results }}" + +# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich) +- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively + ansible.builtin.file: + path: "~{{ user.name }}/.vim" + owner: "{{ user.name }}" + group: "{{ user.name }}" + recurse: true + state: directory + become: true + loop: "{{ default_user | zip(dotvim_stats.results) | list }}" loop_control: - label: '{{ item.item.name }}' + label: "{{ user.name }}" when: - - item.stat.exists == false - tags: - - vimrc + - stat_result.stat.exists | bool + vars: + user: "{{ item.0 }}" + stat_result: "{{ item.1 }}" + tags: [vim] -- name: (system-user-systemfiles.yml) copy .vimrc for user root - copy: - src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc') }}" - dest: "/root/.vimrc" +# -- +# -- root user +# -- + +# 1) Prüfen ob die _vimrc für root auf dem Control-Node existiert +- name: (system-user-systemfiles.yml) stat root _vimrc on control node + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc" + delegate_to: localhost + become: false + register: vimrc_root_stat + +# 2) Wenn vorhanden, kopieren wir sie nach /root/.vimrc auf dem Zielhost +- name: (system-user-systemfiles.yml)copy root .vimrc if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc" + dest: /root/.vimrc owner: root group: root - mode: 0644 + mode: '0644' + become: true when: - - local_template_dir_root.stat.exists - - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc') + - vimrc_root_stat.stat.exists tags: - - vimrc + - bash -- name: (system-user-systemfiles.yml) Check if local template directory .vim exists for user root - local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim - register: local_template_dir_vim_root - with_items: 'root' - loop_control: - label: 'root' + # 1) Lokal prüfen, ob ./files/{{ nis_domain }}/homedirs/root/.vim existiert +- name: (system-user-systemfiles.yml) stat local .vim for root + ansible.builtin.stat: + path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim" + delegate_to: localhost + become: false + register: root_dotvim_stat + tags: [vim] -- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists - copy: - src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}" - dest: "/root" + +# 2) Wenn vorhanden, nach /root/ kopieren +- name: (system-user-systemfiles.yml) copy root .vim directory if it exists + ansible.builtin.copy: + src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim" + dest: "/root/" + mode: preserve # oder weglassen; nicht 0644 bei Verzeichnissen + become: true + when: + - root_dotvim_stat.stat.exists | bool + tags: [vim] + +# 2) Wenn vorhanden, nach /root/ kopieren +#- name: (system-user-systemfiles.yml) rsync root .vim if it exists +# ansible.posix.synchronize: +# src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim/" +# dest: "/root/.vim/" +# archive: true +# delete: false +# rsync_path: "sudo -n rsync" # -n = kein Passwort-Prompt; erfordert NOPASSWD +# delegate_to: localhost +# when: +# - root_dotvim_stat.stat.exists | bool +# tags: [vim] + +# 3) Ownership sicherstellen (rekursiv) +- name: (system-user-systemfiles.yml) ensure ownership on /root/.vim recursively + ansible.builtin.file: + path: "/root/.vim" owner: "root" group: "root" - mode: 0644 - with_items: "{{ local_template_dir_vim_root.results }}" - loop_control: - label: 'root' + recurse: true + state: directory + become: true when: - - item.stat.exists - tags: - - vim - - + - root_dotvim_stat.stat.exists | bool + tags: [vim]