Switch to NFSv4 homes.
This commit is contained in:
Andreas B. Mundt
parent
db054949a5
commit
0532ed1e17
4 changed files with 23 additions and 5 deletions
|
|
@ -16,6 +16,7 @@
|
|||
vars:
|
||||
domain: "pn.steinbeis.schule"
|
||||
extra_pkgs:
|
||||
- thunderbird-l10n-de
|
||||
- webext-privacy-badger
|
||||
- webext-ublock-origin
|
||||
- vim
|
||||
|
|
@ -25,6 +26,7 @@
|
|||
- vlc
|
||||
- gimp
|
||||
- inkscape
|
||||
- flameshot
|
||||
- bluefish
|
||||
- git
|
||||
- gitk
|
||||
|
|
@ -46,6 +48,7 @@
|
|||
- virt-manager
|
||||
- libreoffice-l10n-de
|
||||
- krb5-user
|
||||
- unattended-upgrades
|
||||
extra_pkgs_bpo: [ libreoffice ] # [ linux-image-amd64 ] # [ libreoffice ]
|
||||
ansible_python_interpreter: "/usr/bin/python3"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
smb_server: "server"
|
||||
smb_home: "default-school/teachers/%(DOMAIN_USER)"
|
||||
smb_share: "default-school/share/"
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
name:
|
||||
- libpam-mount
|
||||
- cifs-utils
|
||||
- nfs-common
|
||||
state: latest
|
||||
|
||||
- name: configure pam_mount
|
||||
|
|
@ -13,8 +14,22 @@
|
|||
<volume
|
||||
fstype="cifs"
|
||||
server="{{ smb_server }}"
|
||||
path="{{ smb_home }}"
|
||||
mountpoint="/home/%(DOMAIN_USER)"
|
||||
options="sec=krb5i,vers=3.0,cruid=%(USERUID),user=%(USER)"
|
||||
path="{{ smb_share }}"
|
||||
mountpoint="/media/%(DOMAIN_USER)/share"
|
||||
options="sec=krb5i,cruid=%(USERUID),user=%(USER)"
|
||||
><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>virti</user></or></not></volume>
|
||||
insertafter: "<!-- Volume definitions -->"
|
||||
|
||||
- name: Mount NFSv4 home directory
|
||||
ansible.posix.mount:
|
||||
src: server:/default-school
|
||||
path: /srv/samba/schools/default-school
|
||||
opts: sec=krb5p,_netdev,x-systemd.automount,x-systemd.idle-timeout=60
|
||||
state: present
|
||||
fstype: nfs4
|
||||
|
||||
- name: Kill all user processes on logout
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/systemd/logind.conf
|
||||
line: KillUserProcesses=yes
|
||||
insertafter: '#KillUserProcesses=no'
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ krb5_store_password_if_offline = True
|
|||
cache_credentials = True
|
||||
krb5_realm = {{ domain | upper }}
|
||||
id_provider = ad
|
||||
override_homedir = /home/%u
|
||||
#override_homedir = /home/%u
|
||||
ad_domain = {{ domain }}
|
||||
use_fully_qualified_names = False
|
||||
ldap_id_mapping = True
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue