ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ansible:43be0cb5f95b38eeaba62ee69970c862f85cd3d9
Branches Tags
ansible:master
..
compare: ansible:7c35a51a9b76380c45782d6b912efca73fdd1791
Branches Tags
ansible:master

2 Commits
43be0cb5f9 ... 7c35a51a9b

Author SHA1 Message Date
Christoph
7c35a51a9b Refactor nis-install-server.yml: standardize file permissions and improve formatting 2026-05-06 16:04:28 +02:00
Christoph
1a9b1c3faa Update NIS user configurations: add 'technik' group and new users 'sophie.tadeus' and 'steffen.klaevers' 2026-05-06 16:00:23 +02:00
2 changed files with 67 additions and 52 deletions
Expand all files Collapse all files

22
group_vars/mbr.yml
View File

@@ -504,6 +504,7 @@ nis_user:
- direx
- mbr-buero
- mbr-finanzen-personal
- technik
- vdk
is_samba_user: true
password: 'nA-y.I6ReJ-M'
@@ -745,7 +746,6 @@ nis_user:
groups:
- all-users
- buero-scan
- mbr-buero
is_samba_user: true
password: '2001_RAT_urban!'
@@ -753,7 +753,6 @@ nis_user:
groups:
- all-users
- buero-scan
- mbr-buero
is_samba_user: true
password: '20praktikum213'
@@ -856,6 +855,22 @@ nis_user:
is_samba_user: true
password: 'q2Sc.C7-6hZR'
- name: sophie.tadeus
groups:
- all-users
- buero-scan
- rias-berlin
is_samba_user: true
password: '3.5.JQby/ubw'
- name: steffen.klaevers
groups:
- all-users
- buero-scan
- rias-berlin
is_samba_user: true
password: 'pRU.g5W5h-rY'
# ---
# Regishut
@@ -908,6 +923,7 @@ nis_user:
- all-users
- buero-scan
- regishut
- technik
is_samba_user: true
password: '7A2i-Iz.mUHz'
@@ -1009,7 +1025,7 @@ samba_shares:
file_create_mask: '0660'
dir_create_mask: '2770'
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
#recycle_path: '@Recycle.Bin'
- name: Technik-und-Sicherheit
path: /data/shares/Technik-und-Sicherheit

