jotbe/ansible-role-common
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Compare commits

base: jotbe:7c6810a9459ab59196779a0e10a6a3178eb7c526
Branches Tags
jotbe:master
jotbe:bugfix/docker-users-group
jotbe:feature/debian-bullseye
jotbe:feature/optional_install_of_ansible
jotbe:1.0.0
...
compare: jotbe:ef9cfb8ced51987b316204d1e3909ae69c05cd03
Branches Tags
jotbe:master
jotbe:bugfix/docker-users-group
jotbe:feature/debian-bullseye
jotbe:feature/optional_install_of_ansible
jotbe:1.0.0

16 commits
7c6810a945 ... ef9cfb8ced

Author SHA1 Message Date
Jan Beilicke
ef9cfb8ced Adds option to make authorized_keys exclusive (default: false) 2023-12-10 15:30:25 +01:00
Jan Beilicke
0a845c7097 Fixes merge conflicts 2023-12-10 15:30:14 +01:00
Jan Beilicke
0eb60eb187 Do not set locales if in chroot environment (localectl not supported in chroot) 2022-04-04 22:05:35 +02:00
Jan Beilicke
1cbbba0dea Allows to skip provisioning of the firewall 2022-04-04 21:31:45 +02:00
Jan Beilicke
2f9c04c49f Adds some meta information 2022-03-28 21:57:31 +02:00
Jan Beilicke
01d8b7e3dc Python3 for Debian 2022-03-28 21:20:13 +02:00
Jan Beilicke
56c7b95bb5 Fixed merge 2021-05-23 14:36:22 +02:00
Jan Beilicke
1105acdcc1 Install tmuxp 2021-05-23 14:34:54 +02:00
Jan Beilicke
8194cd6799 Pacman should update the cache before installing packages 2021-05-23 14:14:55 +02:00
Jan Beilicke
6335b7735a Makes installation of Ansible optional (default: no) and installs additional python libraries (#2) 
Fixed accidental change of default update_hostname behaviour

Makes installation of Ansible optional (default: no) and installs additional python libraries

Co-authored-by: Jan Beilicke <dev@jotbe.io>
 2021-03-27 13:31:24 +00:00
Jan Beilicke
0448703897 Fixed accidental change of default update_hostname behaviour 2021-03-27 14:29:36 +01:00
Jan Beilicke
2a27db4ba8 Makes installation of Ansible optional (default: no) and installs additional python libraries 2021-03-27 14:27:02 +01:00
Jan Beilicke
2953f200a1 Merge branch 'feature/sudoers_revamp' of jotbe/ansible-role-common into master 2021-03-27 13:06:18 +00:00
Jan Beilicke
5397ef058a Updated README 2021-03-27 14:01:47 +01:00
Jan Beilicke
ffa58f35e3 Allows toggling sudo: with password and group sudo, passwordless with group wheel 
The default behaviour is to activate both password-based sudo through the group sudo and
passwordless sudo through group wheel (to not break compatibility with previous behaviour).
 2021-03-27 13:53:24 +01:00
Jan Beilicke
fa1f9e2bf5 Use python3 to install Ansible 2021-03-27 01:02:02 +01:00
6 changed files with 106 additions and 43 deletions
Show stats Expand all files Collapse all files

17
README.md
View file

@ -12,16 +12,26 @@ Role Variables
Defaults:
```
hostname: {{ inventory_hostname }}
update_hostname: no
hostname: "{{ inventory_hostname }}"
update_hostname: yes
locales_gen:
- en_US.UTF-8
- de_DE.UTF-8
locales_default: de_DE.UTF-8
x11_keymap: de
users:
- vagrant
sudoers:
- vagrant
enable_ansible: no
# Will install a specific Ansible version on the target host
ensure_ansible_version: 2.10.3
# Allow sudo with a password (applied to group sudo)
enable_sudo: yes
# Allow passwordless sudo (applied to group wheel)
enable_passwordless_sudo: yes
# Skip provisioning of the firewall
skip_firewall: no
```
Dependencies
@ -33,7 +43,8 @@ Example Playbook
License
-------
MIT
- BSD-3-Clause
- MIT
Author Information
------------------

11
defaults/main.yml
View file

@ -1,6 +1,6 @@
---
# defaults file for common
hostname: '{{ inventory_hostname }}'
hostname: "{{ inventory_hostname }}"
update_hostname: yes
locales_gen:
- en_US.UTF-8
@ -11,4 +11,13 @@ users:
- vagrant
sudoers:
- vagrant
enable_ansible: no
# Will install a specific Ansible version on the target host
ensure_ansible_version: 2.10.3
# Allow sudo with a password (applied to group sudo)
enable_sudo: yes
# Allow passwordless sudo (applied to group wheel)
enable_passwordless_sudo: yes
# Skip provisioning of the firewall
skip_firewall: no
authorized_keys_are_exclusive: false # Be careful, this will delete non-Ansible-managed authorized keys from the target!

10
meta/main.yml
View file

@ -1,7 +1,7 @@
galaxy_info:
author: your name
description: your description
company: your company (optional)
author: jotbe
description: Common packages and configuration
company: ""
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
@ -14,7 +14,9 @@ galaxy_info:
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
license:
- BSD-3-Clause
- MIT
min_ansible_version: 2.4

2
tasks/ansible-debian.yml
View file

@ -1,4 +1,4 @@
---
- name: Install Ansible
raw: which ansible || pip3 install ansible
raw: which ansible || python3 -m pip install ansible
changed_when: false

19
tasks/main.yml
View file

@ -12,10 +12,13 @@
import_role:
name: geerlingguy.firewall
tags: firewall
when: not skip_firewall
- include: locales-debian.yml
become: true
when: ansible_facts['os_family'] == 'Debian'
when:
- ansible_facts['os_family'] == 'Debian'
- not ansible_is_chroot
- include: users.yml
become: true
@ -28,10 +31,12 @@
pacman:
name: "{{ packages }}"
state: present
#update_cache: yes
update_cache: yes
vars:
packages:
- python-pip
- python-setuptools
- python-virtualenv
- htop
- tmux
become: yes
@ -44,6 +49,9 @@
#update_cache: yes
vars:
packages:
- python3-pip
- python3-setuptools
- python3-virtualenv
- apt-transport-https
- htop
- tmux
@ -53,3 +61,10 @@
- name: Install Ansible
pip:
name: ansible=={{ ensure_ansible_version }}
when: enable_ansible
- name: Install tmuxp
pip:
name:
- tmuxp
state: present

70
tasks/users.yml
View file

@ -5,51 +5,77 @@
- sudo
when: ansible_facts['os_family'] == 'FreeBSD'
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: /usr/local/etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
when: ansible_facts['os_family'] == 'FreeBSD'
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
when:
- ansible_facts['os_family'] in ['Debian', 'Archlinux']
- name: 'Create users with corresponding groups'
user:
name: "{{ item }}"
groups: users
with_items: "{{ users }}"
- block:
- name: 'Ensure that sudo group is existing'
group:
name: sudo
state: present
- name: 'Allow sudo group to do sudo'
lineinfile:
dest: "{{ lookup('first_found', files, errors='ignore') }}"
state: present
regexp: '^#?\s*%sudo'
line: '%sudo ALL=(ALL) ALL'
validate: visudo -cf %s
vars:
files:
- /etc/sudoers
- /usr/local/etc/sudoers # e.g. FreeBSD
- name: 'Add sudoers user to sudo group'
user:
name: "{{ item }}"
groups: sudo
append: yes
with_items: "{{ sudoers }}"
when:
- enable_sudo
- not enable_passwordless_sudo
- name: 'Add corresponding authorized_keys to each user'
authorized_key:
user: "{{ item }}"
state: present
key: "{{ lookup('file', 'public_keys/id_{{ item }}.pub') }}"
exclusive: "{{ authorized_keys_are_exclusive | bool }}"
with_items: "{{ users }}"
ignore_errors: yes
ignore_errors: true
- name: 'Ensure that wheel group is existing'
- block:
- name: 'Ensure that wheel group is existing'
group:
name: wheel
state: present
- name: 'Add sudoers user to wheel group'
- name: 'Add sudoers user to wheel group'
user:
name: "{{ item }}"
groups: wheel
append: yes
with_items: "{{ sudoers }}"
- name: 'Allow wheel group to do passwordless sudo'
lineinfile:
dest: "{{ lookup('first_found', files, errors='ignore') }}"
state: present
regexp: '^%wheel'
line: '%wheel ALL=(ALL) NOPASSWD:ALL'
validate: visudo -cf %s
vars:
files:
- /etc/sudoers
- /usr/local/etc/sudoers # e.g. FreeBSD
when:
- enable_sudo
- enable_passwordless_sudo
- name: Copy tmux config
copy:
src: files/tmux.conf