needs to be updated from time to time as the new releases of

  ``pip-tools`` and related packages are coming out. For Python 3, see

  the dedicatd parameter ``pip_check_requirements_py3`` below.

**pip_check_requirements_py3** (list, optional, ``[click==7.0, pip-tools==3.9.0, pip==19.1.1, setuptools==41.2.0, six==1.12.0, wheel==0.33.6]``)

  List of Python package requirements to install in Python 3 virtual

  environment in order to be able to run the ``pip-tools``

  applications as part of pip requirements upgrade checks. This list

  needs to be updated from time to time as the new releases of

  ``pip-tools`` and related packages are coming out. For Python 2, see

  the dedicatd parameter ``pip_check_requirements`` above.

**pipreqcheck_uid** (integer, optional, ``whatever OS picks``)

  UID for user running the pip requirements upgrade checks. User is created with

  name ``pipreqcheck``.

**pipreqcheck_gid** (integer, optional, ``whatever OS picks``)

  GID for user running the pip requirements upgrade checks. Group is created

  with name ``pipreqcheck``.

**prompt_colour** (string, optional, ``none``)

  Colour for showing the Bash prompt. Supported values are:

  ``black``, ``red``, ``green``, ``brown``, ``blue``, ``purple``, ``cyan``,

**prompt_id** (string, optional, ``NONE``)

  Optional identifier appended to regular Bash prompt, useful for visually

  identifying distinct environments. For example, if set to ``test``, resulting

  prompt will be similar to ``admin@web[test]:~$``. Setting affects Bash shells

  *only*.

Distribution compatibility

~~~~~~~~~~~~~~~~~~~~~~~~~~

Role is compatible with the following distributions:

- Debian 9 (Stretch)

Examples

~~~~~~~~

Here is an example configuration for setting-up some common users, groups, and

packages on all servers:

.. code-block:: yaml

  ---

      - "{{ lookup('file', 'tests/data/ssh/clientkey3.pub') }}"

    # Password is 'user3'.

    password: "$6$nmx.21uLqT$9LrUqNUgUwIM.l0KFKgr2.kDEwe2lo7IbBIhnG70AGW7GTFdWBUFnGAxH15YxikTXhDJD/uxd.NNgojEOjRvx1"

os_groups:

  - name: group1

  - name: group2

    gid: 3001

  - name: group3

    gid: 3002

common_packages:

  - units

  - gnutls-bin

  - emacs24-nox

ca_certificates:

  cacert1: "{{ lookup('file', 'tests/data/x509/ca1.cert.pem') }}"

  cacert2: "{{ lookup('file', 'tests/data/x509/ca2.cert.pem') }}"

extra_backup_patterns:

  - /home/user1

  - /home/user2

incoming_connection_limit: 5/second

incoming_connection_limit_burst: 5

pipreqcheck_uid: 2500

pipreqcheck_gid: 2500

prompt_colour: cyan

driver:

  name: vagrant

  provider:

    name: virtualbox

lint:

  name: yamllint

  options:

    config-file: ../../.yamllint.yml

platforms:

  - name: helper

    memory: 512

    cpus: 1

    interfaces:

      - auto_config: true

        ip: 10.31.127.2

        network_name: private_network

        type: static

  - name: parameters-mandatory-stretch64

    groups:

      - parameters-mandatory

    box: debian/contrib-stretch64

    memory: 256

    cpus: 1

    interfaces:

      - auto_config: true

        ip: 10.31.127.5

        network_name: private_network

        type: static

    sock = socket.socket()

    sock.connect((remote_ip, 22))

    transport = paramiko.transport.Transport(sock)

    transport.connect()

    try:

        transport.auth_none('')

    except paramiko.transport.BadAuthenticationType, err:

        assert err.allowed_types == ['publickey']

def test_emacs_electric_indent_mode(host):

    """

    Tests if Emacs electric indent mode has been disabled via custom

    configuration file. With just mandatory options set, the file should not be

    present.

    """

    emacs_config = host.file('/etc/emacs/site-start.d/01disable-electric-indent-mode')

    assert not emacs_config.exists

    config = host.file('/etc/profile.d/bash_prompt.sh')

    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\[\\033[0;36m\\]\\u@\\h[test]:\\w\\$ \\[\\033[0m\\]'" in config.content

    assert "export PS1='\\[\\e]0;\\u@\\h: \\w\\a\\]${debian_chroot:+($debian_chroot)}\\u@\\h[test]:\\w\\$ '" in config.content

def test_common_installed_packages_common(host):

    """

    Tests that user-provided common packages have been installed.

    """

    assert host.package('units').is_installed

    assert host.package('gnutls-bin').is_installed

def test_ssh_login_mechanisms(host):

    """

    Tests available SSH login mechanisms (should be just public key).

    """

    # Extract first non-IPv6 IP. Crude test, but it should work.

    remote_ip = next(a for a in host.interface("eth1").addresses if ":" not in a)

    sock = socket.socket()

    sock.connect((remote_ip, 22))

    transport = paramiko.transport.Transport(sock)

    transport.connect()

    try:

        transport.auth_none('')

    except paramiko.transport.BadAuthenticationType, err:

        assert err.allowed_types == ['publickey']

def test_emacs_electric_indent_mode(host):

    """

    Tests if Emacs electric indent mode has been disabled via custom

    configuration file.

    """

    emacs_config = host.file('/etc/emacs/site-start.d/01disable-electric-indent-mode.el')

    assert emacs_config.is_file

    assert emacs_config.user == 'root'

    assert emacs_config.group == 'root'

    assert emacs_config.mode == 0o644

    state: present

- name: Install rcconf (workaround for systemctl broken handling of SysV)

  apt:

    name: rcconf

    state: present

- name: Install common packages

  apt:

    name: "{{ common_packages }}"

    state: "present"

- name: Disable electric-indent-mode for Emacs by default for all users

  copy:

    src: "01disable-electric-indent-mode.el"

    dest: "/etc/emacs/site-start.d/01disable-electric-indent-mode.el"

    owner: root

    group: root

    mode: 0644

  when: "'emacs24' in common_packages or 'emacs24-nox' in common_packages"

- name: Set-up operating system groups

  group:

    name: "{{ item.name }}"