playbooks/trixie
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Control execution of localuser by variable instead of group-membership

Browse source
This commit is contained in:
Raphael Dannecker 2025-03-25 09:14:47 +01:00
parent a98617f9ca
commit 2602189911
8 changed files with 635 additions and 644 deletions
Download patch file Download diff file Expand all files Collapse all files

19
lmn-client.yml
View file

@ -67,18 +67,9 @@
uploadseed_pwd: "{{ vault_uploadseed_pwd }}"
keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
localuser: "{{ vault_localuser }}" ## needed here for the (universal) pam-mount configuration
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: "{{ vault_grub_pwd }}"
nfs4: false
# Wireguad config
wg_endpoint: "{{ vault_wg_endpoint }}"
wg_allowed_ips: "{{ vault_wg_allowed_ips }}"
wg_ip_cdr: "{{ vault_wg_ip_cdr }}"
wg_dns: "{{ vault_wg_dns }}"
wg_dns_search: "{{ vault_wg_dns_search }}"
roles:
- lmn_network
@ -94,6 +85,8 @@
- lmn_security
- role: lmn_localhome
when: localhome
- role: lmn_localuser
when: localuser
- role: lmn_exam
when: exam_mode
- role: lmn_wlan
@ -207,7 +200,7 @@
path="sysvol/"
mountpoint="/srv/samba/%(USER)/sysvol"
options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
</volume>
state: absent
@ -362,12 +355,6 @@
remote_user: ansible
become: true
vars_files: lmn-vault
vars:
localuser: "{{ vault_localuser }}"
localuser_pwd: "{{ vault_localuser_pwd }}"
roles:
- role: lmn_localuser
when: "'teacherlaptop' not in group_names"
tasks:
- name: Remove deprecated files and directories (laptop-class)
ansible.builtin.file: