49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
- name: enable pam_mkhomedir.so and pam_exec.so
|
|
lineinfile:
|
|
dest: /etc/pam.d/common-session
|
|
line: "{{ item }}"
|
|
insertbefore: "# end of pam-auth-update config"
|
|
loop:
|
|
- "session optional pam_mkhomedir.so umask=0022"
|
|
- "session optional pam_exec.so /usr/local/sbin/mkDownloads"
|
|
|
|
- name: deploy mkDownloads script
|
|
copy:
|
|
src: mkDownloads
|
|
dest: /usr/local/sbin/mkDownloads
|
|
mode: 0755
|
|
|
|
# https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh
|
|
- name: only allow sftp for most users
|
|
blockinfile:
|
|
dest: /etc/ssh/sshd_config.d/local.conf
|
|
create: true
|
|
block: |
|
|
Match User !L_*,!ansible,*
|
|
PermitTTY no
|
|
X11Forwarding no
|
|
AllowTcpForwarding no
|
|
AllowAgentForwarding no
|
|
ForceCommand internal-sftp
|
|
|
|
- name: deploy archive home script
|
|
copy:
|
|
src: archive-homes
|
|
dest: /usr/local/sbin/archive-homes
|
|
mode: 0750
|
|
|
|
- name: deploy archive home script service and timer
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /etc/systemd/system/{{ item }}
|
|
mode: 0655
|
|
loop:
|
|
- archive-homes.service
|
|
- archive-homes.timer
|
|
notify: enable archive-homes.timer
|
|
|
|
- name: deploy examode helper
|
|
copy:
|
|
src: examode.py
|
|
dest: /usr/local/bin/examode.py
|
|
mode: 0755
|