diff --git a/.yamllint b/.yamllint index e9713ae..f7347ec 100644 --- a/.yamllint +++ b/.yamllint @@ -2,7 +2,7 @@ extends: default rules: - # 170 chars should be enough, but don't fail if a line is longer + # 310 chars should be enough, but don't fail if a line is longer line-length: - max: 170 + max: 310 level: warning diff --git a/README.md b/README.md index 3afc0e6..553e823 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ And it is possible to delete users too. + ``l3d.users.user``: [roles/user](roles/user) ![logo](https://ansible.l3d.space/svg/l3d.users.user_ansible-role.svg) + ``l3d.users.admin``: [roles/admin](roles/admin) ![logo](https://ansible.l3d.space/svg/l3d.users.admin_ansible-role.svg) + ``l3d.users.sshd``: [roles/sshd](roles/admin) ![logo](https://ansible.l3d.space/svg/l3d.users.sshd_ansible-role.svg) ++ ``l3d.users.dotfiles``: [roles/dotfiles](roles/dotfiles) ![logo](https://ansible.l3d.space/svg/l3d.users.dotfiles_ansible-role.svg) ## Using this Collection You can install the collection using ansible-galaxy by running: @@ -70,9 +71,11 @@ The Option of these directory-variables are the following. | ``pubkeys`` | string or lookup | - | see examples | | ``exklusive_pubkeys`` | ``true`` | - | delete all undefined ssh keys | | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | +| ``bashrc`` | list | - | adding additional content to l3d.users.dotfiles to .bashrc | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | + +There is also the ``l3d_users__ssh_login`` variable which only supports ``name`` and ``state``. It can be used to whitelist users to the sshd config. ### Other variables | name | default value | description | @@ -99,6 +102,20 @@ The Option of these directory-variables are the following. | ``l3d_users__sshd_manage_macs`` | ``true`` | Manage Used MACs | | ``l3d_users__sshd_macs`` | ``['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512']`` | Used MACs | | ``l3d_users__sshd_xforwarding`` |``true`` | Enable X-Forwarding | +| ``l3d_users__bashrc`` | ``true`` | Configure bashrc | +| ``l3d_users__dotfiles__bash_completion_enabled`` | ``true`` | Enable bash completion | +| ``l3d_users__dotfiles__aliases`` | *see [defaults/main.yml](defaults/main.yml)* | A predefined list of usefull aliases for your bash config | +| ``dotfiles__additional_user_bashrc_lines`` | ``[]`` | variable for additional bashrc lines | +| ``l3d_users__bashrc_path`` | ``$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH``| bashrc $PATH | +| ``l3d_users__dotfiles__user_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for users | +| ``l3d_users__dotfiles__root_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for root | +| ``l3d_users__dotfiles__history_control`` | ``ignoreboth`` | bashrc history control | +| ``l3d_users__dotfiles__history_size`` | ``-1`` | bashrc history size | +| ``l3d_users__dotfiles__history_file_size`` | ``-1`` | bashrc history filesize | +| ``l3d_users__vimrc`` | ``true`` | Create vim config | +| ``l3d_users__vim_colorscheme`` | ``elflord`` | Configure vim colorscheme | +| ``l3d_users__tmuxcfg`` | ``true`` | Create Tmux Config | +| ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | | ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | ## Requirements diff --git a/roles/admin/.yamllint b/roles/admin/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/admin/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/admin/README.md b/roles/admin/README.md index f8acf49..462b140 100644 --- a/roles/admin/README.md +++ b/roles/admin/README.md @@ -31,7 +31,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | ### Other diff --git a/roles/admin/tasks/users.yml b/roles/admin/tasks/users.yml index a82a2f9..aee20e8 100644 --- a/roles/admin/tasks/users.yml +++ b/roles/admin/tasks/users.yml @@ -11,7 +11,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and user.admin | default(false) | bool and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' and user.admin | default(false) | bool - name: Remove superpowers from Users