Merge branch 'master' into fetlab

roles/ariane/files/lxc-voidlinux

@@ -60,7 +60,7 @@ userns_config="/usr/share/lxc/config/voidlinux.userns.conf"
 
 pkg_blacklist=("linux>=0" "e2fsprogs>=0" "btrfs-progs>=0" "xfsprogs>=0" "f2fs-tools>=0" "dosfstools>=0")
 base_packages=()
-for pkg in $(xbps-query -Mv --repository="http://repo2.voidlinux.eu/current/" -x base-system); do
+for pkg in $(xbps-query -Mv --repository="https://alpha.de.repo.voidlinux.org/current/" -x base-system); do
     containsElement "$pkg" "${pkg_blacklist[@]}" || base_packages+=($pkg)
 done
 declare -a additional_packages
@@ -87,7 +87,7 @@ copy_configuration() {
 }
 
 install_void() {
-    if ! yes | xbps-install -Sy -R http://repo2.voidlinux.eu/current -r "${rootfs_path}" "${base_packages[@]}"
+    if ! yes | xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current -r "${rootfs_path}" "${base_packages[@]}"
     then
         echo "Failed to install container packages"
         return 1

roles/ariane/files/lxc_default.conf

@@ -1 +0,0 @@
-lxc.aa_profile = unconfined

roles/ariane/tasks/lxc_void.yml

@@ -1,11 +1,11 @@
 ---
 - name: lxc - install xbps build depencies
-  package: name="{{ item }}"
+  package: "name={{ item }}"
   with_items:
   - zlib1g-dev
   - pkg-config
   - libarchive-dev
-  - libssl1.0-dev
+  - libssl-dev
 
 - name: lxc - xbps git
   git:

roles/gitea/tasks/gitea.yml

@@ -5,9 +5,9 @@
   - git-all
   - gitea
 
-- name: gitea - /etc/gitea.conf
-  template: dest=/etc/gitea.conf src=gitea.conf.j2 owner=root group=root mode=0644
-  notify: restart gitea
-
 - name: gitea - git user
   user: name=_gitea shell=/bin/bash
+
+- name: gitea - /etc/gitea.conf
+  template: dest=/etc/gitea.conf src=gitea.conf.j2 owner=_gitea group=root mode=0640
+  notify: restart gitea

roles/ldap/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+ - name: restart nslcd
+   service: name=nslcd enabled=yes state=restarted

roles/ldap/tasks/ldap.yml

@@ -0,0 +1,56 @@
+---
+- name: ldap - install
+  package: name={{ item }}
+  with_items:
+  - nss-pam-ldapd
+
+- name: ldap - /etc/nsswitch.conf
+  template: dest=/etc/nsswitch.conf src=nsswitch.conf.j2 owner=root group=root mode=0644
+
+- name: ldap - /etc/nslcd.conf
+  template: dest=/etc/nslcd.conf src=nslcd.conf.j2 owner=root group=nslcd mode=0640
+  notify: restart nslcd
+
+- name: ldap - start nslcd
+  service: name=nslcd enabled=yes state=started
+
+- name: ldap - PAM
+  pamd:
+    name: "{{ item.name }}"
+    type: "{{ item.type }}"
+    new_type: "{{ item.type }}"
+    control: required
+    new_control: "{{ item.control }}"
+    module_path: pam_unix.so
+    new_module_path: "{{ item.module_path }}"
+    module_arguments: "{{ item.module_arguments }}"
+    state: "{{ item.state }}"
+  with_items:
+  - { name: system-auth, type: auth, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: account, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: password, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: session, control: optional, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: after }
+
+- name: ldap - enable passwd change
+  lineinfile:
+    dest: /etc/pam.d/passwd
+    line: "password        sufficient      pam_ldap.so"
+    insertbefore: "^password"
+    firstmatch: yes
+    state: present
+
+- name: ldap - sudoers ensure includedir
+  lineinfile:
+    dest: /etc/sudoers
+    line: "#includedir /etc/sudoers.d"
+    state: present
+    validate: "/usr/sbin/visudo -cf %s"
+
+- name: sudoers - create
+  copy:
+    content: "%admin ALL=(ALL) ALL"
+    dest: "/etc/sudoers.d/admin"
+    mode: 0440
+    owner: root
+    group: root
+    validate: "/usr/sbin/visudo -cf %s"

roles/ldap/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: ldap.yml
+  tags: [ ldap ]

roles/ldap/templates/nslcd.conf.j2

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+# See the manual page nslcd.conf(5) for more information.
+
+uid nslcd
+gid nslcd
+
+uri ldap://gagarin.fet.htu.tuwien.ac.at/
+base dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at

roles/ldap/templates/nsswitch.conf.j2

@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+# /etc/nsswitch.conf
+#
+# See nsswitch.conf(5) for information.
+#
+passwd:         files ldap
+group:          files ldap
+shadow:         files ldap
+
+hosts:          files mdns mdns4_minimal mdns4 myhostname dns
+networks:       files
+
+protocols:      files
+services:       files
+ethers:         files
+rpc:            files

roles/nfs/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: nfs.yml
+  tags: [ nfs ]

roles/nfs/tasks/nfs.yml

@@ -0,0 +1,20 @@
+---
+- name: nfs - install
+  package: name=nfs-utils
+
+- name: nfs - create mountpoints
+  file: "path={{ item }} owner=root group=root mode=0755 state=directory"
+  with_items:
+  - /mnt/save/daten
+  - /mnt/save/fotos
+  failed_when: False
+
+- name: nfs - add mountpoints
+  blockinfile:
+    path: /etc/fstab
+    block: |
+      ariane:/zv1/homes                         /home           nfs     intr,hard,rw,fsc  0       0
+      ariane:/zv1/daten                         /mnt/save/daten nfs     intr,hard,rw,fsc  0       0
+      ariane:/zv1/fotos                         /mnt/save/fotos nfs     intr,hard,rw,fsc  0       0
+    validate: "mount -a -T %s"
+

roles/scans/tasks/samba.yml

@@ -3,6 +3,7 @@
   package: name={{ item }}
   with_items:
   - samba
+  - smbclient
 
 - name: samba - /etc/smb.conf
   template: dest=/etc/samba/smb.conf src=smb.conf.j2 owner=root group=root mode=0644
@@ -18,3 +19,10 @@
 - name: samba - set smbpasswds
   shell: "(echo {{ item['smbpasswd'] }}; echo {{ item['smbpasswd'] }}) | smbpasswd -s -a {{ item['name'] }}"
   with_items: '{{ samba_users }}'
+  changed_when: False
+
+- name: samba - add cronjob for fixing IPv4
+  cron:
+    name: samba reboot restart
+    special_time : reboot
+    job: "sleep 15 && sv restart smbd"