1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Merge pull request #601 from holta/iiab-admin

Refactor roles/iiab-admin for #586 regression of /bin/bash incl up-arrow etc (interactive shell)
This commit is contained in:
A Holt 2017-12-07 11:34:04 -05:00 committed by GitHub
commit a130bc86dd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 68 additions and 50 deletions

View file

@ -1,8 +1,9 @@
- name: Install textmode remote access packages - name: Install textmode remote access packages
package: name={{ item }} package:
state=present name: "{{ item }}"
state: present
with_items: with_items:
- screen - screen
- lynx - lynx
tags: tags:
- download - download

View file

@ -1,57 +1,69 @@
- name: Create iiab-admin user and password - name: Create iiab-admin user and password
user: name={{ iiab_admin_user }} user:
password={{ iiab_admin_passw_hash }} name: "{{ iiab_admin_user }}"
update_password=on_create password: "{{ iiab_admin_passw_hash }}"
update_password: on_create
shell: /bin/bash
- name: Create a wheel group - name: Create a wheel group
group: name=wheel group:
state=present name: wheel
state: present
- name: Create a sudo group - name: Create a sudo group (redhat)
group: name=sudo group:
state=present name: sudo
state: present
when: is_redhat when: is_redhat
- name: Add user to wheel group - name: Add user to wheel group
user: name={{ iiab_admin_user }} groups=wheel,sudo user:
name: "{{ iiab_admin_user }}"
groups: wheel,sudo
- name: Create root .ssh - name: Create root .ssh
file: path=/root/.ssh file:
mode=0700 path: /root/.ssh
owner=root owner: root
group=root group: root
state=directory mode: 0700
state: directory
- name: Install dummy root keys as placeholder - name: Install dummy root keys as placeholder
copy: src=dummy_authorized_keys copy:
dest=/root/.ssh/authorized_keys src: dummy_authorized_keys
force=no dest: /root/.ssh/authorized_keys
owner=root owner: root
group=root group: root
mode=0600 mode: 0600
force: no
# backup=yes # backup=yes
- name: Edit the sudoers file -- first make it editable - name: Edit the sudoers file -- first make it editable
file: path=/etc/sudoers file:
mode=0640 path: /etc/sudoers
mode: 0640
- name: Have sudo log all commands it handles - name: Have sudo log all commands it handles
lineinfile: regexp=logfile lineinfile:
line='Defaults logfile = /var/log/sudo.log' regexp: logfile
state=present line: "Defaults logfile = /var/log/sudo.log"
dest=/etc/sudoers dest: /etc/sudoers
state: present
- name: Lets wheel sudo without password - name: Lets wheel sudo without password
lineinfile: lineinfile:
line: "%wheel ALL= NOPASSWD: ALL" line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers dest: /etc/sudoers
- name: Remove the line which requires tty - name: Remove the line which requires tty
lineinfile: regexp=requiretty lineinfile:
state=absent regexp: requiretty
dest=/etc/sudoers dest: /etc/sudoers
state: absent
- name: End editing the sudoers file -- protect it again - name: End editing the sudoers file -- protect it again
file: path=/etc/sudoers file:
mode=0440 path: /etc/sudoers
mode: 0440

View file

@ -7,11 +7,12 @@
tags: tags:
- base - base
- name: Add iiab-admin parameters to ini file - name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini
ini_file: dest='{{ service_filelist }}' ini_file:
section=iiab-admin dest: "{{ service_filelist }}"
option='{{ item.option }}' section: iiab-admin
value='{{ item.value }}' option: "{{ item.option }}"
value: "{{ item.value }}"
with_items: with_items:
- option: name - option: name
value: iiab-admin value: iiab-admin
@ -21,19 +22,23 @@
value: "{{ iiab_admin_user }}" value: "{{ iiab_admin_user }}"
- name: Set up to issue warning if iiab-admin password is still default - name: Set up to issue warning if iiab-admin password is still default
template: src=profile_ssh_warn.sh template:
dest=/etc/profile.d/ src: profile_ssh_warn.sh
dest: /etc/profile.d/
- name: Is this LXDE? - name: Is this LXDE?
stat: path=/home/pi/.config/lxsession stat:
path: /home/pi/.config/lxsession
register: lx register: lx
- name: Do the same if running on Raspbian - name: Do the same if running on Raspbian
template: src=lxde_ssh_warn.sh template:
dest=/home/pi/.config/lxsession/LXDE-pi/ src: lxde_ssh_warn.sh
dest: /home/pi/.config/lxsession/LXDE-pi/
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
- name: Put an autostart line to check for default password in LXDE - name: Put an autostart line to check for default password in LXDE (raspbian)
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh lineinfile:
dest=/home/pi/.config/lxsession/LXDE-pi/autostart line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh"
dest: /home/pi/.config/lxsession/LXDE-pi/autostart
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu