Control execution of localuser by variable instead of group-membership

2025-03-25 09:14:47 +01:00 · 2025-03-25 09:14:47 +01:00 · 2602189911
commit 2602189911
parent a98617f9ca
8 changed files with 635 additions and 644 deletions
--- a/roles/lmn_localuser/defaults/main.yml
+++ b/roles/lmn_localuser/defaults/main.yml
@ -0,0 +1,4 @@
+---
+localuser: false
+localuser_password: "Muster!"
+localuser_secretsalt: "4ANAxPycC3q"
--- a/roles/lmn_localuser/tasks/main.yml
+++ b/roles/lmn_localuser/tasks/main.yml
@ -15,7 +15,7 @@
    uid: 1001
    password_expire_min: 99999
    createhome: false
-    password: "{{ localuser_pwd }}"
+    password: "{{ localuser_password | password_hash('sha512',localuser_secretsalt) }}"

 - name: Prepare generator for local guest user
  ansible.builtin.copy:
--- a/roles/lmn_mount/tasks/main.yml
+++ b/roles/lmn_mount/tasks/main.yml
@ -19,7 +19,7 @@
        path="{{ web_dav }}"
        mountpoint="/lmn/media/%(USER)/nextcloud"
        options="username=%(USER),nosuid,nodev,uid=%(USER),gid=%(USERGID),grpid,file_mode=0700,dir_mode=0700,forceuid,forcegid"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
    insertafter: "<!-- Volume definitions -->"
  when: web_dav is defined and web_dav | length > 0
@ -35,7 +35,7 @@
        path="{{ smb_share }}"
        mountpoint="/srv/samba/schools/default-school"
        options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
    insertafter: "<!-- Volume definitions -->"

--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@ -37,13 +37,13 @@
        path="~"
        mountpoint="/lmn/media/%(USER)/home"
        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
      <volume
        path="/srv/samba/schools/default-school/share"
        mountpoint="/lmn/media/%(USER)/share"
        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"

@ -56,7 +56,7 @@
        path="/srv/samba/schools/default-school"
        mountpoint="/lmn/media/%(USER)/school"
        options="bind"
-        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
+        ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
      </volume>
    insertafter: "<!-- END ANSIBLE MANAGED BLOCK .* -->"
  when: localhome is defined and localhome