marcus/ansible_role_nixconfig
1
0
Fork 0
Code Releases 5 Activity
5 releases 5 tags
  • v0.5.0 bca6d5b767

    v0.5.0 Pre-release

    marcus released this 2026-02-10 00:30:14 +01:00 | 0 commits to main since this release

    Removed

    • Dropped nixconfig_sshd_authorized_principals; authorized principals are now only managed through nixconfig_accounts entries.
    • Dropped nixconfig_new_user_password; password behavior is now controlled per account.

    Changed

    • Account password handling now supports password_state per entry, defaulting to an expired empty password or allowing no password.

    Fixed

    • Ensure queued handlers are flushed on errors by wrapping ssh, accounts, and CA sections in block/rescue, avoiding lost notifications when subsequent tasks fail.
    • Avoid locking accounts when password_state is set to none and no password is provided.
    Downloads
  • v0.4.0 59eae1ec71

    v0.4.0 Pre-release

    marcus released this 2026-01-12 19:24:30 +01:00 | 8 commits to main since this release

    Added

    • Optionally configure sshd trusted-user certificate authorities and per-account principals so hosts can accept SSH signed certificates.
    • Allow nixconfig_accounts entries to declare authorized_principals, wiring the generated principals files into sshd signed-certificate support automatically.

    Changed

    • Consolidated account management into dedicated include files (accounts.yml, accounts_users.yml, etc.) and moved SSH identity handling into sshd_global.yml / sshd_identities.yml so OS-agnostic orchestration lives in tasks/main.yml.
    • Replaced nixconfig_system_users_present, nixconfig_users_present, and nixconfig_users_absent with a single nixconfig_accounts list that captures state/system/sudo/keys/principals in one place.
    • Retagged account-related tasks from nixconfig:users to nixconfig:accounts for consistency with variables and task names.

    Fixed

    • Restored fine-grained tag coverage: nixconfig:sshd now reaches user/group match templates and nixconfig:accounts:* tags consistently hit present/absent flows and their SSH helpers even with selective --tags runs.
    • Replaced deprecated top-level fact references with ansible_facts[...] lookups to silence INJECT_FACTS_AS_VARS warnings and stay compatible with Ansible 2.24+.
    Downloads
  • v0.3.0 5f4e16415f

    v0.3.0 Pre-release

    marcus released this 2025-03-16 23:26:45 +01:00 | 36 commits to main since this release

    Added

    • Added support for group-level sshd configuration. (resolves #5)
    • Added validation to tasks that change sshd configuration. This ensures the role will fail if the configuration is invalid and prevents the user from locking themselves out of the system because sshd refuses to start due to a typo.
    • Added the nixconfig_private_ca_certs variable to install and trust private CA certificates. (resolves #21)

    Fixed

    • The nixconfig:sshd tag now includes tasks at the user/group level.
    • The handler for restarting sshd now also works on Ubuntu 24.04.

    Changed

    • The nixconfig_install_epel variable has been removed. To install epel-release, simply include it in the nixconfig_packages variable. It will then be installed before any other packages.(resolves #14)
    • The role has a new name again. It's nixconfig now. This means variable and tag prefixes have changed as well.
    Downloads
  • v0.2.0 fcd3997f51

    v0.2.0 Pre-release

    marcus released this 2023-09-22 22:52:16 +02:00 | 56 commits to main since this release

    Changed

    • The role has a new name: nixconf instead of common. This means variable and tag prefixes have changed as well.

    Fixed

    • Execution no longer fails when the passExpire handler is called but it has nothing to do. It will now just skip.
    • Configuring sshd on RHEL 8 no longer fails due to missing sshd_config.d directory.

    Added

    • Users' authorized keys can now be exclusive, meaning that any keys not in the list will be removed.

    Removed

    • The role no longer creates the facts.d directory. This should be handled by a playbook imo.
    Downloads
  • v0.1.0 975a418bb9

    v0.1.0 Pre-release

    marcus released this 2023-08-31 00:51:02 +02:00 | 57 commits to main since this release

    Added

    • Started changelog.
    • User and group management.

    Changed

    • Removed the default values for hostname and timezone. The tasks will now be skipped if the variables are not set.

    Removed

    • Removed the common:config tag. (It had become equivalent to just skipping the common:packages tag.)
    • Removed the ability to set the locale for now. (It was not used in any of my playbooks.)
    • Removed the common_extra_packages variable. The role should be fed a list of packages to install, not generate it itself.
    Downloads