From f92f2f2fadc2ab679ecda285c106354f446db7fe Mon Sep 17 00:00:00 2001
From: Thomas von Dein <tom@vondein.org>
Date: Thu, 28 Nov 2024 19:34:30 +0100
Subject: [PATCH] +jlogin, group, defaults, more pkgs

---
 group_vars/all/all.yaml      | 23 ++++++++++++++++++++---
 roles/pubnix/files/motd      | 20 ++++++++++++++++++++
 roles/pubnix/tasks/main.yaml | 17 ++++++++++++++---
 roles/server/files/jlogin    | 22 +++++++++-------------
 roles/server/tasks/main.yaml |  8 ++++++++
 5 files changed, 71 insertions(+), 19 deletions(-)
 create mode 100644 roles/pubnix/files/motd

diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml
index 07ee7e6..0936d3e 100644
--- a/group_vars/all/all.yaml
+++ b/group_vars/all/all.yaml
@@ -29,22 +29,39 @@ jails:
     pkgs:
       - bash
       - zsh
+      - tcsh
+      - fish
       - vim
+      - emacs-nox
       - git
       - htop
       - tmux
       - bind-tools
       - coreutils
-      - emacs-nox
       - fzf
+      - nnn
+      - eza
+      - fd
+      - jq
+      - yq
+      - ruby
+      - rubygem-irb
+      - go121
+      - go122
+      - go123
+      - lua51
+      - rust
+
+defaults:
+  group: bsdnix
+  jailbase: /usr/local/bastille/jails
 
 users:
   - name: scip
     state: present
-    groups: wheel
+    groups: wheel,bsdnix
   - name: tom
     state: present
-    groups: ""
     
 storage:
   volume:
diff --git a/roles/pubnix/files/motd b/roles/pubnix/files/motd
new file mode 100644
index 0000000..2732313
--- /dev/null
+++ b/roles/pubnix/files/motd
@@ -0,0 +1,20 @@
+
+      /\
+    _/./                       welcome
+ ,-'    `-:..-'/               to
+: o )      _  (                bsdnix.
+"`-....,--; `-.\
+    `'
+                 /\
+               _/./
+            ,-'    `-:..-'/
+           : o )      _  (
+           "`-....,--; `-.\
+               `'
+                             /\
+  To find help:            _/./
+  ssh kobayashi         ,-'    `-:..-'/
+  man bsdnix           : o )      _  (
+                       "`-....,--; `-.\
+
+
diff --git a/roles/pubnix/tasks/main.yaml b/roles/pubnix/tasks/main.yaml
index 9e0938c..4e784b6 100644
--- a/roles/pubnix/tasks/main.yaml
+++ b/roles/pubnix/tasks/main.yaml
@@ -24,6 +24,11 @@
     src: sshd_config
     dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
 
+- name: copy motd file
+  copy:
+    src: motd
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/motd.template"
+
 - name: copy skel files
   copy:
     src: "skel/{{ item }}"
@@ -54,7 +59,6 @@
 - name: template jail
   shell: "bastille template {{ role_name }} services/{{ role_name }}"
 
-
 # FIXME: loop over files and check size somehow, or always copy? use file module?
 - name: copy skel files into jail template
   shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/
@@ -65,7 +69,14 @@
   copy:
     src: keys
     dest: "/usr/local/bastille/"
-    
+
+
+- name: create user group
+  shell: |
+    pw -R {{ defaults.jailbase }}/{{ role_name }}/root group show {{ defaults.group }} ||\
+    pw -R {{ defaults.jailbase }}/{{ role_name }}/root group add {{ defaults.group }}
+
+
 # The normal  ansible user  module can't be  used here,  because we're
 # talking  about jail  users  here. I  tried to  patch  the module  to
 # support the  -R flag (https://github.com/ansible/ansible/pull/84371)
@@ -76,5 +87,5 @@
 # well.
 - name: Manage users
   loop: "{{ users }}"
-  ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups }}' -c {{ role_name }}-user -a {{ item.state }} -d /usr/local/bastille/jails/{{ role_name }}/root"
+  ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups | default(defaults.group) }}' -c {{ role_name }}-user -a {{ item.state }} -d {{ defaults.jailbase }}/{{ role_name }}/root"
   
diff --git a/roles/server/files/jlogin b/roles/server/files/jlogin
index 08d046e..780b37b 100644
--- a/roles/server/files/jlogin
+++ b/roles/server/files/jlogin
@@ -2,8 +2,8 @@
 
 jail=$1
 user=$2
-me=`id -u`
-jexec="jexec"
+me=$(id -u)
+jid=""
 
 if test "$jail" = "-h"; then
     echo "jlogin [jail] [user]"
@@ -11,11 +11,11 @@ if test "$jail" = "-h"; then
 fi
 
 if test -z "$jail"; then
-    vars=$(jls -n | head -1)
-    eval $vars
+    jid=$(jls | head -2 | tail -1 | awk '{print $1}')
+    jail=$(jls | head -2 | tail -1 | awk '{print $2}')
+else
+    jid=$(jls | grep "$jail" | awk '{print $1}')
 fi
-jid=""
-jid=`jls | grep "$jail" | awk '{print $1}'`
 
 if test -z "$jid"; then
     echo "jail $jail doesn't run!"
@@ -26,20 +26,16 @@ shell=/bin/csh
 home=/home/$user
 term=vt100
 path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
-chroot="$j/run/$jail"
+jexec=jexec
 
 if test -z "$user"; then
     user=root
     home=/root
 fi
 
-if test -e $chroot/$home/.bashrc; then
-    shell=/usr/local/bin/bash
-fi
-
 if test "$me" != "0"; then
-    jexec="sudo $jexec"
+    jexec="sudo jexec"
 fi
 
 echo "# Logging into jail $jail with jid $jid #"
-env - JAIL=$jail HOME=$home TERM=$term SHELL=$shell PATH=$path $jexec -U $user $jid $shell
+env - JAIL="$jail" TERM=$term HOME="$home" SHELL=$shell PATH=$path "$jexec" -U "$user" "$jid" sh
diff --git a/roles/server/tasks/main.yaml b/roles/server/tasks/main.yaml
index 4f0b6a9..d83cf84 100644
--- a/roles/server/tasks/main.yaml
+++ b/roles/server/tasks/main.yaml
@@ -90,6 +90,14 @@
     group: wheel
     mode: '0644'
 
+- name: Install jlogin
+  copy:
+    src: jlogin
+    dest: /usr/local/sbin/jlogin
+    owner: root
+    group: wheel
+    mode: '0755'
+
 - name: Symlink knot dig
   shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig"
   args: