Merge pull request #14 from punktDe/task/debian-support

Debian support
punktDe · Jan 11, 2024 · 24b08e1 · 24b08e1
2 parents d4b5c22 + 647e625
commit 24b08e1
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 7 deletions.
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,21 +1,22 @@
 system:
   root_group: >-
-    {%- if ansible_system == 'Linux' and ansible_distribution == 'Ubuntu' -%}
+    {%- if ansible_os_family == 'Debian' -%}
       root
     {%- else -%}
       wheel
     {%- endif -%}
   features:
+    sshd: no
     proserver_fact: no
     hostname: yes
     timezone: yes
     netplan: "{{ ansible_distribution == 'Ubuntu' }}"
     systemd_resolved: no
     ufw: "{{ ansible_distribution == 'Ubuntu' }}"
-    sysctl: "{{ ansible_distribution == 'Ubuntu' }}"
+    sysctl: "{{ ansible_system == 'Linux' }}"
     hosts: yes
     environment: yes
-    apt: "{{ ansible_distribution == 'Ubuntu' }}"
+    apt: "{{ ansible_os_family == 'Debian' }}"
     proserver_user: no
     postfix: no
     users: yes

diff --git a/tasks/apt.yaml b/tasks/apt.yaml
@@ -1,4 +1,4 @@
-- name: Install GPG on Ubuntu
+- name: Install GPG on Ubuntu/Debian
   ansible.builtin.package:
     name: gpg
 

diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -1,3 +1,9 @@
+- name: Check the path of the bash executable
+  changed_when: no
+  register: which_bash
+  ansible.builtin.command:
+    cmd: which bash
+
 - ansible.builtin.include_tasks: proserver_fact.yaml
   when: system.features.proserver_fact
 
@@ -45,3 +51,6 @@
 
 - ansible.builtin.include_tasks: motd.yaml
   when: system.features.motd
+
+- ansible.builtin.include_tasks: sshd.yaml
+  when: system.features.sshd
diff --git a/tasks/postfix.yaml b/tasks/postfix.yaml
@@ -72,7 +72,7 @@
             line: "{{ item.key }} {{ item.value }}"
 
 - name: Install Postfix
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_os_family == 'Debian'
   ansible.builtin.package:
     name: postfix
 

diff --git a/tasks/proserver_user.yaml b/tasks/proserver_user.yaml
@@ -1,5 +1,6 @@
+---
 - name: Create proserver user
   ansible.builtin.user:
     name: proserver
     home: /var/www
-    shell: /bin/bash
+    shell: "{{ which_bash.stdout }}"
diff --git a/tasks/sshd.yaml b/tasks/sshd.yaml
@@ -0,0 +1,28 @@
+- name: Make sure that the custom sshd configuration is included
+  notify:
+    - Restart sshd
+  ansible.builtin.lineinfile:
+    validate: "sshd -T -f %s"
+    path: /etc/ssh/sshd_config
+    line: "Include /etc/ssh/sshd_config.d/*"
+    insertbefore: "BOF"
+
+- name: Create the config folder
+  ansible.builtin.file:
+    path: /etc/ssh/sshd_config.d
+    state: directory
+    owner: root
+    mode: "0755"
+
+- name: Template the sshd configuration
+  notify:
+    - Restart sshd
+  ansible.builtin.copy:
+    validate: "sshd -T -f %s"
+    dest: /etc/ssh/sshd_config.d/00-ansible.conf
+    content: |
+      {% for option, value in system.sshd.config.iteritems() %}
+        {{ option }} {{ value }}
+      {% endfor %}
+    owner: root
+    mode: "0644"
diff --git a/tasks/sudoers.yaml b/tasks/sudoers.yaml
@@ -1,3 +1,15 @@
+- name: Make sure that sudo is installed
+  when: ansible_os_family == "Debian"
+  ansible.builtin.package:
+    name: sudo
+
+- name: Create sudoers.d folder
+  ansible.builtin.file:
+    mode: "0755"
+    path: "{{ system.prefix.sudoers }}/sudoers.d"
+    owner: root
+    state: directory
+
 - name: Configure sudoers
   vars:
     dest: "{{ system.prefix.sudoers }}/sudoers.d/{{ item.key }}"

diff --git a/tasks/users.yaml b/tasks/users.yaml
@@ -72,7 +72,7 @@
       list
       }}
     append: yes
-    shell: "{{ item.value.shell | default('/bin/bash', true) }}"
+    shell: "{{ item.value.shell | default(which_bash.stdout, true) }}"
   loop: "{{ system.users | dict2items | list }}"
   loop_control:
     label: "{{ item.key }}"