add option to remove motd from pam stack

2019-06-15 15:27:03 +02:00 · 2019-06-15 15:27:03 +02:00 · bedf637c4e
commit bedf637c4e
parent 8026d71e2a
6 changed files with 166 additions and 36 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@ -0,0 +1,69 @@
+local AnsibleVersions(version="latest", package="ansible") = {
+    name: "ansible-" + version,
+    image: "python:3.7",
+    pull: "always",
+    environment: {
+      PY_COLORS: 1
+    },
+    commands: [
+      "pip install " + package + " ansible-later~=0.2.0 -qq",
+      "git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy",
+      "ansible-later -c ~/policy/config.yml"
+    ],
+    depends_on: [
+      "clone",
+    ],
+};
+
+local PipelineLinting = {
+  kind: "pipeline",
+  name: "linting",
+  platform: {
+    os: "linux",
+    arch: "amd64",
+  },
+  steps: [
+    AnsibleVersions(version="latest", package="ansible"),
+    AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"),
+  ],
+  trigger: {
+    ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
+  },
+};
+
+local PipelineNotifications = {
+  kind: "pipeline",
+  name: "notifications",
+  platform: {
+    os: "linux",
+    arch: "amd64",
+  },
+  clone: {
+    disable: true,
+  },
+  steps: [
+    {
+      name: "matrix",
+      image: "plugins/matrix",
+      settings: {
+        homeserver: "https://matrix.rknet.org",
+        roomid: "MtidqQXWWAtQcByBhH:rknet.org",
+        template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
+        username: { "from_secret": "matrix_username" },
+        password: { "from_secret": "matrix_password" },
+      },
+    },
+  ],
+  depends_on: [
+    "linting",
+  ],
+  trigger: {
+    status: [ "success", "failure" ],
+    ref: ["refs/heads/master", "refs/tags/**"],
+  },
+};
+
+[
+  PipelineLinting,
+  PipelineNotifications,
+]
--- a/.drone.yml
+++ b/.drone.yml
@ -1,42 +1,78 @@
 ---
 kind: pipeline
-name: default
+name: linting
+
+platform:
+  os: linux
+  arch: amd64

 steps:
 - name: ansible-latest
-    image: python:2.7
  pull: always
+  image: python:3.7
  commands:
-      - pip install ansible ansible-later -q
+  - pip install ansible ansible-later~=0.2.0 -qq
  - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
-      - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
+  - ansible-later -c ~/policy/config.yml
+  environment:
+    PY_COLORS: 1
  depends_on:
  - clone

 - name: ansible-master
-    image: python:2.7
  pull: always
+  image: python:3.7
  commands:
-      - pip install ansible ansible-later -q
+  - "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq"
  - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
-      - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
+  - ansible-later -c ~/policy/config.yml
+  environment:
+    PY_COLORS: 1
  depends_on:
  - clone

-  - name: notify
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+  - "refs/pull/**"
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: amd64
+
+clone:
+  disable: true
+
+steps:
+- name: matrix
  image: plugins/matrix
  settings:
    homeserver: https://matrix.rknet.org
+    password:
+      from_secret: matrix_password
    roomid: MtidqQXWWAtQcByBhH:rknet.org
    template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
    username:
      from_secret: matrix_username
-      password:
-        from_secret: matrix_password
-    depends_on:
-      - ansible-latest
-      - ansible-master
-    when:
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
  status:
  - success
  - failure
+
+depends_on:
+- linting
+
+---
+kind: signature
+hmac: f0dacf2b7fedb9f3338bb76008ea0b02f0a71f0beed26f03e8f1224d14a22e49
+
+...
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,11 @@
 # ---> Ansible
 *.retry
+filter/plugins/
+library
+
+# ---> Python
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,6 +5,8 @@ pve_tls_enabled: False
 pve_tls_cert_source: mycert.pem
 pve_tls_key_source: mykey.pem

+pve_pamd_motd_enabled: True
+
 pve_nginx_vhost_enabled: False
 pve_server_name: pve.example.com
 pve_server_ip: 127.0.0.1
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,4 +1,5 @@
 ---
+- import_tasks: pam.yml
 - import_tasks: auth.yml
 - import_tasks: tls.yml
  when: pve_tls_enabled
--- a/tasks/pam.yml
+++ b/tasks/pam.yml
@ -0,0 +1,14 @@
+---
+- name: Remove motd from oam stack
+  pamd:
+    name: "{{ item.name }}"
+    type: "{{ item.type }}"
+    control: "{{ item.control }}"
+    module_path: "{{ item.path }}"
+    state: absent
+  loop:
+    - { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
+    - { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
+  become: True
+  become_user: root
+  when: not pve_pamd_motd_enabled | bool