scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

+jlogin, group, defaults, more pkgs

Browse Source
This commit is contained in:
Thomas von Dein 2024-11-28 19:34:30 +01:00
parent 8e934e6230
commit f92f2f2fad
5 changed files with 71 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
group_vars/all/all.yaml
View File

@ -29,22 +29,39 @@ jails:
pkgs: pkgs:
- bash - bash
- zsh - zsh
- tcsh
- fish
- vim - vim
- emacs-nox
- git - git
- htop - htop
- tmux - tmux
- bind-tools - bind-tools
- coreutils - coreutils
- emacs-nox
- fzf - fzf
- nnn
- eza
- fd
- jq
- yq
- ruby
- rubygem-irb
- go121
- go122
- go123
- lua51
- rust
defaults:
group: bsdnix
jailbase: /usr/local/bastille/jails
users: users:
- name: scip - name: scip
state: present state: present
groups: wheel groups: wheel,bsdnix
- name: tom - name: tom
state: present state: present
groups: ""
storage: storage:
volume: volume:

20
roles/pubnix/files/motd Normal file
View File

@ -0,0 +1,20 @@
/\
_/./ welcome
,-' `-:..-'/ to
: o ) _ ( bsdnix.
"`-....,--; `-.\
`'
/\
_/./
,-' `-:..-'/
: o ) _ (
"`-....,--; `-.\
`'
/\
To find help: _/./
ssh kobayashi ,-' `-:..-'/
man bsdnix : o ) _ (
"`-....,--; `-.\

17
roles/pubnix/tasks/main.yaml
View File

@ -24,6 +24,11 @@
src: sshd_config src: sshd_config
dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/" dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
- name: copy motd file
copy:
src: motd
dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/motd.template"
- name: copy skel files - name: copy skel files
copy: copy:
src: "skel/{{ item }}" src: "skel/{{ item }}"
@ -54,7 +59,6 @@
- name: template jail - name: template jail
shell: "bastille template {{ role_name }} services/{{ role_name }}" shell: "bastille template {{ role_name }} services/{{ role_name }}"
# FIXME: loop over files and check size somehow, or always copy? use file module? # FIXME: loop over files and check size somehow, or always copy? use file module?
- name: copy skel files into jail template - name: copy skel files into jail template
shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/ shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/
@ -65,7 +69,14 @@
copy: copy:
src: keys src: keys
dest: "/usr/local/bastille/" dest: "/usr/local/bastille/"
- name: create user group
shell: |
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group show {{ defaults.group }} ||\
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group add {{ defaults.group }}
# The normal ansible user module can't be used here, because we're # The normal ansible user module can't be used here, because we're
# talking about jail users here. I tried to patch the module to # talking about jail users here. I tried to patch the module to
# support the -R flag (https://github.com/ansible/ansible/pull/84371) # support the -R flag (https://github.com/ansible/ansible/pull/84371)
@ -76,5 +87,5 @@
# well. # well.
- name: Manage users - name: Manage users
loop: "{{ users }}" loop: "{{ users }}"
ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups }}' -c {{ role_name }}-user -a {{ item.state }} -d /usr/local/bastille/jails/{{ role_name }}/root" ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups | default(defaults.group) }}' -c {{ role_name }}-user -a {{ item.state }} -d {{ defaults.jailbase }}/{{ role_name }}/root"

22
roles/server/files/jlogin
View File

@ -2,8 +2,8 @@
jail=$1 jail=$1
user=$2 user=$2
me=`id -u` me=$(id -u)
jexec="jexec" jid=""
if test "$jail" = "-h"; then if test "$jail" = "-h"; then
echo "jlogin [jail] [user]" echo "jlogin [jail] [user]"
@ -11,11 +11,11 @@ if test "$jail" = "-h"; then
fi fi
if test -z "$jail"; then if test -z "$jail"; then
vars=$(jls -n | head -1) jid=$(jls | head -2 | tail -1 | awk '{print $1}')
eval $vars jail=$(jls | head -2 | tail -1 | awk '{print $2}')
else
jid=$(jls | grep "$jail" | awk '{print $1}')
fi fi
jid=""
jid=`jls | grep "$jail" | awk '{print $1}'`
if test -z "$jid"; then if test -z "$jid"; then
echo "jail $jail doesn't run!" echo "jail $jail doesn't run!"
@ -26,20 +26,16 @@ shell=/bin/csh
home=/home/$user home=/home/$user
term=vt100 term=vt100
path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
chroot="$j/run/$jail" jexec=jexec
if test -z "$user"; then if test -z "$user"; then
user=root user=root
home=/root home=/root
fi fi
if test -e $chroot/$home/.bashrc; then
shell=/usr/local/bin/bash
fi
if test "$me" != "0"; then if test "$me" != "0"; then
jexec="sudo $jexec" jexec="sudo jexec"
fi fi
echo "# Logging into jail $jail with jid $jid #" echo "# Logging into jail $jail with jid $jid #"
env - JAIL=$jail HOME=$home TERM=$term SHELL=$shell PATH=$path $jexec -U $user $jid $shell env - JAIL="$jail" TERM=$term HOME="$home" SHELL=$shell PATH=$path "$jexec" -U "$user" "$jid" sh

8
roles/server/tasks/main.yaml
View File

@ -90,6 +90,14 @@
group: wheel group: wheel
mode: '0644' mode: '0644'
- name: Install jlogin
copy:
src: jlogin
dest: /usr/local/sbin/jlogin
owner: root
group: wheel
mode: '0755'
- name: Symlink knot dig - name: Symlink knot dig
shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig" shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig"
args: args: