motd.yml (4748B)
1 --- 2 # __ .___ 3 # _____ _____/ |_ __| _/ 4 # / \ / _ \ __/ __ | 5 # | Y Y ( <_> | |/ /_/ | 6 # |__|_| /\____/|__|\____ | 7 # \/ \/ 8 # 9 # author ▓▒ pyratebeard 10 # code ▓▒ https://git.pyratebeard.net/playbooks 11 12 - hosts: tildeservers,tildedevices,pigspleen 13 gather_facts: false 14 tasks: 15 - block: 16 - wait_for_connection: 17 timeout: 5 18 - group_by: 19 key: "reachable" 20 changed_when: false 21 tags: always 22 check_mode: false 23 rescue: 24 - debug: 25 msg: "unable to connect to {{ inventory_hostname }}" 26 27 # deploy issue and hostname banners 28 - hosts: reachable 29 become: true 30 gather_facts: true 31 vars: 32 sudo_group: 'wheel' 33 ssh_service: 'sshd' 34 tasks: 35 - name: "setup block" 36 block: 37 - name: check for sudo group 38 ansible.builtin.group: 39 name: 'sudo' 40 check_mode: true 41 register: sudo_grp_chk 42 43 - name: change to sudo group 44 ansible.builtin.set_fact: 45 sudo_group: 'sudo' 46 when: sudo_grp_chk.changed == false 47 48 - name: change ssh service name 49 ansible.builtin.set_fact: 50 ssh_service: 'ssh' 51 when: ansible_facts['distribution'] == "Devuan" 52 tags: always 53 54 - name: disable banner in sshd_config 55 ansible.builtin.lineinfile: 56 path: '/etc/ssh/sshd_config' 57 regexp: '^Banner' 58 line: '#Banner /etc/issue.net' 59 notify: reload sshd 60 tags: disable_banner 61 62 - name: deploy motd 63 ansible.builtin.template: 64 src: 'motd.j2' 65 dest: '/etc/motd' 66 mode: 0644 67 tags: motd 68 69 - name: set motd in sshd_config 70 ansible.builtin.lineinfile: 71 path: '/etc/ssh/sshd_config' 72 regexp: 'PrintMotd' 73 line: 'PrintMotd yes' 74 notify: reload sshd 75 tags: motd 76 77 - name: create profile.d dir 78 ansible.builtin.file: 79 path: '/etc/profile.d/' 80 state: directory 81 owner: root 82 group: "{{ sudo_group }}" 83 mode: 0755 84 tags: script 85 86 - name: deploy profile script 87 ansible.builtin.template: 88 src: 'templates/profile-pyratenet.sh.j2' 89 dest: '/etc/profile.d/profile-pyratenet.sh' 90 owner: root 91 group: "{{ sudo_group }}" 92 mode: 0755 93 tags: script 94 95 - name: add sourcing of /etc/profile to /etc/zsh/zprofile 96 ansible.builtin.lineinfile: 97 path: "/etc/zsh/zprofile" 98 line: "emulate sh -c 'source /etc/profile'" 99 create: true 100 when: not ansible_distribution == "OpenBSD" 101 tags: script 102 103 - name: add /etc/profile 104 ansible.builtin.lineinfile: 105 path: "/etc/profile" 106 line: ". /etc/profile.d/profile-pyratenet.sh" 107 create: true 108 when: ansible_distribution == "OpenBSD" 109 tags: script 110 111 - name: disable lastlog in sshd_config 112 ansible.builtin.lineinfile: 113 path: '/etc/ssh/sshd_config' 114 regexp: 'PrintLastLog' 115 line: 'PrintLastLog no' 116 notify: reload sshd 117 tags: script 118 119 - name: remove motd from pam.d 120 ansible.builtin.lineinfile: 121 path: '/etc/pam.d/{{ item }}' 122 regexp: 'session.*optional.*pam_motd.so.*' 123 state: absent 124 loop: 125 - login 126 - sshd 127 - system-login 128 tags: motd 129 130 - name: replace motd in pam.d 131 ansible.builtin.lineinfile: 132 path: '/etc/pam.d/{{ item }}' 133 line: 'session optional pam_motd.so motd=/run/motd.dynamic' 134 insertafter: "# and a static (admin-editable) part from /etc/motd." 135 state: present 136 loop: 137 - login 138 - sshd 139 tags: 140 - never 141 - pamd 142 143 - name: replace motd in pam.d 144 ansible.builtin.lineinfile: 145 path: '/etc/pam.d/{{ item }}' 146 line: "session optional pam_motd.so noupdate" 147 insertafter: "session optional pam_motd.so motd=/run/motd.dynamic" 148 state: present 149 loop: 150 - login 151 - sshd 152 tags: 153 - never 154 - pamd 155 156 - name: replace motd in pam.d 157 ansible.builtin.lineinfile: 158 path: '/etc/pam.d/system-login' 159 line: "session optional pam_motd.so motd=/run/motd.dynamic" 160 state: present 161 tags: 162 - never 163 - pamd 164 165 - name: replace motd in pam.d 166 ansible.builtin.lineinfile: 167 path: '/etc/pam.d/system-login' 168 line: "session optional pam_motd.so noupdate" 169 insertafter: "session optional pam_motd.so motd=/run/motd.dynamic" 170 state: present 171 tags: 172 - never 173 - pamd 174 175 handlers: 176 - name: reload sshd 177 ansible.builtin.service: 178 name: "{{ ssh_service }}" 179 state: reloaded