Init fvs branch with LDAP auth and mk-homedir.

2020-11-28 09:23:44 +01:00 · 2020-11-28 09:23:44 +01:00 · ddb8ff11d3
commit ddb8ff11d3
parent 9264deb90d
5 changed files with 93 additions and 0 deletions
--- a/kiosk_mkhome.yml
+++ b/kiosk_mkhome.yml
@ -0,0 +1,23 @@
 ---
 # This playbook deploys a kiosk-computer
 - name: apply configuration to the machines
  hosts: all
  remote_user: ansible
  become: yes
  vars:
    auto_user: debi
    wifi_ssid: "YOUR SSID HERE"
    wifi_passwd: "YOUR WIFI-PW HERE"
    extra_pkgs:
      - webext-privacy-badger
      - webext-ublock-origin
    extra_pkgs_bpo: []  # [ libreoffice ]
  roles:
    - up2date-debian
    ## Choose either gnome or KDE:
    - gnome
    #- kde
    - kiosk
    - fvs-client-mkhome
--- a/roles/fvs-client-mkhome/defaults/main.yml
+++ b/roles/fvs-client-mkhome/defaults/main.yml
@ -0,0 +1,2 @@
 basedn: "ou=Benutzer,ou=fvs,ou=SCHULEN,o=ml3"
 ldap_server: ldap.steinbeisschule-reutlingen.de
--- a/roles/fvs-client-mkhome/handlers/main.yml
+++ b/roles/fvs-client-mkhome/handlers/main.yml
@ -0,0 +1,8 @@
 - name: restart sssd
  service: name=sssd state=restarted enabled=yes
  listen: "restart sssd"
 - name: reload systemd
  systemd:
    daemon_reload: yes
  listen: "reload systemd"
--- a/roles/fvs-client-mkhome/tasks/main.yml
+++ b/roles/fvs-client-mkhome/tasks/main.yml
@ -0,0 +1,40 @@
 ---
 - name: install needed packages
  apt:
    name:
      - sssd-ldap
    state: latest
 - name: add URI to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "URI ldaps://{{ ldap_server }}/"
    insertafter: "#URI.*"
 - name: add BASE to ldap.conf
  lineinfile:
    dest: /etc/ldap/ldap.conf
    line: "BASE {{ basedn }}"
    insertafter: "#BASE.*"
    #- name: enable pam_umask
    #  lineinfile:
    #    dest: /etc/pam.d/common-session
    #    line: "session optional	pam_umask.so usergroups"
 - name: enable pam_mkhomedir.so
  lineinfile:
    dest: /etc/pam.d/common-session
    line: "session	optional			pam_mkhomedir.so"
    insertafter: "# end of pam-auth-update config"
    #  command: /usr/sbin/pam-auth-update --enable mkhomedir
 ## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
 - name: provide identities from directory
  template:
    src: sssd.conf.j2
    dest: /etc/sssd/sssd.conf
    mode: 0600
  notify: restart sssd
--- a/roles/fvs-client-mkhome/templates/sssd.conf.j2
+++ b/roles/fvs-client-mkhome/templates/sssd.conf.j2
@ -0,0 +1,20 @@
 [sssd]
 domains = LDAP
 config_file_version = 2
 services = nss, pam
 [nss]
 filter_groups = root
 filter_users = root
 [pam]
 [domain/LDAP]
 id_provider = ldap
 ldap_uri = ldaps://{{ ldap_server }}/
 ldap_search_base = {{ basedn }}
 auth_provider = ldap
 cache_credentials = true
 ldap_tls_reqcert = never
		`@ -0,0 +1,2 @@`
							`basedn: "ou=Benutzer,ou=fvs,ou=SCHULEN,o=ml3"`
							`ldap_server: ldap.steinbeisschule-reutlingen.de`