Add 'playground_nodeps' collection

Demonstrating the implementation without dependencies.

.ansible-lint

@@ -6,6 +6,8 @@ skip_list:
 mock_roles:
     - slococo.playground.ssh_config
     - slococo.playground.local_accounts
+    - slococo.playground_nodeps.ssh_config
+    - slococo.playground_nodeps.local_accounts
 
 exclude_paths:
     - converge.yml

.gitignore

@@ -1,4 +1,4 @@
 .vscode
-inventory
+/inventory
 ansible.cfg
 test.sh

slococo/playground_nodeps/LICENSE.md

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Santiago Lo Coco.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

slococo/playground_nodeps/README.md

@@ -0,0 +1,102 @@
+# Ansible Collection - slococo.playground_nodeps
+
+## Overview
+
+This Ansible collection contains two roles: `local_accounts` and `ssh_config`. These roles are designed to automate the configuration of local user accounts and SSH daemon settings on target hosts.
+
+## Requirements
+
+- Ansible version supporting collections (`ansible-core` > 2.12)
+
+## Role: local_accounts
+
+### Description
+
+This role configures multiple local user accounts on the target host as specified in a list of dictionaries variable.
+
+### Variables
+
+- `local_users`: List of dictionaries defining each local user account with the following fields:
+  - `name`: Username
+  - `shell`: Login shell for the user
+  - `userid`: User ID
+  - `expiry_date`: Expiry date for the account (optional)
+  - `home`: Path for the home directory (optional)
+  - `groups`: List of groups the user belongs to (optional)
+  - `passwordless`: Enable or disable passwordless authentication (optional)
+
+- `local_accounts_key_path`: Path to the private key on the Ansible control node (optional)
+
+### Usage
+
+Include the `local_accounts` role in your playbook and define the `local_users` variable accordingly.
+
+```yaml
+- name: Configure local accounts
+  hosts: target_hosts
+  roles:
+    - role: slococo.playground_nodeps.local_accounts
+      vars:
+        local_accounts_list:
+          - name: local_adm
+            shell: /bin/bash
+            userid: 38000087
+          - name: local_log
+            shell: /bin/sh
+            userid: 38000088
+            expiry_date: "2024-12-31"
+```
+
+## Role: ssh_config
+
+### Description
+
+This role ensures the SSH daemon on the target host has specific options configured.
+
+### Variables
+
+- `ssh_config_options`: Dictionary containing SSH configuration options. Each option is a key-value pair where the key represents the SSH option as found in `/etc/ssh/sshd_config`, and the value represents the desired value for that option.
+
+Example:
+
+```yaml
+ssh_config_options:
+  PasswordAuthentication: 'yes'
+```
+
+### Usage
+
+Include the `ssh_config` role in your playbook.
+
+```yaml
+- name: Configure SSH
+  hosts: target_hosts
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+```
+
+### SSH Configuration
+
+The role ensures the following SSH options are configured with the specified values:
+
+- `PasswordAuthentication`: yes
+- `PermitEmptyPasswords`: no
+- `PermitRootLogin`: no
+
+## Molecule testing
+
+This collection includes Molecule tests to ensure the correctness of the roles. Molecule is a testing framework for Ansible roles.
+
+### Prerequisites
+
+Before running the Molecule tests, ensure that Molecule is installed. You can find installation instructions in the [official Molecule documentation](https://molecule.readthedocs.io/en/latest/installation.html).
+
+### Running tests
+
+Once Molecule is installed, you can run the tests by executing the following command in the root directory of the collection:
+
+```bash
+molecule test
+```
+
+This command will run both roles (`local_accounts` and `ssh_config`) in a Docker container, simulating real-world scenarios.

slococo/playground_nodeps/galaxy.yml

@@ -0,0 +1,22 @@
+namespace: slococo
+name: playground_nodeps
+version: 1.0.0
+readme: README.md
+
+authors:
+  - Santiago Lo Coco <slococo@slc.ar>
+
+description: This collection contains roles to manage SSH settings and create local user accounts.
+
+license:
+  - MIT
+license_file: LICENSE.md
+
+tags:
+  - users
+  - ssh
+  - config
+  - tools
+
+repository: https://git.slc.ar/slococo/ansible-playground
+issues: https://git.slc.ar/slococo/ansible-playground/issues

slococo/playground_nodeps/meta/runtime.yml

@@ -0,0 +1,2 @@
+---
+requires_ansible: ">=2.14.0"

slococo/playground_nodeps/molecule/default/converge.yml

@@ -0,0 +1,3 @@
+---
+- name: Include a playbook from a collection
+  ansible.builtin.import_playbook: slococo.playground_nodeps.main

slococo/playground_nodeps/molecule/default/molecule.yml

@@ -0,0 +1,21 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: "slococo/dam-testing:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}

slococo/playground_nodeps/playbooks/main.yml

@@ -0,0 +1,18 @@
+- name: Configure SSH and add user accounts
+  hosts: all
+  become: true
+  gather_facts: true
+
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+    - role: slococo.playground_nodeps.local_accounts
+      vars:
+        local_accounts_list:
+          - name: local_adm
+            shell: /bin/bash
+            userid: 38000087
+          - name: local_log
+            shell: /bin/sh
+            userid: 38000088
+            expiry_date: '2024-12-31'
+            passwordless: true

slococo/playground_nodeps/roles/local_accounts/README.md

@@ -0,0 +1,47 @@
+local_accounts
+=========
+
+An Ansible Role to create local user accounts.
+
+Requirements
+------------
+
+- Ansible 2.12.0 or later
+- This role requires elevated privileges. Make sure to set `become: true` when using this role.
+
+Role Variables
+--------------
+
+```yaml
+local_accounts_list:
+  - name:                  # Username for the local user (required)
+    shell:                 # Shell for the local user (required)
+    userid:                # User ID for the local user (required)
+    expiry_date:           # Expiry date for the local user in the format 'YYYY-MM-DD' (optional, default: never)
+    home:                  # Home directory path for the local user (optional, default: "/home/{{ name }}")
+    groups:                # List of groups the local user belongs to (optional, default: its own group)
+    passwordless:          # Boolean value indicating whether SSH key pairs should be generated for passwordless authentication (optional, default: false)
+
+local_accounts_key_path:    # Path to the private and public keys on the Ansible control node (optional, default: "/tmp")
+local_accounts_key_type:    # Type of the private key used for SSH authentication (optional, default: "ed25519")
+```
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: servers
+      vars:
+        local_accounts_list:
+          - name: test_user1
+            shell: /bin/bash
+            userid: 1001
+
+      roles:
+         - { role: slococo.playground_nodeps.local_accounts, become: true }
+```
+
+License
+-------
+
+MIT

slococo/playground_nodeps/roles/local_accounts/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+local_accounts_list: []
+local_accounts_key_path: "/tmp"
+local_accounts_key_type: "ed25519"

slococo/playground_nodeps/roles/local_accounts/handlers/main.yml

@@ -0,0 +1 @@
+---

slococo/playground_nodeps/roles/local_accounts/meta/argument_specs.yml

@@ -0,0 +1,52 @@
+---
+argument_specs:
+  main:
+    short_description: Ansible Role to create local users
+    options:
+      local_accounts_list:
+        type: list
+        required: true
+        elements: dict
+        description: List of dictionaries containing details of local users.
+        options:
+          name:
+            type: str
+            required: true
+            description: The username for the local user.
+          shell:
+            type: str
+            required: true
+            description: The shell for the local user.
+          userid:
+            type: int
+            required: true
+            description: The user ID for the local user.
+          expiry_date:
+            type: str
+            required: false
+            description: The expiry date for the local user (in '%Y-%m-%d', e.g. 2024-12-31).
+          home:
+            type: path
+            required: false
+            default: "{{ '/home/' + name if name is defined else '' }}"
+            description: The home directory path for the local user.
+          groups:
+            type: list
+            required: false
+            default: "{{ name if name is defined else '' }}"
+            description: The primary group for the local user.
+          passwordless:
+            type: bool
+            required: false
+            default: false
+            description: Boolean value indicating whether SSH key pairs should be generated for passwordless authentication.
+      local_accounts_key_path:
+        type: str
+        required: false
+        default: /tmp
+        description: "Path to the private and public keys on the Ansible control node."
+      local_accounts_key_type:
+        type: str
+        required: false
+        default: "ed25519"
+        description: "Type of the private key used for SSH authentication. Options include 'ed25519', 'rsa', etc."

slococo/playground_nodeps/roles/local_accounts/meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  author: Santiago Lo Coco
+  description: Ansible Role to create local users
+  company: cloudWerkstatt
+  license: MIT
+  min_ansible_version: 2.12.0
+  galaxy_tags: ['users', 'creation']
+
+dependencies: []

slococo/playground_nodeps/roles/local_accounts/tasks/main.yml

@@ -0,0 +1,65 @@
+---
+- name: Create local user accounts
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    shell: "{{ item.shell }}"
+    uid: "{{ item.userid }}"
+    expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
+    home: "{{ item.home | default(omit) }}"
+    groups: "{{ item.groups | default(omit) }}"
+    generate_ssh_key: "{{ item.passwordless | default(false) }}"
+    ssh_key_type: "{{ local_accounts_key_type if item.passwordless is defined else omit }}"
+  loop: "{{ local_accounts_list }}"
+
+- name: Add some variables to the user accounts
+  ansible.builtin.set_fact:
+    local_accounts_list_agg: >-
+      {{
+      local_accounts_list_agg | default([]) + [
+        item | combine({
+          'home': item.home | default('/home/' + item.name),
+          'local_key_path': local_accounts_key_path | regex_replace('/$', '') + '/id_' + local_accounts_key_type + '_' + item.name,
+          'remote_key_path': item.home + '/.ssh/id_' + local_accounts_key_type
+        })
+      ]
+      }}
+  loop: "{{ local_accounts_list }}"
+  when: item.passwordless | default(false) | bool
+
+- name: Read generated public SSH keys
+  ansible.builtin.slurp:
+    src: "{{ remote_key_path }}.pub"
+  loop: "{{ local_accounts_list_agg | default([]) }}"
+  register: public_keys
+  when: not ansible_check_mode
+
+- name: Read generated private SSH keys
+  ansible.builtin.slurp:
+    src: "{{ remote_key_path }}"
+  loop: "{{ local_accounts_list_agg | default([]) }}"
+  register: private_keys
+  when: not ansible_check_mode
+
+- name: Add public keys to authorized_keys for passwordless authentication
+  ansible.builtin.lineinfile:
+    path: "{{ item.item.home }}/.ssh/authorized_keys"
+    regexp: "^{{ item.content | b64decode }}"
+    line: "{{ item.content | b64decode }}"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: '0600'
+    state: present
+    create: true
+  loop: "{{ public_keys.results | default([]) }}"
+  when: not ansible_check_mode
+
+- name: Copy private keys to control node
+  ansible.builtin.copy:
+    content: "{{ item.content | b64decode }}"
+    dest: "{{ item.item.local_key_path }}"
+    mode: '0600'
+  loop: "{{ private_keys.results | default([]) }}"
+  delegate_to: localhost
+  run_once: true
+  become: false
+  when: not ansible_check_mode

slococo/playground_nodeps/roles/local_accounts/tests/inventory

@@ -0,0 +1 @@
+localhost

slococo/playground_nodeps/roles/local_accounts/tests/test.yml

@@ -0,0 +1,52 @@
+---
+- name: Test the local_accounts role
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: true
+
+  vars:
+    local_accounts_list:
+      - name: test_user1
+        shell: /bin/bash
+        userid: 1001
+      - name: test_user2
+        shell: /bin/zsh
+        userid: 1002
+        expiry_date: '2024-12-31'
+        home: /home/test_user2_another
+        groups: ['docker', 'root']
+        passwordless: true
+
+  roles:
+    - slococo.playground_nodeps.local_accounts
+
+  tasks:
+    - name: Ensure all the users are present with the correct values
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: "{{ item.shell }}"
+        uid: "{{ item.userid }}"
+        expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
+        home: "{{ item.home | default('/home/' + item.name) }}"
+        groups: "{{ item.groups | default(omit) }}"
+        state: present
+      loop: "{{ local_accounts_list }}"
+
+    - name: Ensure SSH key pair was created for each user
+      ansible.builtin.file:
+        path: "{{ item.remote_key_path }}"
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+
+    - name: Test SSH connection for each user
+      ansible.builtin.shell: >
+        ssh -T -i {{ item.local_key_path }}
+          -o StrictHostKeyChecking=no
+          -o BatchMode=yes
+          -o ConnectTimeout=5
+          {{ item.name }}@localhost
+      loop: "{{ local_accounts_list_agg | default([]) }}"
+      ignore_errors: true
+      register: ssh_results
+      changed_when: false
+      failed_when: ssh_results.rc != 0

slococo/playground_nodeps/roles/local_accounts/vars/main.yml

@@ -0,0 +1 @@
+---

slococo/playground_nodeps/roles/ssh_config/README.md

@@ -0,0 +1,37 @@
+ssh_config
+=========
+
+An Ansible Role to manage SSH configuration on Linux systems.
+
+## Requirements
+
+- Ansible 2.12.0 or later
+- This role requires elevated privileges. Make sure to set `become: true` when using this role.
+
+## Role Variables
+
+```yaml
+ssh_config_options:
+  PasswordAuthentication: 'yes'       # Allow password authentication (default: yes)
+  PermitEmptyPasswords: 'no'          # Permit users to have empty passwords (default: no)
+  PermitRootLogin: 'no'               # Permit root login (default: no)
+  # Add more SSH options as needed
+```
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: servers
+      vars:
+        sshd_options:
+          PasswordAuthentication: 'no'
+
+      roles:
+         - { role: slococo.playground_nodeps.ssh_config, become: true }
+```
+
+License
+-------
+
+MIT

slococo/playground_nodeps/roles/ssh_config/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+ssh_config_options:
+  PasswordAuthentication: 'yes'
+  PermitEmptyPasswords: 'no'
+  PermitRootLogin: 'no'

slococo/playground_nodeps/roles/ssh_config/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted

slococo/playground_nodeps/roles/ssh_config/meta/argument_specs.yml

@@ -0,0 +1,13 @@
+---
+argument_specs:
+  main:
+    short_description: Ansible Role to manage SSH configuration
+    options:
+      ssh_config_options:
+        type: dict
+        required: false
+        default:
+          PasswordAuthentication: 'yes'
+          PermitEmptyPasswords: 'no'
+          PermitRootLogin: 'no'
+        description: Dictionary containing SSH configuration options to be set.

slococo/playground_nodeps/roles/ssh_config/meta/main.yml

@@ -0,0 +1,9 @@
+galaxy_info:
+  author: Santiago Lo Coco
+  description: Ansible Role to manage SSH configuration
+  company: cloudWerkstatt
+  license: MIT
+  min_ansible_version: 2.12.0
+  galaxy_tags: ['ssh', 'config']
+
+dependencies: []

slococo/playground_nodeps/roles/ssh_config/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Check SSH daemon configuration
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^{{ item.key }}"
+    line: "{{ item.key }} {{ item.value }}"
+    state: present
+    validate: "sshd -t -f %s"
+    mode: '0644'
+  loop: "{{ ssh_config_options | dict2items }}"
+  notify: Restart SSH service

slococo/playground_nodeps/roles/ssh_config/tests/inventory

@@ -0,0 +1 @@
+localhost

slococo/playground_nodeps/roles/ssh_config/tests/test.yml

@@ -0,0 +1,30 @@
+---
+- name: Test the ssh_config role
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  become: true
+
+  vars:
+    ssh_config_options:
+      PasswordAuthentication: 'no'
+
+  roles:
+    - role: slococo.playground_nodeps.ssh_config
+
+  tasks:
+    - name: Check SSH daemon configuration
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^{{ item.key }}"
+        line: "{{ item.key }} {{ item.value }}"
+        state: present
+        mode: '0644'
+      loop: "{{ ssh_config_options | dict2items }}"
+      check_mode: true
+      register: ssh_config_result
+
+    - name: Fail if any change occurred
+      ansible.builtin.fail:
+        msg: "A change occurred in SSH daemon configuration."
+      when: ssh_config_result.changed and not ansible_check_mode

slococo/playground_nodeps/roles/ssh_config/vars/main.yml

@@ -0,0 +1 @@
+---