From d6efcc69f2ff30dd0fd030f45296d4827e79d26a Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Mon, 5 Jul 2021 14:46:12 +0200
Subject: [validate-installation] Add role to check UIDs/GIDs after
 installation

---
 setup-bwlp.yml                       | 43 ++++++++++++++++++------------------
 validate-installation/tasks/main.yml | 22 ++++++++++++++++++
 2 files changed, 44 insertions(+), 21 deletions(-)
 create mode 100644 validate-installation/tasks/main.yml

diff --git a/setup-bwlp.yml b/setup-bwlp.yml
index 991c6e6..19e73fa 100644
--- a/setup-bwlp.yml
+++ b/setup-bwlp.yml
@@ -8,24 +8,25 @@
         upgrade: dist
       tags: always
   roles:
-    - { role: desktop-common,       tags: core }
-    - { role: desktop-xfce4,        tags: core }
-    - { role: docker-ce,            tags: core }
-    - { role: docker-nvidia,        tags: core }
-    - { role: enable-sysrq,         tags: core }
-    - { role: journald,             tags: core }
-    - { role: singularity,          tags: core }
-    - { role: tools-base,           tags: core }
-    - { role: virt-viewer,          tags: extended }
-    - { role: virt-manager,         tags: extended }
-    - { role: looking-glass-client, tags: extended }
-    - { role: desktop-kde-plasma,   tags: extended }
-    - { role: desktop-i3,           tags: extended }
-    - { role: desktop-ubuntu,       tags: extended }
-    - { role: tools-extended,       tags: extended }
-    - { role: mltk-bwlp,            tags: core }
-    - { role: mltk-vmware,          tags: core }
-    - { role: mltk-qemu,            tags: core }
-    - { role: mltk-nvidia,          tags: core }
-    - { role: cleanup-apt,          tags: core }
-    - { role: cleanup-systemd,      tags: core }
+    - { role: desktop-common,        tags: core }
+    - { role: desktop-xfce4,         tags: core }
+    - { role: docker-ce,             tags: core }
+    - { role: docker-nvidia,         tags: core }
+    - { role: enable-sysrq,          tags: core }
+    - { role: journald,              tags: core }
+    - { role: singularity,           tags: core }
+    - { role: tools-base,            tags: core }
+    - { role: virt-viewer,           tags: extended }
+    - { role: virt-manager,          tags: extended }
+    - { role: looking-glass-client,  tags: extended }
+    - { role: desktop-kde-plasma,    tags: extended }
+    - { role: desktop-i3,            tags: extended }
+    - { role: desktop-ubuntu,        tags: extended }
+    - { role: tools-extended,        tags: extended }
+    - { role: mltk-bwlp,             tags: core }
+    - { role: mltk-vmware,           tags: core }
+    - { role: mltk-qemu,             tags: core }
+    - { role: mltk-nvidia,           tags: core }
+    - { role: cleanup-apt,           tags: core }
+    - { role: cleanup-systemd,       tags: core }
+    - { role: validate-installation, tags: core }
diff --git a/validate-installation/tasks/main.yml b/validate-installation/tasks/main.yml
new file mode 100644
index 0000000..44d1720
--- /dev/null
+++ b/validate-installation/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: validate-installation | Get all users from the installed system
+  getent:
+    database: passwd
+
+- name: validate-installation | Assert that all users have an UID smaller or equal than 1000
+  fail:
+    msg: "User {{ item }} has the UID {{ getent_passwd[item].1 }} > 1000!"
+  when: ((getent_passwd[item].1 | int) > 1000) and (item != "nobody")
+  with_items:
+    - "{{ getent_passwd.keys() | list }}"
+
+- name: validate-installation | Get all groups from the installed system
+  getent:
+    database: group
+
+- name: validate-installation | Assert that all groups have a GID smaller or equal than 1000
+  fail:
+    msg: "Group {{ item }} has the GID {{ getent_group[item].1 }} > 1000!"
+  when: ((getent_group[item].1 | int) > 1000) and (item != "nogroup")
+  with_items:
+    - "{{ getent_group.keys() | list }}"
-- 
cgit v1.2.3-55-g7522