Patrick Marchand
f73667ea3c
Inline ssh_allow_user file
2019-09-11 11:53:51 -04:00
Patrick Marchand
e79455efae
Add match user and allow user ssh statements with join.
...
If the statements are not there, we do not need to worry about manual edits.
2019-09-11 11:29:18 -04:00
Patrick Marchand
75aad3e5d7
Fixed regression in evolinux-users ssh tasks
...
continuous-integration/drone/pr Build encountered an error
continuous-integration/drone/push Build is passing
We need to register that the match user and allow user is now present
after adding the first user.
2019-08-07 12:15:57 -04:00
Patrick Marchand
3feb0cc3b4
Simplify sudo tasks for evolinux-users
...
continuous-integration/drone/push Build encountered an error
continuous-integration/drone/pr Build is failing
Move two template creation tasks out of the loop.
This means that the task runs only once instead
of one time per user in the loop.
2019-08-06 17:57:35 -04:00
Patrick Marchand
9049a97792
Simplify evolinux-users ssh tasks
...
It makes no sense to make a check
before you include the task and do
lt again after. Just use the
pre-registered variables.
This removes two tasks per user loop
and one overall task.
2019-08-06 17:53:21 -04:00
Ludovic Poujol
890055753e
evolinux-users: Validate sshd config with "-t" instead of "-T"
...
See #52
2019-06-17 10:23:56 +02:00
Jérémy Lecour
bd8644ae60
whitespaces
2019-05-14 14:03:03 +02:00
Jérémy Lecour
aa28e9c1b8
change repositories URL
2019-03-21 15:31:58 +01:00
Jérémy Lecour
b3f9932c4d
evolinux-users: add newaliases handler
2018-11-14 17:04:51 +01:00
Victor LABORIE
8cd689f9b4
haproxy: move check_haproxy_stats to nagios-nrpe role
2018-09-28 15:21:42 +02:00
Jérémy Lecour
c76cbd1887
evolinux-users: add user to /etc/aliases
2018-09-09 23:42:38 +02:00
Victor LABORIE
17c8093711
nagios-nrpe: use bkctld check subcommand for NRPE check
2018-05-30 17:13:39 +02:00
Jérémy Lecour
08d5ca5696
evolinux-users: fix secondary groups
...
With ANsible 2.2 the list of groups must be comma-separated
2018-05-02 17:16:36 +02:00
Jérémy Lecour
c87e3ee576
evolinux-users: add user to internal group if defined and Debian >= 9
2018-05-02 17:12:27 +02:00
Jérémy Lecour
74ca43fe05
evolinux-users: add documentation for variables
2018-05-02 17:12:27 +02:00
Ludovic Poujol
732087235c
evolinux-users: Fix check_minifirewall path in sudoers file
2018-04-25 17:36:11 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
e79640d770
evolinux: Name and improve compatibility checks
2018-04-20 14:38:55 +02:00
Jérémy Lecour
bc3b1182ea
evolinux-users: default to AllowGroups (for SSH) in Debian 10
2018-04-20 10:25:14 +02:00
Jérémy Lecour
43d86f5541
evolinux-users: cover more cases for AllowUsers/Groups in sshd config
2018-04-18 18:21:09 +02:00
Jérémy Lecour
b0b4e13130
evolinux-users: Add users to group for SSH on Debian 9+
2018-04-18 12:16:04 +02:00
Jérémy Lecour
32c289d915
evolinux: improve case switching
...
A case was missing : no AllowUsers/AllowGroups, on Debian 9
2018-04-18 12:16:04 +02:00
Jérémy Lecour
5bcd7e44cf
evolinux-users: really look for evomaintenance
...
The file was missing in the grep command :/
2018-04-18 12:16:04 +02:00
Jérémy Lecour
a782ef3180
evolinux-users: better names for a fewtasks
2018-04-18 12:16:04 +02:00
Jérémy Lecour
dba26fbbaf
evolinux-users: sudoers file should be 0440 also in Stretch
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f065310ca6
evolinux-users: use command instead of shell when possible
2018-04-18 12:16:04 +02:00
Jérémy Lecour
2027420877
whitespaces
2018-04-18 12:16:04 +02:00
Jérémy Lecour
13abc44992
evolinux-users: use assert instead of fail
2018-04-18 12:16:04 +02:00
Jérémy Lecour
f152ba66cd
evolinux-users: regroup tasks
...
1. create all accounts
2. configure sudo for everyone
3. configure ssh for everyone
2018-04-18 12:16:04 +02:00
Jérémy Lecour
e0ac7760f0
Use AllowGroups mode also if no AllowUsers is present at all
2018-04-18 12:16:04 +02:00
Jérémy Lecour
4fc58e4b1e
evolinux-users: rename included files
2018-04-18 12:16:04 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
46a6a35486
evolinux-users: add check_minifirewall in sudoers commands
2018-04-06 10:36:48 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
84924c38f4
evolinux-users: create .profile for evomaintenance if missing
2018-03-13 09:37:27 +01:00
Jérémy Lecour
097f732922
evolinux-users: evomaintenance trap detection also with check_mode
2018-02-08 15:33:28 +01:00
Jérémy Lecour
c18b83d974
evolinux-users: deal with AllowGroups and AllowUsers differently
2018-02-08 15:29:53 +01:00
Jérémy Lecour
290dfd300a
evolinux-users: add users to adm group for Stretch
2017-12-28 11:01:31 +01:00
Jérémy Lecour
b7cede7654
Don't add the trap if it is present or commented
2017-10-17 18:07:51 +02:00
Jérémy Lecour
71cd04029c
Insert "Match User" if missing (Jessie only)
2017-10-17 10:28:49 +02:00
Jérémy Lecour
1091dfeeed
evolinux-users: Handle "PermitRootLogin prohibit-password"
2017-10-11 22:17:52 +02:00
Jérémy Lecour
c77bc14e95
Evolinux: don't remove root from AllowUsers list
2017-10-11 17:58:59 +02:00
Jérémy Lecour
ae4b9675c2
evolix-users: disable root ssh login by default
2017-10-10 22:01:44 +02:00
Jérémy Lecour
8435ac192d
evolinux-users: better detection of AllowUsers
2017-10-10 22:01:12 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
8c1024c23c
No need to add individual users, a group is enough
2017-10-08 14:23:21 +02:00
Jérémy Lecour
fedbc5b579
evolinux-users: no need to repeat condition
2017-10-06 12:05:07 +02:00
Jérémy Lecour
2b253e075c
Users can be added to secondary groups
2017-10-06 01:06:59 +02:00
Jérémy Lecour
f759b849a5
evolinux-users: install many ssh keys if needed
2017-10-06 01:06:59 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00