81
roles/common/tasks/nis-install-server.yml
View File

@@ -20,7 +20,7 @@
src: etc/defaultdomain.j2
owner: root
group: root
mode: 0644
mode: 644
tags:
- nis-install
- nis-install-server
@@ -31,7 +31,7 @@
src: etc/yp.conf.j2
owner: root
group: root
mode: 0644
mode: 644
tags:
- nis-install
- nis-install-client
@@ -42,7 +42,6 @@
- nis-install
- nis-install-server
# ---
# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default.
#
@@ -73,17 +72,17 @@
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version']|int >= 11
- file_etc_pam_d_common_password.stat.exists == True
#- ansible_distribution_major_version|int <= 12
- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
- name: (nis-install-server.yml) Change default password hash for local system
accounts from SHA-512 to yescrypt
shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/"
/etc/pam.d/common-password
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version']|int >= 11
- file_etc_pam_d_common_password.stat.exists == True
- presence_of_passwprd_hashing_yescrypt is changed
#- ansible_facts['distribution_major_version']|int <= 12
@@ -107,25 +106,26 @@
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER' (server)
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISSERVER'
(server)
replace:
path: /etc/default/nis
regexp: '^NISSERVER=.*'
replace: 'NISSERVER=master'
regexp: "^NISSERVER=.*"
replace: "NISSERVER=master"
tags:
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT' (server)
- name: (nis-install-server.yml) Adjust file /etc/default/nis - set 'NISCLIENT'
(server)
replace:
path: /etc/default/nis
regexp: '^NISCLIENT=.*'
replace: 'NISCLIENT=false'
regexp: "^NISCLIENT=.*"
replace: "NISCLIENT=false"
tags:
- nis-install
- nis-install-server
# ---
# /etc/ypserv.securenets
# ---
@@ -146,37 +146,40 @@
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file /etc/ypserv.securenets
- name: (nis-install-server.yml) Comment line like '0.0.0.0 ..' to file
/etc/ypserv.securenets
replace:
path: /etc/ypserv.securenets
regexp: '^(0.0.0.0\s+.*)'
replace: '#\1'
regexp: "^(0.0.0.0\\s+.*)"
replace: "#\\1"
tags:
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file /etc/ypserv.securenets
- name: (nis-install-server.yml) Add '255.255.0.0 192.168.0.0' to file
/etc/ypserv.securenets
lineinfile:
path: /etc/ypserv.securenets
line: '255.255.0.0 192.168.0.0'
line: "255.255.0.0 192.168.0.0"
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
mode: "0644"
tags:
- nis-install
- nis-install-server
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file /etc/ypserv.securenets
- name: (nis-install-server.yml) Add '255.0.0.0 10.0.0.0' to file
/etc/ypserv.securenets
lineinfile:
path: /etc/ypserv.securenets
line: '255.0.0.0 10.0.0.0'
line: "255.0.0.0 10.0.0.0"
insertafter: EOF
state: present
owner: root
group: root
mode: '0644'
mode: "0644"
tags:
- nis-install
- nis-install-server
@@ -188,17 +191,17 @@
- nis-install
- nis-install-server
# ---
# Base directory containing users' home directory
# ---
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
- name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually
/data/home) exists
file:
path: '{{ nis_base_home }}'
path: "{{ nis_base_home }}"
owner: root
group: root
mode: '0755'
mode: "0755"
state: directory
when:
- "groups['nis_server']|string is search(inventory_hostname)"
@@ -206,23 +209,22 @@
- nis-install
- nis-install-server
# ---
# /etc/default/useradd
# ---
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter Kommentar einfügen
- name: (nis-install-server.yml) HOME in /etc/default/useradd setzen oder hinter
Kommentar einfügen
ansible.builtin.lineinfile:
path: /etc/default/useradd
regexp: '^HOME='
insertafter: '^#\s*HOME='
regexp: "^HOME="
insertafter: "^#\\s*HOME="
line: "HOME={{ nis_base_home }}"
backup: true
when:
- nis_base_home is defined
- nis_base_home != '/home'
# ---
# /etc/adduser.conf
# ---
@@ -240,7 +242,6 @@
- name: (nis-install-server.yml) Backup existing file /etc/adduser.conf
command: cp -a /etc/adduser.conf /etc/adduser.conf.ORIG
when:
when:
- nis_base_home is defined
- nis_base_home != '/home'
@@ -249,19 +250,18 @@
- nis-install
- nis-install-server
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter Kommentar einfügen
- name: (nis-install-server.yml) DHOME in /etc/adduser.conf setzen oder hinter
Kommentar einfügen
ansible.builtin.lineinfile:
path: /etc/adduser.conf
regexp: '^DHOME='
insertafter: '^#\s*DHOME='
regexp: "^DHOME="
insertafter: "^#\\s*DHOME="
line: "DHOME={{ nis_base_home }}"
backup: true
when:
- nis_base_home is defined
- nis_base_home != '/home'
# ---
# /var/yp/Makefile
# ---
@@ -285,8 +285,8 @@
- name: (nis-install-server.yml) Adjust file '/var/yp/Makefile'
replace:
path: /var/yp/Makefile
regexp: '^#?{{ item }}=.*'
replace: '{{ item }}=true'
regexp: "^#?{{ item }}=.*"
replace: "{{ item }}=true"
with_items:
- MERGE_PASSWD
- MERGE_GROUP
@@ -296,6 +296,5 @@
- nis-install
- nis-install-server
# TODO:
# /var/yp/Makefile