diff --git a/.drone.jsonnet b/.drone.jsonnet
new file mode 100644
index 0000000..fcf5597
--- /dev/null
+++ b/.drone.jsonnet
@@ -0,0 +1,69 @@
+local AnsibleVersions(version="latest", package="ansible") = {
+ name: "ansible-" + version,
+ image: "python:3.7",
+ pull: "always",
+ environment: {
+ PY_COLORS: 1
+ },
+ commands: [
+ "pip install " + package + " ansible-later~=0.2.0 -qq",
+ "git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy",
+ "ansible-later -c ~/policy/config.yml"
+ ],
+ depends_on: [
+ "clone",
+ ],
+};
+
+local PipelineLinting = {
+ kind: "pipeline",
+ name: "linting",
+ platform: {
+ os: "linux",
+ arch: "amd64",
+ },
+ steps: [
+ AnsibleVersions(version="latest", package="ansible"),
+ AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"),
+ ],
+ trigger: {
+ ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
+ },
+};
+
+local PipelineNotifications = {
+ kind: "pipeline",
+ name: "notifications",
+ platform: {
+ os: "linux",
+ arch: "amd64",
+ },
+ clone: {
+ disable: true,
+ },
+ steps: [
+ {
+ name: "matrix",
+ image: "plugins/matrix",
+ settings: {
+ homeserver: "https://matrix.rknet.org",
+ roomid: "MtidqQXWWAtQcByBhH:rknet.org",
+ template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}",
+ username: { "from_secret": "matrix_username" },
+ password: { "from_secret": "matrix_password" },
+ },
+ },
+ ],
+ depends_on: [
+ "linting",
+ ],
+ trigger: {
+ status: [ "success", "failure" ],
+ ref: ["refs/heads/master", "refs/tags/**"],
+ },
+};
+
+[
+ PipelineLinting,
+ PipelineNotifications,
+]
diff --git a/.drone.yml b/.drone.yml
index 53d816a..2da2b22 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,42 +1,78 @@
---
kind: pipeline
-name: default
+name: linting
+
+platform:
+ os: linux
+ arch: amd64
steps:
- - name: ansible-latest
- image: python:2.7
- pull: always
- commands:
- - pip install ansible ansible-later -q
- - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
- depends_on:
- - clone
+- name: ansible-latest
+ pull: always
+ image: python:3.7
+ commands:
+ - pip install ansible ansible-later~=0.2.0 -qq
+ - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
+ - ansible-later -c ~/policy/config.yml
+ environment:
+ PY_COLORS: 1
+ depends_on:
+ - clone
- - name: ansible-master
- image: python:2.7
- pull: always
- commands:
- - pip install ansible ansible-later -q
- - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
- depends_on:
- - clone
+- name: ansible-master
+ pull: always
+ image: python:3.7
+ commands:
+ - "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq"
+ - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
+ - ansible-later -c ~/policy/config.yml
+ environment:
+ PY_COLORS: 1
+ depends_on:
+ - clone
- - name: notify
- image: plugins/matrix
- settings:
- homeserver: https://matrix.rknet.org
- roomid: MtidqQXWWAtQcByBhH:rknet.org
- template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}"
- username:
- from_secret: matrix_username
- password:
- from_secret: matrix_password
- depends_on:
- - ansible-latest
- - ansible-master
- when:
- status:
- - success
- - failure
+trigger:
+ ref:
+ - refs/heads/master
+ - "refs/tags/**"
+ - "refs/pull/**"
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+ os: linux
+ arch: amd64
+
+clone:
+ disable: true
+
+steps:
+- name: matrix
+ image: plugins/matrix
+ settings:
+ homeserver: https://matrix.rknet.org
+ password:
+ from_secret: matrix_password
+ roomid: MtidqQXWWAtQcByBhH:rknet.org
+ template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}"
+ username:
+ from_secret: matrix_username
+
+trigger:
+ ref:
+ - refs/heads/master
+ - "refs/tags/**"
+ status:
+ - success
+ - failure
+
+depends_on:
+- linting
+
+---
+kind: signature
+hmac: f0dacf2b7fedb9f3338bb76008ea0b02f0a71f0beed26f03e8f1224d14a22e49
+
+...
diff --git a/.gitignore b/.gitignore
index 5c199eb..5becda8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,11 @@
# ---> Ansible
*.retry
+filter/plugins/
+library
+
+# ---> Python
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
diff --git a/defaults/main.yml b/defaults/main.yml
index ed340ad..de9576b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,6 +5,8 @@ pve_tls_enabled: False
pve_tls_cert_source: mycert.pem
pve_tls_key_source: mykey.pem
+pve_pamd_motd_enabled: True
+
pve_nginx_vhost_enabled: False
pve_server_name: pve.example.com
pve_server_ip: 127.0.0.1
diff --git a/tasks/main.yml b/tasks/main.yml
index 43a358a..4df0336 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,5 @@
---
+- import_tasks: pam.yml
- import_tasks: auth.yml
- import_tasks: tls.yml
when: pve_tls_enabled
diff --git a/tasks/pam.yml b/tasks/pam.yml
new file mode 100644
index 0000000..ea8dcaf
--- /dev/null
+++ b/tasks/pam.yml
@@ -0,0 +1,14 @@
+---
+- name: Remove motd from oam stack
+ pamd:
+ name: "{{ item.name }}"
+ type: "{{ item.type }}"
+ control: "{{ item.control }}"
+ module_path: "{{ item.path }}"
+ state: absent
+ loop:
+ - { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
+ - { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
+ become: True
+ become_user: root
+ when: not pve_pamd_motd_enabled | bool