Update user permissions and improve linting

roles/admin/README.md

@@ -24,7 +24,7 @@ The Option of these directory-variables are the following.
 | create_home | ``true`` | create a user home *(needed to store ssh keys)* |
 | admin | ``false`` | enable it to give the user superpowers |
 | admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
-| admin_nopassword | true/false | Need no Password for sudo |
+| admin_nopassword | false | Need no Password for sudo |
 | pubkeys | string or lookup | see examples |
 | exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
 | password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |

roles/admin/defaults/main.yml

@@ -5,13 +5,13 @@ l3d_users__default_users: {}
 #    state: 'present'
 #    shell: '/bin/bash'
 #    create_home: true
-#    admin: true
 #    pubkeys: |
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
 #    exklusive_pubkeys: true
 #    password: "$Password_hash"
+#    admin: true
 #    admin_commands: 'ALL'
 #    admin_nopassword: false
 #  - name: 'bob'

roles/admin/tasks/users.yml

@@ -7,7 +7,7 @@
     state: 'present'
     commands: "{{ item.admin_commands | default('ALL') }}"
     nopassword: "{{ item.admin_nopassword | default(false) }}"
-  loop: "{{ _l3d_users_user__merged_users }}"
+  loop: "{{ _l3d_users__merged_users }}"
   loop_control:
     label: "user: ['{{ item.name }}']"
   when: item.state | default ('present') == 'present' and  item.admin | default(false) | bool
@@ -18,7 +18,7 @@
     name: "{{ item.name }}-superpowers"
     state: 'absent'
     user: "{{ item.name }}"
-  loop: "{{ _l3d_users_user__merged_users }}"
+  loop: "{{ _l3d_users__merged_users }}"
   loop_control:
     label: "user: ['{{ item.name }}']"
   when: item.state | default ('present') == 'present' and not item.admin | default(false) | bool

roles/admin/tasks/versioncheck.yml

@@ -0,0 +1,44 @@
+---
+# Copyright (c) 2021 L3D <l3d@c3woc.de>
+# this file is released with the MIT license.
+# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE
+- name: Create directory for versionscheck
+  become: true
+  ansible.builtin.file:
+    path: '/etc/.ansible-version'
+    state: directory
+    mode: '0755'
+  when: submodules_versioncheck | bool
+
+- name: Check playbook version
+  become: true
+  ansible.builtin.slurp:
+    src: "/etc/.ansible-version/{{ playbook_version_path }}"
+  register: playbook_version
+  when: submodules_versioncheck | bool
+  failed_when: false
+
+- name: Print remote role version  # noqa: H500
+  ansible.builtin.debug:
+    msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
+  when: submodules_versioncheck | bool
+
+- name: Print locale role version  # noqa: H500
+  ansible.builtin.debug:
+    msg: "Local role version: '{{ playbook_version_number | string }}'."
+  when: submodules_versioncheck | bool
+
+- name: Check if your version is outdated
+  ansible.builtin.fail:
+    msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
+  when:
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
+
+- name: Write new version to remote disk
+  become: true
+  ansible.builtin.copy:
+    content: "{{ playbook_version_number }}"
+    dest: "/etc/.ansible-version/{{ playbook_version_path }}"
+    mode: '0644'
+  when: submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy

roles/user/README.md

@@ -22,6 +22,8 @@ The Option of these directory-variables are the following.
 | shell | ``/bin/bash`` | The Shell of the User |
 | create_home | ``true`` | create a user home *(needed to store ssh keys)* |
 | admin | ``false`` | enable it to give the user superpowers |
+| admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
+| admin_nopassword | false | Need no Password for sudo |
 | pubkeys | string or lookup | see examples |
 | exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
 | password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |

roles/user/defaults/main.yml

@@ -5,13 +5,15 @@ l3d_users__default_users: {}
 #    state: 'present'
 #    shell: '/bin/bash'
 #    create_home: true
-#    admin: true
 #    pubkeys: |
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
 #       ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
 #    exklusive_pubkeys: true
 #    password: "$Password_hash"
+#    admin: true
+#    admin_commands: 'ALL'
+#    admin_nopassword: false
 #  - name: 'bob'
 #    state: 'present'
 #    shell: '/bin/zsh'