Implement home exam server.

2022-10-22 16:44:05 +02:00 · 2022-10-22 16:44:05 +02:00 · f4f0795e80
commit f4f0795e80
parent 147fddc772
10 changed files with 248 additions and 0 deletions
--- a/roles/exam_homes/tasks/main.yml
+++ b/roles/exam_homes/tasks/main.yml
@ -0,0 +1,49 @@
+- name: enable pam_mkhomedir.so and pam_exec.so
+  lineinfile:
+    dest: /etc/pam.d/common-session
+    line: "{{ item }}"
+    insertbefore: "# end of pam-auth-update config"
+  loop:
+    - "session	optional	pam_mkhomedir.so  umask=0022"
+    - "session	optional	pam_exec.so /usr/local/sbin/mkDownloads"
+
+- name: deploy mkDownloads script
+  copy:
+    src: mkDownloads
+    dest: /usr/local/sbin/mkDownloads
+    mode: 0755
+
+# https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh
+- name: only allow sftp for most users
+  blockinfile:
+    dest: /etc/ssh/sshd_config.d/local.conf
+    create: true
+    block: |
+      Match User !L_*,!ansible,*
+         PermitTTY no
+         X11Forwarding no
+         AllowTcpForwarding no
+         AllowAgentForwarding no
+         ForceCommand internal-sftp
+
+- name: deploy archive home script
+  copy:
+    src: archive-homes
+    dest: /usr/local/sbin/archive-homes
+    mode: 0750
+
+- name: deploy archive home script service and timer
+  copy:
+    src: "{{ item }}"
+    dest: /etc/systemd/system/{{ item }}
+    mode: 0655
+  loop:
+    - archive-homes.service
+    - archive-homes.timer
+  notify: enable archive-homes.timer
+
+- name: deploy examode helper
+  copy:
+    src: examode.py
+    dest: /usr/local/bin/examode.py
+    mode: 0755