become: true diff --git a/roles/dotfiles/.yamllint b/roles/dotfiles/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/dotfiles/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md new file mode 100644 index 0000000..0734f0a --- /dev/null +++ b/roles/dotfiles/README.md @@ -0,0 +1,75 @@ + Ansible Role dotfiles +==================== + +Ansible role l3d.users.dotfiles create some dotfiles dor your users. + +There are two variables to define users. The ``l3d_users__default_users`` is ment to put to your group_vars to define a default for your system. The ``l3d_users__local_users`` could be put in your host_vars to define host-specific user and admin roles. + + Variables: +----------- + +### User Management + ++ The dictionary-variable for your group_vars to set your general users and admins is ``l3d_users__default_users``. ++ The dictionary-variable for your host_vars to set your host-specific users and admins is: ``l3d_users__local_users``. +The Option of these directory-variables are the following. + +| option | values | required | description | +| ------ | ------ | --- | --- | +| ``name`` | *string* | ``required`` | The user you want to create | +| ``state`` | ``present`` | - | Create or delete user | +| ``shell`` | ``/bin/bash`` | - | The Shell of the User | +| ``create_home`` | ``true`` | - | create a user home *(needed to store ssh keys)* | +| ``admin`` | ``false`` | - | enable it to give the user superpowers | +| ``admin_commands`` | *string or list* | - | Commands that are allows to be run as admin, eg. 'ALL' or specific script | +| ``admin_nopassword`` | ``false`` | - | Need no Password for sudo | +| ``admin_ansible_login`` | ``true`` | - |if ``admin: true`` and ``l3d_users__create_ansible: true`` your ssh keys will be added to ansible user | +| ``pubkeys`` | string or lookup | - | see examples | +| ``exklusive_pubkeys`` | ``true`` | - | delete all undefined ssh keys | +| ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | +| ``bashrc`` | list | - | adding additional content to l3d.users.dotfiles to .bashrc | +| ``groups`` | list | - | Additional groups for your user | +| ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | + +There is a third directory-variable called ``l3d_users__ssh_login: []`` which only support ``name`` and ``state`` for users, that sould be able to login on that system. + +### Other Variables + +| name | default value | description | +| --- | --- | --- | +| ``l3d_users__bashrc`` | ``true`` | Configure bashrc | +| ``l3d_users__dotfiles__bash_completion_enabled`` | ``true`` | Enable bash completion | +| ``l3d_users__dotfiles__aliases`` | *see [defaults/main.yml](defaults/main.yml)* | A predefined list of usefull aliases for your bash config | +| ``dotfiles__additional_user_bashrc_lines`` | ``[]`` | variable for additional bashrc lines | +| ``l3d_users__bashrc_path`` | ``$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH``| bashrc $PATH | +| ``l3d_users__dotfiles__user_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for users | +| ``l3d_users__dotfiles__root_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for root | +| ``l3d_users__dotfiles__history_control`` | ``ignoreboth`` | bashrc history control | +| ``l3d_users__dotfiles__history_size`` | ``-1`` | bashrc history size | +| ``l3d_users__dotfiles__history_file_size`` | ``-1`` | bashrc history filesize | +| ``l3d_users__vimrc`` | ``true`` | Create vim config | +| ``l3d_users__vim_colorscheme`` | ``elflord`` | Configure vim colorscheme | +| ``l3d_users__tmuxcfg`` | ``true`` | Create Tmux Config | +| ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | + + Example Playbook +----------------- +```yaml +- name: Create System with User and Passwords + hosts: example.com + roles: + - {role: l3d.users.dotfiles, tags: 'dotfiles'} + vars: + l3d_users__local_users: + - name: 'alice' + state: 'present' + - name: 'bob' + state: 'present' + l3d_users__ssh_login: + - name: 'charlie' + state: 'present' + + l3d_users__limit_login: true + l3d_users__create_ansible: true + submodules_versioncheck: true +``` diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml new file mode 100644 index 0000000..7d6e697 --- /dev/null +++ b/roles/dotfiles/defaults/main.yml @@ -0,0 +1,68 @@ +--- +# create users +l3d_users__default_users: [] +# - name: 'alice' +# state: 'present' +# shell: '/bin/bash' +# create_home: true +# pubkeys: | +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8 +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX +# exklusive_pubkeys: true +# password: "$Password_hash" +# admin: true +# admin_commands: 'ALL' +# admin_nopassword: false +# admin_ansible_login: true +# bashrc: +# - '[[ $- == *i* ]] && eval $(keychain --eval --quiet id_ed25519)' +# - name: 'bob' +# state: 'present' +# shell: '/bin/zsh' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" +# exklusive_pubkeys: false + +l3d_users__local_users: [] +# - name: 'charlie' +# state: 'present' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" + +l3d_users__bashrc: true +l3d_users__dotfiles__bash_completion_enabled: true +l3d_users__dotfiles__aliases: + - {alias: "ls", command: "ls ", color: true} + - {alias: "grep", command: "grep", color: true} + - {alias: "ll", command: "ls -alF", color: false} + - {alias: "la", command: "ls -A", color: false} + - {alias: "l", command: "ls -CF", color: false} + - {alias: "lz", command: "ls -Z", color: false} + - {alias: "EDITOR", command: "/usr/bin/vim", color: false} + - {alias: "VISUAL", command: "/usr/bin/gedit", color: false} + - {alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull ; git submodule foreach \\\"(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)\\\")'", color: false} + - {alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous 95 1", color: false} + - {alias: "gdiff", command: "git diff --submodule=diff", color: false} +dotfiles__additional_user_bashrc_lines: [] + +l3d_users__bashrc_path: "$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH" + +# PS1 Prompt +l3d_users__dotfiles__user_prompt: '\e]0; \u@\H <\A> \w\a\[\033[01;33m\] $(printf "\xE2\x9D\xA4") \[\033[01;32m\]\u\[\033[01;36m\]@\[\033[01;32m\]\H\[\033[01;34m\] <\A> \[\033[01;35m\] \j \[\033[01;36m\] \w \[\033[01;33m\]\n\[\033[01;33m\] $(git branch 2>/dev/null | sed -n "s/* \(.*\)/\1 /p")$\[\033[01;00m\]' +l3d_users__dotfiles__root_prompt: '\e]0; \u@\H <\A> \w\a\[\033[01;31m\] $(printf "\xE2\x9D\xA4") \[\033[01;32m\]\u\[\033[01;36m\]@\[\033[01;32m\]\H\[\033[01;34m\] <\A> \[\033[01;35m\] \j \[\033[01;36m\] \w \[\033[01;33m\]\n\[\033[01;33m\] $(git branch 2>/dev/null | sed -n "s/* \(.*\)/\1 /p")$\[\033[01;00m\]' + +# bash_history +l3d_users__dotfiles__history_control: 'ignoreboth' +l3d_users__dotfiles__history_size: '-1' +l3d_users__dotfiles__history_file_size: '-1' + +# vim config +l3d_users__vimrc: true +l3d_users__vim_colorscheme: 'elflord' + +# tmux config +l3d_users__tmuxcfg: true + +# run simple versionscheck +submodules_versioncheck: false diff --git a/roles/dotfiles/handlers/main.yml b/roles/dotfiles/handlers/main.yml new file mode 100644 index 0000000..9c3acd9 --- /dev/null +++ b/roles/dotfiles/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: Restart SSHD Server + become: true + listen: 'systemctl restart sshd' + ansible.builtin.systemd: + name: "{{ l3d_users__sshd_service }}" + state: restarted + when: sshd__service is defined and ansible_service_mgr == 'systemd' diff --git a/roles/dotfiles/meta/main.yml b/roles/dotfiles/meta/main.yml new file mode 100644 index 0000000..fcc32c0 --- /dev/null +++ b/roles/dotfiles/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + role_name: sshd + author: l3d + description: Ansible role l3d.users.sshd to Manage SSHD Configuration of the system and which Accounts are allowed to login + license: "MIT" + min_ansible_version: "2.16" + platforms: + - name: Debian + versions: ['all'] + - name: Ubuntu + versions: ['all'] + - name: Fedora + versions: ['all'] + - name: EL + versions: ['all'] + galaxy_tags: + - sshd + - ssh + - users + - setup + - linux +dependencies: [] diff --git a/roles/dotfiles/tasks/bashrc.yml b/roles/dotfiles/tasks/bashrc.yml new file mode 100644 index 0000000..d6220f5 --- /dev/null +++ b/roles/dotfiles/tasks/bashrc.yml @@ -0,0 +1,23 @@ +--- +- name: Create global bashrc configuration + become: true + ansible.builtin.template: + src: 'templates/bash.bashrc.j2' + dest: '/etc/bash.bashrc' + owner: 'root' + group: 'root' + mode: 'u=rw,g=r,o=r' + +- name: Create bashrc configuration per user + become: true + ansible.builtin.template: + src: 'templates/dotbashrc.