From b0d212deecc9c7fed6e607497d8c8bab7e4f7fe3 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Wed, 28 Aug 2019 04:01:06 +0200
Subject: [PATCH] Add task 'nis.yml'.

---
 group_vars/all/main.yml                     |   8 ++
 hosts                                       |   1 +
 roles/common/tasks/main.yml                 |   8 ++
 roles/common/tasks/nis.yml                  | 100 ++++++++++++++++++++
 roles/common/templates/etc/defaultdomain.j2 |   1 +
 roles/common/templates/etc/yp.conf.j2       |  24 +++++
 6 files changed, 142 insertions(+)
 create mode 100644 roles/common/tasks/nis.yml
 create mode 100644 roles/common/templates/etc/defaultdomain.j2
 create mode 100644 roles/common/templates/etc/yp.conf.j2

diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
index 7d1cb35..827db2f 100644
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -86,6 +86,14 @@ samba_shares:
       - margit
       - musa
 
+nis_domain: sprachenatelier.netz
+
+nis_server_address: 192.168.92.10
+
+nis_common_packages:
+  - nis
+  - nscd
+
 nis_deleted_user:
    - name: test-user
    - name: gast
diff --git a/hosts b/hosts
index afc457c..be4a30c 100644
--- a/hosts
+++ b/hosts
@@ -43,6 +43,7 @@ cl106.sprachenatelier.netz
 cl107.sprachenatelier.netz
 cl108.sprachenatelier.netz
 cl109.sprachenatelier.netz
+thunderbolt.local.netz
 
 [file_server]
 file-spr.sprachenatelier.netz
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 1ecb2c4..6ec6280 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -8,6 +8,14 @@
 - import_tasks: nfs.yml
   tags:
     - nfs
+
+# tags supported inside nfs.yml:
+#
+#    nis-install
+- import_tasks: nis.yml
+  tags:
+    - nis
+
 # tags supported inside nis_samba_user.yml:
 #
 #    samba-user
diff --git a/roles/common/tasks/nis.yml b/roles/common/tasks/nis.yml
new file mode 100644
index 0000000..3a00f3d
--- /dev/null
+++ b/roles/common/tasks/nis.yml
@@ -0,0 +1,100 @@
+---
+
+- name: (nis.yml) Set (nis) default domain (/etc/defaultdomain)
+  template:
+    dest: /etc/defaultdomain  
+    src: etc/defaultdomain.j2
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    nis-install
+
+- name: (nis.yml) Create preconfigured /etc/yp.conf on nis clients
+  template:
+    dest: /etc/yp.conf
+    src: etc/yp.conf.j2
+    owner: root
+    group: root
+    mode: 0644
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    nis-install
+
+- name: (nis.yml) Install nis common packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ nis_common_packages }}"
+  tags:
+    - nis-install
+
+- name: (nis.yml) Add '+::::::' to file /etc/passwd
+  lineinfile:
+    path: /etc/passwd
+    line: '+::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+
+- name: (nis.yml) Add '+:::' to file /etc/group
+  lineinfile:
+    path: /etc/group
+    line: '+:::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: root
+    mode: '0644'
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+
+- name: (nis.yml) Add '+::::::::' to file /etc/shadow
+  lineinfile:
+    path: /etc/shadow
+    line: '+::::::::'
+    insertafter: EOF
+    state: present
+    owner: root
+    group: shadow
+    mode: '0640'
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+
+- name: (nis.yml) Check if file '/etc/nsswitch.conf.ORIG' exists
+  stat:
+    path: /etc/nsswitch.conf.ORIG
+  register: nsswitch_conf_orig_exists
+  when:
+    - "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+
+- name: (nis.yml) Backup existing file /etc/nsswitch.conf
+  command: cp -a /etc/nsswitch.conf /etc/nsswitch.conf.ORIG
+  when:
+    - "groups['nis_client']|string is search(inventory_hostname)"
+    - nsswitch_conf_orig_exists.stat.exists == False
+  tags:
+    - nis-install
+
+- name: (nis.yml) Adjust file /etc/nsswitch.conf
+  replace:
+    path: /etc/nsswitch.conf
+    regexp: '(hosts:\s+files)\s+([^nis].*)'
+    replace: '\1 nis \2'
+  when: "groups['nis_client']|string is search(inventory_hostname)"
+  tags:
+    - nis-install
+
+# TODO:
+# /etc/defaul/nis
+# /etc/systemd/system/systemd-logind.service.d/nis_allow_network.conf
+# /etc/systemd/system/rpcbind.socket.d/override.conf
diff --git a/roles/common/templates/etc/defaultdomain.j2 b/roles/common/templates/etc/defaultdomain.j2
new file mode 100644
index 0000000..a016d89
--- /dev/null
+++ b/roles/common/templates/etc/defaultdomain.j2
@@ -0,0 +1 @@
+{{ nis_domain }}
diff --git a/roles/common/templates/etc/yp.conf.j2 b/roles/common/templates/etc/yp.conf.j2
new file mode 100644
index 0000000..257e70c
--- /dev/null
+++ b/roles/common/templates/etc/yp.conf.j2
@@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+# /etc/yp.conf - ypbind configuration file
+# Valid entries are
+#
+# domain NISDOMAIN server HOSTNAME
+#       Use server HOSTNAME for the domain NISDOMAIN.
+#
+# domain NISDOMAIN broadcast
+#       Use  broadcast  on  the local net for domain NISDOMAIN
+#
+# domain NISDOMAIN slp
+#       Query local SLP server for ypserver supporting NISDOMAIN
+#
+# ypserver HOSTNAME
+#       Use server HOSTNAME for the  local  domain.  The
+#       IP-address of server must be listed in /etc/hosts.
+#
+# broadcast
+#       If no server for the default domain is specified or
+#       none of them is rechable, try a broadcast call to
+#       find a server.
+#
+domain {{ nis_domain }} server {{ nis_server_address }}