fix(linter): be compliant with ansible-linter

.ansible-lint

@@ -1,3 +1,4 @@
 ---
 
-skip_list: []
+exclude_paths:
+- .gitea/

.drone.yml

@@ -1,42 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: linter
-
-platform:
-  os: linux
-
-steps:
-- name: markdown lint
-  commands:
-  - markdownlint *.md
-  image: docker.io/volkerraschek/markdownlint:0.39.0
-  resources:
-    limits:
-      cpu: 50
-      memory: 50M
-
-- name: email-notification
-  environment:
-    PLUGIN_HOST:
-      from_secret: smtp_host
-    PLUGIN_USERNAME:
-      from_secret: smtp_username
-    PLUGIN_PASSWORD:
-      from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag

.gitea/workflows/ansible-linters.yaml

@@ -0,0 +1,20 @@
+name: Ansible Linter
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  ansible-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Run ansible-lint
+      uses: ansible/ansible-lint@v25.7.0
+      with:
+        args: "--config-file .ansible-lint"
+        setup_python: "true"

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,18 @@
+name: Lint Markdown files
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  markdown-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4.2.2
+    - uses: DavidAnson/markdownlint-cli2-action@v20.0.0
+      with:
+        globs: '**/*.md'

.gitignore

@@ -0,0 +1 @@
+.ansible

.markdownlint.yaml

@@ -45,19 +45,17 @@ MD012:
 # MD013/line-length - Line length
 MD013:
   # Number of characters
-  line_length: 80
+  line_length: 120
   # Number of characters for headings
-  heading_line_length: 80
+  heading_line_length: 120
   # Number of characters for code blocks
-  code_block_line_length: 80
+  code_block_line_length: 120
   # Include code blocks
   code_blocks: false
   # Include tables
   tables: false
   # Include headings
   headings: true
-  # Include headings
-  headers: true
   # Strict length checking
   strict: false
   # Stern length checking
@@ -70,11 +68,6 @@ MD022:
   # Blank lines below heading
   lines_below: 1
 
-# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
-MD024:
-  # Only check sibling headings
-  allow_different_nesting: true
-
 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
   # Heading level
@@ -128,7 +121,8 @@ MD041:
 # MD044/proper-names - Proper names should have the correct capitalization
 MD044:
   # List of proper names
-  names: []
+  names:
+  - gitea
   # Include code blocks
   code_blocks: false
 
@@ -140,4 +134,4 @@ MD046:
 # MD048/code-fence-style - Code fence style
 MD048:
   # Code fence syle
-  style: "backtick"
+  style: "backtick"

.yamllint.yaml

@@ -0,0 +1,19 @@
+---
+
+#
+# Documentation:
+# https://yamllint.readthedocs.io/en/stable/
+#
+
+rules:
+  brackets:
+    forbid: false
+    min-spaces-inside: 0
+    max-spaces-inside: 2
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  indentation:
+    spaces: 2
+    indent-sequences: false
+  line-length:
+    max: 360

README.md

@@ -1,23 +1,183 @@
-# unix_users
+# volker-raschek.unix-users
 
-[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/unix_users-role/status.svg)](https://drone.cryptic.systems/volker.raschek/unix_users-role)
+![Ansible Role](https://img.shields.io/ansible/role/d/volker-raschek/unix-users)
-[![Ansible Role](https://img.shields.io/ansible/role/d/59132)](https://galaxy.ansible.com/volker_raschek/unix_users)
 
-With following role can be unix users and groups configured.
+The ansible role `volker-raschek.unix-users` create and manage users on Linux based distributions. For example for Arch
+Linux, Fedora and Ubuntu. Furthermore, the role can also be used to create groups, `~/.forward`, `~/.netrc` and to
+manage the `~/.ssh` directory.
 
-## Supported distributions
+## Examples
 
-- Arch Linux
+### User and group
-- Ubuntu 20.04
 
-## Features
+The following example create the user `toor` and group `toor`. Booth with a specific id.
 
-- Setting up unix users and groups
+```yaml
-- Setting up private and public ssh keys
+unix_groups:
-- Setting up private and public gpg keys
+  toor:
-- Setting up .forward file for postfix
+    gid: "1001"
+    state: present
 
-## Configuring
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
 
-In the default directory are examples how to configure the role. Copy the
+### Btrfs home dir
-defaults into your `host_vars` or `group_vars` and adapt the examples.
+
+Optionally, the home directory of a user can also be created as dedicated btrfs subvolume. This make it possible to
+create snapshots of the home directory, for example via `btrbk`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    btrfs: true
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .netrc
+
+The ansible role supports the creation and management of the `.netrc` file in a user's home directory. The `.netrc` file
+for the user `toor` is created below. This contains entries for GitHub.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    netrc:
+    - machine: github.com
+      login: octocat
+      password: pat_12345
+    - machine: api.github.com
+      login: octocat
+      password: pat_12345
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .ssh
+
+The SSH client directory `~/.ssh` can also be managed via the Ansible role. This supports the creation and management of
+`~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys.
+
+The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob`
+establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited.
+
+The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically
+extracted from the private key.
+
+The public keys `claire@claire-pc.pub` as well as `bob@bob-pc.pub` must be stored in `ssh/authorized_keys`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    ssh:
+      config:
+      - Host: "*"
+        StrictHostKeyChecking: "no"
+        UserKnownHostFile: /dev/null
+      authorized_keys:
+      - filename: claire@claire-pc.pub
+      - command: /usr/local/bin/upload-file.sh
+        filename: bob@bob-pc.pub
+      private_keys:
+      - toor@toor-pc.ed25519.key
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .forward
+
+If on the system is postfix installed, postfix will respect the `~/.forward`
+[file](https://www.postfix.org/local.8.html). This allows to forward local emails to external email addresses. The
+following example create the `~/.forward` file for `toor` to forward emails to `toor@company.example.local`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    email: toor@company.example.local
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### shell_rc files
+
+The role also supports the creation of bashrc drop-in files. These are created in `~/.bashrc.d` and included by
+`~/.bashrc` via `source`.
+
+Program-related configurations can be made via a drop-in file. For example, the configuration of the bash history via
+the environment variables `HISTCONTROL` or `HISTFILE`. In addition to environment variables, aliases and complete
+functions can also be defined.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    email: toor@company.example.local
+    shell: /bin/bash
+    shell_rc_files:
+    - file: "/home/toor/.bashrc.d/10-docker.bashrc" # absolute or relative path to home dir
+      aliases:
+      - key: "dcd"
+        value: "docker-compose down"
+      envs:
+      - export: true
+        key: "PATH"
+        value: "/home/toor/workspace/docker-compose/bin:${PATH}" # Add local compiled docker-compose into $PATH
+      functions:
+      - name: "foo"
+        value: |
+          if ! which docker 1> /dev/null; then
+            echo "ERROR: docker not found" 1>&2
+            exit 1
+          fi
+    password: toor
+    group: toor
+```
+
+## Further ansible roles
+
+This ansible role is used in combination with other ansible roles of `volker-raschek`. You can search for the other
+ansible roles via the following command.
+
+```bash
+$ ansible-galaxy role search --author "volker-raschek"
+
+Found roles matching your search:
+
+ Name                      Description
+ ----                      -----------
+ volker-raschek.bind9      Role to install and configure bind9 on different distributions
+ volker-raschek.dhcpd      Role to install and configure dhcpd on different distributions
+ volker-raschek.renovate   Role to configure renovate as container image
+ ...
+```

defaults/default.yml

@@ -19,11 +19,16 @@ unix_users: {}
 #         StrictHostKeyChecking: "no"
 #         UserKnownHostFile: /dev/null
 #       authorized_keys:
-#       - alice@alice-pc.pub
+#       - filename: alice@alice-pc.pub
+#         # command: "" # optional
 #       private_keys:
 #       - alice@alice-pc.ed25519.key
 #     home: /home/alice
 #     btrfs: false
+#     netrc:
+#     - machine: hostame.local
+#       login: username
+#       password: password
 #     shell: /bin/bash
 #     shell_rc_files:
 #     - file: "/home/alice/.bashrc.d/docker.bashrc" # absolute or relative path to home dir

meta/main.yml

@@ -1,5 +1,6 @@
 galaxy_info:
-  role_name: "unix-users"
+  namespace: volker_raschek
+  role_name: "unix_users"
   author: "Markus Pesch"
   description: "Role to create and configure unix users and groups"
   company: "Cryptic Systems"

renovate.json

@@ -1,17 +1,9 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [ "volker.raschek" ],
+  "extends": [
-  "automergeStrategy": "merge-commit",
+    "local>volker.raschek/renovate-config:default#master",
-  "automergeType": "pr",
+    "local>volker.raschek/renovate-config:container#master",
-  "labels": [ "renovate" ],
+    "local>volker.raschek/renovate-config:actions#master",
-  "packageRules": [
+    "local>volker.raschek/renovate-config:regexp#master"
-    {
+  ]
-      "addLabels": [ "renovate/droneci", "renovate/automerge" ],
+}
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    }
-  ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch"
-}

tasks/create_unix_user.yml

@@ -195,3 +195,12 @@
   - "{{ unix_user.value.shell_rc_files }}"
   loop_control:
     loop_var: shell_rc_file
+
+- name: "Create .netrc file"
+  when: unix_user.value.netrc is defined and unix_user.value.netrc | length > 0
+  ansible.builtin.template:
+    src: netrc.j2
+    dest: "{{ user_user_home }}/.netrc"
+    owner: "{{ unix_user.key }}"
+    group: "{{ unix_user.value.group | default('users') }}"
+    mode: "0600"

templates/authorized_keys.j2

@@ -2,6 +2,10 @@
 #
 # {{ ansible_managed }}
 #
-{% for key in unix_user.value.ssh.authorized_keys %}
+{% for authorized_key in unix_user.value.ssh.authorized_keys %}
-{{ lookup('file', 'ssh/authorized_keys/' + key) }}
+{% if authorized_key.command is defined and authorized_key.command | length > 0 %}
+command="{{ authorized_key.command }}" {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% else %}
+{{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% endif %}
 {% endfor %}

templates/netrc.j2

@@ -0,0 +1,3 @@
+{% for netrc in unix_user.value.netrc %}
+machine {{ netrc.maschine }} login {{ netrc.login }} password {{ netrc.password }}
+{% endfor %}