Alexis Ben Miloud--Josselin
536d051890
Fix mode for files under /etc/ssh/sshd_config.d
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2621|5|2616|10|:+1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/322//ansiblelint">Evolix » ansible-roles » unstable #322</a>
gitea/ansible-roles/pipeline/head This commit looks good
2023-08-16 18:21:06 +02:00
Alexis Ben Miloud--Josselin
4a0d3a4965
Fix permitrootlogin condition
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin
fbb0b73e3a
Add permitrootlogin at beginning of file
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin
86978a8225
evolinux-users: Fix "disable root login" task
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin
fc8105e84e
evolinux-users: prepare SSH configuration for Debian 12 (wip)
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin
eca2b5e4bf
fqcn
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin
ec34d8afe1
Move PermitRootLogin to another file
...
Debian >= 12.
2023-08-16 15:25:07 +02:00
Jérémy Lecour
ee21973371
Use FQCN
...
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2777|524|2253|2462|:+1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a>
gitea/ansible-roles/pipeline/head This commit looks good
Fully Qualified Collection Name
2023-03-20 23:33:19 +01:00
Patrick Marchand
2c1ec040d1
Simplify user subset creation
...
Instead of tags, allow only one subset of users to be created at a time.
2022-08-24 09:05:29 -04:00
Patrick Marchand
9dfcfe1ef3
Made it possible to only create a subset of users
...
gitea/ansible-roles/pipeline/head This commit looks good
The evolinux_users_create variable is a list of tags that defaults to ['active'].
Only the users that have one of the tags in the evolinux_users_create list will be created.
2022-08-23 20:18:45 -04:00
Ludovic Poujol
519ef930df
Update PermitRootLogin task to work on Debian 11
continuous-integration/drone/push Build is passing
2022-06-21 15:13:38 +02:00
Jérémy Lecour
2ed77c60f0
Improve Ansible syntax
...
replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison
2021-05-09 23:06:42 +02:00
Jérémy Lecour
07fd6451e1
Use 'loop' syntax instead of 'with_dict'
2021-05-04 14:20:53 +02:00
Jérémy Lecour
7283e34077
Replace version_compare() with version()
2020-02-25 10:45:35 +01:00
Jérémy Lecour
79bb6103b8
Change "|version_compare" with "is version_compare"
2019-12-31 10:18:19 +01:00
Jérémy Lecour
bc3b1182ea
evolinux-users: default to AllowGroups (for SSH) in Debian 10
2018-04-20 10:25:14 +02:00
Jérémy Lecour
43d86f5541
evolinux-users: cover more cases for AllowUsers/Groups in sshd config
2018-04-18 18:21:09 +02:00
Jérémy Lecour
32c289d915
evolinux: improve case switching
...
A case was missing : no AllowUsers/AllowGroups, on Debian 9
2018-04-18 12:16:04 +02:00
Jérémy Lecour
2027420877
whitespaces
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f152ba66cd
evolinux-users: regroup tasks
...
1. create all accounts
2. configure sudo for everyone
3. configure ssh for everyone
2018-04-18 12:16:04 +02:00
Jérémy Lecour
e0ac7760f0
Use AllowGroups mode also if no AllowUsers is present at all
2018-04-18 12:16:04 +02:00
Jérémy Lecour
4fc58e4b1e
evolinux-users: rename included files
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
c18b83d974
evolinux-users: deal with AllowGroups and AllowUsers differently
2018-02-08 15:29:53 +01:00
Jérémy Lecour
71cd04029c
Insert "Match User" if missing (Jessie only)
2017-10-17 10:28:49 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00
Jérémy Lecour
f759b849a5
evolinux-users: install many ssh keys if needed
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00