From f34fc76d83a8b30cc6a8a50e025c6b71b507a29a Mon Sep 17 00:00:00 2001 From: L3D Date: Fri, 22 Mar 2024 16:40:22 +0100 Subject: [PATCH 01/12] Use l3d_users__ssh_login option --- README.md | 3 +- roles/admin/README.md | 1 - roles/admin/tasks/users.yml | 2 +- roles/dotfiles/README.md | 78 ++++++++++++++ roles/dotfiles/defaults/main.yml | 85 +++++++++++++++ roles/dotfiles/handlers/main.yml | 8 ++ roles/dotfiles/meta/main.yml | 23 ++++ roles/dotfiles/tasks/main.yml | 14 +++ roles/dotfiles/tasks/packages.yml | 15 +++ roles/dotfiles/tasks/versioncheck.yml | 46 ++++++++ roles/dotfiles/templates/sshd_config.j2 | 136 ++++++++++++++++++++++++ roles/dotfiles/vars/main.yml | 9 ++ roles/sshd/README.md | 1 - roles/user/README.md | 1 - roles/user/tasks/pubkeys.yml | 2 +- roles/user/tasks/users.yml | 4 +- 16 files changed, 420 insertions(+), 8 deletions(-) create mode 100644 roles/dotfiles/README.md create mode 100644 roles/dotfiles/defaults/main.yml create mode 100644 roles/dotfiles/handlers/main.yml create mode 100644 roles/dotfiles/meta/main.yml create mode 100644 roles/dotfiles/tasks/main.yml create mode 100644 roles/dotfiles/tasks/packages.yml create mode 100644 roles/dotfiles/tasks/versioncheck.yml create mode 100644 roles/dotfiles/templates/sshd_config.j2 create mode 100644 roles/dotfiles/vars/main.yml diff --git a/README.md b/README.md index 3afc0e6..5defc50 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,8 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | + +There is also the ``l3d_users__ssh_login`` variable which only supports ``name`` and ``state``. It can be used to whitelist users to the sshd config. ### Other variables | name | default value | description | diff --git a/roles/admin/README.md b/roles/admin/README.md index f8acf49..462b140 100644 --- a/roles/admin/README.md +++ b/roles/admin/README.md @@ -31,7 +31,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | ### Other diff --git a/roles/admin/tasks/users.yml b/roles/admin/tasks/users.yml index a82a2f9..aee20e8 100644 --- a/roles/admin/tasks/users.yml +++ b/roles/admin/tasks/users.yml @@ -11,7 +11,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and user.admin | default(false) | bool and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' and user.admin | default(false) | bool - name: Remove superpowers from Users become: true diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md new file mode 100644 index 0000000..01fb07f --- /dev/null +++ b/roles/dotfiles/README.md @@ -0,0 +1,78 @@ + Ansible Role dotfiles +==================== + +Ansible role l3d.users.dotfiles create some dotfiles dor your users. + +There are two variables to define users. The ``l3d_users__default_users`` is ment to put to your group_vars to define a default for your system. The ``l3d_users__local_users`` could be put in your host_vars to define host-specific user and admin roles. + + Variables: +----------- + +### User Management + ++ The dictionary-variable for your group_vars to set your general users and admins is ``l3d_users__default_users``. ++ The dictionary-variable for your host_vars to set your host-specific users and admins is: ``l3d_users__local_users``. +The Option of these directory-variables are the following. + +| option | values | required | description | +| ------ | ------ | --- | --- | +| ``name`` | *string* | ``required`` | The user you want to create | +| ``state`` | ``present`` | - | Create or delete user | +| ``shell`` | ``/bin/bash`` | - | The Shell of the User | +| ``create_home`` | ``true`` | - | create a user home *(needed to store ssh keys)* | +| ``admin`` | ``false`` | - | enable it to give the user superpowers | +| ``admin_commands`` | *string or list* | - | Commands that are allows to be run as admin, eg. 'ALL' or specific script | +| ``admin_nopassword`` | ``false`` | - | Need no Password for sudo | +| ``admin_ansible_login`` | ``true`` | - |if ``admin: true`` and ``l3d_users__create_ansible: true`` your ssh keys will be added to ansible user | +| ``pubkeys`` | string or lookup | - | see examples | +| ``exklusive_pubkeys`` | ``true`` | - | delete all undefined ssh keys | +| ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | +| ``groups`` | list | - | Additional groups for your user | +| ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | + +There is a third directory-variable called ``l3d_users__ssh_login: []`` which only support ``name`` and ``state`` for users, that sould be able to login on that system. + +### Other Variables + +| name | default value | description | +| --- | --- | --- | +| ``l3d_users__limit_login`` | ``true`` | Only allow SSH login for specified users | +| ``l3d_users__sshd_port`` | ``22`` | Port for SSH | +| ``l3d_users__sshd_password_authentication`` | ``false`` | Allow login with Password | +| ``l3d_users__sshd_permitrootlogin`` | ``false`` | Allow login as root | +| ``l3d_users__create_ansible`` | ``true`` | Create Ansible User | +| ``l3d_users__ansible_user_state`` | ``present`` | Ansible User State | +| ``l3d_users__sshd_manage_server_key_types`` | ``true`` | Manage Server SSH Key types | +| ``l3d_users__sshd_server_key_types`` | ``['ed25519']`` | List of supported SSH Key Types | +| ``l3d_users__sshd_manage_key_algorithmus`` | ``true`` | Manage SSH Key Algorythmins | +| ``l3d_users__sshd_key_algorithmus`` | ``['ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519', 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ecdsa-sha2-nistp256-cert-v01@openssh.com']`` | Used SSH Key Algorithms | +| ``l3d_users__sshd_manage_kex_algorithmus`` | ``true`` | Manage SSH Kex Algorythms | +| ``l3d_users__sshd_kex_algorithmus`` | ``['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1']`` | Used Kex Algorythms | +| ``l3d_users__sshd_manage_ciphers`` | ``true`` | Manage SSH Ciphers | +| ``l3d_users__sshd_ciphers`` | ``['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr']`` | Used SSH Ciphers | +| ``l3d_users__sshd_manage_macs`` | ``true`` | Manage Used MACs | +| ``l3d_users__sshd_macs`` | ``['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512']`` | Used MACs | +| ``l3d_users__sshd_xforwarding`` |``true`` | Enable X-Forwarding | +| ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | + + Example Playbook +----------------- +```yaml +- name: Create System with User and Passwords + hosts: example.com + roles: + - {role: l3d.users.dotfiles, tags: 'dotfiles'} + vars: + l3d_users__local_users: + - name: 'alice' + state: 'present' + - name: 'bob' + state: 'present' + l3d_users__ssh_login: + - name: 'charlie' + state: 'present' + + l3d_users__limit_login: true + l3d_users__create_ansible: true + submodules_versioncheck: true +``` diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml new file mode 100644 index 0000000..ea1a278 --- /dev/null +++ b/roles/dotfiles/defaults/main.yml @@ -0,0 +1,85 @@ +--- +# create users +l3d_users__default_users: [] +# - name: 'alice' +# state: 'present' +# shell: '/bin/bash' +# create_home: true +# pubkeys: | +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8 +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX +# exklusive_pubkeys: true +# password: "$Password_hash" +# admin: true +# admin_commands: 'ALL' +# admin_nopassword: false +# admin_ansible_login: true +# - name: 'bob' +# state: 'present' +# shell: '/bin/zsh' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" +# exklusive_pubkeys: false + +l3d_users__local_users: [] +# - name: 'charlie' +# state: 'present' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" + +l3d_users__ssh_login: [] +# - name: 'dora' +# state: 'present' + +l3d_users__limit_login: true + +l3d_users__sshd_port: 22 +l3d_users__sshd_password_authentication: false +l3d_users__sshd_permitrootlogin: false +l3d_users__create_ansible: true +l3d_users__ansible_user_state: 'present' + +l3d_users__sshd_manage_server_key_types: true +l3d_users__sshd_server_key_types: + - 'ed25519' + # - 'rsa' + # - 'ecdsa' + +l3d_users__sshd_manage_key_algorithmus: true +l3d_users__sshd_key_algorithmus: + - 'ssh-ed25519-cert-v01@openssh.com' + - 'ssh-ed25519' + - 'ecdsa-sha2-nistp521-cert-v01@openssh.com' + - 'ecdsa-sha2-nistp384-cert-v01@openssh.com' + - 'ecdsa-sha2-nistp256-cert-v01@openssh.com' + # - 'rsa-sha2-512-cert-v01@openssh.com' + # - 'rsa-sha2-256-cert-v01@openssh.com' + # - 'ssh-rsa-cert-v01@openssh.com' + # - 'ecdsa-sha2-nistp521' + # - 'ecdsa-sha2-nistp384' + # - 'ecdsa-sha2-nistp256' + # - 'rsa-sha2-512' + # - 'rsa-sha2-256' + # - 'ssh-rsa' + +l3d_users__sshd_manage_kex_algorithmus: true +l3d_users__sshd_kex_algorithmus: + - 'curve25519-sha256@libssh.org' + - 'diffie-hellman-group-exchange-sha256' + - 'diffie-hellman-group-exchange-sha1' + # - 'diffie-hellman-group14-sha1' + # - 'diffie-hellman-group1-sha1' + +l3d_users__sshd_manage_ciphers: true +l3d_users__sshd_ciphers: + - 'chacha20-poly1305@openssh.com' + - 'aes256-gcm@openssh.com' + - 'aes256-ctr' + # - 'aes256-cbc' + # - 'aes128-ctr' + # - 'aes128-cbc' + + +# run simple versionscheck +submodules_versioncheck: false diff --git a/roles/dotfiles/handlers/main.yml b/roles/dotfiles/handlers/main.yml new file mode 100644 index 0000000..9c3acd9 --- /dev/null +++ b/roles/dotfiles/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: Restart SSHD Server + become: true + listen: 'systemctl restart sshd' + ansible.builtin.systemd: + name: "{{ l3d_users__sshd_service }}" + state: restarted + when: sshd__service is defined and ansible_service_mgr == 'systemd' diff --git a/roles/dotfiles/meta/main.yml b/roles/dotfiles/meta/main.yml new file mode 100644 index 0000000..fcc32c0 --- /dev/null +++ b/roles/dotfiles/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + role_name: sshd + author: l3d + description: Ansible role l3d.users.sshd to Manage SSHD Configuration of the system and which Accounts are allowed to login + license: "MIT" + min_ansible_version: "2.16" + platforms: + - name: Debian + versions: ['all'] + - name: Ubuntu + versions: ['all'] + - name: Fedora + versions: ['all'] + - name: EL + versions: ['all'] + galaxy_tags: + - sshd + - ssh + - users + - setup + - linux +dependencies: [] diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..35e92aa --- /dev/null +++ b/roles/dotfiles/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Perform optional versionscheck + ansible.builtin.include_tasks: + file: 'versioncheck.yml' + when: submodules_versioncheck | bool + +- name: Install dotfiles packages + ansible.builtin.include_tasks: + file: 'packages.yml' + +- name: Setup and configure bashrc + ansible.builtin.include_tasks: + file: 'packages.yml' + when: diff --git a/roles/dotfiles/tasks/packages.yml b/roles/dotfiles/tasks/packages.yml new file mode 100644 index 0000000..34f5001 --- /dev/null +++ b/roles/dotfiles/tasks/packages.yml @@ -0,0 +1,15 @@ +--- +- name: Update apt cache + become: true + ansible.builtin.apt: + cache_valid_time: 3600 + update_cache: true + when: + - ansible_pkg_mgr == "apt" + +- name: Install dotfile packages + become: true + ansible.builtin.package: + name: "{{ item }}" + state: 'present' + with_items: "{{ l3d_users__dotfiles_packages }}" diff --git a/roles/dotfiles/tasks/versioncheck.yml b/roles/dotfiles/tasks/versioncheck.yml new file mode 100644 index 0000000..e901618 --- /dev/null +++ b/roles/dotfiles/tasks/versioncheck.yml @@ -0,0 +1,46 @@ +--- +# Copyright (c) 2021 L3D +# this file is released with the MIT license. +# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE +- name: Create directory for versionscheck + become: true + ansible.builtin.file: + path: '/etc/.ansible-version' + state: directory + mode: '0755' + when: submodules_versioncheck | bool + +- name: Check playbook version + become: true + ansible.builtin.slurp: + src: "/etc/.ansible-version/{{ playbook_version_path }}" + register: playbook_version + when: submodules_versioncheck | bool + failed_when: false + +- name: Print remote role version # noqa: H500 + ansible.builtin.debug: + msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}" + when: submodules_versioncheck | bool + +- name: Print locale role version # noqa: H500 + ansible.builtin.debug: + msg: "Local role version: '{{ playbook_version_number | string }}'." + when: submodules_versioncheck | bool + +- name: Check if your version is outdated + ansible.builtin.fail: + msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!" + when: + - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool + +- name: Write new version to remote disk + become: true + ansible.builtin.copy: + content: "{{ playbook_version_number }}" + dest: "/etc/.ansible-version/{{ playbook_version_path }}" + mode: '0644' + when: submodules_versioncheck | bool + tags: skip_ansible_lint_template-instead-of-copy + notify: + - 'systemctl restart sshd' diff --git a/roles/dotfiles/templates/sshd_config.j2 b/roles/dotfiles/templates/sshd_config.j2 new file mode 100644 index 0000000..b61a262 --- /dev/null +++ b/roles/dotfiles/templates/sshd_config.j2 @@ -0,0 +1,136 @@ +# Attention, local changew will be overwritten +# MIT (C) L3D +# {{ ansible_managed }} +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +{% if _sshd_version | default(7.0) | float > 8.0 | bool %} +# Include SSHD config snippets +# Support fot this starts with sshd 8.0 +Include /etc/ssh/sshd_config.d/*.conf +{% endif %} + +# Networking +Port {{ l3d_users__sshd_port }} +AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +TCPKeepAlive yes + +# SSHD Key exchange +{% if l3d_users__sshd_manage_key_algorithmus | bool %} +# -> HostkeyAlgorithms +HostkeyAlgorithms {{ l3d_users__sshd_key_algorithmus | join(',') }} +{% else %} +# No HostkeyAlgorithms defined +{% endif %} + +{% if l3d_users__sshd_manage_kex_algorithmus | bool %} +# -> KexAlgorithms +KexAlgorithms {{ l3d_users__sshd_kex_algorithmus | join(',') }} +{% else %} +# No KexAlgorithms defined +{% endif %} + +# Ciphers and keying +{% if l3d_users__sshd_manage_ciphers | bool %} +# -> Ciphers +Ciphers {{ l3d_users__sshd_ciphers | join(',') }} +{% else %} +# No Ciphers defined +{% endif %} + +{% if l3d_users__sshd_manage_macs | bool %} +# -> Macs +MACs {{ l3d_users__sshd_macs | join(',') }} +{% else %} +# No MACs defined +{% endif %} + +# Server Authentication +Protocol 2 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# SSHD Host Keys +{% if l3d_users__sshd_manage_server_key_types | bool %} +{% for key in l3d_users__sshd_server_key_types %} +# -> {{ key }} +HostKey /etc/ssh/ssh_host_{{ key }}_key +{% endfor %} +{% endif %} + +# Client authentication +MaxAuthTries 6 +MaxSessions 10 +PasswordAuthentication {{ l3d_users__sshd_password_authentication | ternary('yes', 'no') }} +ChallengeResponseAuthentication no +PubkeyAuthentication yes +PermitRootLogin {{ l3d_users__sshd_permitrootlogin | ternary('without-password', 'no') }} +LoginGraceTime 120 +StrictModes yes +X11Forwarding {{ l3d_users__sshd_xforwarding | ternary('yes', 'no') }} + +AllowTcpForwarding yes +#GatewayPorts no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes + +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes + +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + + +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +{% set _sshd_accounts = [] %} +{% for user in _l3d_users__merged_users %} +{% if user.name is defined and user.state | default('present') == 'present' %} +{% set _ = _sshd_accounts.append(user.name) %} +{% endif %} +{% endfor %} + +# User Authentication +{% if l3d_users__create_ansible | bool and l3d_users__ansible_user_state == 'present' %} +AllowUsers ansible {{ _sshd_accounts | join(' ') }} + +# Group Authentication +AllowGroups ansible {{ _sshd_accounts | join(' ') }} +{% else %} +AllowUsers {{ _sshd_accounts | join(' ') }} + +# Group Authentication +AllowGroups {{ _sshd_accounts | join(' ') }} +{% endif %} + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# sftp (required by ansible) +# Subsystem sftp /usr/lib/openssh/sftp-server +{% if ansible_os_family == 'RedHat' %} +Subsystem sftp /usr/libexec/openssh/sftp-server +{% else %} +Subsystem sftp /usr/lib/openssh/sftp-server +{% endif %} diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml new file mode 100644 index 0000000..1cdd8e7 --- /dev/null +++ b/roles/dotfiles/vars/main.yml @@ -0,0 +1,9 @@ +--- +l3d_users__dotfiles_packages: + - bash + - vim + - htop + - ranger + +playbook_version_number: 2 +playbook_version_path: 'l3d.users.dotfiles.version' diff --git a/roles/sshd/README.md b/roles/sshd/README.md index 22ceb8c..26d93f1 100644 --- a/roles/sshd/README.md +++ b/roles/sshd/README.md @@ -29,7 +29,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | There is a third directory-variable called ``l3d_users__ssh_login: []`` which only support ``name`` and ``state`` for users, that sould be able to login on that system. diff --git a/roles/user/README.md b/roles/user/README.md index d256777..354685d 100644 --- a/roles/user/README.md +++ b/roles/user/README.md @@ -31,7 +31,6 @@ The Option of these directory-variables are the following. | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | -| ``only_sshd_config`` | ``false`` | Skip user and permission creation and only add user to SSHD config | ### Other Variables diff --git a/roles/user/tasks/pubkeys.yml b/roles/user/tasks/pubkeys.yml index d5a0927..58b2684 100644 --- a/roles/user/tasks/pubkeys.yml +++ b/roles/user/tasks/pubkeys.yml @@ -10,4 +10,4 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' diff --git a/roles/user/tasks/users.yml b/roles/user/tasks/users.yml index 07dd62c..c5c49be 100644 --- a/roles/user/tasks/users.yml +++ b/roles/user/tasks/users.yml @@ -8,7 +8,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' - name: Create Accounts for Users become: true @@ -26,7 +26,7 @@ loop_control: label: "user={{ user.name }}" loop_var: user - when: user.state | default ('present') == 'present' and not user.only_sshd_config | default(false) | bool + when: user.state | default ('present') == 'present' - name: Remove Accounts for Users become: true From dcaf92f5964bdca76254ba0049de779faaf62ddc Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 26 Mar 2024 14:22:08 +0100 Subject: [PATCH 02/12] start creating dotfiles --- roles/dotfiles/defaults/main.yml | 53 +-------- roles/dotfiles/tasks/bashrc.yml | 9 ++ roles/dotfiles/tasks/main.yml | 4 +- roles/dotfiles/templates/bash.bashrc.j2 | 61 +++++++++++ roles/dotfiles/templates/sshd_config.j2 | 136 ------------------------ 5 files changed, 73 insertions(+), 190 deletions(-) create mode 100644 roles/dotfiles/tasks/bashrc.yml create mode 100644 roles/dotfiles/templates/bash.bashrc.j2 delete mode 100644 roles/dotfiles/templates/sshd_config.j2 diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index ea1a278..21fe338 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -28,58 +28,7 @@ l3d_users__local_users: [] # admin: false # pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" -l3d_users__ssh_login: [] -# - name: 'dora' -# state: 'present' - -l3d_users__limit_login: true - -l3d_users__sshd_port: 22 -l3d_users__sshd_password_authentication: false -l3d_users__sshd_permitrootlogin: false -l3d_users__create_ansible: true -l3d_users__ansible_user_state: 'present' - -l3d_users__sshd_manage_server_key_types: true -l3d_users__sshd_server_key_types: - - 'ed25519' - # - 'rsa' - # - 'ecdsa' - -l3d_users__sshd_manage_key_algorithmus: true -l3d_users__sshd_key_algorithmus: - - 'ssh-ed25519-cert-v01@openssh.com' - - 'ssh-ed25519' - - 'ecdsa-sha2-nistp521-cert-v01@openssh.com' - - 'ecdsa-sha2-nistp384-cert-v01@openssh.com' - - 'ecdsa-sha2-nistp256-cert-v01@openssh.com' - # - 'rsa-sha2-512-cert-v01@openssh.com' - # - 'rsa-sha2-256-cert-v01@openssh.com' - # - 'ssh-rsa-cert-v01@openssh.com' - # - 'ecdsa-sha2-nistp521' - # - 'ecdsa-sha2-nistp384' - # - 'ecdsa-sha2-nistp256' - # - 'rsa-sha2-512' - # - 'rsa-sha2-256' - # - 'ssh-rsa' - -l3d_users__sshd_manage_kex_algorithmus: true -l3d_users__sshd_kex_algorithmus: - - 'curve25519-sha256@libssh.org' - - 'diffie-hellman-group-exchange-sha256' - - 'diffie-hellman-group-exchange-sha1' - # - 'diffie-hellman-group14-sha1' - # - 'diffie-hellman-group1-sha1' - -l3d_users__sshd_manage_ciphers: true -l3d_users__sshd_ciphers: - - 'chacha20-poly1305@openssh.com' - - 'aes256-gcm@openssh.com' - - 'aes256-ctr' - # - 'aes256-cbc' - # - 'aes128-ctr' - # - 'aes128-cbc' - +l3d_users__bashrc: true # run simple versionscheck submodules_versioncheck: false diff --git a/roles/dotfiles/tasks/bashrc.yml b/roles/dotfiles/tasks/bashrc.yml new file mode 100644 index 0000000..ac91fae --- /dev/null +++ b/roles/dotfiles/tasks/bashrc.yml @@ -0,0 +1,9 @@ +--- +- name: Create global bashrc configuration + become: true + ansible.builtin.template: + src: 'templates/bash.bashrc.j2' + dest: '/etc/bash.bashrc' + owner: root + group: root + mode: 'u=rw,g=r,o=r' diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 35e92aa..c44f1fd 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -10,5 +10,5 @@ - name: Setup and configure bashrc ansible.builtin.include_tasks: - file: 'packages.yml' - when: + file: 'bashrc.yml' + when: l3d_users__bashrc | bool diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 new file mode 100644 index 0000000..6524b14 --- /dev/null +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -0,0 +1,61 @@ +# /etc/bashrc + +# System wide functions and aliases +# Environment stuff goes in /etc/profile + +# This file may be overwritten by ansible. Please think about commiting +# changes you want to keep persistent. + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" +{% for alias in dotfiles__aliases %} +{% if alias.color %} + alias {{ alias.alias }}="{{ alias.command }} --color=auto" +{% endif%} +{% endfor %} +fi + +{% for alias in dotfiles__aliases %} +{% if not alias.color %} + alias {{ alias.alias }}="{{ alias.command }}" +{% endif%} +{% endfor %} + +{%if dotfiles__bash_completion_enabled %} +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi + +{% endif %} + +# fancy Prompt +if [ $(id -u) -eq 0 ]; then + export PS1='{{ dotfiles__root_prompt }} ' +else + export PS1='{{ dotfiles__user_prompt }} ' +fi + + +HISTCONTROL={{ dotfiles__history_control }} +shopt -s histappend +{% if ansible_os_family == 'Redhat' %} +# HISTSIZE={{ dotfiles__history_size }} +# HISTFILESIZE={{ dotfiles__history_file_size }} +{% elif ansible_distribution == "CentOS" %} +# HISTSIZE={{ dotfiles__history_size }} +# HISTFILESIZE={{ dotfiles__history_file_size }} +{% else %} +HISTSIZE={{ dotfiles__history_size }} +HISTFILESIZE={{ dotfiles__history_file_size }} +{% endif %} + + +{% for _row in dotfiles__additional_bashrc_lines | default() %} +{{ _row }} +{% endfor %} +# vim:ts=4:sw=4 diff --git a/roles/dotfiles/templates/sshd_config.j2 b/roles/dotfiles/templates/sshd_config.j2 deleted file mode 100644 index b61a262..0000000 --- a/roles/dotfiles/templates/sshd_config.j2 +++ /dev/null @@ -1,136 +0,0 @@ -# Attention, local changew will be overwritten -# MIT (C) L3D -# {{ ansible_managed }} -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -{% if _sshd_version | default(7.0) | float > 8.0 | bool %} -# Include SSHD config snippets -# Support fot this starts with sshd 8.0 -Include /etc/ssh/sshd_config.d/*.conf -{% endif %} - -# Networking -Port {{ l3d_users__sshd_port }} -AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -TCPKeepAlive yes - -# SSHD Key exchange -{% if l3d_users__sshd_manage_key_algorithmus | bool %} -# -> HostkeyAlgorithms -HostkeyAlgorithms {{ l3d_users__sshd_key_algorithmus | join(',') }} -{% else %} -# No HostkeyAlgorithms defined -{% endif %} - -{% if l3d_users__sshd_manage_kex_algorithmus | bool %} -# -> KexAlgorithms -KexAlgorithms {{ l3d_users__sshd_kex_algorithmus | join(',') }} -{% else %} -# No KexAlgorithms defined -{% endif %} - -# Ciphers and keying -{% if l3d_users__sshd_manage_ciphers | bool %} -# -> Ciphers -Ciphers {{ l3d_users__sshd_ciphers | join(',') }} -{% else %} -# No Ciphers defined -{% endif %} - -{% if l3d_users__sshd_manage_macs | bool %} -# -> Macs -MACs {{ l3d_users__sshd_macs | join(',') }} -{% else %} -# No MACs defined -{% endif %} - -# Server Authentication -Protocol 2 - -# Logging -SyslogFacility AUTH -LogLevel INFO - -# SSHD Host Keys -{% if l3d_users__sshd_manage_server_key_types | bool %} -{% for key in l3d_users__sshd_server_key_types %} -# -> {{ key }} -HostKey /etc/ssh/ssh_host_{{ key }}_key -{% endfor %} -{% endif %} - -# Client authentication -MaxAuthTries 6 -MaxSessions 10 -PasswordAuthentication {{ l3d_users__sshd_password_authentication | ternary('yes', 'no') }} -ChallengeResponseAuthentication no -PubkeyAuthentication yes -PermitRootLogin {{ l3d_users__sshd_permitrootlogin | ternary('without-password', 'no') }} -LoginGraceTime 120 -StrictModes yes -X11Forwarding {{ l3d_users__sshd_xforwarding | ternary('yes', 'no') }} - -AllowTcpForwarding yes -#GatewayPorts no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes - -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes - -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - - -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -{% set _sshd_accounts = [] %} -{% for user in _l3d_users__merged_users %} -{% if user.name is defined and user.state | default('present') == 'present' %} -{% set _ = _sshd_accounts.append(user.name) %} -{% endif %} -{% endfor %} - -# User Authentication -{% if l3d_users__create_ansible | bool and l3d_users__ansible_user_state == 'present' %} -AllowUsers ansible {{ _sshd_accounts | join(' ') }} - -# Group Authentication -AllowGroups ansible {{ _sshd_accounts | join(' ') }} -{% else %} -AllowUsers {{ _sshd_accounts | join(' ') }} - -# Group Authentication -AllowGroups {{ _sshd_accounts | join(' ') }} -{% endif %} - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# sftp (required by ansible) -# Subsystem sftp /usr/lib/openssh/sftp-server -{% if ansible_os_family == 'RedHat' %} -Subsystem sftp /usr/libexec/openssh/sftp-server -{% else %} -Subsystem sftp /usr/lib/openssh/sftp-server -{% endif %} From cd250f1472ab025982d0b969c032931d182a3c6c Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 26 Mar 2024 15:58:56 +0100 Subject: [PATCH 03/12] Create bashrc config - global and pre user --- README.md | 1 + roles/dotfiles/README.md | 1 + roles/dotfiles/defaults/main.yml | 27 ++++++++++ roles/dotfiles/tasks/bashrc.yml | 19 ++++++- roles/dotfiles/templates/bash.bashrc.j2 | 19 +++---- roles/dotfiles/templates/dotbashrc.j2 | 66 +++++++++++++++++++++++++ 6 files changed, 118 insertions(+), 15 deletions(-) create mode 100644 roles/dotfiles/templates/dotbashrc.j2 diff --git a/README.md b/README.md index 5defc50..baa9e29 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ The Option of these directory-variables are the following. | ``pubkeys`` | string or lookup | - | see examples | | ``exklusive_pubkeys`` | ``true`` | - | delete all undefined ssh keys | | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | +| ``bashrc`` | list | - | adding additional content to l3d.users.dotfiles to .bashrc | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md index 01fb07f..3fc6b91 100644 --- a/roles/dotfiles/README.md +++ b/roles/dotfiles/README.md @@ -27,6 +27,7 @@ The Option of these directory-variables are the following. | ``pubkeys`` | string or lookup | - | see examples | | ``exklusive_pubkeys`` | ``true`` | - | delete all undefined ssh keys | | ``password`` | password hash | - | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) | +| ``bashrc`` | list | - | adding additional content to l3d.users.dotfiles to .bashrc | | ``groups`` | list | - | Additional groups for your user | | ``remove`` | ``false`` | - | completly remove user if ``state: absent`` | diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index 21fe338..984e286 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -15,6 +15,8 @@ l3d_users__default_users: [] # admin_commands: 'ALL' # admin_nopassword: false # admin_ansible_login: true +# bashrc: +# - '[[ $- == *i* ]] && eval $(keychain --eval --quiet id_ed25519)' # - name: 'bob' # state: 'present' # shell: '/bin/zsh' @@ -29,6 +31,31 @@ l3d_users__local_users: [] # pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" l3d_users__bashrc: true +l3d_users__dotfiles__bash_completion_enabled: true +l3d_users__dotfiles__aliases: + - {alias: "ls", command: "ls ", color: true} + - {alias: "grep", command: "grep", color: true} + - {alias: "ll", command: "ls -alF", color: false} + - {alias: "la", command: "ls -A", color: false} + - {alias: "l", command: "ls -CF", color: false} + - {alias: "lz", command: "ls -Z", color: false} + - {alias: "EDITOR", command: "/usr/bin/vim", color: false} + - {alias: "VISUAL", command: "/usr/bin/gedit", color: false} + - {alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)'", color: false} + - {alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous 95 1", color: false} + - {alias: "gdiff", command: "git diff --submodule=diff", color: false} +dotfiles__additional_user_bashrc_lines: [] + +l3d_users__bashrc_path: "$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH" + +# PS1 Prompt +l3d_users__dotfiles__user_prompt: '\e]0; \u@\H <\A> \w\a\[\033[01;33m\] $(printf "\xE2\x9D\xA4") \[\033[01;32m\]\u\[\033[01;36m\]@\[\033[01;32m\]\H\[\033[01;34m\] <\A> \[\033[01;35m\] \j \[\033[01;36m\] \w \[\033[01;33m\]\n\[\033[01;33m\] $(git branch 2>/dev/null | sed -n "s/* \(.*\)/\1 /p")$\[\033[01;00m\]' +l3d_users__dotfiles__root_prompt: '\e]0; \u@\H <\A> \w\a\[\033[01;31m\] $(printf "\xE2\x9D\xA4") \[\033[01;32m\]\u\[\033[01;36m\]@\[\033[01;32m\]\H\[\033[01;34m\] <\A> \[\033[01;35m\] \j \[\033[01;36m\] \w \[\033[01;33m\]\n\[\033[01;33m\] $(git branch 2>/dev/null | sed -n "s/* \(.*\)/\1 /p")$\[\033[01;00m\]' + +# bash_history +l3d_users__dotfiles__history_control: 'ignoreboth' +l3d_users__dotfiles__history_size: '-1' +l3d_users__dotfiles__history_file_size: '-1' # run simple versionscheck submodules_versioncheck: false diff --git a/roles/dotfiles/tasks/bashrc.yml b/roles/dotfiles/tasks/bashrc.yml index ac91fae..a87c014 100644 --- a/roles/dotfiles/tasks/bashrc.yml +++ b/roles/dotfiles/tasks/bashrc.yml @@ -4,6 +4,21 @@ ansible.builtin.template: src: 'templates/bash.bashrc.j2' dest: '/etc/bash.bashrc' - owner: root - group: root + owner: 'root' + group: 'root' mode: 'u=rw,g=r,o=r' + +- name: Create global bashrc configuration + become: true + ansible.builtin.template: + src: 'templates/dotbashrc.