ansible/nis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ansible:cf4624dc6b586ba279ea1977025305e3c257b201
Branches Tags
ansible:master
...
compare: ansible:master
Branches Tags
ansible:master

4 Commits
cf4624dc6b ... master

Author SHA1 Message Date
Christoph
61a1056abe update.. 2025-10-28 17:01:03 +01:00
Christoph
aba9aa6112 update... 2025-10-28 16:58:27 +01:00
Christoph
8a4da8c615 update.. 2025-10-27 23:17:40 +01:00
Christoph
cfcd9c84ff update.. 2025-10-24 23:45:52 +02:00
23 changed files with 1066 additions and 511 deletions
Expand all files Collapse all files

12
ansible.cfg
View File

@@ -10,7 +10,17 @@
[defaults]
ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# [DEPRECATION WARNING] 'ansible_managed' used in ansible.cfg
#
# The `ansible_managed` variable can be set just like any other variable, or a different
# variable can be used.
#
# Alternatives: Set the `ansible_managed` variable, or use any custom variable in templates.
#
# This feature will be removed from ansible-core version 2.23.
#
#ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#gathering = smart
#fact_caching = jsonfile
#fact_caching_connection = ~/.cache/

36
files/akb.netz/homedirs/DEFAULT/_profile
View File

@@ -1,36 +0,0 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [[ -f /usr/share/mc/bin/mc.sh ]]; then
source /usr/share/mc/bin/mc.sh
fi

7
files/akb.netz/homedirs/DEFAULT/_profile.j2
View File

@@ -48,9 +48,12 @@ export LANG="de_DE.utf8"
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Don't try to mount samba shares if local mount base directory does not exist
[[ -d "/mnt/{{ user.name }}" ]] || return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
USER="{{ user.name }}"
PASSWORD='{{ user.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing

133
files/akb.netz/homedirs/DEFAULT/_profile.j2.00 Normal file
View File

@@ -0,0 +1,133 @@
# {{ ansible_managed }}
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
while ! $_network && [[ $count -lt 5 ]] ; do
echo "sleeping 2 seconds.." >> $_logfile
sleep 2
_addr="$(hostname --ip-address)"
if [ "X$_addr" != "X" ] ; then
_network=true
echo "inet address present: $_addr" >> $_logfile
fi
((count++))
done
fi
for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
else
## - Ubuntu Version >= 14.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done

32
files/anw-kb.netz/homedirs/DEFAULT/_profile
View File

@@ -1,32 +0,0 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi

7
files/anw-kb.netz/homedirs/DEFAULT/_profile.j2
View File

@@ -48,9 +48,12 @@ export LANG="de_DE.utf8"
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Don't try to mount samba shares if local mount base directory does not exist
[[ -d "/mnt/{{ user.name }}" ]] || return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
USER="{{ user.name }}"
PASSWORD='{{ user.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing

36
files/flr.netz/homedirs/DEFAULT/_profile
View File

@@ -1,36 +0,0 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi
if command -v mesg >/dev/null 2>&1; then
mesg n
fi

8
files/flr.netz/homedirs/DEFAULT/_profile.j2
View File

@@ -45,12 +45,14 @@ export LANG="de_DE.utf8"
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Don't try to mount samba shares if local mount base directory does not exist
[[ -d "/mnt/{{ user.name }}" ]] || return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
USER="{{ user.name }}"
PASSWORD='{{ user.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing

133
files/flr.netz/homedirs/DEFAULT/_profile.j2.00 Normal file
View File

@@ -0,0 +1,133 @@
# {{ ansible_managed }}
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
while ! $_network && [[ $count -lt 5 ]] ; do
echo "sleeping 2 seconds.." >> $_logfile
sleep 2
_addr="$(hostname --ip-address)"
if [ "X$_addr" != "X" ] ; then
_network=true
echo "inet address present: $_addr" >> $_logfile
fi
((count++))
done
fi
for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
else
## - Ubuntu Version >= 14.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done

38
files/mbr-bln.netz/homedirs/DEFAULT/_profile
View File

@@ -1,38 +0,0 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi

6
files/mbr-bln.netz/homedirs/DEFAULT/_profile.j2
View File

@@ -51,11 +51,11 @@ export LANG="de_DE.utf8"
# Only try mounting samba shares, if local mount base directory exists.
#
if [[ -d "/mnt/{{ item.item.name }}" ]]; then
if [[ -d "/mnt/{{ user.name }}" ]]; then
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
USER="{{ user.name }}"
PASSWORD='{{ user.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing

140
files/mbr-bln.netz/homedirs/DEFAULT/_profile.j2.00 Normal file
View File

@@ -0,0 +1,140 @@
# {{ ansible_managed }}
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Only try mounting samba shares, if local mount base directory exists.
#
if [[ -d "/mnt/{{ item.item.name }}" ]]; then
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
while ! $_network && [[ $count -lt 5 ]] ; do
echo "sleeping 2 seconds.." >> $_logfile
sleep 2
_addr="$(hostname --ip-address)"
if [ "X$_addr" != "X" ] ; then
_network=true
echo "inet address present: $_addr" >> $_logfile
fi
((count++))
done
fi
for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
else
## - Ubuntu Version >= 14.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done
fi

37
files/sprachenatelier.netz/homedirs/DEFAULT/_profile
View File

@@ -1,37 +0,0 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi

37
files/sprachenatelier.netz/homedirs/DEFAULT/_profile.j2
View File

@@ -31,7 +31,6 @@ fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
@@ -41,52 +40,35 @@ fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# Mount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Don't try to mount samba shares if local mount base directory does not exist
#
[[ -d "/mnt/{{ item.item.name }}" ]] || return
[[ -d "/mnt/{{ user.name }}" ]] || return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
USER="{{ user.name }}"
PASSWORD='{{ user.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
# - uid/gid of the user at fileserver
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
@@ -106,9 +88,9 @@ for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
[ ! -d "$MOUNT_POINT" ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
if ! mount | grep "$MOUNT_POINT" > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
@@ -116,7 +98,6 @@ for dir in $(ls /mnt/$USER) ; do
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
@@ -126,14 +107,12 @@ for dir in $(ls /mnt/$USER) ; do
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done

139
files/sprachenatelier.netz/homedirs/DEFAULT/_profile.j2.00 Normal file
View File

@@ -0,0 +1,139 @@
# {{ ansible_managed }}
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
# this is for the midnight-commander
# to become the last directory the midnight commander was in
# as the current directory when leaving the midnight commander
#
if [ -f "/usr/share/mc/bin/mc.sh" ]; then
source /usr/share/mc/bin/mc.sh
elif [ -f "/usr/lib/mc/bin/mc.sh" ] ; then
source /usr/lib/mc/bin/mc.sh
fi
export LANG="de_DE.utf8"
# ---
# Mmount samba shares
# ---
# Don't try to mount samba shares if login at samba server
#
[[ "$(hostname --long)" = "{{ samba_server }}" ]] && return
# Don't try to mount samba shares if local mount base directory does not exist
#
[[ -d "/mnt/{{ item.item.name }}" ]] || return
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#
# SEC="ntlmv2i"
#
# Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
#
# SEC="ntlmsspi"
#
SEC="ntlmsspi"
# - uid/guid of the user at fielserver
# -
_UID="$(id -u)"
_GID="$(id -g)"
# Logfile to see what happened..
#
_logfile=/tmp/profile_${USER}.log
echo "" > $_logfile
echo "$(date +"%Y-%m-%d-%H%M")" >> $_logfile
# Network present
#
_network=false
if [ "X$_addr" = "X" ] ; then
echo "no inet address assigned yet.." >> $_logfile
declare -i count=1
while ! $_network && [[ $count -lt 5 ]] ; do
echo "sleeping 2 seconds.." >> $_logfile
sleep 2
_addr="$(hostname --ip-address)"
if [ "X$_addr" != "X" ] ; then
_network=true
echo "inet address present: $_addr" >> $_logfile
fi
((count++))
done
fi
for dir in $(ls /mnt/$USER) ; do
MOUNT_POINT=/mnt/$USER/$dir
SHARE=$dir
[ ! -d $MOUNT_POINT ] && continue
if ! mount | grep $MOUNT_POINT > /dev/null ; then
echo "Going to mount share '${SHARE}' .." >> $_logfile
if [ -x /usr/bin/smb4k_mount ]; then
## - Ubuntu <= 12.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID,vers=$VERSION \
sudo /usr/bin/smb4k_mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$_UID,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
else
## - Ubuntu Version >= 14.04
if [[ "$VERSION" = "1.0" ]]; then
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,vers=1.0 \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
else
#sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,cifsacl,uid=$USER,sec=${SEC},vers=$VERSION \
sudo /bin/mount -o user=$USER,password=$PASSWORD,iocharset=utf8,uid=$USER,gid=$_GID \
-n -t cifs //$SERVER/$SHARE $MOUNT_POINT >> $_logfile 2>&1
fi
fi
else
echo "mount point $MOUNT_POINT already exists. nothing left to do.." >> $_logfile
fi
done

