update..

ansible.cfg

@@ -10,7 +10,17 @@
 
 
 [defaults]
-ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+# [DEPRECATION WARNING] 'ansible_managed' used in ansible.cfg
+#
+# The `ansible_managed` variable can be set just like any other variable, or a different
+# variable can be used.
+#
+# Alternatives: Set the `ansible_managed` variable, or use any custom variable in templates.
+#
+# This feature will be removed from ansible-core version 2.23.
+#
+#ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+
 #gathering = smart
 #fact_caching = jsonfile
 #fact_caching_connection = ~/.cache/

files/akb.netz/homedirs/DEFAULT/_profile

@@ -1,36 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-	. "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/.local/bin" ] ; then
-    PATH="$HOME/.local/bin:$PATH"
-fi
-
-# this is for the midnight-commander
-# to become the last directory the midnight commander was in
-# as the current directory when leaving the midnight commander
-#
-if [[ -f /usr/share/mc/bin/mc.sh ]]; then
-   source /usr/share/mc/bin/mc.sh
-fi
-

files/akb.netz/homedirs/DEFAULT/_profile.j2

@@ -48,9 +48,12 @@ export LANG="de_DE.utf8"
 # 
 [[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
 
+# Don't try to mount samba shares if local mount base directory does not exist
+[[ -d "/mnt/{{ user.name }}" ]] || return
+
 SERVER="{{ samba_server }}"
-USER="{{ item.item.name }}"
+USER="{{ user.name }}"
-PASSWORD='{{ item.item.password }}'
+PASSWORD='{{ user.password }}'
 #VERSION="1.0"
 
 # Use NTLMv2 password hashing and force packet signing

files/akb.netz/homedirs/DEFAULT/_profile.j2.00

@@ -0,0 +1,133 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
+   source /usr/share/mc/bin/mc.sh
+elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
+   source /usr/lib/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+# 
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+SERVER="{{ samba_server }}"
+USER="{{ item.item.name }}"
+PASSWORD='{{ item.item.password }}'
+#VERSION="1.0"
+
+# Use NTLMv2 password hashing and force packet signing
+#
+#    SEC="ntlmv2i"
+#
+# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+#
+#    SEC="ntlmsspi"
+#
+SEC="ntlmsspi"
+
+# - uid/guid of the user at fielserver
+# -
+_UID="$(id -u)"
+_GID="$(id -g)"
+
+
+# Logfile to see what happened..
+#
+_logfile=/tmp/profile_${USER}.log
+
+
+echo "" > $_logfile
+echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+# Network present
+#
+_network=false
+
+if [  "X$_addr" = "X" ] ; then
+   echo "no inet address assigned yet.." >> $_logfile
+   declare -i count=1
+   while  ! $_network && [[ $count -lt 5 ]] ; do
+      echo "sleeping 2 seconds.." >> $_logfile
+      sleep 2
+      _addr="$(hostname --ip-address)"
+      if [ "X$_addr" != "X" ] ; then
+         _network=true
+         echo "inet address present: $_addr" >> $_logfile
+      fi
+      ((count++))
+   done
+fi
+
+for dir in $(ls /mnt/$USER) ; do
+   MOUNT_POINT=/mnt/$USER/$dir
+   SHARE=$dir
+
+   [ ! -d $MOUNT_POINT ] && continue
+
+   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+      echo "Going to mount share '${SHARE}' .." >> $_logfile
+      if [ -x /usr/bin/smb4k_mount ]; then
+         ## - Ubuntu <= 12.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      else
+         ## - Ubuntu Version >= 14.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      fi
+   else
+      echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+   fi
+
+done
+

files/anw-kb.netz/homedirs/DEFAULT/_profile

@@ -1,32 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-	. "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-# this is for the midnight-commander
-# to become the last directory the midnight commander was in
-# as the current directory when leaving the midnight commander
-#
-if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-   source /usr/share/mc/bin/mc.sh
-elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
-   source /usr/lib/mc/bin/mc.sh
-fi

files/anw-kb.netz/homedirs/DEFAULT/_profile.j2

@@ -48,9 +48,12 @@ export LANG="de_DE.utf8"
 # 
 [[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
 
+# Don't try to mount samba shares if local mount base directory does not exist
+[[ -d "/mnt/{{ user.name }}" ]] || return
+
 SERVER="{{ samba_server }}"
-USER="{{ item.item.name }}"
+USER="{{ user.name }}"
-PASSWORD='{{ item.item.password }}'
+PASSWORD='{{ user.password }}'
 #VERSION="1.0"
 
 # Use NTLMv2 password hashing and force packet signing

files/flr.netz/homedirs/DEFAULT/_profile

@@ -1,36 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-	. "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-# this is for the midnight-commander
-# to become the last directory the midnight commander was in
-# as the current directory when leaving the midnight commander
-#
-if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-   source /usr/share/mc/bin/mc.sh
-elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
-   source /usr/lib/mc/bin/mc.sh
-fi
-
-if command -v mesg >/dev/null 2>&1; then
-    mesg n
-fi

files/flr.netz/homedirs/DEFAULT/_profile.j2

@@ -45,12 +45,14 @@ export LANG="de_DE.utf8"
 # ---
 
 # Don't try to mount samba shares if login at samba server
-# 
 [[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
 
+# Don't try to mount samba shares if local mount base directory does not exist
+[[ -d "/mnt/{{ user.name }}" ]] || return
+
 SERVER="{{ samba_server }}"
-USER="{{ item.item.name }}"
+USER="{{ user.name }}"
-PASSWORD='{{ item.item.password }}'
+PASSWORD='{{ user.password }}'
 #VERSION="1.0"
 
 # Use NTLMv2 password hashing and force packet signing

files/flr.netz/homedirs/DEFAULT/_profile.j2.00

@@ -0,0 +1,133 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
+   source /usr/share/mc/bin/mc.sh
+elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
+   source /usr/lib/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+# 
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+SERVER="{{ samba_server }}"
+USER="{{ item.item.name }}"
+PASSWORD='{{ item.item.password }}'
+#VERSION="1.0"
+
+# Use NTLMv2 password hashing and force packet signing
+#
+#    SEC="ntlmv2i"
+#
+# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+#
+#    SEC="ntlmsspi"
+#
+SEC="ntlmsspi"
+
+# - uid/guid of the user at fielserver
+# -
+_UID="$(id -u)"
+_GID="$(id -g)"
+
+
+# Logfile to see what happened..
+#
+_logfile=/tmp/profile_${USER}.log
+
+
+echo "" > $_logfile
+echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+# Network present
+#
+_network=false
+
+if [  "X$_addr" = "X" ] ; then
+   echo "no inet address assigned yet.." >> $_logfile
+   declare -i count=1
+   while  ! $_network && [[ $count -lt 5 ]] ; do
+      echo "sleeping 2 seconds.." >> $_logfile
+      sleep 2
+      _addr="$(hostname --ip-address)"
+      if [ "X$_addr" != "X" ] ; then
+         _network=true
+         echo "inet address present: $_addr" >> $_logfile
+      fi
+      ((count++))
+   done
+fi
+
+for dir in $(ls /mnt/$USER) ; do
+   MOUNT_POINT=/mnt/$USER/$dir
+   SHARE=$dir
+
+   [ ! -d $MOUNT_POINT ] && continue
+
+   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+      echo "Going to mount share '${SHARE}' .." >> $_logfile
+      if [ -x /usr/bin/smb4k_mount ]; then
+         ## - Ubuntu <= 12.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      else
+         ## - Ubuntu Version >= 14.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      fi
+   else
+      echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+   fi
+
+done
+

files/mbr-bln.netz/homedirs/DEFAULT/_profile

@@ -1,38 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-	. "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/.local/bin" ] ; then
-    PATH="$HOME/.local/bin:$PATH"
-fi
-
-# this is for the midnight-commander
-# to become the last directory the midnight commander was in
-# as the current directory when leaving the midnight commander
-#
-if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-   source /usr/share/mc/bin/mc.sh
-elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
-   source /usr/lib/mc/bin/mc.sh
-fi
-

files/mbr-bln.netz/homedirs/DEFAULT/_profile.j2

@@ -51,11 +51,11 @@ export LANG="de_DE.utf8"
 
 # Only try mounting samba shares, if local mount base directory exists.
 #
-if [[ -d "/mnt/{{ item.item.name }}" ]]; then
+if [[ -d "/mnt/{{ user.name }}" ]]; then
 
    SERVER="{{ samba_server }}"
-   USER="{{ item.item.name }}"
+   USER="{{ user.name }}"
-   PASSWORD='{{ item.item.password }}'
+   PASSWORD='{{ user.password }}'
    #VERSION="1.0"
 
    # Use NTLMv2 password hashing and force packet signing

files/mbr-bln.netz/homedirs/DEFAULT/_profile.j2.00

@@ -0,0 +1,140 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
+   source /usr/share/mc/bin/mc.sh
+elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
+   source /usr/lib/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+#
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+
+# Only try mounting samba shares, if local mount base directory exists.
+#
+if [[ -d "/mnt/{{ item.item.name }}" ]]; then
+
+   SERVER="{{ samba_server }}"
+   USER="{{ item.item.name }}"
+   PASSWORD='{{ item.item.password }}'
+   #VERSION="1.0"
+
+   # Use NTLMv2 password hashing and force packet signing
+   #
+   #    SEC="ntlmv2i"
+   #
+   # Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+   #
+   #    SEC="ntlmsspi"
+   #
+   SEC="ntlmsspi"
+
+   # - uid/guid of the user at fielserver
+   # -
+   _UID="$(id -u)"
+   _GID="$(id -g)"
+
+
+   # Logfile to see what happened..
+   #
+   _logfile=/tmp/profile_${USER}.log
+
+
+   echo "" > $_logfile
+   echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+   # Network present
+   #
+   _network=false
+
+   if [  "X$_addr" = "X" ] ; then
+      echo "no inet address assigned yet.." >> $_logfile
+      declare -i count=1
+      while  ! $_network && [[ $count -lt 5 ]] ; do
+         echo "sleeping 2 seconds.." >> $_logfile
+         sleep 2
+         _addr="$(hostname --ip-address)"
+         if [ "X$_addr" != "X" ] ; then
+            _network=true
+            echo "inet address present: $_addr" >> $_logfile
+         fi
+         ((count++))
+      done
+   fi
+
+   for dir in $(ls /mnt/$USER) ; do
+      MOUNT_POINT=/mnt/$USER/$dir
+      SHARE=$dir
+
+      [ ! -d $MOUNT_POINT ] && continue
+
+      if ! mount | grep $MOUNT_POINT > /dev/null ; then
+         echo "Going to mount share '${SHARE}' .." >> $_logfile
+         if [ -x /usr/bin/smb4k_mount ]; then
+            ## - Ubuntu <= 12.04
+            if [[ "$VERSION" = "1.0" ]]; then
+               sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+                  -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+            else
+               #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+               sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+                  -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+            fi
+         else
+            ## - Ubuntu Version >= 14.04
+            if [[ "$VERSION" = "1.0" ]]; then
+               sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+                  -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+            else
+               #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+               sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+                  -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+            fi
+         fi
+      else
+         echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+      fi
+
+   done
+
+fi
+

files/sprachenatelier.netz/homedirs/DEFAULT/_profile

@@ -1,37 +0,0 @@
-# ~/.profile: executed by the command interpreter for login shells.
-# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
-# exists.
-# see /usr/share/doc/bash/examples/startup-files for examples.
-# the files are located in the bash-doc package.
-
-# the default umask is set in /etc/profile; for setting the umask
-# for ssh logins, install and configure the libpam-umask package.
-#umask 022
-
-# if running bash
-if [ -n "$BASH_VERSION" ]; then
-    # include .bashrc if it exists
-    if [ -f "$HOME/.bashrc" ]; then
-	. "$HOME/.bashrc"
-    fi
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/bin" ] ; then
-    PATH="$HOME/bin:$PATH"
-fi
-
-# set PATH so it includes user's private bin if it exists
-if [ -d "$HOME/.local/bin" ] ; then
-    PATH="$HOME/.local/bin:$PATH"
-fi
-
-# this is for the midnight-commander
-# to become the last directory the midnight commander was in
-# as the current directory when leaving the midnight commander
-#
-if [ -f "/usr/share/mc/bin/mc.sh" ]; then
-   source /usr/share/mc/bin/mc.sh
-elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
-   source /usr/lib/mc/bin/mc.sh
-fi

files/sprachenatelier.netz/homedirs/DEFAULT/_profile.j2

@@ -14,7 +14,7 @@
 if [ -n "$BASH_VERSION" ]; then
     # include .bashrc if it exists
     if [ -f "$HOME/.bashrc" ]; then
-   . "$HOME/.bashrc"
+        . "$HOME/.bashrc"
     fi
 fi
 
@@ -31,7 +31,6 @@ fi
 # this is for the midnight-commander
 # to become the last directory the midnight commander was in
 # as the current directory when leaving the midnight commander
-#
 if [ -f "/usr/share/mc/bin/mc.sh" ]; then
    source /usr/share/mc/bin/mc.sh
 elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
@@ -41,52 +40,35 @@ fi
 export LANG="de_DE.utf8"
 
 # ---
-# Mmount samba shares
+# Mount samba shares
 # ---
 
 # Don't try to mount samba shares if login at samba server
-# 
 [[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
 
-
 # Don't try to mount samba shares if local mount base directory does not exist
-#
+[[ -d "/mnt/{{ user.name }}" ]] || return
-[[ -d "/mnt/{{ item.item.name }}" ]] || return
-
 
 SERVER="{{ samba_server }}"
-USER="{{ item.item.name }}"
+USER="{{ user.name }}"
-PASSWORD='{{ item.item.password }}'
+PASSWORD='{{ user.password }}'
 #VERSION="1.0"
 
-# Use NTLMv2 password hashing and force packet signing
-#
-#    SEC="ntlmv2i"
-#
 # Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
-#
-#    SEC="ntlmsspi"
-#
 SEC="ntlmsspi"
 
-# - uid/guid of the user at fielserver
+# - uid/gid of the user at fileserver
-# -
 _UID="$(id -u)"
 _GID="$(id -g)"
 
-
 # Logfile to see what happened..
-#
 _logfile=/tmp/profile_${USER}.log
 
-
 echo "" > $_logfile
 echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
 
 # Network present
-#
 _network=false
-
 if [  "X$_addr" = "X" ] ; then
    echo "no inet address assigned yet.." >> $_logfile
    declare -i count=1
@@ -106,9 +88,9 @@ for dir in $(ls /mnt/$USER) ; do
    MOUNT_POINT=/mnt/$USER/$dir
    SHARE=$dir
 
-   [ ! -d $MOUNT_POINT ] && continue
+   [ ! -d "$MOUNT_POINT" ] && continue
 
-   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+   if ! mount | grep "$MOUNT_POINT" > /dev/null ; then
       echo "Going to mount share '${SHARE}' .." >> $_logfile
       if [ -x /usr/bin/smb4k_mount ]; then
          ## - Ubuntu <= 12.04
@@ -116,7 +98,6 @@ for dir in $(ls /mnt/$USER) ; do
             sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
                -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
          else
-            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
             sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
                -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
          fi
@@ -126,14 +107,12 @@ for dir in $(ls /mnt/$USER) ; do
             sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
                -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
          else
-            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,gid=$_GID \
-            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
                -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
          fi
       fi
    else
       echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
    fi
-
 done
 

