diff --git a/TODO.md b/TODO.md index bb8a71c..180b75a 100644 --- a/TODO.md +++ b/TODO.md @@ -20,6 +20,8 @@ https://github.com/BastilleBSD/bastille/issues/772 ## ZFS quota +Still not working, but it worked already? Dont get it. + zfs set groupquota@bsdnixer=10MB zhcloud/home zfs get groupquota@bsdnixer zhcloud/home @@ -27,3 +29,21 @@ zfs get groupquota@bsdnixer zhcloud/home zfs groupspace zhcloud/home zfs userspace zhcloud/home +## Fix permissions jail /etc + +## Remove volume fails newly + +TASK [remove : Remove volume] +An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible_collections.hetzner.hcloud.plugins.module_utils.vendor.hcloud._exceptions.APIException: cannot perform operation because volume is locked +fatal: [suto]: FAILED! => changed=false + ansible_facts: + discovered_interpreter_python: /usr/bin/python3 + failure: + code: locked + details: {} + message: cannot perform operation because volume is locked + msg: cannot perform operation because volume is locked + + +Maybe "unlock" it somehow? Perhaps this happens because there are user +online with open files in /home? diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml index 1612bf8..6a33b11 100644 --- a/group_vars/all/all.yaml +++ b/group_vars/all/all.yaml @@ -64,7 +64,7 @@ defaults: jailgroups: - name: first state: present - id: 4000 + id: 3999 - name: bsdnixer state: present @@ -75,7 +75,7 @@ jailusers: - name: scip state: present - name: tuud - group: wheel + groups: wheel state: present - name: tom state: present diff --git a/roles/chat/files/devzat b/roles/chat/files/devzat index cd2d654..b42362e 100644 --- a/roles/chat/files/devzat +++ b/roles/chat/files/devzat @@ -7,17 +7,24 @@ . /etc/rc.subr +prestart() { + cp -prP ${devzat_source} ${devzat_command} +} + name="devzat" rcvar="devzat_enable" devzat_user="nobody" -devzat_command="/usr/local/sbin/devzat" +devzat_source="/usr/local/sbin/devzat" +devzat_command="/usr/local/sbin/devzat.run" pidfile="/tmp/${name}.pid" command="/usr/sbin/daemon" command_args="-P ${pidfile} -c ${devzat_command}" devzat_config="/usr/local/etc/devzat.yml" +start_precmd="prestart" load_rc_config $name : ${devzat_enable:=no} export DEVZAT_CONFIG="${devzat_config}" run_rc_command "$1" + diff --git a/roles/pub/bin/user.sh b/roles/pub/bin/user.sh index 45018c4..6acc898 100755 --- a/roles/pub/bin/user.sh +++ b/roles/pub/bin/user.sh @@ -82,12 +82,9 @@ for root in "$rootdir" ""; do args="" skel="" - if test -n "$root"; then root="-R $root" - if test -d "$root/etc/skel"; then - skel="-k /etc/skel" - fi + skel="-k /etc/skel" fi if test -n "$groups"; then @@ -95,9 +92,9 @@ for root in "$rootdir" ""; do fi if test -n "$home"; then - args="$args -d $home $skel -m -M 700" + args="$args -d $home -m -M 700" else - args="$args -d /home/$user $skel -m -M 700" + args="$args -d /home/$user -m -M 700" fi if test -n "$shell"; then @@ -130,7 +127,7 @@ for root in "$rootdir" ""; do fi else # create user - run pw $root user add "$user" $args + run pw $root user add "$user" $args $skel # if we're running on host and the user is a regular jail user, lock them if test -z "$root" -a "$groups" != "wheel"; then @@ -140,9 +137,8 @@ for root in "$rootdir" ""; do if test -e "/usr/local/bastille/keys/$user" -a ! -e "/home/$user/.ssh/authorized_keys"; then # install ssh key - uid=$(getuid "$root" "$user") - run install -m 700 -o "$uid" -g "$uid" -d "/home/$user/.ssh" - run install -m 600 -o "$uid" -g "$uid" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys" + run install -m 700 -o "$user" -g "$user" -d "/home/$user/.ssh" + run install -m 600 -o "$user" -g "$user" "/usr/local/bastille/keys/$user" "/home/$user/.ssh/authorized_keys" # generate chat key, which is required so login to # kobayashi, so that ssh-chat works even if the user does @@ -164,7 +160,7 @@ for root in "$rootdir" ""; do ) > "/home/$user/.ssh/config" fi - run chown "$uid:$uid" /home/$user/.ssh/* + run chown "$user:$user" /home/$user/.ssh/* fi ;; absent)