kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 15:39:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a65410dd8ec141e52fc121cd5cabbb88c38fd65
computer-playbook/roles/user
History
Kevin Veen-Birkenbach 26dfab147d Implement reserved username handling for users, LDAP and Keycloak 
Add end-to-end support for reserved usernames and tighten CAPTCHA / Keycloak logic.

Changes:

- Makefile: rename EXTRA_USERS → RESERVED_USERNAMES and pass it as --reserved-usernames to the users defaults generator.

- cli/build/defaults/users.py: propagate  flag into generated users, add --reserved-usernames CLI option and mark listed accounts as reserved.

- Add reserved_users filter plugin with  and  helpers for Ansible templates and tasks.

- Add unit tests for reserved_users filters and the new reserved-usernames behaviour in the users defaults generator.

- group_vars/all/00_general.yml: harden RECAPTCHA_ENABLED / HCAPTCHA_ENABLED checks with default('') and explicit > 0 length checks.

- svc-db-openldap: introduce OPENLDAP_PROVISION_* flags, add OPENLDAP_PROVISION_RESERVED and OPERNLDAP_USERS to optionally exclude reserved users from provisioning.

- svc-db-openldap templates/tasks: switch role/group LDIF and user import loops to use OPERNLDAP_USERS instead of the full users dict.

- networks: assign dedicated subnet for web-app-roulette-wheel.

- web-app-keycloak vars: compute KEYCLOAK_RESERVED_USERNAMES_LIST and KEYCLOAK_RESERVED_USERNAMES_REGEX from users | reserved_usernames.

- web-app-keycloak user profile template: inject reserved-username regex into username validation pattern and improve error message, fix SSH public key attribute usage and add component name field.

- web-app-keycloak update/_update.yml: strip subComponents from component payloads before update and disable async/poll for easier debugging.

- web-app-keycloak tasks/main.yml: guard cleanup include with MODE_CLEANUP and keep reCAPTCHA update behind KEYCLOAK_RECAPTCHA_ENABLED.

- user/users defaults: mark system/service accounts (root, daemon, mail, admin, webmaster, etc.) as reserved so they cannot be chosen as login names.

- svc-prx-openresty vars: simplify OPENRESTY_CONTAINER lookup by dropping unused default parameter.

- sys-ctl-rpr-btrfs-balancer: simplify main.yml by removing the extra block wrapper.

- sys-daemon handlers: quote handler name for consistency.

Context: change set discussed and refined in ChatGPT on 2025-11-29 (Infinito.Nexus reserved usernames & Keycloak user profile flow). See conversation: https://chatgpt.com/share/692b21f5-5d98-800f-8e15-1ded49deddc9
2025-11-29 17:40:45 +01:00
..
meta
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
tasks
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
2025-08-15 15:15:48 +02:00
templates
Introduced variable SOFTWARE_NAME, to make better visible when software components are used. Will be relevant for OIDC
2025-08-14 12:49:06 +02:00
users
Implement reserved username handling for users, LDAP and Keycloak
2025-11-29 17:40:45 +01:00
vars
THE HUGE REFACTORING CALENDER WEEK 33; Optimized Matrix and during this updated variables, and implemented better reset and cleanup mode handling, also solved some initial setup bugs
2025-08-15 15:15:48 +02:00
README.md
Optimized mds
2025-03-17 05:10:43 +01:00

README.md

User

Description

This role executes tasks that are relevant for all users by configuring essential shell files. It deploys customized templates for .bashrc and .bash_profile for any specified user. This ensures a consistent and enhanced shell environment across the system.

Overview

Optimized for modular configuration, this role uses Jinja2 templates to create:

  • A customized .bashrc that sets up a dynamic welcome message, system information, and useful aliases.
  • A standardized .bash_profile that sources the .bashrc to ensure consistent behavior upon login.

The role adapts its file paths based on the target user (e.g. the root user or a standard user), ensuring proper ownership and permissions.

Purpose

The primary purpose of this role is to establish a consistent and informative shell environment for all users. By standardizing shell configuration, it helps improve usability and system management through clear and structured output upon login.

Features

  • Shell Configuration: Deploys customized .bashrc and .bash_profile files.
  • Dynamic Content: Displays system information, load averages, memory usage, disk usage, CPU details, and top processes upon login.
  • User-Specific Customization: Adapts file locations and ownership based on the target user.
  • Enhanced Usability: Sets color-coded prompts and aliases for a better command-line experience.
Reference in New Issue View Git Blame Copy Permalink