freifunk/Ansible-Configuration Changeset - 95993c623d68 · Chaos Computer Club Lëtzebuerg Projects

Changeset - 95993c623d68

Parent rev.

Child rev.

[Not reviewed]

0 1 0

x - 20 months ago 2023-08-29 18:44:35
xbr@c3l.lu

feat: initial_server, replace colorful PS1 w/ color+feat for root bashrc

1 file changed with 5 insertions and 15 deletions:

initial_server_setup/initial_setup.yml

0 comments (0 inline, 0 general)

initial_server_setup/initial_setup.yml

➞

Show inline comments

@@ @@ -84,88 +84,78 @@ @@
       tags: network,ssh
       register: empty_pass_sshd
     - name: Disable SSH Root Login
       ansible.builtin.copy:
         dest: /etc/ssh/sshd_config.d/disable_root_login.conf
         owner: root
         mode: u=rw,g=r,o=r
         content: |
           # {{ ansible_managed }}
           PermitRootLogin no
       tags: network,ssh
       register: root_login
     - name: Remove SSH Root Login from sshd_config
       ansible.builtin.lineinfile:
         path: /etc/ssh/sshd_config
         regex: "^PermitRootLogin"
         line: "# PermitRootLogin No"
       tags: network,ssh
       register: root_login_sshd
     # Create Freifunk Users
     - name: Create member users
       ansible.builtin.user:
         name: "{{ item.username }}"
         password: "{{ password | password_hash('sha512') }}"
         update_password: "on_create"
         groups:
           - sudo
         append: true
         shell: /bin/bash
         state: present
       loop: "{{ users_member }}"
       tags: users
     - name: Create system users (no password)
       ansible.builtin.user:
         name: "{{ item.username }}"
         groups:
           - sudo
         append: true
         shell: /bin/bash
         state: present
       loop: "{{ users_system }}"
       tags: users
     - name: Change shell for root to bash
       ansible.builtin.user:
         name: "root"
         shell: /bin/bash
       tags: users
-    - name: Add colorful PS1 in default bashrc
+    - name: Add color etc. into root bashrc
       ansible.builtin.blockinfile:
         path: /etc/bash.bashrc
         state: absent
         marker: "# {mark} ANSIBLE MANAGED BLOCK / Colorful PS1"
         block: |
           case "$TERM" in
               xterm-color|*-256color) color_prompt=yes;;
           esac
           if [ "$color_prompt" = yes ]; then
               PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
           else
               PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
           fi
           unset color_prompt force_color_prompt
         marker: "# {mark} ANSIBLE MANAGED BLOCK / Enhanced root bashrc"
         block: "{{ lookup('ansible.builtin.file', '{{ server_config_dir }}/bashrc_root_config') }}"
         path: /root/.bashrc
       tags: users
     - name: Add SSH key for users from vars
       ansible.posix.authorized_key:
         user: "{{ item.username }}"
         state: present
         key: "{{ lookup('file', item.key_path) }}"
       tags: users
       loop: "{{ users_member | union(users_system) }}"
     - name: Allow for password-less sudo
       community.general.sudoers:
         name: passwordless-sudo
         group: sudo
         commands: ALL
         nopassword: true
       tags: users
     - name: Reload SSHD
       ansible.builtin.service:
         name: "sshd"
         state: "reloaded"
       tags: network,ssh
       when: pass_auth.changed or pass_auth_sshd.changed or empty_pass.changed or empty_pass_sshd.changed or root_login.changed or root_login_sshd.changed

0 comments (0 inline, 0 general)