David Prevot
dbef71d791
Drop trailing whitespaces
gitea/ansible-roles/pipeline/head This commit looks good
2023-01-06 09:54:51 +01:00
Jérémy Lecour
1728eaee68
Revert "Add “when: not ansible_check_mode” to allow more --check"
...
gitea/ansible-roles/pipeline/head This commit looks good
This reverts commit fafff25c20
.
This reverts commit e64471c5a8084f95a8e6f955d3fa918c55b8e846.
2022-12-14 07:41:18 +01:00
David Prevot
d4f58b9395
Drop duplicate when keys introduced in fafff25c20
gitea/ansible-roles/pipeline/head This commit looks good
2022-12-12 14:29:07 +01:00
David Prevot
fafff25c20
Add “when: not ansible_check_mode” to allow more --check
gitea/ansible-roles/pipeline/head This commit looks good
2022-12-02 17:40:43 +01:00
Patrick Marchand
2c1ec040d1
Simplify user subset creation
...
Instead of tags, allow only one subset of users to be created at a time.
2022-08-24 09:05:29 -04:00
Patrick Marchand
9dfcfe1ef3
Made it possible to only create a subset of users
...
gitea/ansible-roles/pipeline/head This commit looks good
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
2022-08-23 20:18:45 -04:00
Ludovic Poujol
519ef930df
Update PermitRootLogin task to work on Debian 11
continuous-integration/drone/push Build is passing
2022-06-21 15:13:38 +02:00
Jérémy Lecour
270d03b6a6
evolinx-users: optimize sudo configuration
continuous-integration/drone/push Build was killed
2022-03-02 09:40:52 +01:00
Jérémy Lecour
9b2a3a6db2
evolinux-users: convert uid to string
continuous-integration/drone/push Build is passing
2021-05-10 07:42:19 +02:00
Jérémy Lecour
2ed77c60f0
Improve Ansible syntax
...
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour
07fd6451e1
Use 'loop' syntax instead of 'with_dict'
2021-05-04 14:20:53 +02:00
Jérémy Lecour
5138065059
Use 'loop' syntax instead of 'with_items'
2021-05-04 14:19:18 +02:00
Jérémy Lecour
81fbd98a5f
evolinux-users: improve uid/login checks
continuous-integration/drone/push Build is passing
2020-12-17 15:25:48 +01:00
Jérémy Dubois
6c202dcf4f
Check that ansible_distribution_major_version is defined in sudo task
...
continuous-integration/drone/push Build is passing
This variable does not exist when run on OpenBSD servers, making the ansible
playbook to exit in a fatal state.
2020-11-06 16:28:35 +01:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Ludovic Poujol
890055753e
evolinux-users: Validate sshd config with "-t" instead of "-T"
...
See #52
2019-06-17 10:23:56 +02:00
Jérémy Lecour
bd8644ae60
whitespaces
2019-05-14 14:03:03 +02:00
Jérémy Lecour
c76cbd1887
evolinux-users: add user to /etc/aliases
2018-09-09 23:42:38 +02:00
Jérémy Lecour
08d5ca5696
evolinux-users: fix secondary groups
...
With ANsible 2.2 the list of groups must be comma-separated
2018-05-02 17:16:36 +02:00
Jérémy Lecour
c87e3ee576
evolinux-users: add user to internal group if defined and Debian >= 9
2018-05-02 17:12:27 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Jérémy Lecour
bc3b1182ea
evolinux-users: default to AllowGroups (for SSH) in Debian 10
2018-04-20 10:25:14 +02:00
Jérémy Lecour
43d86f5541
evolinux-users: cover more cases for AllowUsers/Groups in sshd config
2018-04-18 18:21:09 +02:00
Jérémy Lecour
b0b4e13130
evolinux-users: Add users to group for SSH on Debian 9+
2018-04-18 12:16:04 +02:00
Jérémy Lecour
32c289d915
evolinux: improve case switching
...
A case was missing : no AllowUsers/AllowGroups, on Debian 9
2018-04-18 12:16:04 +02:00
Jérémy Lecour
5bcd7e44cf
evolinux-users: really look for evomaintenance
...
The file was missing in the grep command :/
2018-04-18 12:16:04 +02:00
Jérémy Lecour
a782ef3180
evolinux-users: better names for a fewtasks
2018-04-18 12:16:04 +02:00
Jérémy Lecour
dba26fbbaf
evolinux-users: sudoers file should be 0440 also in Stretch
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f065310ca6
evolinux-users: use command instead of shell when possible
2018-04-18 12:16:04 +02:00
Jérémy Lecour
2027420877
whitespaces
2018-04-18 12:16:04 +02:00
Jérémy Lecour
13abc44992
evolinux-users: use assert instead of fail
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f152ba66cd
evolinux-users: regroup tasks
...
1. create all accounts
2. configure sudo for everyone
3. configure ssh for everyone
2018-04-18 12:16:04 +02:00
Jérémy Lecour
e0ac7760f0
Use AllowGroups mode also if no AllowUsers is present at all
2018-04-18 12:16:04 +02:00
Jérémy Lecour
4fc58e4b1e
evolinux-users: rename included files
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
84924c38f4
evolinux-users: create .profile for evomaintenance if missing
2018-03-13 09:37:27 +01:00
Jérémy Lecour
097f732922
evolinux-users: evomaintenance trap detection also with check_mode
2018-02-08 15:33:28 +01:00
Jérémy Lecour
c18b83d974
evolinux-users: deal with AllowGroups and AllowUsers differently
2018-02-08 15:29:53 +01:00
Jérémy Lecour
290dfd300a
evolinux-users: add users to adm group for Stretch
2017-12-28 11:01:31 +01:00
Jérémy Lecour
b7cede7654
Don't add the trap if it is present or commented
2017-10-17 18:07:51 +02:00
Jérémy Lecour
71cd04029c
Insert "Match User" if missing (Jessie only)
2017-10-17 10:28:49 +02:00
Jérémy Lecour
1091dfeeed
evolinux-users: Handle "PermitRootLogin prohibit-password"
2017-10-11 22:17:52 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00