5
group_vars/all/main.yml
View File

@@ -1,5 +1,10 @@
---
ansible_managed: >
*** ANSIBLE MANAGED FILE - DO NOT EDIT ***
This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }}
ansible_python_interpreter: /usr/bin/python3

9
group_vars/flr.yml
View File

@@ -259,6 +259,15 @@ remove_nis_users: []
nis_user:
- name: ckubu-test
groups:
- amif
- foerderung
- quali
- team
is_samba_user: true
password: '20/cku-bu.test_24%'
- name: chris
groups:
- team

9
group_vars/mbr.yml
View File

@@ -462,6 +462,7 @@ nis_user:
- all-users
- buero-scan
- bgn
- mbr-buero
is_samba_user: true
password: 'LSr-tjo.U73V'
@@ -601,6 +602,14 @@ nis_user:
is_samba_user: true
password: 'G6Hz.ev/e24E'
- name: doku.mbr6
groups:
- all-users
- buero-scan
- mbr-buero
is_samba_user: true
password: 'RIm/-f6.7.wa'
- name: florian.heuermann
groups:
- all-users

8
group_vars/sprachenatelier.yml
View File

@@ -134,6 +134,7 @@ nis_groups:
# - name: simone
nis_user:
- name: chris
groups:
- intern
@@ -162,6 +163,13 @@ nis_user:
is_samba_user: true
password: 's2016bp'
- name: buero2
groups:
- intern
- buero
is_samba_user: true
password: 's2025bp2'
- name: chema
groups:
- intern

10
roles/common/tasks/apt.yml
View File

@@ -30,13 +30,11 @@
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
#args:
# warn: false
changed_when: _dpkg_configure.stdout_lines
- name: (apt.yml) Configure any half-installed packages 'dpkg --configure -a'
ansible.builtin.command: dpkg --configure -a
register: _dpkg_configure
changed_when: (_dpkg_configure.stdout | default('')) | length > 0
failed_when: _dpkg_configure.rc != 0
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure

223
roles/common/tasks/nis-user-systemfiles.yml
View File

@@ -51,37 +51,38 @@
tags:
- profile
- name: (nis-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- name: (nis-user-systemfiles.yml) copy default .profile if it exists
template:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
# 1) Für jeden NIS-User prüfen, ob eine lokale _profile.j2 existiert
- name: (nis-user-systemfiles.yml) stat user _profile.j2
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile.j2"
delegate_to: localhost
become: false
loop: "{{ nis_user }}"
register: profile_template_stats
loop_control:
label: '{{ item.item.name }}'
label: "{{ item.name }}"
# 2) Falls _profile.j2 vorhanden, .profile aus Template rendern
- name: (nis-user-systemfiles.yml) template .profile if _profile.j2 exists
ansible.builtin.template:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile.j2"
dest: "~{{ user.name }}/.profile"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ nis_user | zip(profile_template_stats.results) | list }}"
loop_control:
label: "{{ user.name }}"
when:
- item.stat.exists == false
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile.j2')
tags:
- profile
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
# --
@@ -107,92 +108,118 @@
tags:
- bashrc
- name: (nis-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
# 1) Für jeden NIS-User prüfen, ob eine lokale _bashrc existiert
- name: (system-user-systemfiles.yml) stat user _bashrc
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc"
delegate_to: localhost
become: false
loop: "{{ nis_user }}"
register: bashrc_stats
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
label: "{{ item.name }}"
- name: (nis-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_bashrc' }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
# 2) Falls User _bashrc vorhanden, kopieren
- name: (system-user-systemfiles.yml) copy .bashrc if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc"
dest: "~{{ user.name }}/.bashrc"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ nis_user | zip(bashrc_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists == false
tags:
- bashrc
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
# --
# Copy .vimrc
# ---
- name: (nis-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (nis-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
with_items: "{{ nis_user }}"
# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert
- name: (system-user-systemfiles.yml) stat user _vimrc
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc"
delegate_to: localhost
become: false
loop: "{{ nis_user }}"
register: vimrc_stats
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
- name: (nis-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
# 2. Falls vorhanden, Datei kopieren
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc"
dest: "~{{ user.name }}/.vimrc"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: '0644'
loop: "{{ nis_user | zip(vimrc_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists
- stat_result.stat.exists
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags:
- vimrc
- bash
- name: (nis-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: "{{ 'files/' + nis_domain + '/homedirs/DEFAULT/_vimrc' }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_nis_user.results }}"
# 1) Lokal prüfen, ob ~/.vim existiert
- name: (system-user-systemfiles.yml) stat local .vim for each user
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim"
delegate_to: localhost
become: false
loop: "{{ nis_user }}"
register: dotvim_stats
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists == false
tags:
- vimrc
label: "{{ item.name }}"
# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren
- name: (system-user-systemfiles.yml) copy .vim directory if it exists
ansible.builtin.copy:
# Wichtig: KEINE verschachtelten {{ ... }} im String
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim"
dest: "~{{ user.name }}/"
mode: preserve # oder weglassen; 0644 wäre für Verzeichnisse falsch
become: true
loop: "{{ nis_user | zip(dotvim_stats.results) | list }}"
loop_control:
label: "{{ user.name }}"
when:
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [vim]
# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich)
- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively
ansible.builtin.file:
path: "~{{ user.name }}/.vim"
owner: "{{ user.name }}"
group: "{{ user.name }}"
recurse: true
state: directory
become: true
loop: "{{ nis_user | zip(dotvim_stats.results) | list }}"
loop_control:
label: "{{ user.name }}"
when:
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [vim]

69
roles/common/tasks/samba-install.yml
View File

@@ -107,65 +107,63 @@
- samba-server
- name: (samba-install.yml) Check if cleaning up trash dirs is configured
lineinfile:
- name: (samba-config-server.yml) Check if cleaning up trash dirs is configured
ansible.builtin.lineinfile:
path: /root/bin/samba/conf/clean_samba_trash.conf
regexp: "^trash_dirs=*"
regexp: '^trash_dirs=*'
state: absent
check_mode: yes
check_mode: true
changed_when: false
register: clean_samba_trash_dirs
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- inventory_hostname in groups['samba_server']
tags: [samba-server, samba-cron]
- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_trash_dirs.name }}'
minute: '{{ samba_cronjob_trash_dirs.minute }}'
- name: (samba-config-server.yml) Creates a cron job for cleaning up samba trash dirs
ansible.builtin.cron:
name: "{{ samba_cronjob_trash_dirs.name }}"
minute: "{{ samba_cronjob_trash_dirs.minute }}"
hour: "{{ samba_cronjob_trash_dirs.hour | default('*') }}"
day: "{{ samba_cronjob_trash_dirs.hour.day | default('*') }}"
month: "{{ samba_cronjob_trash_dirs.hour.month| default('*') }}"
weekday: "{{ samba_cronjob_trash_dirs.hour.weekday| default('*') }}"
day: "{{ samba_cronjob_trash_dirs.day | default('*') }}"
month: "{{ samba_cronjob_trash_dirs.month | default('*') }}"
weekday: "{{ samba_cronjob_trash_dirs.weekday | default('*') }}"
user: "{{ samba_cronjob_trash_dirs.user | default('root') }}"
job: "{{ samba_cronjob_trash_dirs.job }}"
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- clean_samba_trash_dirs.found
tags:
- samba-server
- inventory_hostname in groups['samba_server']
- clean_samba_trash_exists.stat.exists | bool
- (clean_samba_trash_dirs.found | int) > 0
tags: [samba-server, samba-cron]
# ---
# Cronjob for setting permissions on samba shares
# ---
- name: (samba-install.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
stat:
- name: (samba-config-server.yml) Check if file '/root/bin/samba/set_permissions_samba_shares.sh' exists
ansible.builtin.stat:
path: /root/bin/samba/set_permissions_samba_shares.sh
register: set_permissions_on_samba_shares_exists
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- inventory_hostname in groups['samba_server']
tags: [samba-server, samba-cron]
- name: (samba-install.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
template:
- name: (samba-config-server.yml) Adjust configuration for script 'set_permissions_samba_shares.sh'
ansible.builtin.template:
dest: /root/bin/samba/conf/set_permissions_samba_shares.conf
src: root/bin/samba/conf/set_permissions_samba_shares.conf.j2
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- inventory_hostname in groups['samba_server']
- set_permissions_on_samba_shares_exists.stat.exists | bool
tags:
- samba-server
tags: [samba-server, samba-cron]
- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_permissions.name }}'
minute: '{{ samba_cronjob_permissions.minute }}'
- name: (samba-config-server.yml) Creates a cron job for setting permissions to samba dirs
ansible.builtin.cron:
name: "{{ samba_cronjob_permissions.name }}"
minute: "{{ samba_cronjob_permissions.minute }}"
hour: "{{ samba_cronjob_permissions.hour | default('*') }}"
day: "{{ samba_cronjob_permissions.day | default('*') }}"
month: "{{ samba_cronjob_permissions.month | default('*') }}"
@@ -173,10 +171,9 @@
user: "{{ samba_cronjob_permissions.user | default('root') }}"
job: "{{ samba_cronjob_permissions.job }}"
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- clean_samba_trash_dirs.found
tags:
- samba-server
- inventory_hostname in groups['samba_server']
- (clean_samba_trash_dirs.found | int) > 0 # << int -> bool
tags: [samba-server, samba-cron]
# ---

419
roles/common/tasks/system-user-systemfiles.yml
View File

@@ -42,64 +42,102 @@
tags:
- profile
# 1) Für jeden User prüfen, ob eine lokale _profile existiert
- name: (system-user-systemfiles.yml) stat user _profile
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_profile"
delegate_to: localhost
become: false
loop: "{{ default_user }}"
register: profile_stats
loop_control:
label: "{{ item.name }}"
# 2) Prüfe ob eine lokale default _baschrc existiert
- name: stat DEFAULT _profile
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile"
delegate_to: localhost
become: false
register: default_profile_stat
# 2) Falls User _profile vorhanden, kopieren
- name: (system-user-systemfiles.yml) copy .profile if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile') }}"
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_profile"
dest: "~{{ user.name }}/.profile"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ default_user | zip(profile_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_profile')
tags:
- profile
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
- name: (system-user-systemfiles.yml) copy default .profile if it exists
template:
src: files/{{ nis_domain }}/homedirs/DEFAULT/_profile
dest: "~{{ item.item.name }}/.profile"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
# 3) Falls nicht vorhanden, DEFAULT nutzen
- name: (system-user-systemfiles.yml) copy default .profile
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_profile"
dest: "~{{ user.name }}/.profile"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ default_user | zip(profile_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists == false
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/DEFAULT/_profile')
tags:
- profile
- not stat_result.stat.exists
- default_profile_stat.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
# ---
# -- root user
# ---
- name: (system-user-systemfiles.yml) Check if file '/root/.profile.ORIG' exists
stat:
path: /root/.profile.ORIG
register: profile_root_orig_exists
tags:
- profile
- bash
- name: (system-user-systemfiles.yml) Backup existing users .profile file
command: cp -a /root/.profile /root/.profile.ORIG
- name: (system-user-systemfiles.yml) Backup /root/.profile file
command: cp /root/.profile /root/.profile.ORIG
when: profile_root_orig_exists.stat.exists == False
tags:
- profile
- bash
- name: (system-user-systemfiles.yml) copy .profile for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile') }}"
dest: "/root/.profile"
# 1) Prüfen ob die _profile für root auf dem Control-Node existiert
- name: (system-user-systemfiles.yml) stat root _profile on control node
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile"
delegate_to: localhost
become: false
register: profile_root_stat
# 2) Wenn vorhanden, kopieren wir sie nach /root/.profile auf dem Zielhost
- name: copy root .profile if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_profile"
dest: /root/.profile
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_profile')
mode: '0644'
become: true
when: profile_root_stat.stat.exists
tags:
- profile
- bash
# --
# Copy .bashrc
@@ -124,38 +162,68 @@
tags:
- bashrc
# 1) Für jeden User prüfen, ob eine lokale _bashrc existiert
- name: (system-user-systemfiles.yml) stat user _bashrc
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_bashrc"
delegate_to: localhost
become: false
loop: "{{ default_user }}"
register: bashrc_stats
loop_control:
label: "{{ item.name }}"
# 2) Prüfe ob eine lokale default _baschrc existiert
- name: stat DEFAULT _bashrc
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc"
delegate_to: localhost
become: false
register: default_bashrc_stat
# 2) Falls User _bashrc vorhanden, kopieren
- name: (system-user-systemfiles.yml) copy .bashrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc') }}"
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_bashrc"
dest: "~{{ user.name }}/.bashrc"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ default_user | zip(bashrc_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_bashrc')
tags:
- bashrc
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
- name: (system-user-systemfiles.yml) copy default .bashrc if it exists
copy:
src: files/homedirs/DEFAULT/_bashrc
dest: "~{{ item.item.name }}/.bashrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
# 3) Falls nicht vorhanden, DEFAULT nutzen
- name: (system-user-systemfiles.yml) copy default .bashrc
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/DEFAULT/_bashrc"
dest: "~{{ user.name }}/.bashrc"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: "0644"
become: true
loop: "{{ default_user | zip(bashrc_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists == false
tags:
- bashrc
- not stat_result.stat.exists
- default_bashrc_stat.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [bash]
# ---
# -- root user
# ---
- name: (system-user-systemfiles.yml) Check if file '/root/.bashrc.ORIG' exists
stat:
path: /root/.bashrc.ORIG
@@ -169,16 +237,24 @@
tags:
- bash
- name: (system-user-systemfiles.yml) copy .bashrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc') }}"
dest: "/root/.bashrc"
# 1) Prüfen ob die _bashrc für root auf dem Control-Node existiert
- name: stat root _bashrc on control node
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc"
delegate_to: localhost
become: false
register: bashrc_root_stat
# 2) Wenn vorhanden, kopieren wir sie nach /root/.bashrc auf dem Zielhost
- name: copy root .bashrc if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_bashrc"
dest: /root/.bashrc
owner: root
group: root
mode: 0644
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_bashrc')
mode: '0644'
become: true
when: bashrc_root_stat.stat.exists
tags:
- bash
@@ -186,93 +262,156 @@
# Copy .vimrc
# ---
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc') }}"
