required varaibles / remove append group / blocks in shell

2018-08-26 15:10:15 +02:00 · 2018-08-26 15:10:15 +02:00 · 59749462c0
commit 59749462c0
parent c53f502220
8 changed files with 145 additions and 13 deletions
--- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml
+++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml
@ -1,4 +1,11 @@
 ---
+- name: Check for required variables
+  fail:
+    msg: "Variable: 'users.name' or 'users.state' NOT defined!"
+  with_items: "{{ users }}"
+  when: item.state is not defined or item.name is not defined
+
+
 - include_tasks: set_facts.yml
 - include_tasks: users.yml
 - include_tasks: ssh_config.yml
--- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml
+++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml
@ -1,3 +1,4 @@
+# Set default shell
 - set_fact:
    default_shell: "{{ default_freebsd_shell }}"
  when: ansible_os_family == 'FreeBSD'
@ -6,3 +7,20 @@
    default_shell: "{{ default_linux_shell }}"
  when: ansible_os_family == 'Debian'

+# Set sudoers path
+- set_fact:
+    sudoers_path: /usr/local/etc/sudoers.d
+  when: ansible_os_family == 'FreeBSD'
+ 
+- set_fact:
+    sudoers_path: /etc/sudoers.d
+  when: ansible_os_family == 'Debian'
+    
+# Set sudo config path
+- set_fact:
+    sudo_config_path: /usr/local/etc/sudoers
+  when: ansible_os_family == 'FreeBSD'
+ 
+- set_fact:
+    sudo_config_path: /etc/sudoers
+  when: ansible_os_family == 'Debian'
--- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml
+++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml
@ -1,3 +1,4 @@
+
 - name: Ensure .ssh folder is created
  file:
    path: "/home/{{item.name}}/.ssh"
@ -7,6 +8,7 @@
    group: "{{ item.name }}"
  with_items:
    - "{{ users }}"
+  when: item.state == "present"


 - name: Configure authorized_keys
@ -17,4 +19,5 @@
  with_subelements:
    - "{{ users }}"
    -  keys
+  when: item.0.state is defined and item.0.state == "present"

--- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml
+++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml
@ -1,5 +1,5 @@
 ---
- name: Ensure groups exist
+- name: Add/Remove group
  group:
    name: "{{ item.name }}"
    gid: "{{ item.gid | default(omit) }}"
@ -7,7 +7,7 @@
  with_items: "{{ user_groups }}"


- name: Ensure users exist
+- name: Add/Remove user
  user:
    name: "{{ item.name }}"
    state: "{{ item.state | default('present') }}"
@ -15,12 +15,12 @@
    groups: "{{ item.groups | default(omit) }}"
    uid: "{{ item.uid | default(omit) }}"
    shell: "{{ item.shell | default(default_shell) }}"
-    append: yes
-  no_log: True
+    remove: yes
+  no_log: False
  with_items: "{{ users }}"


- name: Configure bashrc
+- name: Configure bashrc lines
  lineinfile:
    path: "/home/{{ item.0.name }}/.bashrc"
    line: "{{ item.1.line }}"
@ -30,17 +30,84 @@
    - "{{ users }}"
    - bash_lines
    - skip_missing: true
-  when: ansible_os_family == 'Debian'
+  when: ansible_os_family == 'Debian' and item.0.state == "present"

+- name: Configure bashrc blocks
+  blockinfile:
+    path: "/home/{{ item.0.name }}/.bashrc"
+    content: "{{ item.1.content }}"
+    marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}"
+    state: "{{ item.1.state | default('present') }}"
+    backup: yes
+  with_subelements:
+    - "{{ users }}"
+    - bash_blocks
+    - skip_missing: true
+  when: ansible_os_family == 'Debian' and item.0.state == "present"
+  loop_control:
+    index_var: listitem

- name: Configure cshrc
+- name: Configure cshrc lines
  lineinfile:
    path: "/home/{{ item.0.name }}/.cshrc"
    line: "{{ item.1.line }}"
    state: "{{ item.1.state | default('present')}}"
+    backup: yes
  with_subelements:
    - "{{ users }}"
    - csh_lines
    - skip_missing: true
-  when: ansible_os_family == 'FreeBSD'
+  when: ansible_os_family == 'FreeBSD' and item.0.state == "present"
+
+- name: Configure cshrc blocks
+  blockinfile:
+    path: "/home/{{ item.0.name }}/.cshrc"
+    content: "{{ item.1.conent }}"
+    marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}"
+    state: "{{ item.1.state | default('present')}}"
+    backup: yes
+  with_subelements:
+    - "{{ users }}"
+    - csh_blocks
+    - skip_missing: true
+  when: ansible_os_family == 'FreeBSD' and item.0.state == "present"
+  loop_control:
+    index_var: listitem
+
+- name: Ensure sudo is installed (Debian)
+  apt:
+    name: sudo
+    update_cache: yes
+    cache_valid_time: "{{ apt_cache_valid | default('86400') }}"
+  when: ansible_os_family == "Debian"
+
+- name: Ensure sudo is installed (FreeBSD)
+  portinstall:
+    name: sudo
+    state: present
+  when: ansible_os_family == "FreeBSD"
+
+- name: Enable sudo for user
+  lineinfile:
+    path: "{{ sudoers_path }}/{{ item.name }}"
+    line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL"
+    state: present
+    create: true
+  when: item.enable_sudo is defined and item.enable_sudo == true
+  with_items: "{{ users }}"
+
+- name: Disable sudo for user
+  file:
+    path: "{{ sudoers_path }}/{{ item.name }}"
+    state: absent
+  when: item.enable_sudo is defined and item.enable_sudo == false
+  with_items: "{{ users }}"
+
+- name: Include sudoers.d
+  lineinfile:
+    dest: "{{ sudo_config_path }}"
+    state: present
+    regexp: '^\#includedir {{ sudoers_path }}'
+    line: '#includedir {{ sudoers_path }}'
+    validate: 'visudo -cf %s'