Refactor nis-install-server.yml: standardize file permissions and improve formatting

Update NIS user configurations: add 'technik' group and new users 'sophie.tadeus' and 'steffen.klaevers'
2026-05-06 16:04:28 +02:00 · 2026-05-06 16:00:23 +02:00
2 changed files with 67 additions and 52 deletions
--- a/group_vars/mbr.yml
+++ b/group_vars/mbr.yml
@@ -504,6 +504,7 @@ nis_user:
      - direx
      - mbr-buero
      - mbr-finanzen-personal
      - technik
      - vdk
    is_samba_user: true
    password: 'nA-y.I6ReJ-M'
@@ -745,7 +746,6 @@ nis_user:
    groups:
      - all-users
      - buero-scan
      - mbr-buero
    is_samba_user: true
    password: '2001_RAT_urban!'
@@ -753,7 +753,6 @@ nis_user:
    groups:
      - all-users
      - buero-scan
      - mbr-buero
    is_samba_user: true
    password: '20praktikum213'
@@ -856,6 +855,22 @@ nis_user:
    is_samba_user: true
    password: 'q2Sc.C7-6hZR'
  - name: sophie.tadeus
    groups:
      - all-users
      - buero-scan
      - rias-berlin
    is_samba_user: true
    password: '3.5.JQby/ubw'
  - name: steffen.klaevers
    groups:
      - all-users
      - buero-scan
      - rias-berlin
    is_samba_user: true
    password: 'pRU.g5W5h-rY'
 # ---
 # Regishut
@@ -908,6 +923,7 @@ nis_user:
      - all-users
      - buero-scan
      - regishut
      - technik
    is_samba_user: true
    password: '7A2i-Iz.mUHz'
@@ -1009,7 +1025,7 @@ samba_shares:
    file_create_mask: '0660'
    dir_create_mask: '2770'
    vfs_object_recycle: true
-    recycle_path: '@Recycle.Bin'
+    #recycle_path: '@Recycle.Bin'
  - name: Technik-und-Sicherheit
    path: /data/shares/Technik-und-Sicherheit
--- a/roles/common/tasks/nis-install-server.yml
+++ b/roles/common/tasks/nis-install-server.yml
@@ -16,11 +16,11 @@
 - name: (nis-install-server.yml) Set (nis) default domain (/etc/defaultdomain)
  template:
-    dest: /etc/defaultdomain  
+    dest: /etc/defaultdomain
    src: etc/defaultdomain.j2
    owner: root
    group: root
-    mode: 0644
+    mode: 644
  tags:
    - nis-install
    - nis-install-server
@@ -31,7 +31,7 @@
    src: etc/yp.conf.j2
    owner: root
    group: root
-    mode: 0644
+    mode: 644
  tags:
    - nis-install
    - nis-install-client
@@ -42,16 +42,15 @@
    - nis-install
    - nis-install-server
 # ---
-# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. 
+# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
 #
 # Note:
 #    'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller
 #
 # ---
- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists 
+- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists
  stat:
    path: /etc/pam.d/common-password
  register: file_etc_pam_d_common_password
@@ -65,7 +64,7 @@
 - name: (nis-install-server.yml) Check if default hash for password is 'yescrypt'
  shell: "grep -i -q -E  '^password.+yescrypt' /etc/pam.d/common-password"
  register: presence_of_passwprd_hashing_yescrypt
-  changed_when: 
+  changed_when:
    - presence_of_passwprd_hashing_yescrypt.rc < 1
  failed_when:
    - presence_of_passwprd_hashing_yescrypt.rc >= 2
@@ -73,23 +72,23 @@
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version']|int >= 11
    - file_etc_pam_d_common_password.stat.exists == True
    #- ansible_distribution_major_version|int <= 12
- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
+- name: (nis-install-server.yml) Change default password hash for local system
-  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
+    accounts from SHA-512 to yescrypt
  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/"
    /etc/pam.d/common-password
  when:
    - ansible_facts['distribution'] == "Debian"
    - ansible_facts['distribution_major_version']|int >= 11
    - file_etc_pam_d_common_password.stat.exists == True
    - presence_of_passwprd_hashing_yescrypt is changed
    #- ansible_facts['distribution_major_version']|int <= 12
-# ---
+    # ---
-# /etc/default/nis
+    # /etc/default/nis
-# ---
+    # ---
 - name: (nis-install-server.yml) Check if file '/etc/default/nis.ORIG' exists
  stat:
@@ -107,25 +106,26 @@
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER'
