- name: enable pam_mkhomedir.so and pam_exec.so lineinfile: dest: /etc/pam.d/common-session line: "{{ item }}" insertbefore: "# end of pam-auth-update config" loop: - "session optional pam_mkhomedir.so umask=0022" - "session optional pam_exec.so /usr/local/sbin/mkDownloads" - name: deploy mkDownloads script copy: src: mkDownloads dest: /usr/local/sbin/mkDownloads mode: 0755 # https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh - name: only allow sftp for most users blockinfile: dest: /etc/ssh/sshd_config.d/local.conf create: true block: | Match User !L_*,!ansible,* PermitTTY no X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no ForceCommand internal-sftp - name: deploy archive home script copy: src: archive-homes dest: /usr/local/sbin/archive-homes mode: 0750 - name: deploy archive home script service and timer copy: src: "{{ item }}" dest: /etc/systemd/system/{{ item }} mode: 0655 loop: - archive-homes.service - archive-homes.timer notify: enable archive-homes.timer - name: deploy examode helper copy: src: examode.py dest: /usr/local/bin/examode.py mode: 0755 - name: deploy exam scripts copy: src: "{{ item }}" dest: "/usr/local/bin/{{ item }}" mode: 0755 loop: - copy2students - fetchexam