files/sprachenatelier.netz/homedirs/DEFAULT/_profile.j2.00

@@ -0,0 +1,139 @@
+# {{ ansible_managed }}
+
+# ~/.profile: executed by the command interpreter for login shells.
+# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
+# exists.
+# see /usr/share/doc/bash/examples/startup-files for examples.
+# the files are located in the bash-doc package.
+
+# the default umask is set in /etc/profile; for setting the umask
+# for ssh logins, install and configure the libpam-umask package.
+#umask 022
+
+# if running bash
+if [ -n "$BASH_VERSION" ]; then
+    # include .bashrc if it exists
+    if [ -f "$HOME/.bashrc" ]; then
+   . "$HOME/.bashrc"
+    fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/bin" ] ; then
+    PATH="$HOME/bin:$PATH"
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d "$HOME/.local/bin" ] ; then
+    PATH="$HOME/.local/bin:$PATH"
+fi
+
+# this is for the midnight-commander
+# to become the last directory the midnight commander was in
+# as the current directory when leaving the midnight commander
+#
+if [ -f "/usr/share/mc/bin/mc.sh" ]; then
+   source /usr/share/mc/bin/mc.sh
+elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
+   source /usr/lib/mc/bin/mc.sh
+fi
+
+export LANG="de_DE.utf8"
+
+# ---
+# Mmount samba shares
+# ---
+
+# Don't try to mount samba shares if login at samba server
+# 
+[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
+
+
+# Don't try to mount samba shares if local mount base directory does not exist
+#
+[[ -d "/mnt/{{ item.item.name }}" ]] || return
+
+
+SERVER="{{ samba_server }}"
+USER="{{ item.item.name }}"
+PASSWORD='{{ item.item.password }}'
+#VERSION="1.0"
+
+# Use NTLMv2 password hashing and force packet signing
+#
+#    SEC="ntlmv2i"
+#
+# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
+#
+#    SEC="ntlmsspi"
+#
+SEC="ntlmsspi"
+
+# - uid/guid of the user at fielserver
+# -
+_UID="$(id -u)"
+_GID="$(id -g)"
+
+
+# Logfile to see what happened..
+#
+_logfile=/tmp/profile_${USER}.log
+
+
+echo "" > $_logfile
+echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
+
+# Network present
+#
+_network=false
+
+if [  "X$_addr" = "X" ] ; then
+   echo "no inet address assigned yet.." >> $_logfile
+   declare -i count=1
+   while  ! $_network && [[ $count -lt 5 ]] ; do
+      echo "sleeping 2 seconds.." >> $_logfile
+      sleep 2
+      _addr="$(hostname --ip-address)"
+      if [ "X$_addr" != "X" ] ; then
+         _network=true
+         echo "inet address present: $_addr" >> $_logfile
+      fi
+      ((count++))
+   done
+fi
+
+for dir in $(ls /mnt/$USER) ; do
+   MOUNT_POINT=/mnt/$USER/$dir
+   SHARE=$dir
+
+   [ ! -d $MOUNT_POINT ] && continue
+
+   if ! mount | grep $MOUNT_POINT > /dev/null ; then
+      echo "Going to mount share '${SHARE}' .." >> $_logfile
+      if [ -x /usr/bin/smb4k_mount ]; then
+         ## - Ubuntu <= 12.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
+            sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      else
+         ## - Ubuntu Version >= 14.04
+         if [[ "$VERSION" = "1.0" ]]; then
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         else
+            #sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
+            sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
+               -n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
+         fi
+      fi
+   else
+      echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
+   fi
+
+done
+

group_vars/all/main.yml

@@ -1,5 +1,10 @@
 ---
 
+ansible_managed: >
+  *** ANSIBLE MANAGED FILE - DO NOT EDIT ***
+  This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }}
+
+
 ansible_python_interpreter: /usr/bin/python3
 
 

group_vars/flr.yml

@@ -259,6 +259,15 @@ remove_nis_users: []
 
 nis_user:
 
+  - name: ckubu-test
+    groups:
+      - amif
+      - foerderung
+      - quali
+      - team
+    is_samba_user: true
+    password: '20/cku-bu.test_24%'
+
   - name: chris
     groups:
       - team

group_vars/mbr.yml

@@ -462,6 +462,7 @@ nis_user:
       - all-users
       - buero-scan
       - bgn
+      - mbr-buero
     is_samba_user: true
     password: 'LSr-tjo.U73V'
 
@@ -601,6 +602,14 @@ nis_user:
     is_samba_user: true
     password: 'G6Hz.ev/e24E'
 
+  - name: doku.mbr6
+    groups:
+      - all-users
+      - buero-scan
+      - mbr-buero
+    is_samba_user: true
+    password: 'RIm/-f6.7.wa'
+
   - name: florian.heuermann
     groups:
       - all-users

group_vars/sprachenatelier.yml

@@ -134,6 +134,7 @@ nis_groups:
 #  - name: simone
 
 nis_user:
+
   - name: chris
     groups:
       - intern
@@ -162,6 +163,13 @@ nis_user:
     is_samba_user: true
     password: 's2016bp'
 