    (server)
  replace:
    path: /etc/default/nis
-    regexp: '^NISSERVER=.*'
+    regexp: "^NISSERVER=.*"
-    replace: 'NISSERVER=master'
+    replace: "NISSERVER=master"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
+- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT'
    (server)
  replace:
    path: /etc/default/nis
-    regexp: '^NISCLIENT=.*'
+    regexp: "^NISCLIENT=.*"
-    replace: 'NISCLIENT=false'
+    replace: "NISCLIENT=false"
  tags:
    - nis-install
    - nis-install-server
 # ---
 # /etc/ypserv.securenets
 # ---
@@ -146,37 +146,40 @@
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file
    /etc/ypserv.securenets
  replace:
    path: /etc/ypserv.securenets
-    regexp: '^(0.0.0.0\s+.*)'
+    regexp: "^(0.0.0.0\\s+.*)"
-    replace: '#\1'
+    replace: "#\\1"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file
    /etc/ypserv.securenets
  lineinfile:
    path: /etc/ypserv.securenets
-    line: '255.255.0.0 192.168.0.0'
+    line: "255.255.0.0 192.168.0.0"
    insertafter: EOF
    state: present
    owner: root
    group: root
-    mode: '0644'
+    mode: "0644"
  tags:
    - nis-install
    - nis-install-server
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
+- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file
    /etc/ypserv.securenets
  lineinfile:
    path: /etc/ypserv.securenets
-    line: '255.0.0.0 10.0.0.0'
+    line: "255.0.0.0 10.0.0.0"
    insertafter: EOF
    state: present
    owner: root
    group: root
-    mode: '0644'
+    mode: "0644"
  tags:
    - nis-install
    - nis-install-server
@@ -188,17 +191,17 @@
    - nis-install
    - nis-install-server
 # ---
 # Base directory containing users' home directory
 # ---
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
+- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually
    /data/home) exists
  file:
-    path: '{{ nis_base_home }}'
+    path: "{{ nis_base_home }}"
    owner: root
    group: root
-    mode: '0755'
+    mode: "0755"
    state: directory
  when:
    - "groups['nis_server']|string is search(inventory_hostname)"
@@ -206,23 +209,22 @@
    - nis-install
    - nis-install-server
 # ---
 # /etc/default/useradd
 # ---
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter Kommentar einfügen
+- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter
    Kommentar einfügen
  ansible.builtin.lineinfile:
    path: /etc/default/useradd
-    regexp: '^HOME='
+    regexp: "^HOME="
-    insertafter: '^#\s*HOME='
+    insertafter: "^#\\s*HOME="
    line: "HOME={{ nis_base_home }}"
    backup: true
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
 # ---
 # /etc/adduser.conf
 # ---
@@ -240,7 +242,6 @@
 - name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
  command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
  when:
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
@@ -249,19 +250,18 @@
    - nis-install
    - nis-install-server
-
+- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter Kommentar einfügen
+    Kommentar einfügen
  ansible.builtin.lineinfile:
    path: /etc/adduser.conf
-    regexp: '^DHOME='
+    regexp: "^DHOME="
-    insertafter: '^#\s*DHOME='
+    insertafter: "^#\\s*DHOME="
    line: "DHOME={{ nis_base_home }}"
    backup: true
  when:
    - nis_base_home is defined
    - nis_base_home != '/home'
 # ---
 # /var/yp/Makefile
 # ---
@@ -285,17 +285,16 @@
 - name: (nis-install-server.yml) Adjust file  '/var/yp/Makefile'
  replace:
    path: /var/yp/Makefile
-    regexp: '^#?{{ item }}=.*'
+    regexp: "^#?{{ item }}=.*"
-    replace: '{{ item }}=true'
+    replace: "{{ item }}=true"
  with_items:
    - MERGE_PASSWD
    - MERGE_GROUP
-  notify: 
+  notify:
    - Renew nis databases
  tags:
    - nis-install
    - nis-install-server
 # TODO:
 # /var/yp/Makefile
Author	SHA1	Message	Date
Christoph	7c35a51a9b	Refactor nis-install-server.yml: standardize file permissions and improve formatting	2026-05-06 16:04:28 +02:00
Christoph	1a9b1c3faa	Update NIS user configurations: add 'technik' group and new users 'sophie.tadeus' and 'steffen.klaevers'	2026-05-06 16:00:23 +02:00