diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2019-12-26 21:50:16 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2019-12-26 21:50:16 +0100 |
| commit | c7006b00fb5664423daeee3b83aa347cf959701b (patch) | |
| tree | 1da323d2777246ff0e01370641f2b2f48dca914e /roles | |
| parent | make vm install work for both debian/ubuntu and openbsd (diff) | |
zsh and sshd role support debian and openbsd now
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/installer/openbsd/autoinstall/templates/install.site.j2 | 5 | ||||
| -rw-r--r-- | roles/sshd/handlers/main.yml | 2 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 11 | ||||
| -rw-r--r-- | roles/sshd/vars/Debian.yml | 3 | ||||
| -rw-r--r-- | roles/sshd/vars/OpenBSD.yml | 2 | ||||
| -rw-r--r-- | roles/zsh/tasks/main.yml | 35 | ||||
| -rw-r--r-- | roles/zsh/templates/banner.chaos-at-home.j2 | 2 | ||||
| -rw-r--r-- | roles/zsh/templates/banner.elevate.j2 | 2 | ||||
| -rw-r--r-- | roles/zsh/templates/banner.skillz.j2 | 2 | ||||
| -rw-r--r-- | roles/zsh/templates/banner.spreadspace.j2 | 2 | ||||
| -rw-r--r-- | roles/zsh/vars/Debian.yml | 12 | ||||
| -rw-r--r-- | roles/zsh/vars/OpenBSD.yml | 12 |
12 files changed, 66 insertions, 24 deletions
diff --git a/roles/installer/openbsd/autoinstall/templates/install.site.j2 b/roles/installer/openbsd/autoinstall/templates/install.site.j2 index f4f9524d..d12ed461 100644 --- a/roles/installer/openbsd/autoinstall/templates/install.site.j2 +++ b/roles/installer/openbsd/autoinstall/templates/install.site.j2 @@ -1,8 +1,7 @@ #!/bin/sh -## TODO: enable this once we know how this works -## echo "Generating random root pasword" -## openssl rand -base64 24 | passwd root +echo "Generating random root pasword" +usermod -p "$(openssl rand -base64 24 | encrypt)" root echo "Installing SSH keys for root" cat <<EOF > /root/.ssh/authorized_keys diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml index f43817f2..ea76595a 100644 --- a/roles/sshd/handlers/main.yml +++ b/roles/sshd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart ssh service: - name: sshd + name: "{{ sshd_service_name }}" state: restarted diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index f98ea536..d73d778b 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + - name: hardening ssh-server config vars: sshd_options: @@ -32,6 +40,7 @@ exclusive: yes - name: delete root password + when: sshd_disabled_password is defined user: name: root - password: "!" + password: "{{ sshd_disabled_password }}" diff --git a/roles/sshd/vars/Debian.yml b/roles/sshd/vars/Debian.yml new file mode 100644 index 00000000..abbccabc --- /dev/null +++ b/roles/sshd/vars/Debian.yml @@ -0,0 +1,3 @@ +--- +sshd_service_name: ssh +sshd_disabled_password: '!' diff --git a/roles/sshd/vars/OpenBSD.yml b/roles/sshd/vars/OpenBSD.yml new file mode 100644 index 00000000..abdaf180 --- /dev/null +++ b/roles/sshd/vars/OpenBSD.yml @@ -0,0 +1,2 @@ +--- +sshd_service_name: sshd diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml index f0aa696e..a5ae60ec 100644 --- a/roles/zsh/tasks/main.yml +++ b/roles/zsh/tasks/main.yml @@ -1,13 +1,21 @@ --- -- name: install zsh packages - openbsd_pkg: +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + +- name: install zsh package + package: name: zsh state: present - name: install zsh-config loop: - src: "zshrc" - dest: "/etc/zshrc" + dest: "{{ zsh_conf_base_dir }}/zshrc" - src: "zshrc.skel" dest: "/etc/skel/.zshrc" loop_control: @@ -20,19 +28,16 @@ loop: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" user: name: "{{ item }}" - shell: /usr/local/bin/zsh - -- name: make zsh the default shell for useradd - lineinfile: - regexp: '^#?shell\s' - line: 'shell /usr/local/bin/zsh' - path: /etc/usermgmt.conf + shell: "{{ zsh_bin_path }}" -- name: make zsh the default shell for adduser +- name: make zsh the default shell for new users + loop: "{{ zsh_default_shell_lineinfile | dict2items }}" + loop_control: + label: "{{ item.key }} ('{{ item.value.regexp }}' -> '{{ item.value.line }}')" lineinfile: - regexp: '^#?defaultshell=' - line: 'defaultshell=/usr/local/bin/zsh' - path: /etc/adduser.conf + path: "{{ item.key }}" + regexp: "{{ item.value.regexp }}" + line: "{{ item.value.line }}" create: yes - name: install shell banner @@ -47,7 +52,7 @@ - name: enable banner for zsh login lineinfile: - path: /etc/zlogin + path: "{{ zsh_conf_base_dir }}/zlogin" line: /etc/banner.sh insertbefore: "^## END OF FILE #" create: yes diff --git a/roles/zsh/templates/banner.chaos-at-home.j2 b/roles/zsh/templates/banner.chaos-at-home.j2 index e9b6baa9..c0e71647 100644 --- a/roles/zsh/templates/banner.chaos-at-home.j2 +++ b/roles/zsh/templates/banner.chaos-at-home.j2 @@ -1,4 +1,4 @@ -#!/bin/ksh +#!{{ zsh_banner_shell }} echo -e "" echo -e " \033[0;37m █████╗██╗ ██╗ ████╗ █████╗ ██████╗\033[1;30m ██████╗ \033[0;37m██╗ ██╗ █████╗ ███╗ ███╗█████╗\033[0m" diff --git a/roles/zsh/templates/banner.elevate.j2 b/roles/zsh/templates/banner.elevate.j2 index cca0850d..03dfa73b 100644 --- a/roles/zsh/templates/banner.elevate.j2 +++ b/roles/zsh/templates/banner.elevate.j2 @@ -1,4 +1,4 @@ -#!/bin/ksh +#!{{ zsh_banner_shell }} echo -e "" echo -e " \033[1;37m██████████ ██ ██████████ ▜█▙ ▟█▛ ▟██▙ ██████████ ██████████\033[0m" diff --git a/roles/zsh/templates/banner.skillz.j2 b/roles/zsh/templates/banner.skillz.j2 index f750f9e6..4c883d22 100644 --- a/roles/zsh/templates/banner.skillz.j2 +++ b/roles/zsh/templates/banner.skillz.j2 @@ -1,4 +1,4 @@ -#!/bin/ksh +#!{{ zsh_banner_shell }} echo -e "" echo -e " \033[1;35m███████╗██╗ ██╗██╗██╗ ██╗ ███████╗\033[0;35m ██████╗ ██╗███████╗\033[0m" diff --git a/roles/zsh/templates/banner.spreadspace.j2 b/roles/zsh/templates/banner.spreadspace.j2 index 580aa4c8..c592804e 100644 --- a/roles/zsh/templates/banner.spreadspace.j2 +++ b/roles/zsh/templates/banner.spreadspace.j2 @@ -1,4 +1,4 @@ -#!/bin/ksh +#!{{ zsh_banner_shell }} echo -e "" echo -e " \033[0;33m█████╗█████╗ █████╗ █████╗ ████╗ █████╗ █████╗█████╗ ████╗ ████╗█████╗\033[0m" diff --git a/roles/zsh/vars/Debian.yml b/roles/zsh/vars/Debian.yml new file mode 100644 index 00000000..7138fd2f --- /dev/null +++ b/roles/zsh/vars/Debian.yml @@ -0,0 +1,12 @@ +--- +zsh_banner_shell: /bin/bash +zsh_bin_path: /bin/zsh +zsh_conf_base_dir: /etc/zsh + +zsh_default_shell_lineinfile: + /etc/default/useradd: + regexp: '^#?SHELL=' + line: 'SHELL=/bin/zsh' + /etc/adduser.conf: + regexp: '^#?DSHELL=' + line: 'DSHELL=/bin/zsh' diff --git a/roles/zsh/vars/OpenBSD.yml b/roles/zsh/vars/OpenBSD.yml new file mode 100644 index 00000000..d11fe11e --- /dev/null +++ b/roles/zsh/vars/OpenBSD.yml @@ -0,0 +1,12 @@ +--- +zsh_banner_shell: /bin/ksh +zsh_bin_path: /usr/local/bin/zsh +zsh_conf_base_dir: /etc + +zsh_default_shell_lineinfile: + /etc/usermgmt.conf: + regexp: '^#?shell\s' + line: 'shell /usr/local/bin/zsh' + /etc/adduser.conf: + regexp: '^#?defaultshell=' + line: 'defaultshell=/usr/local/bin/zsh' |