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' + diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 index 6524b14..03d237c 100644 --- a/roles/dotfiles/templates/bash.bashrc.j2 +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -1,11 +1,9 @@ # /etc/bashrc +{{ ansible_managed | comment }} # System wide functions and aliases # Environment stuff goes in /etc/profile -# This file may be overwritten by ansible. Please think about commiting -# changes you want to keep persistent. - # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" @@ -16,13 +14,13 @@ if [ -x /usr/bin/dircolors ]; then {% endfor %} fi -{% for alias in dotfiles__aliases %} +{% for alias in l3d_users__dotfiles__aliases %} {% if not alias.color %} alias {{ alias.alias }}="{{ alias.command }}" {% endif%} {% endfor %} -{%if dotfiles__bash_completion_enabled %} +{%if l3d_users__dotfiles__bash_completion_enabled %} if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion @@ -35,13 +33,13 @@ fi # fancy Prompt if [ $(id -u) -eq 0 ]; then - export PS1='{{ dotfiles__root_prompt }} ' + export PS1='{{ l3d_users__dotfiles__root_prompt }} ' else - export PS1='{{ dotfiles__user_prompt }} ' + export PS1='{{ l3d_users__dotfiles__user_prompt }} ' fi -HISTCONTROL={{ dotfiles__history_control }} +HISTCONTROL={{ l3d_users__dotfiles__history_control }} shopt -s histappend {% if ansible_os_family == 'Redhat' %} # HISTSIZE={{ dotfiles__history_size }} @@ -53,9 +51,4 @@ shopt -s histappend HISTSIZE={{ dotfiles__history_size }} HISTFILESIZE={{ dotfiles__history_file_size }} {% endif %} - - -{% for _row in dotfiles__additional_bashrc_lines | default() %} -{{ _row }} -{% endfor %} # vim:ts=4:sw=4 diff --git a/roles/dotfiles/templates/dotbashrc.j2 b/roles/dotfiles/templates/dotbashrc.j2 new file mode 100644 index 0000000..600c40a --- /dev/null +++ b/roles/dotfiles/templates/dotbashrc.j2 @@ -0,0 +1,66 @@ +# {{ user.home | default('/home/' + user.name) }}/.bashrc" +# for user {{ user.name }} +{{ ansible_managed | comment }} + +# Source global definitions +if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc +fi + +# User specific environment +PATH="{{ l3d_users__bashrc_path }}" +export PATH + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" +{% for alias in dotfiles__aliases %} +{% if alias.color %} + alias {{ alias.alias }}="{{ alias.command }} --color=auto" +{% endif%} +{% endfor %} +fi + +{% for alias in l3d_users__dotfiles__aliases %} +{% if not alias.color %} + alias {{ alias.alias }}="{{ alias.command }}" +{% endif%} +{% endfor %} + +{%if l3d_users__dotfiles__bash_completion_enabled %} +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi + +# fancy Prompt +export PS1='{{ l3d_users__dotfiles__user_prompt }} ' + +# baqsh_history +HISTCONTROL={{ l3d_users__dotfiles__history_control }} +shopt -s histappend +{% if ansible_os_family == 'Redhat' %} +# HISTSIZE={{ dotfiles__history_size }} +# HISTFILESIZE={{ dotfiles__history_file_size }} +{% elif ansible_distribution == "CentOS" %} +# HISTSIZE={{ dotfiles__history_size }} +# HISTFILESIZE={{ dotfiles__history_file_size }} +{% else %} +HISTSIZE={{ dotfiles__history_size }} +HISTFILESIZE={{ dotfiles__history_file_size }} +{% endif %} + +# additional general rules +{% for _row in dotfiles__additional_user_bashrc_lines | default() %} +{{ _row }} +{% endfor %} + +# additional user rules +{% for custom in {{ user.bashrc | default([]) }} %} +{{ custom }} +{% endfor %} + +# vim:ts=4:sw=4 From 48de3d601da31b1bee654d0d4b660f64de453f8c Mon Sep 17 00:00:00 2001 From: L3D Date: Tue, 26 Mar 2024 16:04:10 +0100 Subject: [PATCH 04/12] Update linting --- .yamllint | 4 ++-- roles/dotfiles/tasks/bashrc.yml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.yamllint b/.yamllint index e9713ae..f7347ec 100644 --- a/.yamllint +++ b/.yamllint @@ -2,7 +2,7 @@ extends: default rules: - # 170 chars should be enough, but don't fail if a line is longer + # 310 chars should be enough, but don't fail if a line is longer line-length: - max: 170 + max: 310 level: warning diff --git a/roles/dotfiles/tasks/bashrc.yml b/roles/dotfiles/tasks/bashrc.yml index a87c014..ba7c67c 100644 --- a/roles/dotfiles/tasks/bashrc.yml +++ b/roles/dotfiles/tasks/bashrc.yml @@ -21,4 +21,3 @@ label: "user={{ user.name }}" loop_var: user when: user.state | default ('present') == 'present' - From 4cc7cdfa108adb89e1fdd3b261813c7c9546c1f3 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 19:42:57 +0200 Subject: [PATCH 05/12] Improve j2linting --- roles/dotfiles/defaults/main.yml | 5 ++- roles/dotfiles/tasks/main.yml | 5 +++ roles/dotfiles/tasks/vimrc.yml | 23 ++++++++++++ roles/dotfiles/templates/bash.bashrc.j2 | 11 +++--- roles/dotfiles/templates/dotbashrc.j2 | 15 ++++---- roles/dotfiles/templates/vimrc.j2 | 49 +++++++++++++++++++++++++ roles/dotfiles/vars/main.yml | 3 +- 7 files changed, 95 insertions(+), 16 deletions(-) create mode 100644 roles/dotfiles/tasks/vimrc.yml create mode 100644 roles/dotfiles/templates/vimrc.j2 diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index 984e286..42e4d77 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -41,7 +41,7 @@ l3d_users__dotfiles__aliases: - {alias: "lz", command: "ls -Z", color: false} - {alias: "EDITOR", command: "/usr/bin/vim", color: false} - {alias: "VISUAL", command: "/usr/bin/gedit", color: false} - - {alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)'", color: false} + - {alias: "gitsubpull", command: "git submodule foreach '(git checkout $(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull ; git submodule foreach \"(git checkout $(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)\")'", color: false} - {alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous 95 1", color: false} - {alias: "gdiff", command: "git diff --submodule=diff", color: false} dotfiles__additional_user_bashrc_lines: [] @@ -57,5 +57,8 @@ l3d_users__dotfiles__history_control: 'ignoreboth' l3d_users__dotfiles__history_size: '-1' l3d_users__dotfiles__history_file_size: '-1' +# vim config +l3d_users__vimrc: true + # run simple versionscheck submodules_versioncheck: false diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index c44f1fd..3e35b8c 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -12,3 +12,8 @@ ansible.builtin.include_tasks: file: 'bashrc.yml' when: l3d_users__bashrc | bool + +- name: Setup and configure vimrc + ansible.builtin.include_tasks: + file: 'vimrc.yml' + when: l3d_users__vimrc | bool diff --git a/roles/dotfiles/tasks/vimrc.yml b/roles/dotfiles/tasks/vimrc.yml new file mode 100644 index 0000000..f13c327 --- /dev/null +++ b/roles/dotfiles/tasks/vimrc.yml @@ -0,0 +1,23 @@ +--- +- name: Create vimrc configuration for root + become: true + ansible.builtin.template: + src: 'templates/vimrc.j2' + dest: '/root/.vimrc' + owner: 'root' + group: 'root' + mode: 'u=rw,g=r,o=r' + +- name: Create global bashrc configuration + become: true + ansible.builtin.template: + src: 'templates/dotbashrc.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.bashrc" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 index 03d237c..3832631 100644 --- a/roles/dotfiles/templates/bash.bashrc.j2 +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -8,19 +8,19 @@ if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" {% for alias in dotfiles__aliases %} -{% if alias.color %} +{% if alias.color %} alias {{ alias.alias }}="{{ alias.command }} --color=auto" -{% endif%} +{% endif %} {% endfor %} fi {% for alias in l3d_users__dotfiles__aliases %} -{% if not alias.color %} +{% if not alias.color %} alias {{ alias.alias }}="{{ alias.command }}" -{% endif%} +{% endif %} {% endfor %} -{%if l3d_users__dotfiles__bash_completion_enabled %} +{% if l3d_users__dotfiles__bash_completion_enabled %} if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion @@ -28,7 +28,6 @@ if ! shopt -oq posix; then . /etc/bash_completion fi fi - {% endif %} # fancy Prompt diff --git a/roles/dotfiles/templates/dotbashrc.j2 b/roles/dotfiles/templates/dotbashrc.j2 index 600c40a..7999b3f 100644 --- a/roles/dotfiles/templates/dotbashrc.j2 +++ b/roles/dotfiles/templates/dotbashrc.j2 @@ -4,7 +4,7 @@ # Source global definitions if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc + source /etc/bash.bashrc fi # User specific environment @@ -15,19 +15,19 @@ export PATH if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" {% for alias in dotfiles__aliases %} -{% if alias.color %} +{% if alias.color %} alias {{ alias.alias }}="{{ alias.command }} --color=auto" -{% endif%} +{% endif %} {% endfor %} fi {% for alias in l3d_users__dotfiles__aliases %} -{% if not alias.color %} +{% if not alias.color %} alias {{ alias.alias }}="{{ alias.command }}" -{% endif%} +{% endif %} {% endfor %} -{%if l3d_users__dotfiles__bash_completion_enabled %} +{% if l3d_users__dotfiles__bash_completion_enabled %} if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion @@ -35,6 +35,7 @@ if ! shopt -oq posix; then . /etc/bash_completion fi fi +{% endif %} # fancy Prompt export PS1='{{ l3d_users__dotfiles__user_prompt }} ' @@ -59,7 +60,7 @@ HISTFILESIZE={{ dotfiles__history_file_size }} {% endfor %} # additional user rules -{% for custom in {{ user.bashrc | default([]) }} %} +{% for custom in user.bashrc | default([]) %} {{ custom }} {% endfor %} diff --git a/roles/dotfiles/templates/vimrc.j2 b/roles/dotfiles/templates/vimrc.j2 new file mode 100644 index 0000000..b274040 --- /dev/null +++ b/roles/dotfiles/templates/vimrc.j2 @@ -0,0 +1,49 @@ +{{ ansible_managed | comment }} + +" gopass secure editor +au BufNewFile,BufRead /dev/shm/gopass.* setlocal noswapfile nobackup noundofile + +" vim layout +syntax on " enable syntax highlighting +set cursorline " highlight the current line +set fileencoding=utf-8 +set encoding=utf-8 +colorscheme elflord +set cursorline " highlight the current line + +" tabs and indenting +set autoindent " auto indenting +set smartindent " smart indenting +set expandtab " spaces instead of tabs +set tabstop=2 " 2 spaces for tabs +set shiftwidth=2 " 2 spaces for indentation + +" mouse +set mouse-=a " disable weird mouse behavior +nnoremap :tabprevious +nnoremap :tabprevious +nnoremap :tabnext +nnoremap :tabnext + +" bells +set noerrorbells " turn off audio bell +set visualbell " but leave on a visual bell + +" search +set hlsearch " highlighted search results +set showmatch " show matching bracket + +" behavior +filetype on " enable filetype detection +set scrolloff=5 " show at least 5 lines above/below +set showcmd " show selection metadata +set showmode " show INSERT, VISUAL, etc. mode +set showmatch " show matching brackets +set autoindent smartindent " auto/smart indent +set smarttab " better backspace and tab functionali +set nobackup " don't create pointless backup files; Use VCS instead +set autoread " watch for file changes + +" extra whitespace +highlight ExtraWhitespace ctermbg=red guibg=red +match ExtraWhitespace /\s\+$/ diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml index 1cdd8e7..c0ea3ec 100644 --- a/roles/dotfiles/vars/main.yml +++ b/roles/dotfiles/vars/main.yml @@ -3,7 +3,6 @@ l3d_users__dotfiles_packages: - bash - vim - htop - - ranger -playbook_version_number: 2 +playbook_version_number: 4 playbook_version_path: 'l3d.users.dotfiles.version' From 2ab2a60a5d71b4238ee24fa71f23ff42f957ede0 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 20:08:55 +0200 Subject: [PATCH 06/12] Update vimrc and bashrc --- roles/dotfiles/tasks/bashrc.yml | 2 +- roles/dotfiles/tasks/vimrc.yml | 6 +++--- roles/dotfiles/vars/main.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/dotfiles/tasks/bashrc.yml b/roles/dotfiles/tasks/bashrc.yml index ba7c67c..d6220f5 100644 --- a/roles/dotfiles/tasks/bashrc.yml +++ b/roles/dotfiles/tasks/bashrc.yml @@ -8,7 +8,7 @@ group: 'root' mode: 'u=rw,g=r,o=r' -- name: Create global bashrc configuration +- name: Create bashrc configuration per user become: true ansible.builtin.template: src: 'templates/dotbashrc.j2' diff --git a/roles/dotfiles/tasks/vimrc.yml b/roles/dotfiles/tasks/vimrc.yml index f13c327..6066d26 100644 --- a/roles/dotfiles/tasks/vimrc.yml +++ b/roles/dotfiles/tasks/vimrc.yml @@ -8,11 +8,11 @@ group: 'root' mode: 'u=rw,g=r,o=r' -- name: Create global bashrc configuration +- name: Create vimrc configuration per defined user become: true ansible.builtin.template: - src: 'templates/dotbashrc.j2' - dest: "{{ user.home | default('/home/' + user.name) }}/.bashrc" + src: 'templates/vimrc.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.vimrc" owner: "{{ user.name }}" group: "{{ user.name }}" mode: '0640' diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml index c0ea3ec..953268e 100644 --- a/roles/dotfiles/vars/main.yml +++ b/roles/dotfiles/vars/main.yml @@ -4,5 +4,5 @@ l3d_users__dotfiles_packages: - vim - htop -playbook_version_number: 4 +playbook_version_number: 5 playbook_version_path: 'l3d.users.dotfiles.version' From 29e1071218927594f907cf05f08e028036e60a8d Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 20:15:01 +0200 Subject: [PATCH 07/12] Create tmux config --- roles/dotfiles/defaults/main.yml | 3 +++ roles/dotfiles/tasks/main.yml | 5 +++++ roles/dotfiles/tasks/tmux.yml | 23 +++++++++++++++++++++++ roles/dotfiles/templates/tmux.conf.j2 | 2 ++ roles/dotfiles/vars/main.yml | 3 ++- 5 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 roles/dotfiles/tasks/tmux.yml create mode 100644 roles/dotfiles/templates/tmux.conf.j2 diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index 42e4d77..2e16778 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -60,5 +60,8 @@ l3d_users__dotfiles__history_file_size: '-1' # vim config l3d_users__vimrc: true +# tmux config +l3d_users__tmuxcfg: true + # run simple versionscheck submodules_versioncheck: false diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 3e35b8c..227690a 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -17,3 +17,8 @@ ansible.builtin.include_tasks: file: 'vimrc.yml' when: l3d_users__vimrc | bool + +- name: Setup and configure tmux + ansible.builtin.include_tasks: + file: 'tmux.yml' + when: l3d_users__tmuxcfg | bool diff --git a/roles/dotfiles/tasks/tmux.yml b/roles/dotfiles/tasks/tmux.yml new file mode 100644 index 0000000..3ca5a99 --- /dev/null +++ b/roles/dotfiles/tasks/tmux.yml @@ -0,0 +1,23 @@ +--- +- name: Create tmux configuration for root + become: true + ansible.builtin.template: + src: 'templates/tmux.conf.j2' + dest: '/root/.tmux.conf' + owner: 'root' + group: 'root' + mode: 'u=rw,g=r,o=r' + +- name: Create vimrc configuration per defined user + become: true + ansible.builtin.template: + src: 'templates/tmux.conf.j2' + dest: "{{ user.home | default('/home/' + user.name) }}/.tmux.conf" + owner: "{{ user.name }}" + group: "{{ user.name }}" + mode: '0640' + loop: "{{ _l3d_users__merged_users }}" + loop_control: + label: "user={{ user.name }}" + loop_var: user + when: user.state | default ('present') == 'present' diff --git a/roles/dotfiles/templates/tmux.conf.j2 b/roles/dotfiles/templates/tmux.conf.j2 new file mode 100644 index 0000000..334c1da --- /dev/null +++ b/roles/dotfiles/templates/tmux.conf.j2 @@ -0,0 +1,2 @@ + +set -g history-limit 65536 diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml index 953268e..fe06c73 100644 --- a/roles/dotfiles/vars/main.yml +++ b/roles/dotfiles/vars/main.yml @@ -3,6 +3,7 @@ l3d_users__dotfiles_packages: - bash - vim - htop + - tmux -playbook_version_number: 5 +playbook_version_number: 6 playbook_version_path: 'l3d.users.dotfiles.version' From 199e9476aaed56f501082d3ee3bdf0c85b1f0d3c Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 20:17:51 +0200 Subject: [PATCH 08/12] update template --- roles/dotfiles/templates/dotbashrc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dotfiles/templates/dotbashrc.j2 b/roles/dotfiles/templates/dotbashrc.j2 index 7999b3f..814a343 100644 --- a/roles/dotfiles/templates/dotbashrc.j2 +++ b/roles/dotfiles/templates/dotbashrc.j2 @@ -14,7 +14,7 @@ export PATH # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" -{% for alias in dotfiles__aliases %} +{% for alias in l3d_users__dotfiles__aliases %} {% if alias.color %} alias {{ alias.alias }}="{{ alias.command }} --color=auto" {% endif %} From 7966fbb3dd8a98e958967f583a85c68bb4896fc4 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 20:19:32 +0200 Subject: [PATCH 09/12] Improve missing variable --- roles/dotfiles/templates/bash.bashrc.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 index 3832631..f91e152 100644 --- a/roles/dotfiles/templates/bash.bashrc.j2 +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -7,7 +7,7 @@ # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" -{% for alias in dotfiles__aliases %} +{% for alias in l3d_users__dotfiles__aliases %} {% if alias.color %} alias {{ alias.alias }}="{{ alias.command }} --color=auto" {% endif %} From 7727d0384da5c49d433b13d136639d27697b858e Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 22:59:38 +0200 Subject: [PATCH 10/12] Update dotifles --- roles/dotfiles/README.md | 29 ++++++++++--------------- roles/dotfiles/defaults/main.yml | 3 ++- roles/dotfiles/tasks/main.yml | 4 ++++ roles/dotfiles/templates/bash.bashrc.j2 | 14 ++++++------ roles/dotfiles/templates/dotbashrc.j2 | 16 +++++++------- roles/dotfiles/templates/tmux.conf.j2 | 2 +- roles/dotfiles/templates/vimrc.j2 | 7 +++--- roles/dotfiles/vars/main.yml | 2 +- roles/user/tasks/main.yml | 1 - 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md index 3fc6b91..b18f62f 100644 --- a/roles/dotfiles/README.md +++ b/roles/dotfiles/README.md @@ -37,23 +37,18 @@ There is a third directory-variable called ``l3d_users__ssh_login: []`` which on | name | default value | description | | --- | --- | --- | -| ``l3d_users__limit_login`` | ``true`` | Only allow SSH login for specified users | -| ``l3d_users__sshd_port`` | ``22`` | Port for SSH | -| ``l3d_users__sshd_password_authentication`` | ``false`` | Allow login with Password | -| ``l3d_users__sshd_permitrootlogin`` | ``false`` | Allow login as root | -| ``l3d_users__create_ansible`` | ``true`` | Create Ansible User | -| ``l3d_users__ansible_user_state`` | ``present`` | Ansible User State | -| ``l3d_users__sshd_manage_server_key_types`` | ``true`` | Manage Server SSH Key types | -| ``l3d_users__sshd_server_key_types`` | ``['ed25519']`` | List of supported SSH Key Types | -| ``l3d_users__sshd_manage_key_algorithmus`` | ``true`` | Manage SSH Key Algorythmins | -| ``l3d_users__sshd_key_algorithmus`` | ``['ssh-ed25519-cert-v01@openssh.com', 'ssh-ed25519', 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ecdsa-sha2-nistp256-cert-v01@openssh.com']`` | Used SSH Key Algorithms | -| ``l3d_users__sshd_manage_kex_algorithmus`` | ``true`` | Manage SSH Kex Algorythms | -| ``l3d_users__sshd_kex_algorithmus`` | ``['curve25519-sha256@libssh.org', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group-exchange-sha1']`` | Used Kex Algorythms | -| ``l3d_users__sshd_manage_ciphers`` | ``true`` | Manage SSH Ciphers | -| ``l3d_users__sshd_ciphers`` | ``['chacha20-poly1305@openssh.com', 'aes256-gcm@openssh.com', 'aes256-ctr']`` | Used SSH Ciphers | -| ``l3d_users__sshd_manage_macs`` | ``true`` | Manage Used MACs | -| ``l3d_users__sshd_macs`` | ``['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512']`` | Used MACs | -| ``l3d_users__sshd_xforwarding`` |``true`` | Enable X-Forwarding | +| ``l3d_users__bashrc`` | ``true`` | Configure bashrc | +| ``l3d_users__dotfiles__bash_completion_enabled`` | ``true`` | Enable bash completion | +| ``l3d_users__dotfiles__aliases`` | *see [defaults/main.yml](defaults/main.yml)* | A predefined list of usefull aliases for your bash config | +| ``dotfiles__additional_user_bashrc_lines`` | ``[]`` | variable for additional bashrc lines | +| ``l3d_users__bashrc_path`` | ``$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH``| bashrc $PATH | +| ``l3d_users__dotfiles__user_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for users | +| ``l3d_users__dotfiles__root_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for root | +| ``l3d_users__dotfiles__history_control`` | ``ignoreboth`` | bashrc history control | +| ``l3d_users__dotfiles__history_size`` | ``-1`` | bashrc history size | +| ``l3d_users__dotfiles__history_file_size`` | ``-1`` | bashrc history filesize | +| ``l3d_users__vimrc`` | ``true`` | Create vim config | +| ``l3d_users__tmuxcfg`` | ``true`` | Create Tmux Config | | ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | Example Playbook diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml index 2e16778..7d6e697 100644 --- a/roles/dotfiles/defaults/main.yml +++ b/roles/dotfiles/defaults/main.yml @@ -41,7 +41,7 @@ l3d_users__dotfiles__aliases: - {alias: "lz", command: "ls -Z", color: false} - {alias: "EDITOR", command: "/usr/bin/vim", color: false} - {alias: "VISUAL", command: "/usr/bin/gedit", color: false} - - {alias: "gitsubpull", command: "git submodule foreach '(git checkout $(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull ; git submodule foreach \"(git checkout $(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)\")'", color: false} + - {alias: "gitsubpull", command: "git submodule foreach '(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull ; git submodule foreach \\\"(git checkout \\$(git symbolic-ref --short refs/remotes/origin/HEAD | sed 's@^origin/@@'); git pull)\\\")'", color: false} - {alias: "pwgen", command: "/usr/bin/pwgen --num-passwords=3000 --numerals --capitalize --secure --no-vowels --ambiguous 95 1", color: false} - {alias: "gdiff", command: "git diff --submodule=diff", color: false} dotfiles__additional_user_bashrc_lines: [] @@ -59,6 +59,7 @@ l3d_users__dotfiles__history_file_size: '-1' # vim config l3d_users__vimrc: true +l3d_users__vim_colorscheme: 'elflord' # tmux config l3d_users__tmuxcfg: true diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 227690a..af696a8 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -8,6 +8,10 @@ ansible.builtin.include_tasks: file: 'packages.yml' +- name: Merge default and locale Users + ansible.builtin.set_fact: + _l3d_users__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}" + - name: Setup and configure bashrc ansible.builtin.include_tasks: file: 'bashrc.yml' diff --git a/roles/dotfiles/templates/bash.bashrc.j2 b/roles/dotfiles/templates/bash.bashrc.j2 index f91e152..59433e2 100644 --- a/roles/dotfiles/templates/bash.bashrc.j2 +++ b/roles/dotfiles/templates/bash.bashrc.j2 @@ -1,5 +1,5 @@ # /etc/bashrc -{{ ansible_managed | comment }} +{{ ansible_managed | ansible.builtin.comment }} # System wide functions and aliases # Environment stuff goes in /etc/profile @@ -41,13 +41,13 @@ fi HISTCONTROL={{ l3d_users__dotfiles__history_control }} shopt -s histappend {% if ansible_os_family == 'Redhat' %} -# HISTSIZE={{ dotfiles__history_size }} -# HISTFILESIZE={{ dotfiles__history_file_size }} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% elif ansible_distribution == "CentOS" %} -# HISTSIZE={{ dotfiles__history_size }} -# HISTFILESIZE={{ dotfiles__history_file_size }} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% else %} -HISTSIZE={{ dotfiles__history_size }} -HISTFILESIZE={{ dotfiles__history_file_size }} +HISTSIZE={{ l3d_users__dotfiles__history_size }} +HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% endif %} # vim:ts=4:sw=4 diff --git a/roles/dotfiles/templates/dotbashrc.j2 b/roles/dotfiles/templates/dotbashrc.j2 index 814a343..e123388 100644 --- a/roles/dotfiles/templates/dotbashrc.j2 +++ b/roles/dotfiles/templates/dotbashrc.j2 @@ -1,6 +1,6 @@ # {{ user.home | default('/home/' + user.name) }}/.bashrc" # for