[Cleanup] Clean up evolinux-base and evolinux-users

evolinux-users: Add name to all tasks for self documentation purposes and don't compare with empty string. evolinux-base: Remove trailing whitespaces.
2020-06-18 16:20:13 +02:00 · 2020-06-18 16:20:13 +02:00 · 3ec85f9560
parent 2036db938b
commit 3ec85f9560
4 changed files with 8 additions and 7 deletions
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@ -29,7 +29,7 @@
 # HP gen <10: Hewlett-Packard Company Smart Array
 # HP gen >=10: Adaptec Smart Storage PQI
 - name: Detect if RAID is installed
-  shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"
+  shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"'
  check_mode: no
  register: raidmodel
  changed_when: "'FAILED' in raidmodel.stdout"
--- a/evolinux-base/tasks/postfix.yml
+++ b/evolinux-base/tasks/postfix.yml
@ -32,9 +32,8 @@
    - postfix

 - name: fetch users list
-  shell: getent passwd | cut -d":" -f 1 | grep -v root
+  shell: 'getent passwd | cut -d":" -f 1 | grep -v root'
  check_mode: no
-
  register: non_root_users_list
  changed_when: False
  tags:
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@ -22,11 +22,13 @@
    var: grep_allowusers_ssh
    verbosity: 1

- assert:
+- name: "Check that only AllowUsers or AllowGroups is present"
+  assert:
    that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
    msg: "We can't deal with AllowUsers and AllowGroups at the same time"

- set_fact:
+- name: "Define which protection method to use"
+  set_fact:
    # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
    ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
    # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
--- a/evolinux-users/tasks/user.yml
+++ b/evolinux-users/tasks/user.yml
@ -102,7 +102,7 @@
    state: present
  when:
    - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
    - ansible_distribution_major_version is version('9', '>=')

 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
@ -112,7 +112,7 @@
    append: yes
  when:
    - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
    - ansible_distribution_major_version is version('9', '>=')

 ## Optional secondary groups, defined per user