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
- item.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/_vimrc')
tags:
- vimrc
- name: (system-user-systemfiles.yml) Check if .vim directory exists for default users
local_action: stat path={{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim
with_items: "{{ system_users }}"
# 1. Prüfen, ob für jeden User ein lokales _vimrc existiert
- name: (system-user-systemfiles.yml) stat user _vimrc
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/_vimrc"
delegate_to: localhost
become: false
loop: "{{ default_user }}"
register: vimrc_stats
loop_control:
label: '{{ item.name }}'
register: local_template_dir_dotvim_default_user
# 2. Falls vorhanden, Datei kopieren
- name: (system-user-systemfiles.yml) copy .vimrc if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/_vimrc"
dest: "~{{ user.name }}/.vimrc"
owner: "{{ user.name }}"
group: "{{ user.name }}"
mode: '0644'
loop: "{{ default_user | zip(vimrc_stats.results) | list }}"
loop_control:
label: "{{ user.name }}"
when:
- stat_result.stat.exists
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags:
- bash
# 1) Lokal prüfen, ob ~/.vim existiert
- name: (system-user-systemfiles.yml) stat local .vim for each user
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ item.name }}/.vim"
delegate_to: localhost
become: false
loop: "{{ default_user }}"
register: dotvim_stats
loop_control:
label: "{{ item.name }}"
# 2) Wenn vorhanden, .vim-Verzeichnis ins Home des Users kopieren
- name: (system-user-systemfiles.yml) copy .vim directory if it exists
copy:
src: "{{ inventory_dir + '/files/' + nis_domain + '/homedirs/' + item.item.name + '/.vim' }}"
dest: "~{{ item.item.name }}"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
with_items: "{{ local_template_dir_dotvim_default_user.results }}"
ansible.builtin.copy:
# Wichtig: KEINE verschachtelten {{ ... }} im String
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/{{ user.name }}/.vim"
dest: "~{{ user.name }}/"
mode: preserve # oder weglassen; 0644 wäre für Verzeichnisse falsch
become: true
loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists
tags:
- vimrc
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [vim]
- name: (system-user-systemfiles.yml) copy default .vimrc if it exists
copy:
src: files/homedirs/DEFAULT/_vimrc
dest: "~{{ item.item.name }}/.vimrc"
owner: "{{ item.item.name }}"
group: "{{ item.item.name }}"
mode: 0644
loop: "{{ local_template_dir_system_users.results }}"
# 3) Ownership/Gruppe rekursiv korrigieren (falls gewünscht/erforderlich)
- name: (system-user-systemfiles.yml) ensure ownership on ~/.vim recursively
ansible.builtin.file:
path: "~{{ user.name }}/.vim"
owner: "{{ user.name }}"
group: "{{ user.name }}"
recurse: true
state: directory
become: true
loop: "{{ default_user | zip(dotvim_stats.results) | list }}"
loop_control:
label: '{{ item.item.name }}'
label: "{{ user.name }}"
when:
- item.stat.exists == false
tags:
- vimrc
- stat_result.stat.exists | bool
vars:
user: "{{ item.0 }}"
stat_result: "{{ item.1 }}"
tags: [vim]
- name: (system-user-systemfiles.yml) copy .vimrc for user root
copy:
src: "{{ lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc') }}"
dest: "/root/.vimrc"
# --
# -- root user
# --
# 1) Prüfen ob die _vimrc für root auf dem Control-Node existiert
- name: (system-user-systemfiles.yml) stat root _vimrc on control node
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc"
delegate_to: localhost
become: false
register: vimrc_root_stat
# 2) Wenn vorhanden, kopieren wir sie nach /root/.vimrc auf dem Zielhost
- name: (system-user-systemfiles.yml)copy root .vimrc if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/_vimrc"
dest: /root/.vimrc
owner: root
group: root
mode: 0644
mode: '0644'
become: true
when:
- local_template_dir_root.stat.exists
- lookup('fileglob', inventory_dir + '/files/' + nis_domain + '/homedirs/root/_vimrc')
- vimrc_root_stat.stat.exists
tags:
- vimrc
- bash
- name: (system-user-systemfiles.yml) Check if local template directory .vim exists for user root
local_action: stat path={{ inventory_dir }}/files/homedirs/root/.vim
register: local_template_dir_vim_root
with_items: 'root'
loop_control:
label: 'root'
# 1) Lokal prüfen, ob ./files/{{ nis_domain }}/homedirs/root/.vim existiert
- name: (system-user-systemfiles.yml) stat local .vim for root
ansible.builtin.stat:
path: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim"
delegate_to: localhost
become: false
register: root_dotvim_stat
tags: [vim]
- name: (system-user-systemfiles.yml) copy .vim directory for user root if it exists
copy:
src: "{{ inventory_dir + '/files/homedirs/root/.vim' }}"
dest: "/root"
# 2) Wenn vorhanden, nach /root/ kopieren
- name: (system-user-systemfiles.yml) copy root .vim directory if it exists
ansible.builtin.copy:
src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim"
dest: "/root/"
mode: preserve # oder weglassen; nicht 0644 bei Verzeichnissen
become: true
when:
- root_dotvim_stat.stat.exists | bool
tags: [vim]
# 2) Wenn vorhanden, nach /root/ kopieren
#- name: (system-user-systemfiles.yml) rsync root .vim if it exists
# ansible.posix.synchronize:
# src: "{{ inventory_dir }}/files/{{ nis_domain }}/homedirs/root/.vim/"
# dest: "/root/.vim/"
# archive: true
# delete: false
# rsync_path: "sudo -n rsync" # -n = kein Passwort-Prompt; erfordert NOPASSWD
# delegate_to: localhost
# when:
# - root_dotvim_stat.stat.exists | bool
# tags: [vim]
# 3) Ownership sicherstellen (rekursiv)
- name: (system-user-systemfiles.yml) ensure ownership on /root/.vim recursively
ansible.builtin.file:
path: "/root/.vim"
owner: "root"
group: "root"
mode: 0644
with_items: "{{ local_template_dir_vim_root.results }}"
loop_control:
label: 'root'
recurse: true
state: directory
become: true
when:
- item.stat.exists
tags:
- vim
- root_dotvim_stat.stat.exists | bool
tags: [vim]