user {{ user.name }} -{{ ansible_managed | comment }} +{{ ansible_managed | ansible.builtin.comment }} # Source global definitions if [ -f /etc/bash.bashrc ]; then @@ -44,18 +44,18 @@ export PS1='{{ l3d_users__dotfiles__user_prompt }} ' HISTCONTROL={{ l3d_users__dotfiles__history_control }} shopt -s histappend {% if ansible_os_family == 'Redhat' %} -# HISTSIZE={{ dotfiles__history_size }} -# HISTFILESIZE={{ dotfiles__history_file_size }} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% elif ansible_distribution == "CentOS" %} -# HISTSIZE={{ dotfiles__history_size }} -# HISTFILESIZE={{ dotfiles__history_file_size }} +# HISTSIZE={{ l3d_users__dotfiles__history_size }} +# HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% else %} -HISTSIZE={{ dotfiles__history_size }} -HISTFILESIZE={{ dotfiles__history_file_size }} +HISTSIZE={{ l3d_users__dotfiles__history_size }} +HISTFILESIZE={{ l3d_users__dotfiles__history_file_size }} {% endif %} # additional general rules -{% for _row in dotfiles__additional_user_bashrc_lines | default() %} +{% for _row in l3d_users__dotfiles__additional_user_bashrc_lines | default() %} {{ _row }} {% endfor %} diff --git a/roles/dotfiles/templates/tmux.conf.j2 b/roles/dotfiles/templates/tmux.conf.j2 index 334c1da..062cd03 100644 --- a/roles/dotfiles/templates/tmux.conf.j2 +++ b/roles/dotfiles/templates/tmux.conf.j2 @@ -1,2 +1,2 @@ - +{{ ansible_managed | ansible.builtin.comment }} set -g history-limit 65536 diff --git a/roles/dotfiles/templates/vimrc.j2 b/roles/dotfiles/templates/vimrc.j2 index b274040..e9623b8 100644 --- a/roles/dotfiles/templates/vimrc.j2 +++ b/roles/dotfiles/templates/vimrc.j2 @@ -1,5 +1,6 @@ -{{ ansible_managed | comment }} - +" +" {{ ansible_managed }} +" " gopass secure editor au BufNewFile,BufRead /dev/shm/gopass.* setlocal noswapfile nobackup noundofile @@ -8,7 +9,7 @@ syntax on " enable syntax highlighting set cursorline " highlight the current line set fileencoding=utf-8 set encoding=utf-8 -colorscheme elflord +colorscheme {{ l3d_users__vim_colorscheme }} set cursorline " highlight the current line " tabs and indenting diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml index fe06c73..85c32f8 100644 --- a/roles/dotfiles/vars/main.yml +++ b/roles/dotfiles/vars/main.yml @@ -5,5 +5,5 @@ l3d_users__dotfiles_packages: - htop - tmux -playbook_version_number: 6 +playbook_version_number: 7 playbook_version_path: 'l3d.users.dotfiles.version' diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 1f207cf..83e5a07 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -8,7 +8,6 @@ ansible.builtin.set_fact: _l3d_users__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}" - - name: Create ansible user with superuser permissions ansible.builtin.include_tasks: file: 'user_ansible.yml' From 5bad13a8d87f7ebb32ce5cfecc20846da30f4c51 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 23:07:44 +0200 Subject: [PATCH 11/12] Update docs --- README.md | 15 +++++++++++++++ roles/dotfiles/README.md | 1 + roles/dotfiles/vars/main.yml | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index baa9e29..553e823 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ And it is possible to delete users too. + ``l3d.users.user``: [roles/user](roles/user) ![logo](https://ansible.l3d.space/svg/l3d.users.user_ansible-role.svg) + ``l3d.users.admin``: [roles/admin](roles/admin) ![logo](https://ansible.l3d.space/svg/l3d.users.admin_ansible-role.svg) + ``l3d.users.sshd``: [roles/sshd](roles/admin) ![logo](https://ansible.l3d.space/svg/l3d.users.sshd_ansible-role.svg) ++ ``l3d.users.dotfiles``: [roles/dotfiles](roles/dotfiles) ![logo](https://ansible.l3d.space/svg/l3d.users.dotfiles_ansible-role.svg) ## Using this Collection You can install the collection using ansible-galaxy by running: @@ -101,6 +102,20 @@ There is also the ``l3d_users__ssh_login`` variable which only supports ``name`` | ``l3d_users__sshd_manage_macs`` | ``true`` | Manage Used MACs | | ``l3d_users__sshd_macs`` | ``['hmac-sha2-512-etm@openssh.com', 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512']`` | Used MACs | | ``l3d_users__sshd_xforwarding`` |``true`` | Enable X-Forwarding | +| ``l3d_users__bashrc`` | ``true`` | Configure bashrc | +| ``l3d_users__dotfiles__bash_completion_enabled`` | ``true`` | Enable bash completion | +| ``l3d_users__dotfiles__aliases`` | *see [defaults/main.yml](defaults/main.yml)* | A predefined list of usefull aliases for your bash config | +| ``dotfiles__additional_user_bashrc_lines`` | ``[]`` | variable for additional bashrc lines | +| ``l3d_users__bashrc_path`` | ``$HOME/.local/bin:$HOME/bin:$HOME/.cargo/env:$PATH``| bashrc $PATH | +| ``l3d_users__dotfiles__user_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for users | +| ``l3d_users__dotfiles__root_prompt`` | *see [defaults/main.yml](defaults/main.yml)* | PS1 prompt for root | +| ``l3d_users__dotfiles__history_control`` | ``ignoreboth`` | bashrc history control | +| ``l3d_users__dotfiles__history_size`` | ``-1`` | bashrc history size | +| ``l3d_users__dotfiles__history_file_size`` | ``-1`` | bashrc history filesize | +| ``l3d_users__vimrc`` | ``true`` | Create vim config | +| ``l3d_users__vim_colorscheme`` | ``elflord`` | Configure vim colorscheme | +| ``l3d_users__tmuxcfg`` | ``true`` | Create Tmux Config | +| ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | | ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | ## Requirements diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md index b18f62f..0734f0a 100644 --- a/roles/dotfiles/README.md +++ b/roles/dotfiles/README.md @@ -48,6 +48,7 @@ There is a third directory-variable called ``l3d_users__ssh_login: []`` which on | ``l3d_users__dotfiles__history_size`` | ``-1`` | bashrc history size | | ``l3d_users__dotfiles__history_file_size`` | ``-1`` | bashrc history filesize | | ``l3d_users__vimrc`` | ``true`` | Create vim config | +| ``l3d_users__vim_colorscheme`` | ``elflord`` | Configure vim colorscheme | | ``l3d_users__tmuxcfg`` | ``true`` | Create Tmux Config | | ``submodules_versioncheck`` | ``false`` | Optionaly enable simple versionscheck of this role | diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml index 85c32f8..f6f1e7a 100644 --- a/roles/dotfiles/vars/main.yml +++ b/roles/dotfiles/vars/main.yml @@ -5,5 +5,5 @@ l3d_users__dotfiles_packages: - htop - tmux -playbook_version_number: 7 +playbook_version_number: 8 playbook_version_path: 'l3d.users.dotfiles.version' From 35c8a6bd55c174dfb15d4ad8e458eb40b0752316 Mon Sep 17 00:00:00 2001 From: L3D Date: Sat, 6 Apr 2024 23:13:08 +0200 Subject: [PATCH 12/12] Create yamllint --- roles/admin/.yamllint | 8 ++++++++ roles/dotfiles/.yamllint | 8 ++++++++ roles/sshd/.yamllint | 8 ++++++++ roles/user/.yamllint | 8 ++++++++ 4 files changed, 32 insertions(+) create mode 100644 roles/admin/.yamllint create mode 100644 roles/dotfiles/.yamllint create mode 100644 roles/sshd/.yamllint create mode 100644 roles/user/.yamllint diff --git a/roles/admin/.yamllint b/roles/admin/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/admin/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/dotfiles/.yamllint b/roles/dotfiles/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/dotfiles/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/sshd/.yamllint b/roles/sshd/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/sshd/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning diff --git a/roles/user/.yamllint b/roles/user/.yamllint new file mode 100644 index 0000000..f7347ec --- /dev/null +++ b/roles/user/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + # 310 chars should be enough, but don't fail if a line is longer + line-length: + max: 310 + level: warning