iiab/roles/iiab-admin/tasks/main.yml

# Summary of how this works with IIAB's Admin Console etc:
# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst


- name: Install lynx, screen
  include_tasks: access.yml

- name: Install sudo & /etc/sudoers with logging to /var/log/sudo.log
  include_tasks: sudo-prereqs.yml

- name: Configure user iiab-admin / password and its group(s), if iiab_admin_user_install
  include_tasks: admin-user.yml
  when: iiab_admin_user_install | bool

# Idea: institute precautionary system-wide published password warning(s)
# for user iiab-admin / g0adm1n, i.e. {{ iiab_admin_user }} with password
# {{ iiab_admin_published_pwd }}, regardless whether the password is set:
#
# (1) by the OS installer
# (2) by the OS's graphical desktop tools
# (3) at the command-line: sudo passwd iiab-admin
# (4) by IIAB's 1-line installer: http://download.iiab.io
# (5) by this role: roles/iiab-admin/tasks/admin-user.yml
# (6) by IIAB's Admin Console during installation
# ...and/or...
# (7) by IIAB's Admin Console > Utilities > Change Password

- name: Install password warning(s)
  include_tasks: pwd-warnings.yml


# RECORD iiab-admin AS INSTALLED

- name: "Set 'iiab_admin_installed: True'"
  set_fact:
    iiab_admin_installed: True

- name: "Add 'iiab_admin_installed: True' to {{ iiab_state_file }}"
  lineinfile:
    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
    regexp: '^iiab_admin_installed'
    line: 'iiab_admin_installed: True'


- name: Add 'iiab-admin' variable values to {{ iiab_ini_file }}
  ini_file:
    dest: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
    section: iiab-admin
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: name
      value: iiab-admin
    - option: description
      value: '"Admin User"'
    - option: iiab_admin_user
      value: "{{ iiab_admin_user }}"
    - option: iiab_admin_user_install
      value: "{{ iiab_admin_user_install }}"
    - option: iiab_admin_can_sudo
      value: "{{ iiab_admin_can_sudo }}"
Update main.yml 2020-10-16 18:08:50 +00:00			`# Summary of how this works with IIAB's Admin Console etc:`
			`# https://github.com/iiab/iiab/blob/master/roles/iiab-admin/README.rst`


Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`- name: Install lynx, screen`
			`include_tasks: access.yml`
Keep iiab-admin files together 2017-09-19 19:34:09 +00:00
Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`- name: Install sudo & /etc/sudoers with logging to /var/log/sudo.log`
			`include_tasks: sudo-prereqs.yml`
Keep iiab-admin files together 2017-09-19 19:34:09 +00:00
Update main.yml 2020-10-16 18:08:50 +00:00			`- name: Configure user iiab-admin / password and its group(s), if iiab_admin_user_install`
Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`include_tasks: admin-user.yml`
			`when: iiab_admin_user_install \| bool`
Keep iiab-admin files together 2017-09-19 19:34:09 +00:00
Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`# Idea: institute precautionary system-wide published password warning(s)`
			`# for user iiab-admin / g0adm1n, i.e. {{ iiab_admin_user }} with password`
			`# {{ iiab_admin_published_pwd }}, regardless whether the password is set:`
			`#`
			`# (1) by the OS installer`
			`# (2) by the OS's graphical desktop tools`
			`# (3) at the command-line: sudo passwd iiab-admin`
			`# (4) by IIAB's 1-line installer: http://download.iiab.io`
			`# (5) by this role: roles/iiab-admin/tasks/admin-user.yml`
			`# (6) by IIAB's Admin Console during installation`
			`# ...and/or...`
			`# (7) by IIAB's Admin Console > Utilities > Change Password`
For Raspbian Desktop changes of 2018-11-13 2019-03-08 00:41:46 +00:00
Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`- name: Install password warning(s)`
			`include_tasks: pwd-warnings.yml`
9 core roles check their vars + 3 roles record to iiab_state.yml 2020-09-22 05:04:06 +00:00

			`# RECORD iiab-admin AS INSTALLED`

iiab-admin/tasks/main.yml: fix iiab-admin_installed -> iiab_admin_installed 2020-09-22 06:12:20 +00:00			`- name: "Set 'iiab_admin_installed: True'"`
9 core roles check their vars + 3 roles record to iiab_state.yml 2020-09-22 05:04:06 +00:00			`set_fact:`
iiab-admin/tasks/main.yml: fix iiab-admin_installed -> iiab_admin_installed 2020-09-22 06:12:20 +00:00			`iiab_admin_installed: True`
9 core roles check their vars + 3 roles record to iiab_state.yml 2020-09-22 05:04:06 +00:00
iiab-admin/tasks/main.yml: fix iiab-admin_installed -> iiab_admin_installed 2020-09-22 06:12:20 +00:00			`- name: "Add 'iiab_admin_installed: True' to {{ iiab_state_file }}"`
9 core roles check their vars + 3 roles record to iiab_state.yml 2020-09-22 05:04:06 +00:00			`lineinfile:`
			`path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml`
iiab-admin/tasks/main.yml: fix iiab-admin_installed -> iiab_admin_installed 2020-09-22 06:12:20 +00:00			`regexp: '^iiab_admin_installed'`
			`line: 'iiab_admin_installed: True'`
iiab-admin/tasks/main.yml: closer to IIAB norms 2020-10-10 18:27:16 +00:00

			`- name: Add 'iiab-admin' variable values to {{ iiab_ini_file }}`
			`ini_file:`
			`dest: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini`
			`section: iiab-admin`
			`option: "{{ item.option }}"`
			`value: "{{ item.value \| string }}"`
			`with_items:`
			`- option: name`
			`value: iiab-admin`
			`- option: description`
			`value: '"Admin User"'`
			`- option: iiab_admin_user`
			`value: "{{ iiab_admin_user }}"`
Refine iiab-admin role for Admin Console etc 2020-10-16 18:00:30 +00:00			`- option: iiab_admin_user_install`
			`value: "{{ iiab_admin_user_install }}"`
			`- option: iiab_admin_can_sudo`
			`value: "{{ iiab_admin_can_sudo }}"`