Start firewalld when -exam user logs in
This commit is contained in:
Raphael Dannecker
parent
6dcbb03601
commit
e3396ef06c
3 changed files with 35 additions and 0 deletions
|
|
@ -150,6 +150,7 @@
|
||||||
- pwroff
|
- pwroff
|
||||||
- bootorder.sh
|
- bootorder.sh
|
||||||
- reporter
|
- reporter
|
||||||
|
- pam-exec.sh
|
||||||
|
|
||||||
- name: Provide services and timers for some scripts
|
- name: Provide services and timers for some scripts
|
||||||
copy:
|
copy:
|
||||||
|
|
@ -306,6 +307,12 @@
|
||||||
font.pointSize: config.fontSize
|
font.pointSize: config.fontSize
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- name: enable login script via pam_exec.so
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/pam.d/common-auth
|
||||||
|
line: "auth optional pam_exec.so /usr/local/sbin/pam-exec.sh"
|
||||||
|
when: "'teacherlaptop' not in group_names"
|
||||||
|
|
||||||
- name: Set git default-branch to main
|
- name: Set git default-branch to main
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /etc/gitconfig
|
dest: /etc/gitconfig
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,13 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: no
|
||||||
|
|
||||||
|
- name: Permit access to cups from libvirt
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
zone: libvirt
|
||||||
|
port: 631/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
|
||||||
- name: Install install-printers.sh
|
- name: Install install-printers.sh
|
||||||
template:
|
template:
|
||||||
src: install-printers.sh.j2
|
src: install-printers.sh.j2
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@
|
||||||
- mktorrent
|
- mktorrent
|
||||||
- libvirt-daemon-system
|
- libvirt-daemon-system
|
||||||
- virt-manager
|
- virt-manager
|
||||||
|
- firewalld
|
||||||
- dialog # for vm-netboot menu
|
- dialog # for vm-netboot menu
|
||||||
state: latest
|
state: latest
|
||||||
autoremove: true
|
autoremove: true
|
||||||
|
|
@ -28,6 +29,19 @@
|
||||||
# insertafter: '#auth_unix_rw = "polkit"'
|
# insertafter: '#auth_unix_rw = "polkit"'
|
||||||
# notify: reload libvirtd
|
# notify: reload libvirtd
|
||||||
|
|
||||||
|
- name: disable firewalld-service
|
||||||
|
systemd:
|
||||||
|
name: firewalld
|
||||||
|
enabled: false
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: Add virbr0 to libvirt zone
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
zone: libvirt
|
||||||
|
interface: virbr0
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
|
||||||
- name: Configure pam_mount for VM bind mounts
|
- name: Configure pam_mount for VM bind mounts
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/security/pam_mount.conf.xml
|
dest: /etc/security/pam_mount.conf.xml
|
||||||
|
|
@ -172,6 +186,13 @@
|
||||||
scope: global
|
scope: global
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
|
- name: Permit access to usersquid from libvirt
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
zone: libvirt
|
||||||
|
port: 3128/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
|
||||||
- name: Deploy sudo configurations
|
- name: Deploy sudo configurations
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue