scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

+jlogin, group, defaults, more pkgs

Browse Source
This commit is contained in:
Thomas von Dein 2024-11-28 19:34:30 +01:00
parent 8e934e6230
commit f92f2f2fad
5 changed files with 71 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
group_vars/all/all.yaml
View File

@ -29,22 +29,39 @@ jails:
pkgs:
- bash
- zsh
- tcsh
- fish
- vim
- emacs-nox
- git
- htop
- tmux
- bind-tools
- coreutils
- emacs-nox
- fzf
- nnn
- eza
- fd
- jq
- yq
- ruby
- rubygem-irb
- go121
- go122
- go123
- lua51
- rust
defaults:
group: bsdnix
jailbase: /usr/local/bastille/jails
users:
- name: scip
state: present
groups: wheel
groups: wheel,bsdnix
- name: tom
state: present
groups: ""
storage:
volume:

20
roles/pubnix/files/motd Normal file
View File

@ -0,0 +1,20 @@
/\
_/./ welcome
,-' `-:..-'/ to
: o ) _ ( bsdnix.
"`-....,--; `-.\
`'
/\
_/./
,-' `-:..-'/
: o ) _ (
"`-....,--; `-.\
`'
/\
To find help: _/./
ssh kobayashi ,-' `-:..-'/
man bsdnix : o ) _ (
"`-....,--; `-.\

15
roles/pubnix/tasks/main.yaml
View File

@ -24,6 +24,11 @@
src: sshd_config
dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
- name: copy motd file
copy:
src: motd
dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/motd.template"
- name: copy skel files
copy:
src: "skel/{{ item }}"
@ -54,7 +59,6 @@
- name: template jail
shell: "bastille template {{ role_name }} services/{{ role_name }}"
# FIXME: loop over files and check size somehow, or always copy? use file module?
- name: copy skel files into jail template
shell: cp -r /usr/local/bastille/templates/services/{{ role_name }}/usr/share/skel /usr/local/bastille/jails/{{ role_name }}/root/etc/
@ -66,6 +70,13 @@
src: keys
dest: "/usr/local/bastille/"
- name: create user group
shell: |
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group show {{ defaults.group }} ||\
pw -R {{ defaults.jailbase }}/{{ role_name }}/root group add {{ defaults.group }}
# The normal ansible user module can't be used here, because we're
# talking about jail users here. I tried to patch the module to
# support the -R flag (https://github.com/ansible/ansible/pull/84371)
@ -76,5 +87,5 @@
# well.
- name: Manage users
loop: "{{ users }}"
ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups }}' -c {{ role_name }}-user -a {{ item.state }} -d /usr/local/bastille/jails/{{ role_name }}/root"
ansible.builtin.script: "bin/user.sh -u {{ item.name }} -g '{{ item.groups | default(defaults.group) }}' -c {{ role_name }}-user -a {{ item.state }} -d {{ defaults.jailbase }}/{{ role_name }}/root"

22
roles/server/files/jlogin
View File

@ -2,8 +2,8 @@
jail=$1
user=$2
me=`id -u`
jexec="jexec"
me=$(id -u)
jid=""
if test "$jail" = "-h"; then
echo "jlogin [jail] [user]"
@ -11,11 +11,11 @@ if test "$jail" = "-h"; then
fi
if test -z "$jail"; then
vars=$(jls -n | head -1)
eval $vars
jid=$(jls | head -2 | tail -1 | awk '{print $1}')
jail=$(jls | head -2 | tail -1 | awk '{print $2}')
else
jid=$(jls | grep "$jail" | awk '{print $1}')
fi
jid=""
jid=`jls | grep "$jail" | awk '{print $1}'`
if test -z "$jid"; then
echo "jail $jail doesn't run!"
@ -26,20 +26,16 @@ shell=/bin/csh
home=/home/$user
term=vt100
path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
chroot="$j/run/$jail"
jexec=jexec
if test -z "$user"; then
user=root
home=/root
fi
if test -e $chroot/$home/.bashrc; then
shell=/usr/local/bin/bash
fi
if test "$me" != "0"; then
jexec="sudo $jexec"
jexec="sudo jexec"
fi
echo "# Logging into jail $jail with jid $jid #"
env - JAIL=$jail HOME=$home TERM=$term SHELL=$shell PATH=$path $jexec -U $user $jid $shell
env - JAIL="$jail" TERM=$term HOME="$home" SHELL=$shell PATH=$path "$jexec" -U "$user" "$jid" sh

8
roles/server/tasks/main.yaml
View File

@ -90,6 +90,14 @@
group: wheel
mode: '0644'
- name: Install jlogin
copy:
src: jlogin
dest: /usr/local/sbin/jlogin
owner: root
group: wheel
mode: '0755'
- name: Symlink knot dig
shell: "ln -sf /usr/local/bin/kdig /usr/local/bin/dig"
args: