refac: use .yaml instead of .yml extension

.ansible-lint

@@ -1,3 +1,4 @@
 ---
 
-skip_list: []
+exclude_paths:
+- .gitea/

.drone.yml

@@ -1,42 +0,0 @@
----
-kind: pipeline
-type: kubernetes
-name: linter
-
-platform:
-  os: linux
-
-steps:
-- name: markdown lint
-  commands:
-  - markdownlint *.md
-  image: docker.io/volkerraschek/markdownlint:0.39.0
-  resources:
-    limits:
-      cpu: 50
-      memory: 50M
-
-- name: email-notification
-  environment:
-    PLUGIN_HOST:
-      from_secret: smtp_host
-    PLUGIN_USERNAME:
-      from_secret: smtp_username
-    PLUGIN_PASSWORD:
-      from_secret: smtp_password
-    PLUGIN_FROM:
-      from_secret: smtp_mail_address
-  image: docker.io/drillster/drone-email:latest
-  resources:
-    limits:
-      cpu: 50
-      memory: 25M
-  when:
-    status:
-    - changed
-    - failure
-
-trigger:
-  event:
-    exclude:
-    - tag

.gitea/workflows/ansible-linters.yaml

@@ -0,0 +1,20 @@
+name: Ansible Linter
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  ansible-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - name: Run ansible-lint
+      uses: ansible/ansible-lint@v25.9.2
+      with:
+        args: "--config-file .ansible-lint"
+        setup_python: "true"

.gitea/workflows/markdown-linters.yaml

@@ -0,0 +1,18 @@
+name: Lint Markdown files
+
+on:
+  pull_request:
+    types: [ "opened", "reopened", "synchronize" ]
+  push:
+    branches: [ '**' ]
+    tags-ignore: [ '**' ]
+
+jobs:
+  markdown-lint:
+    runs-on:
+    - ubuntu-latest
+    steps:
+    - uses: actions/checkout@v5.0.0
+    - uses: DavidAnson/markdownlint-cli2-action@v20.0.0
+      with:
+        globs: '**/*.md'

.gitignore

@@ -0,0 +1 @@
+.ansible

.markdownlint.yaml

@@ -45,19 +45,17 @@ MD012:
 # MD013/line-length - Line length
 MD013:
   # Number of characters
-  line_length: 80
+  line_length: 120
   # Number of characters for headings
-  heading_line_length: 80
+  heading_line_length: 120
   # Number of characters for code blocks
-  code_block_line_length: 80
+  code_block_line_length: 120
   # Include code blocks
   code_blocks: false
   # Include tables
   tables: false
   # Include headings
   headings: true
-  # Include headings
-  headers: true
   # Strict length checking
   strict: false
   # Stern length checking
@@ -70,11 +68,6 @@ MD022:
   # Blank lines below heading
   lines_below: 1
 
-# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
-MD024:
-  # Only check sibling headings
-  allow_different_nesting: true
-
 # MD025/single-title/single-h1 - Multiple top-level headings in the same document
 MD025:
   # Heading level
@@ -128,7 +121,8 @@ MD041:
 # MD044/proper-names - Proper names should have the correct capitalization
 MD044:
   # List of proper names
-  names: []
+  names:
+  - gitea
   # Include code blocks
   code_blocks: false
 

.yamllint.yaml

@@ -0,0 +1,19 @@
+---
+
+#
+# Documentation:
+# https://yamllint.readthedocs.io/en/stable/
+#
+
+rules:
+  brackets:
+    forbid: false
+    min-spaces-inside: 0
+    max-spaces-inside: 2
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  indentation:
+    spaces: 2
+    indent-sequences: false
+  line-length:
+    max: 360

README.md

@@ -1,23 +1,183 @@
-# unix_users
+# volker-raschek.unix-users
 
-[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/unix_users-role/status.svg)](https://drone.cryptic.systems/volker.raschek/unix_users-role)
-[![Ansible Role](https://img.shields.io/ansible/role/d/59132)](https://galaxy.ansible.com/volker_raschek/unix_users)
+![Ansible Role](https://img.shields.io/ansible/role/d/volker-raschek/unix-users)
 
-With following role can be unix users and groups configured.
+The ansible role `volker-raschek.unix-users` create and manage users on Linux based distributions. For example for Arch
+Linux, Fedora and Ubuntu. Furthermore, the role can also be used to create groups, `~/.forward`, `~/.netrc` and to
+manage the `~/.ssh` directory.
 
-## Supported distributions
+## Examples
 
-- Arch Linux
-- Ubuntu 20.04
+### User and group
 
-## Features
+The following example create the user `toor` and group `toor`. Booth with a specific id.
 
-- Setting up unix users and groups
-- Setting up private and public ssh keys
-- Setting up private and public gpg keys
-- Setting up .forward file for postfix
+```yaml
+unix_groups:
+  toor:
+    gid: "1001"
+    state: present
 
-## Configuring
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
 
-In the default directory are examples how to configure the role. Copy the
-defaults into your `host_vars` or `group_vars` and adapt the examples.
+### Btrfs home dir
+
+Optionally, the home directory of a user can also be created as dedicated btrfs subvolume. This make it possible to
+create snapshots of the home directory, for example via `btrbk`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    btrfs: true
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .netrc
+
+The ansible role supports the creation and management of the `.netrc` file in a user's home directory. The `.netrc` file
+for the user `toor` is created below. This contains entries for GitHub.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    netrc:
+    - machine: github.com
+      login: octocat
+      password: pat_12345
+    - machine: api.github.com
+      login: octocat
+      password: pat_12345
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .ssh
+
+The SSH client directory `~/.ssh` can also be managed via the Ansible role. This supports the creation and management of
+`~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys.
+
+The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob`
+establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited.
+
+The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically
+extracted from the private key.
+
+The public keys `claire@claire-pc.pub` as well as `bob@bob-pc.pub` must be stored in `ssh/authorized_keys`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    ssh:
+      config:
+      - Host: "*"
+        StrictHostKeyChecking: "no"
+        UserKnownHostFile: /dev/null
+      authorized_keys:
+      - filename: claire@claire-pc.pub
+      - command: /usr/local/bin/upload-file.sh
+        filename: bob@bob-pc.pub
+      private_keys:
+      - toor@toor-pc.ed25519.key
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### .forward
+
+If on the system is postfix installed, postfix will respect the `~/.forward`
+[file](https://www.postfix.org/local.8.html). This allows to forward local emails to external email addresses. The
+following example create the `~/.forward` file for `toor` to forward emails to `toor@company.example.local`.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    email: toor@company.example.local
+    shell: /bin/bash
+    password: toor
+    group: toor
+```
+
+### shell_rc files
+
+The role also supports the creation of bashrc drop-in files. These are created in `~/.bashrc.d` and included by
+`~/.bashrc` via `source`.
+
+Program-related configurations can be made via a drop-in file. For example, the configuration of the bash history via
+the environment variables `HISTCONTROL` or `HISTFILE`. In addition to environment variables, aliases and complete
+functions can also be defined.
+
+```yaml
+unix_users:
+  toor:
+    state: present
+    name: Toor
+    uid: "1000"
+    home: /home/toor
+    email: toor@company.example.local
+    shell: /bin/bash
+    shell_rc_files:
+    - file: "/home/toor/.bashrc.d/10-docker.bashrc" # absolute or relative path to home dir
+      aliases:
+      - key: "dcd"
+        value: "docker-compose down"
+      envs:
+      - export: true
+        key: "PATH"
+        value: "/home/toor/workspace/docker-compose/bin:${PATH}" # Add local compiled docker-compose into $PATH
+      functions:
+      - name: "foo"
+        value: |
+          if ! which docker 1> /dev/null; then
+            echo "ERROR: docker not found" 1>&2
+            exit 1
+          fi
+    password: toor
+    group: toor
+```
+
+## Further ansible roles
+
+This ansible role is used in combination with other ansible roles of `volker-raschek`. You can search for the other
+ansible roles via the following command.
+
+```bash
+$ ansible-galaxy role search --author "volker-raschek"
+
+Found roles matching your search:
+
+ Name                      Description
+ ----                      -----------
+ volker-raschek.bind9      Role to install and configure bind9 on different distributions
+ volker-raschek.dhcpd      Role to install and configure dhcpd on different distributions
+ volker-raschek.renovate   Role to configure renovate as container image
+ ...
+```

defaults/main.yaml

@@ -19,11 +19,16 @@ unix_users: {}
 #         StrictHostKeyChecking: "no"
 #         UserKnownHostFile: /dev/null
 #       authorized_keys:
-#       - alice@alice-pc.pub
+#       - filename: alice@alice-pc.pub
+#         # command: "" # optional
 #       private_keys:
 #       - alice@alice-pc.ed25519.key
 #     home: /home/alice
 #     btrfs: false
+#     netrc:
+#     - machine: hostame.local
+#       login: username
+#       password: password
 #     shell: /bin/bash
 #     shell_rc_files:
 #     - file: "/home/alice/.bashrc.d/docker.bashrc" # absolute or relative path to home dir

meta/main.yaml

@@ -1,24 +1,27 @@
+dependencies: []
 galaxy_info:
-  role_name: "unix-users"
   author: "Markus Pesch"
-  description: "Role to create and configure unix users and groups"
   company: "Cryptic Systems"
-  license: "MIT"
-  min_ansible_version: "2.9"
-  platforms:
-  - name: ArchLinux
-    versions:
-    - all
-  - name: Ubuntu
-    versions:
-    - all
-  - name: Fedora
-    versions:
-    - "35"
+  description: "Role to create and configure unix users and groups"
   galaxy_tags:
   - system
   - user
   - unix
   - linux
-
-dependencies: []
+  license: "MIT"
+  min_ansible_version: "2.9"
+  namespace: volker-raschek
+  platforms:
+  - name: ArchLinux
+    versions:
+    - all
+  - name: EL
+    versions:
+    - all
+  - name: Fedora
+    versions:
+    - all
+  - name: Ubuntu
+    versions:
+    - all
+  role_name: "unix_users"

package.json

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "@vscode/vsce": "^3.6.0"
+  }
+}

renovate.json

@@ -1,17 +1,9 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "assignees": [ "volker.raschek" ],
-  "automergeStrategy": "merge-commit",
-  "automergeType": "pr",
-  "labels": [ "renovate" ],
-  "packageRules": [
-    {
-      "addLabels": [ "renovate/droneci", "renovate/automerge" ],
-      "automerge": true,
-      "matchManagers": "droneci",
-      "matchUpdateTypes": [ "minor", "patch"]
-    }
-  ],
-  "rebaseLabel": "renovate/rebase",
-  "rebaseWhen": "behind-base-branch"
+  "extends": [
+    "local>volker.raschek/renovate-config:default#master",
+    "local>volker.raschek/renovate-config:container#master",
+    "local>volker.raschek/renovate-config:actions#master",
+    "local>volker.raschek/renovate-config:regexp#master"
+  ]
 }

tasks/create_unix_user.yaml

@@ -76,7 +76,7 @@
         unix_user.value.btrfs
   block:
   - name: "Copy skel files"
-    ansible.builtin.include_tasks: copy_skel_file.yml
+    ansible.builtin.include_tasks: copy_skel_file.yaml
     loop_control:
       loop_var: skel_file
     with_items:
@@ -190,8 +190,17 @@
 
 - name: "Create shell rc files"
   when: unix_user.value.shell_rc_files is defined
-  ansible.builtin.include_tasks: create_shell_rc_file.yml
+  ansible.builtin.include_tasks: create_shell_rc_file.yaml
   with_items:
   - "{{ unix_user.value.shell_rc_files }}"
   loop_control:
     loop_var: shell_rc_file
+
+- name: "Create .netrc file"
+  when: unix_user.value.netrc is defined and unix_user.value.netrc | length > 0
+  ansible.builtin.template:
+    src: netrc.j2
+    dest: "{{ user_user_home }}/.netrc"
+    owner: "{{ unix_user.key }}"
+    group: "{{ unix_user.value.group | default('users') }}"
+    mode: "0600"

tasks/main.yaml

@@ -1,7 +1,7 @@
 ---
 
 - name: Remove unix user
-  ansible.builtin.include_tasks: remove_unix_user.yml
+  ansible.builtin.include_tasks: remove_unix_user.yaml
   with_dict: "{{ unix_users }}"
   loop_control:
     loop_var: unix_user
@@ -11,7 +11,7 @@
         unix_user.value.state == 'absent'
 
 - name: Remove unix groups
-  ansible.builtin.include_tasks: remove_unix_group.yml
+  ansible.builtin.include_tasks: remove_unix_group.yaml
   with_dict: "{{ unix_groups }}"
   loop_control:
     loop_var: unix_group
@@ -21,7 +21,7 @@
         unix_group.value.state == 'absent'
 
 - name: Create unix groups
-  ansible.builtin.include_tasks: create_unix_group.yml
+  ansible.builtin.include_tasks: create_unix_group.yaml
   with_dict: "{{ unix_groups }}"
   loop_control:
     loop_var: unix_group
@@ -33,7 +33,7 @@
         )
 
 - name: Create unix users
-  ansible.builtin.include_tasks: create_unix_user.yml
+  ansible.builtin.include_tasks: create_unix_user.yaml
   no_log: true
   with_dict: "{{ unix_users }}"
   loop_control:

templates/authorized_keys.j2

@@ -2,6 +2,10 @@
 #
 # {{ ansible_managed }}
 #
-{% for key in unix_user.value.ssh.authorized_keys %}
-{{ lookup('file', 'ssh/authorized_keys/' + key) }}
+{% for authorized_key in unix_user.value.ssh.authorized_keys %}
+{% if authorized_key.command is defined and authorized_key.command | length > 0 %}
+command="{{ authorized_key.command }}" {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% else %}
+{{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
+{% endif %}
 {% endfor %}

templates/netrc.j2

@@ -0,0 +1,3 @@
+{% for netrc in unix_user.value.netrc %}
+machine {{ netrc.maschine }} login {{ netrc.login }} password {{ netrc.password }}
+{% endfor %}