# Get systemd version and if it doesn't exist don't run these tests. - name: check systemd version command: "systemctl --version" register: systemd_version ignore_errors: yes - name: check homectl version command: homectl --version register: homectl_version ignore_errors: yes - block: - name: Check and start systemd-homed service service: name: systemd-homed.service state: started enabled: yes - name: Add a user 'james' community.general.homectl: name: james password: myreallysecurepassword1! state: present - name: verify user added command: homectl inspect james register: james_info - name: Add the user 'tom' with a zsh shell, uid of 1000, and gid of 1000 community.general.homectl: name: tom password: myreallysecurepassword1! state: present shell: /bin/zsh uid: 1000 gid: 1000 disksize: 10G register: tom_userinfo - name: Try to add user 'james' that already exists community.general.homectl: name: james password: myreallysecurepassword1! state: present shell: /bin/ksh register: user_exists - name: Try to use 'resize=yes' option without 'disksize' option (not allowed) community.general.homectl: name: foo password: uq4895738!@#$%dfd state: present resize: yes register: resize_out ignore_errors: yes - name: Use option 'disksize=1G' without option resize (allowed) community.general.homectl: name: foobar password: "uq4895738!@#$%dfd" state: present disksize: 1G register: disk_out ignore_errors: yes - name: Try to Create user without giving password community.general.homectl: name: danielle register: danielle_out ignore_errors: yes - name: remove user 'foobar' without requiring password community.general.homectl: name: foobar state: absent register: delete_foobar_out - name: modify user 'james' to have zsh shell and timezone 'America/New_York' community.general.homectl: name: james password: myreallysecurepassword1! state: present shell: /bin/zsh timezone: America/New_York register: lukuser_modify_out - name: create user 'jake' with all mount options community.general.homectl: name: jake password: myreallysecurepassword12! mountopts: noexec,nosuid,nodev sshkeys: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUSW/q2qFZPr2vS0qrmAs+1iQI1jLIBdJ4CVIhE3KnIwxkkiInS8mJ+t0FBTeK3ks3GZLPVYC1v9o2P+oqyUk1CiBnCsMXGJud+L/t8b5r8MiJMyP7Jzd6yhmcvenjvz+vY06jQ9chWAtThEknuaOMongIpQQzSLGbdMy0yMsz4GEjicwdcj1PDwItPvUt4TL4K7V9NE672idADlRt6qng4UwpziqlYgsyIG46ettDras8hGAPricrhFWUS2rLDsCD0thkPFdR8HL1ZWTZ6LtolhO4MYtgntzXn708TTmFC2oIDluzyxVoUYmsfVotVdXFZcOWffnwbCgU+tn75JXTLozgTbV3VWmkxpJFErCWPerxcZv3+7b0f36/Y0gRNjM9HERLDSE1c8yz29NOLY0qH5306aByjOaerxNq9+ZOU/Fmf5/VfGIUp/FdLxDw+V0AzejFG580VAcstEMsOHSdwTbi3gf6LoGSiRyWKKDod0TZCMC6RzfdsfdsfI9CClGl0s= test@router.home" register: jake_out - name: Try to remove user 'janet' that doesn't exist community.general.homectl: name: janet state: absent register: user_not_exist ignore_errors: yes - name: Use check_mode to try and create user 'diana' community.general.homectl: name: diana password: helloworld123!@ state: present check_mode: yes register: diana_create_checkmode_out - name: Verify user 'diana' was not created with check_mode command: homectl inspect diana register: user_diana_exists ignore_errors: yes - name: Try to modify user 'jake' with only noexec mount option in check_mode community.general.homectl: name: jake password: myreallysecurepassword12! state: present mountopts: noexec check_mode: yes register: jake_checkmode_out - name: Verify user 'jake' was not modified and still has all mount options command: homectl inspect jake register: user_jake_details_out - name: Modify user 'jake' with only noexec mount option community.general.homectl: name: jake password: myreallysecurepassword12! state: present mountopts: noexec register: jake_modify_out - name: modify user 'jake' again with only noexec mount option to make sure changed is false as nothing has changed. community.general.homectl: name: jake password: myreallysecurepassword12! state: present mountopts: noexec register: jake_modify_again_out - name: Try to modify user 'jake' with an incorrect password community.general.homectl: name: jake password: incorrectPassword! state: present mountopts: noexec locked: yes ignore_errors: yes register: jake_incorrect_pass_out - assert: that: - james_info.rc == 0 - tom_userinfo.data['gid'] == 1000 and tom_userinfo.data['uid'] == 1000 - user_exists is changed and user_exists.data['shell'] == '/bin/ksh' - resize_out is not changed - disk_out is changed - delete_foobar_out is changed - danielle_out is not changed - lukuser_modify_out.data['timeZone'] == "America/New_York" and lukuser_modify_out.data['shell'] == "/bin/zsh" - user_not_exist is not changed and user_not_exist.msg == "User does not exist!" - jake_out is changed and jake_out.data['mountNoDevices'] == True and jake_out.data['mountNoSuid'] == True and jake_out.data['mountNoExecute'] == True - diana_create_checkmode_out is changed and 'No home for user diana known' in user_diana_exists.stderr - "jake_checkmode_out is changed and 'Mount Flags: nosuid nodev noexec' in user_jake_details_out.stdout" - jake_modify_out is changed and jake_modify_out.data['privileged']['sshAuthorizedKeys'] is not none - jake_modify_out.data['mountNoDevices'] == False and jake_modify_out.data['mountNoExecute'] == True and jake_modify_out.data['mountNoSuid'] == False - jake_modify_again_out is not changed - jake_incorrect_pass_out is not changed and jake_incorrect_pass_out is failed and jake_incorrect_pass_out.msg == 'User exists but password is incorrect!' # homectl was first introduced in systemd 245 so check version >= 245 and make sure system has systemd and homectl command when: - systemd_version.rc == 0 and (systemd_version.stdout | regex_search('[0-9][0-9][0-9]') | int >= 245) and homectl_version.rc == 0 - ansible_distribution != 'Archlinux' # TODO! - ansible_distribution != 'Fedora' or ansible_distribution_major_version|int < 36 # TODO!