+  - name: buero2
+    groups:
+      - intern
+      - buero
+    is_samba_user: true
+    password: 's2025bp2'
+
   - name: chema
     groups:
       - intern

roles/common/tasks/apt.yml

@@ -30,13 +30,11 @@
     - apt-webserver-pkgs
 
 
-- name: (apt.yml) dpkg --configure
+- name: (apt.yml) Configure any half-installed packages 'dpkg --configure -a'
-  command: >
+  ansible.builtin.command: dpkg --configure -a
-    dpkg --configure -a
-  #args:
-  #  warn: false
-  changed_when: _dpkg_configure.stdout_lines
   register: _dpkg_configure
+  changed_when: (_dpkg_configure.stdout | default('')) | length > 0
+  failed_when: _dpkg_configure.rc != 0
   when: apt_dpkg_configure|bool
   tags:
     - apt-dpkg-configure

roles/common/tasks/nis-user-systemfiles.yml

@@ -51,37 +51,38 @@
   tags:
     - profile
 
-- name: (nis-user-systemfiles.yml) copy .profile if it exists
-  copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
-    dest: "~{{ item.item.name }}/.profile"
-    owner: "{{ item.item.name }}"
-    group: "{{ item.item.name }}"
-    mode: 0644
-  loop: "{{  local_template_dir_nis_user.results }}"
-  loop_control:
-    label: '{{ item.item.name }}'
-  when:
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
-  tags:
-    - profile
 
-- name: (nis-user-systemfiles.yml) copy default .profile if it exists
+# 1) Für jeden NIS-User prüfen, ob eine lokale _profile.j2 existiert
-  template:
+- name: (nis-user-systemfiles.yml) stat user _profile.j2
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.profile"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile.j2"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ nis_user }}"
-  loop: "{{ local_template_dir_nis_user.results }}"
+  register: profile_template_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ item.name }}"
+
+# 2) Falls _profile.j2 vorhanden, .profile aus Template rendern
+- name: (nis-user-systemfiles.yml) template .profile if _profile.j2 exists
+  ansible.builtin.template:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile.j2"
+    dest: "~{{ user.name }}/.profile"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    mode: "0644"
+  become: true
+  loop: "{{ nis_user | zip(profile_template_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists == false
+    - stat_result.stat.exists | bool
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2')
+  vars:
-  tags:
+    user: "{{ item.0 }}"
-    - profile
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
+
+
 
 
 # --
@@ -107,92 +108,118 @@
   tags:
     - bashrc
 
-- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
+# 1) Für jeden NIS-User prüfen, ob eine lokale _bashrc existiert
-  copy:
+- name: (system-user-systemfiles.yml) stat user _bashrc
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.bashrc"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ nis_user }}"
-  loop: "{{ local_template_dir_nis_user.results }}"
+  register: bashrc_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ item.name }}"
-  when:
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
-  tags:
-    - bashrc
 
-- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
+# 2) Falls User _bashrc vorhanden, kopieren
-  copy:
+- name: (system-user-systemfiles.yml) copy .bashrc if it exists
-    src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_bashrc' }}"
+  ansible.builtin.copy:
-    dest: "~{{ item.item.name }}/.bashrc"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/.bashrc"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  loop: "{{ local_template_dir_nis_user.results }}"
+    mode: "0644"
+  become: true
+  loop: "{{ nis_user | zip(bashrc_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists == false
+    - stat_result.stat.exists | bool
-  tags:
+  vars:
-    - bashrc
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
 
 
 # --
 # Copy .vimrc
 # ---
 
-- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
+# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert
-  copy:
+- name: (system-user-systemfiles.yml) stat user _vimrc
-    src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.vimrc"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ nis_user }}"
-  loop: "{{ local_template_dir_nis_user.results }}"
+  register: vimrc_stats
-  loop_control:
-    label: '{{ item.item.name }}'
-  when:
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
-  tags:
-    - vimrc
-
-- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
-  local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
-  with_items: "{{ nis_user }}"
   loop_control:
     label: '{{ item.name }}'
-  register: local_template_dir_dotvim_default_user
 
-- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
+# 2. Falls vorhanden, Datei kopieren
-  copy:
+- name: (system-user-systemfiles.yml) copy .vimrc if it exists
-    src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
+  ansible.builtin.copy:
-    dest: "~{{ item.item.name }}"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/.vimrc"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+    mode: '0644'
+  loop: "{{ nis_user | zip(vimrc_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
   tags:
-    - vimrc
+    - bash
 
-- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
+
-  copy:
+# 1) Lokal prüfen, ob ~/.vim existiert
-    src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_vimrc' }}"
+- name: (system-user-systemfiles.yml) stat local .vim for each user
-    dest: "~{{ item.item.name }}/.vimrc"
+  ansible.builtin.stat:
-    owner: "{{ item.item.name }}"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim"
-    group: "{{ item.item.name }}"
+  delegate_to: localhost
-    mode: 0644
+  become: false
-  loop: "{{ local_template_dir_nis_user.results }}"
+  loop: "{{ nis_user }}"
+  register: dotvim_stats
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ item.name }}"
-  when:
+
-    - item.stat.exists == false
+# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren
-  tags:
+- name: (system-user-systemfiles.yml) copy .vim directory if it exists
-    - vimrc
+  ansible.builtin.copy:
+    # Wichtig: KEINE verschachtelten {{ ... }} im String
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim"
+    dest: "~{{ user.name }}/"
+    mode: preserve           # oder weglassen; 0644 wäre für Verzeichnisse falsch
+  become: true
+  loop: "{{ nis_user | zip(dotvim_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - stat_result.stat.exists | bool
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
+
+
+# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich)
+- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively
+  ansible.builtin.file:
+    path: "~{{ user.name }}/.vim"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    recurse: true
+    state: directory
+  become: true
+  loop: "{{ nis_user | zip(dotvim_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - stat_result.stat.exists | bool
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
 

