add option to remove motd from pam stack
This commit is contained in:
parent
8026d71e2a
commit
bedf637c4e
69
.drone.jsonnet
Normal file
69
.drone.jsonnet
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
local AnsibleVersions(version="latest", package="ansible") = {
|
||||||
|
name: "ansible-" + version,
|
||||||
|
image: "python:3.7",
|
||||||
|
pull: "always",
|
||||||
|
environment: {
|
||||||
|
PY_COLORS: 1
|
||||||
|
},
|
||||||
|
commands: [
|
||||||
|
"pip install " + package + " ansible-later~=0.2.0 -qq",
|
||||||
|
"git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy",
|
||||||
|
"ansible-later -c ~/policy/config.yml"
|
||||||
|
],
|
||||||
|
depends_on: [
|
||||||
|
"clone",
|
||||||
|
],
|
||||||
|
};
|
||||||
|
|
||||||
|
local PipelineLinting = {
|
||||||
|
kind: "pipeline",
|
||||||
|
name: "linting",
|
||||||
|
platform: {
|
||||||
|
os: "linux",
|
||||||
|
arch: "amd64",
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
AnsibleVersions(version="latest", package="ansible"),
|
||||||
|
AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"),
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
local PipelineNotifications = {
|
||||||
|
kind: "pipeline",
|
||||||
|
name: "notifications",
|
||||||
|
platform: {
|
||||||
|
os: "linux",
|
||||||
|
arch: "amd64",
|
||||||
|
},
|
||||||
|
clone: {
|
||||||
|
disable: true,
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
{
|
||||||
|
name: "matrix",
|
||||||
|
image: "plugins/matrix",
|
||||||
|
settings: {
|
||||||
|
homeserver: "https://matrix.rknet.org",
|
||||||
|
roomid: "MtidqQXWWAtQcByBhH:rknet.org",
|
||||||
|
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
|
||||||
|
username: { "from_secret": "matrix_username" },
|
||||||
|
password: { "from_secret": "matrix_password" },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
depends_on: [
|
||||||
|
"linting",
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
status: [ "success", "failure" ],
|
||||||
|
ref: ["refs/heads/master", "refs/tags/**"],
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
[
|
||||||
|
PipelineLinting,
|
||||||
|
PipelineNotifications,
|
||||||
|
]
|
64
.drone.yml
64
.drone.yml
@ -1,42 +1,78 @@
|
|||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: default
|
name: linting
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: ansible-latest
|
- name: ansible-latest
|
||||||
image: python:2.7
|
|
||||||
pull: always
|
pull: always
|
||||||
|
image: python:3.7
|
||||||
commands:
|
commands:
|
||||||
- pip install ansible ansible-later -q
|
- pip install ansible ansible-later~=0.2.0 -qq
|
||||||
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
|
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
|
||||||
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
|
- ansible-later -c ~/policy/config.yml
|
||||||
|
environment:
|
||||||
|
PY_COLORS: 1
|
||||||
depends_on:
|
depends_on:
|
||||||
- clone
|
- clone
|
||||||
|
|
||||||
- name: ansible-master
|
- name: ansible-master
|
||||||
image: python:2.7
|
|
||||||
pull: always
|
pull: always
|
||||||
|
image: python:3.7
|
||||||
commands:
|
commands:
|
||||||
- pip install ansible ansible-later -q
|
- "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq"
|
||||||
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
|
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
|
||||||
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
|
- ansible-later -c ~/policy/config.yml
|
||||||
|
environment:
|
||||||
|
PY_COLORS: 1
|
||||||
depends_on:
|
depends_on:
|
||||||
- clone
|
- clone
|
||||||
|
|
||||||
- name: notify
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/master
|
||||||
|
- "refs/tags/**"
|
||||||
|
- "refs/pull/**"
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: notifications
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: matrix
|
||||||
image: plugins/matrix
|
image: plugins/matrix
|
||||||
settings:
|
settings:
|
||||||
homeserver: https://matrix.rknet.org
|
homeserver: https://matrix.rknet.org
|
||||||
|
password:
|
||||||
|
from_secret: matrix_password
|
||||||
roomid: MtidqQXWWAtQcByBhH:rknet.org
|
roomid: MtidqQXWWAtQcByBhH:rknet.org
|
||||||
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
|
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
|
||||||
username:
|
username:
|
||||||
from_secret: matrix_username
|
from_secret: matrix_username
|
||||||
password:
|
|
||||||
from_secret: matrix_password
|
trigger:
|
||||||
depends_on:
|
ref:
|
||||||
- ansible-latest
|
- refs/heads/master
|
||||||
- ansible-master
|
- "refs/tags/**"
|
||||||
when:
|
|
||||||
status:
|
status:
|
||||||
- success
|
- success
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linting
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: signature
|
||||||
|
hmac: f0dacf2b7fedb9f3338bb76008ea0b02f0a71f0beed26f03e8f1224d14a22e49
|
||||||
|
|
||||||
|
...
|
||||||
|
8
.gitignore
vendored
8
.gitignore
vendored
@ -1,3 +1,11 @@
|
|||||||
# ---> Ansible
|
# ---> Ansible
|
||||||
*.retry
|
*.retry
|
||||||
|
filter/plugins/
|
||||||
|
library
|
||||||
|
|
||||||
|
# ---> Python
|
||||||
|
# Byte-compiled / optimized / DLL files
|
||||||
|
__pycache__/
|
||||||
|
*.py[cod]
|
||||||
|
*$py.class
|
||||||
|
|
||||||
|
@ -5,6 +5,8 @@ pve_tls_enabled: False
|
|||||||
pve_tls_cert_source: mycert.pem
|
pve_tls_cert_source: mycert.pem
|
||||||
pve_tls_key_source: mykey.pem
|
pve_tls_key_source: mykey.pem
|
||||||
|
|
||||||
|
pve_pamd_motd_enabled: True
|
||||||
|
|
||||||
pve_nginx_vhost_enabled: False
|
pve_nginx_vhost_enabled: False
|
||||||
pve_server_name: pve.example.com
|
pve_server_name: pve.example.com
|
||||||
pve_server_ip: 127.0.0.1
|
pve_server_ip: 127.0.0.1
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
- import_tasks: pam.yml
|
||||||
- import_tasks: auth.yml
|
- import_tasks: auth.yml
|
||||||
- import_tasks: tls.yml
|
- import_tasks: tls.yml
|
||||||
when: pve_tls_enabled
|
when: pve_tls_enabled
|
||||||
|
14
tasks/pam.yml
Normal file
14
tasks/pam.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Remove motd from oam stack
|
||||||
|
pamd:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
type: "{{ item.type }}"
|
||||||
|
control: "{{ item.control }}"
|
||||||
|
module_path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
|
||||||
|
- { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
|
when: not pve_pamd_motd_enabled | bool
|
Loading…
Reference in New Issue
Block a user