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..af696a8 --- /dev/null +++ b/roles/dotfiles/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Perform optional versionscheck + ansible.builtin.include_tasks: + file: 'versioncheck.yml' + when: submodules_versioncheck | bool + +- name: Install dotfiles packages + ansible.builtin.include_tasks: + file: 'packages.yml' + +- name: Merge default and locale Users + ansible.builtin.set_fact: + _l3d_users__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}" + +- name: Setup and configure bashrc + ansible.builtin.include_tasks: + file: 'bashrc.yml' + when: l3d_users__bashrc | bool + +- name: Setup and configure vimrc + ansible.builtin.include_tasks: + file: 'vimrc.yml' + when: l3d_users__vimrc | bool + +- name: Setup and configure tmux + ansible.builtin.include_tasks: + file: 'tmux.yml' + when: l3d_users__tmuxcfg | bool diff --git a/roles/dotfiles/tasks/packages.yml b/roles/dotfiles/tasks/packages.yml new file mode 100644 index 0000000..34f5001 --- /dev/null +++ b/roles/dotfiles/tasks/packages.yml @@ -0,0 +1,15 @@ +--- +- name: Update apt cache + become: true + ansible.builtin.apt: + cache_valid_time: 3600 + update_cache: true + when: + - ansible_pkg_mgr == "apt" + +- name: Install dotfile packages + become: true + ansible.builtin.package: + name: "{{ item }}" + state: 'present' + with_items: "{{ l3d_users__dotfiles_packages }}" diff --git a/roles/dotfiles/tasks/tmux.yml b/roles/dotfiles/tasks/tmux.yml new file mode 100644 index 0000000..3ca5a99 --- /dev/null +++ b/roles/dotfiles/tasks/tmux.yml @@ -0,0 +1,23 @@ +--- +- name: Create tmux configuration for root + become: true + ansible.builtin.template: + src: 'templates/tmux.conf.j2' + dest: '/root/.tmux.conf' + owner: 'root' + group: 'root' + mode: 'u=rw,g=r,o=r' + +- name: Create vimrc configuration per defined user + become: true + ansible.builtin.template: + src: 'templates/tmux.conf.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.tmux.conf" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' diff --git a/roles/dotfiles/tasks/versioncheck.yml b/roles/dotfiles/tasks/versioncheck.yml new file mode 100644 index 0000000..e901618 --- /dev/null +++ b/roles/dotfiles/tasks/versioncheck.yml @@ -0,0 +1,46 @@ +--- +# Copyright (c) 2021 L3D +# this file is released with the MIT license. +# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE +- name: Create directory for versionscheck + become: true + ansible.builtin.file: + path: '/etc/.ansible-version' + state: directory + mode: '0755' + when: submodules_versioncheck | bool + +- name: Check playbook version + become: true + ansible.builtin.slurp: + src: "/etc/.ansible-version/{{ playbook_version_path }}" + register: playbook_version + when: submodules_versioncheck | bool + failed_when: false + +- name: Print remote role version # noqa: H500 + ansible.builtin.debug: + msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" + when: submodules_versioncheck | bool + +- name: Print locale role version # noqa: H500 + ansible.builtin.debug: + msg: "Local role version: '{{ playbook_version_number | string }}'." + when: submodules_versioncheck | bool + +- name: Check if your version is outdated + ansible.builtin.fail: + msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" + when: + - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool + +- name: Write new version to remote disk + become: true + ansible.builtin.copy: + content: "{{ playbook_version_number }}" + dest: "/etc/.ansible-version/{{ playbook_version_path }}" + mode: '0644' + when: submodules_versioncheck | bool + tags: skip_ansible_lint_template-instead-of-copy + notify: + - 'systemctl restart sshd' diff --git a/roles/dotfiles/tasks/vimrc.yml b/roles/dotfiles/tasks/vimrc.yml new file mode 100644 index 0000000..6066d26 --- /dev/null +++ b/roles/dotfiles/tasks/vimrc.yml @@ -0,0 +1,23 @@ +--- +- name: Create vimrc configuration for root + become: true + ansible.builtin.template: + src: 'templates/vimrc.j2' + dest: '/root/.vimrc' + owner: 'root' + group: 'root' + mode: 'u=rw,g=r,o=r' + +- name: Create vimrc configuration per defined user + become: true + ansible.builtin.template: + src: 'templates/vimrc.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.vimrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 new file mode 100644 index 0000000..59433e2 --- /dev/null +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -0,0 +1,53 @@ +# /etc/bashrc +{{ ansible_managed | ansible.builtin.comment }} + +# System wide functions and aliases +# Environment stuff goes in /etc/profile + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" +{% for alias in l3d_users__dotfiles__aliases %} +{% if alias.color %} + alias {{ alias.alias }}="{{ alias.command }} --color=auto" +{% endif %} +{% endfor %} +fi + +{% for alias in l3d_users__dotfiles__aliases %} +{% if not alias.color %} + alias {{ alias.alias }}="{{ alias.command }}" +{% endif %} +{% endfor %} + +{% if l3d_users__dotfiles__bash_completion_enabled %} +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +{% endif %} + +# fancy Prompt +if [ $(id -u) -eq 0 ]; then + export PS1='{{ l3d_users__dotfiles__root_prompt }} ' +else + export PS1='{{ l3d_users__dotfiles__user_prompt }} ' +fi + + +HISTCONTROL={{ l3d_users__dotfiles__history_control }} +shopt -s histappend +{% if ansible_os_family == 'Redhat' %} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% elif ansible_distribution == "CentOS" %} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% else %} +HISTSIZE={{ l3d_users__dotfiles__history_size }} +HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% endif %} +# vim:ts=4:sw=4 diff --git a/roles/dotfiles/templates/dotbashrc.j2 b/roles/dotfiles/templates/dotbashrc.j2 new file mode 100644 index 0000000..e123388 --- /dev/null +++ b/roles/dotfiles/templates/dotbashrc.j2 @@ -0,0 +1,67 @@ +# {{ user.home | default('/home/' + user.name) }}/.bashrc" +# for user {{ user.name }} +{{ ansible_managed | ansible.builtin.comment }} + +# Source global definitions +if [ -f /etc/bash.bashrc ]; then + source /etc/bash.bashrc +fi + +# User specific environment +PATH="{{ l3d_users__bashrc_path }}" +export PATH + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" +{% for alias in l3d_users__dotfiles__aliases %} +{% if alias.color %} + alias {{ alias.alias }}="{{ alias.command }} --color=auto" +{% endif %} +{% endfor %} +fi + +{% for alias in l3d_users__dotfiles__aliases %} +{% if not alias.color %} + alias {{ alias.alias }}="{{ alias.command }}" +{% endif %} +{% endfor %} + +{% if l3d_users__dotfiles__bash_completion_enabled %} +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi +{% endif %} + +# fancy Prompt +export PS1='{{ l3d_users__dotfiles__user_prompt }} ' + +# baqsh_history +HISTCONTROL={{ l3d_users__dotfiles__history_control }} +shopt -s histappend +{% if ansible_os_family == 'Redhat' %} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% elif ansible_distribution == "CentOS" %} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% else %} +HISTSIZE={{ l3d_users__dotfiles__history_size }} +HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} +{% endif %} + +# additional general rules +{% for _row in l3d_users__dotfiles__additional_user_bashrc_lines | default() %} +{{ _row }} +{% endfor %} + +# additional user rules +{% for custom in user.bashrc | default([]) %} +{{ custom }} +{% endfor %} + +# vim:ts=4:sw=4 diff --git a/roles/dotfiles/templates/tmux.conf.j2 b/roles/dotfiles/templates/tmux.conf.j2 new file mode 100644 index 0000000..062cd03 --- /dev/null +++ b/roles/dotfiles/templates/tmux.conf.j2 @@ -0,0 +1,2 @@ +{{ ansible_managed | ansible.builtin.comment }} +set -g history-limit 65536 diff --git a/roles/dotfiles/templates/vimrc.j2 b/roles/dotfiles/templates/vimrc.j2 new file mode 100644 index 0000000..e9623b8 --- /dev/null +++ b/roles/dotfiles/templates/vimrc.j2 @@ -0,0 +1,50 @@ +" +" {{ ansible_managed }} +" +" gopass secure editor +au BufNewFile,BufRead /dev/shm/gopass.* setlocal noswapfile nobackup noundofile + +" vim layout +syntax on " enable syntax highlighting +set cursorline " highlight the current line +set fileencoding=utf-8 +set encoding=utf-8 +colorscheme {{ l3d_users__vim_colorscheme }} +set cursorline " highlight the current line + +" tabs and indenting +set autoindent " auto indenting +set smartindent " smart indenting +set expandtab " spaces instead of tabs +set tabstop=2 " 2 spaces for tabs +set shiftwidth=2 " 2 spaces for indentation + +" mouse +set mouse-=a " disable weird mouse behavior +nnoremap :tabprevious +nnoremap :tabprevious +nnoremap :tabnext +nnoremap :tabnext + +" bells +set noerrorbells " turn off audio bell +set visualbell " but leave on a visual bell + +" search +set hlsearch " highlighted search results +set showmatch " show matching bracket + +" behavior +filetype on " enable filetype detection +set scrolloff=5 " show at least 5 lines above/below +set showcmd " show selection metadata +set showmode " show INSERT, VISUAL, etc. mode +set showmatch " show matching brackets +set autoindent smartindent " auto/smart indent +set smarttab " better backspace and tab functionali +set nobackup " don't create pointless backup files; Use VCS instead +set autoread " watch for file changes + +" extra whitespace +highlight ExtraWhitespace ctermbg=red guibg=red +match ExtraWhitespace /\s\+$/ diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml new file mode 100644 index 0000000..f6f1e7a --- /dev/null +++ b/roles/dotfiles/vars/main.yml @@ -0,0 +1,9 @@ +--- +l3d_users__dotfiles_packages: + - bash + - vim + - htop + - tmux + +playbook_version_number: 8 +playbook_version_path: 'l3d.users.dotfiles.version' diff --git a/roles/sshd/.yamllint b/roles/sshd/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/sshd/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/sshd/README.md b/roles/sshd/README.md index 22ceb8c..26d93f1 100644 --- a/roles/sshd/README.md +++ b/roles/sshd/README.md @@ -29,7 +29,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | There is a third directory-variable called ``l3d_users__ssh_login: []`` which only support ``name`` and ``state`` for users, that sould be able to login on that system. diff --git a/roles/user/.yamllint b/roles/user/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/user/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/user/README.md b/roles/user/README.md index d256777..354685d 100644 --- a/roles/user/README.md +++ b/roles/user/README.md @@ -31,7 +31,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | ### Other Variables diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 1f207cf..83e5a07 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -8,7 +8,6 @@ ansible.builtin.set_fact: _l3d_users__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}" - - name: Create ansible user with superuser permissions ansible.builtin.include_tasks: file: 'user_ansible.yml' diff --git a/roles/user/tasks/pubkeys.yml b/roles/user/tasks/pubkeys.yml index d5a0927..58b2684 100644 --- a/roles/user/tasks/pubkeys.yml +++ b/roles/user/tasks/pubkeys.yml @@ -10,4 +10,4 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' diff --git a/roles/user/tasks/users.yml b/roles/user/tasks/users.yml index 07dd62c..c5c49be 100644 --- a/roles/user/tasks/users.yml +++ b/roles/user/tasks/users.yml @@ -8,7 +8,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' - name: Create Accounts for Users become: true @@ -26,7 +26,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' - name: Remove Accounts for Users become: true