roles/common/tasks/samba-install.yml

@@ -107,76 +107,73 @@
     - samba-server
 
 
-- name: (samba-install.yml) Check if cleaning up trash dirs is configured
+- name: (samba-config-server.yml) Check if cleaning up trash dirs is configured
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /root/bin/samba/conf/clean_samba_trash.conf
-    regexp: "^trash_dirs=*"
+    regexp: '^trash_dirs=*'
     state: absent
-  check_mode: yes
+  check_mode: true
   changed_when: false
   register: clean_samba_trash_dirs
-  when:
+  when: 
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+  
-
+  
-
+- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
-- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
+  ansible.builtin.cron:
-  cron:
+    name: "{{ samba_cronjob_trash_dirs.name }}"
-    name: '{{ samba_cronjob_trash_dirs.name }}'
+    minute: "{{ samba_cronjob_trash_dirs.minute }}"
-    minute: '{{ samba_cronjob_trash_dirs.minute }}'
     hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
-    day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
+    day: "{{ samba_cronjob_trash_dirs.day | default('*') }}"
-    month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
+    month: "{{ samba_cronjob_trash_dirs.month | default('*') }}"
-    weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
+    weekday: "{{ samba_cronjob_trash_dirs.weekday | default('*') }}"
     user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
     job: "{{ samba_cronjob_trash_dirs.job }}"
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - clean_samba_trash_dirs.found
+    - clean_samba_trash_exists.stat.exists | bool
-  tags:
+    - (clean_samba_trash_dirs.found | int) > 0
-    - samba-server
+  tags: [samba-server, samba-cron]
 
 
 # ---
 # Cronjob for setting permissions on samba shares
 # ---
 
-- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
+- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
-  stat:
+  ansible.builtin.stat:
     path: /root/bin/samba/set_permissions_samba_shares.sh
   register: set_permissions_on_samba_shares_exists
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+    
 
-- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
+- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
-  template: 
+  ansible.builtin.template:
     dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
     src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - set_permissions_on_samba_shares_exists.stat.exists|bool
+    - set_permissions_on_samba_shares_exists.stat.exists | bool
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
+  
-
+    
-
+- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
-- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
+  ansible.builtin.cron:
-  cron:
+    name: "{{ samba_cronjob_permissions.name }}"
-    name: '{{ samba_cronjob_permissions.name }}'
+    minute: "{{ samba_cronjob_permissions.minute }}"
-    minute: '{{ samba_cronjob_permissions.minute }}'
     hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
     day: "{{ samba_cronjob_permissions.day | default('*') }}"
-    month: "{{ samba_cronjob_permissions.month| default('*') }}"
+    month: "{{ samba_cronjob_permissions.month | default('*') }}"
-    weekday: "{{ samba_cronjob_permissions.weekday| default('*') }}"
+    weekday: "{{ samba_cronjob_permissions.weekday | default('*') }}"
     user: "{{ samba_cronjob_permissions.user | default('root') }}"
     job: "{{ samba_cronjob_permissions.job }}"
   when:
-    - "groups['samba_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['samba_server']
-    - clean_samba_trash_dirs.found
+    - (clean_samba_trash_dirs.found | int) > 0     # << int -> bool
-  tags:
+  tags: [samba-server, samba-cron]
-    - samba-server
 
 
 # ---

roles/common/tasks/system-user-systemfiles.yml

@@ -18,9 +18,9 @@
   register: local_template_dir_root
 
 
-# -- 
+# --
-# Copy .profile 
+# Copy .profile
-# --- 
+# ---
 
 - name: (user-systemfiles.yml) Check if users file '.profile.ORIG' exists
   stat:
@@ -42,64 +42,102 @@
   tags:
     - profile
 
+# 1) Für jeden User prüfen, ob eine lokale _profile existiert
+- name: (system-user-systemfiles.yml) stat user _profile
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_profile"
+  delegate_to: localhost
+  become: false
+  loop: "{{ default_user }}"
+  register: profile_stats
+  loop_control:
+    label: "{{ item.name }}"
+
+# 2) Prüfe ob eine lokale default _baschrc existiert
+- name: stat DEFAULT _profile
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile"
+  delegate_to: localhost
+  become: false
+  register: default_profile_stat
+
+# 2) Falls User _profile vorhanden, kopieren
 - name: (system-user-systemfiles.yml) copy .profile if it exists
-  copy:
+  ansible.builtin.copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_profile"
-    dest: "~{{ item.item.name }}/.profile"
+    dest: "~{{ user.name }}/.profile"
-    owner: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    group: "{{ item.item.name }}"
+    group: "{{ user.name }}"
-    mode: 0644
+    mode: "0644"
-  loop: "{{  local_template_dir_system_users.results }}"
+  become: true
+  loop: "{{ default_user | zip(profile_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists | bool
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
+  vars:
-  tags:
+    user: "{{ item.0 }}"
-    - profile
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
 
-- name: (system-user-systemfiles.yml) copy default .profile if it exists
+# 3) Falls nicht vorhanden, DEFAULT nutzen
-  template:
+- name: (system-user-systemfiles.yml) copy default .profile
-    src: files/{{ nis_domain }}/homedirs/DEFAULT/_profile
+  ansible.builtin.copy:
-    dest: "~{{ item.item.name }}/.profile"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/.profile"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  loop: "{{ local_template_dir_system_users.results }}"
+    mode: "0644"
+  become: true
+  loop: "{{ default_user | zip(profile_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists == false
+    - not stat_result.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile')
+    - default_profile_stat.stat.exists | bool
-  tags:
+  vars:
-    - profile
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
 
+# ---
 # -- root user
+# ---
+
 - name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
   stat:
     path: /root/.profile.ORIG
   register: profile_root_orig_exists
   tags:
-    - profile
+    - bash
 
-- name: (system-user-systemfiles.yml) Backup existing users .profile file
+- name: (system-user-systemfiles.yml) Backup /root/.profile file
-  command: cp -a /root/.profile /root/.profile.ORIG
+  command: cp /root/.profile /root/.profile.ORIG
   when: profile_root_orig_exists.stat.exists == False
   tags:
-    - profile
+    - bash
 
-- name: (system-user-systemfiles.yml) copy .profile for user root
+# 1) Prüfen ob die _profile für root auf dem Control-Node existiert
-  copy:
+- name: (system-user-systemfiles.yml) stat root _profile on control node
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile') }}"
+  ansible.builtin.stat:
-    dest: "/root/.profile"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile"
+  delegate_to: localhost
+  become: false
+  register: profile_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.profile auf dem Zielhost
+- name: copy root .profile if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile"
+    dest: /root/.profile
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
-  when:
+  become: true
-    - local_template_dir_root.stat.exists
+  when: profile_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile')
   tags:
-    - profile
+    - bash
+
 
 # --
 # Copy .bashrc
@@ -124,38 +162,68 @@
   tags:
     - bashrc
 
+# 1) Für jeden User prüfen, ob eine lokale _bashrc existiert
+- name: (system-user-systemfiles.yml) stat user _bashrc
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc"
+  delegate_to: localhost
+  become: false
+  loop: "{{ default_user }}"
+  register: bashrc_stats
+  loop_control:
+    label: "{{ item.name }}"
+
+# 2) Prüfe ob eine lokale default _baschrc existiert
+- name: stat DEFAULT _bashrc
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc"
+  delegate_to: localhost
+  become: false
+  register: default_bashrc_stat
+
+# 2) Falls User _bashrc vorhanden, kopieren
 - name: (system-user-systemfiles.yml) copy .bashrc if it exists
-  copy:
+  ansible.builtin.copy:
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc"
-    dest: "~{{ item.item.name }}/.bashrc"
+    dest: "~{{ user.name }}/.bashrc"
-    owner: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    group: "{{ item.item.name }}"
+    group: "{{ user.name }}"
-    mode: 0644
+    mode: "0644"
-  loop: "{{ local_template_dir_system_users.results }}"
+  become: true
+  loop: "{{ default_user | zip(bashrc_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists | bool
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
+  vars:
-  tags:
+    user: "{{ item.0 }}"
-    - bashrc
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
 
-- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
+# 3) Falls nicht vorhanden, DEFAULT nutzen
-  copy:
+- name: (system-user-systemfiles.yml) copy default .bashrc
-    src: files/homedirs/DEFAULT/_bashrc
+  ansible.builtin.copy:
-    dest: "~{{ item.item.name }}/.bashrc"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/.bashrc"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  loop: "{{ local_template_dir_system_users.results }}"
+    mode: "0644"
+  become: true
+  loop: "{{ default_user | zip(bashrc_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists == false
+    - not stat_result.stat.exists
-  tags:
+    - default_bashrc_stat.stat.exists | bool
-    - bashrc
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [bash]
 
+# ---
 # -- root user
+# ---
+
 - name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
   stat:
     path: /root/.bashrc.ORIG
@@ -169,16 +237,24 @@
   tags:
     - bash
 
-- name: (system-user-systemfiles.yml) copy .bashrc for user root
+# 1) Prüfen ob die _bashrc für root auf dem Control-Node existiert
-  copy:
+- name: stat root _bashrc on control node
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc') }}"
+  ansible.builtin.stat:
-    dest: "/root/.bashrc"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc"
+  delegate_to: localhost
+  become: false
+  register: bashrc_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.bashrc auf dem Zielhost
+- name: copy root .bashrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc"
+    dest: /root/.bashrc
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
-  when:
+  become: true
-    - local_template_dir_root.stat.exists
+  when: bashrc_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc')
   tags:
     - bash
 
@@ -186,93 +262,156 @@
 # Copy .vimrc
 # ---
 
-- name: (system-user-systemfiles.yml) copy .vimrc if it exists
+# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert
-  copy:
+- name: (system-user-systemfiles.yml) stat user _vimrc
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc') }}"
+  ansible.builtin.stat:
-    dest: "~{{ item.item.name }}/.vimrc"
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc"
-    owner: "{{ item.item.name }}"
+  delegate_to: localhost
-    group: "{{ item.item.name }}"
+  become: false
-    mode: 0644
+  loop: "{{ default_user }}"
-  loop: "{{ local_template_dir_system_users.results }}"
+  register: vimrc_stats
-  loop_control:
-    label: '{{ item.item.name }}'
-  when:
-    - item.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc')
-  tags:
-    - vimrc
-
-- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
-  local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
-  with_items: "{{ system_users }}"
   loop_control:
     label: '{{ item.name }}'
-  register: local_template_dir_dotvim_default_user
 
+# 2. Falls vorhanden, Datei kopieren
+- name: (system-user-systemfiles.yml) copy .vimrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc"
+    dest: "~{{ user.name }}/.vimrc"
+    owner: "{{ user.name }}"
+    group: "{{ user.name }}"
+    mode: '0644'
+  loop: "{{ default_user | zip(vimrc_stats.results) | list }}"
+  loop_control:
+    label: "{{ user.name }}"
+  when:
+    - stat_result.stat.exists
+  vars:
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags:
+    - bash
+
+
+# 1) Lokal prüfen, ob ~/.vim existiert
+- name: (system-user-systemfiles.yml) stat local .vim for each user
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim"
+  delegate_to: localhost
+  become: false
+  loop: "{{ default_user }}"
+  register: dotvim_stats
+  loop_control:
+    label: "{{ item.name }}"
+
+# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren
 - name: (system-user-systemfiles.yml) copy .vim directory if it exists
-  copy:
+  ansible.builtin.copy:
-    src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
+    # Wichtig: KEINE verschachtelten {{ ... }} im String
-    dest: "~{{ item.item.name }}"
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim"
-    owner: "{{ item.item.name }}"
+    dest: "~{{ user.name }}/"
-    group: "{{ item.item.name }}"
+    mode: preserve           # oder weglassen; 0644 wäre für Verzeichnisse falsch
-    mode: 0644
+  become: true
-  with_items: "{{ local_template_dir_dotvim_default_user.results }}"
+  loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists
+    - stat_result.stat.exists | bool
-  tags:
+  vars:
-    - vimrc
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
 
-- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
+
-  copy:
+# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich)
-    src: files/homedirs/DEFAULT/_vimrc
+- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively
-    dest: "~{{ item.item.name }}/.vimrc"
+  ansible.builtin.file:
-    owner: "{{ item.item.name }}"
+    path: "~{{ user.name }}/.vim"
-    group: "{{ item.item.name }}"
+    owner: "{{ user.name }}"
-    mode: 0644
+    group: "{{ user.name }}"
-  loop: "{{ local_template_dir_system_users.results }}"
+    recurse: true
+    state: directory
+  become: true
+  loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
   loop_control:
-    label: '{{ item.item.name }}'
+    label: "{{ user.name }}"
   when:
-    - item.stat.exists == false
+    - stat_result.stat.exists | bool
-  tags:
+  vars:
-    - vimrc
+    user: "{{ item.0 }}"
+    stat_result: "{{ item.1 }}"
+  tags: [vim]
 
 
-- name: (system-user-systemfiles.yml) copy .vimrc for user root
+# --
-  copy:
+# -- root user
-    src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc') }}"
+# --
-    dest: "/root/.vimrc"
+
+# 1) Prüfen ob die _vimrc für root auf dem Control-Node existiert
+- name: (system-user-systemfiles.yml) stat root _vimrc on control node
+  ansible.builtin.stat:
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc"
+  delegate_to: localhost
+  become: false
+  register: vimrc_root_stat
+
+# 2) Wenn vorhanden, kopieren wir sie nach /root/.vimrc auf dem Zielhost
+- name: (system-user-systemfiles.yml)copy root .vimrc if it exists
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc"
+    dest: /root/.vimrc
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
+  become: true
   when:
-    - local_template_dir_root.stat.exists
+    - vimrc_root_stat.stat.exists
-    - lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc')
   tags:
-    - vimrc
+    - bash
 
-- name: (system-user-systemfiles.yml) Check if local template directory .vim  exists for user root
+ # 1) Lokal prüfen, ob ./files/{{ nis_domain }}/homedirs/root/.vim existiert
-  local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
+- name: (system-user-systemfiles.yml) stat local .vim for root
-  register: local_template_dir_vim_root
+  ansible.builtin.stat:
-  with_items: 'root'
+    path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim"
-  loop_control:
+  delegate_to: localhost
-    label: 'root'
+  become: false
+  register: root_dotvim_stat
+  tags: [vim]
 
-- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
+
-  copy:
+# 2) Wenn vorhanden, nach /root/ kopieren
-    src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
+- name: (system-user-systemfiles.yml) copy root .vim directory if it exists
-    dest: "/root"
+  ansible.builtin.copy:
+    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim"
+    dest: "/root/"
+    mode: preserve         # oder weglassen; nicht 0644 bei Verzeichnissen
+  become: true
+  when:
+    - root_dotvim_stat.stat.exists | bool
+  tags: [vim]
+
+# 2) Wenn vorhanden, nach /root/ kopieren
+#- name: (system-user-systemfiles.yml) rsync root .vim if it exists
+#  ansible.posix.synchronize:
+#    src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim/"
+#    dest: "/root/.vim/"
+#    archive: true
+#    delete: false
+#    rsync_path: "sudo -n rsync"   # -n = kein Passwort-Prompt; erfordert NOPASSWD
+#  delegate_to: localhost
+#  when:
+#    - root_dotvim_stat.stat.exists | bool
+#  tags: [vim]
+
+# 3) Ownership sicherstellen (rekursiv)
+- name: (system-user-systemfiles.yml) ensure ownership on /root/.vim recursively
+  ansible.builtin.file:
+    path: "/root/.vim"
     owner: "root"
     group: "root"
-    mode: 0644
+    recurse: true
-  with_items: "{{ local_template_dir_vim_root.results }}"
+    state: directory
-  loop_control:
+  become: true
-    label: 'root'
   when:
-    - item.stat.exists
+    - root_dotvim_stat.stat.exists | bool
-  tags:
+  tags: [vim]
-    - vim
-
-