Switch to NFSv4 homes.
This commit is contained in:
Andreas B. Mundt
parent
db054949a5
commit
0532ed1e17
4 changed files with 23 additions and 5 deletions
|
|
@ -16,6 +16,7 @@
|
||||||
vars:
|
vars:
|
||||||
domain: "pn.steinbeis.schule"
|
domain: "pn.steinbeis.schule"
|
||||||
extra_pkgs:
|
extra_pkgs:
|
||||||
|
- thunderbird-l10n-de
|
||||||
- webext-privacy-badger
|
- webext-privacy-badger
|
||||||
- webext-ublock-origin
|
- webext-ublock-origin
|
||||||
- vim
|
- vim
|
||||||
|
|
@ -25,6 +26,7 @@
|
||||||
- vlc
|
- vlc
|
||||||
- gimp
|
- gimp
|
||||||
- inkscape
|
- inkscape
|
||||||
|
- flameshot
|
||||||
- bluefish
|
- bluefish
|
||||||
- git
|
- git
|
||||||
- gitk
|
- gitk
|
||||||
|
|
@ -46,6 +48,7 @@
|
||||||
- virt-manager
|
- virt-manager
|
||||||
- libreoffice-l10n-de
|
- libreoffice-l10n-de
|
||||||
- krb5-user
|
- krb5-user
|
||||||
|
- unattended-upgrades
|
||||||
extra_pkgs_bpo: [ libreoffice ] # [ linux-image-amd64 ] # [ libreoffice ]
|
extra_pkgs_bpo: [ libreoffice ] # [ linux-image-amd64 ] # [ libreoffice ]
|
||||||
ansible_python_interpreter: "/usr/bin/python3"
|
ansible_python_interpreter: "/usr/bin/python3"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
smb_server: "server"
|
smb_server: "server"
|
||||||
smb_home: "default-school/teachers/%(DOMAIN_USER)"
|
smb_share: "default-school/share/"
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
name:
|
name:
|
||||||
- libpam-mount
|
- libpam-mount
|
||||||
- cifs-utils
|
- cifs-utils
|
||||||
|
- nfs-common
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
- name: configure pam_mount
|
- name: configure pam_mount
|
||||||
|
|
@ -13,8 +14,22 @@
|
||||||
<volume
|
<volume
|
||||||
fstype="cifs"
|
fstype="cifs"
|
||||||
server="{{ smb_server }}"
|
server="{{ smb_server }}"
|
||||||
path="{{ smb_home }}"
|
path="{{ smb_share }}"
|
||||||
mountpoint="/home/%(DOMAIN_USER)"
|
mountpoint="/media/%(DOMAIN_USER)/share"
|
||||||
options="sec=krb5i,vers=3.0,cruid=%(USERUID),user=%(USER)"
|
options="sec=krb5i,cruid=%(USERUID),user=%(USER)"
|
||||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume>
|
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume>
|
||||||
insertafter: "<!-- Volume definitions -->"
|
insertafter: "<!-- Volume definitions -->"
|
||||||
|
|
||||||
|
- name: Mount NFSv4 home directory
|
||||||
|
ansible.posix.mount:
|
||||||
|
src: server:/default-school
|
||||||
|
path: /srv/samba/schools/default-school
|
||||||
|
opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
|
||||||
|
state: present
|
||||||
|
fstype: nfs4
|
||||||
|
|
||||||
|
- name: Kill all user processes on logout
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/systemd/logind.conf
|
||||||
|
line: KillUserProcesses=yes
|
||||||
|
insertafter: '#KillUserProcesses=no'
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ krb5_store_password_if_offline = True
|
||||||
cache_credentials = True
|
cache_credentials = True
|
||||||
krb5_realm = {{ domain | upper }}
|
krb5_realm = {{ domain | upper }}
|
||||||
id_provider = ad
|
id_provider = ad
|
||||||
override_homedir = /home/%u
|
#override_homedir = /home/%u
|
||||||
ad_domain = {{ domain }}
|
ad_domain = {{ domain }}
|
||||||
use_fully_qualified_names = False
|
use_fully_qualified_names = False
|
||||||
ldap_id_mapping = True
|
ldap_id_mapping = True
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue