ezri/homelab-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
homelab-ansible/playbooks/roles/kanidm_native/tasks/main.yml

90 lines
2.0 KiB
YAML
Raw Blame History

---
- name: 'Install kanidm clients with pacman'
kewlfft.aur.aur:
use: paru
aur_only: yes
name: kanidm-unixd-clients
become: yes
become_user: aur_builder
when: ansible_pkg_mgr == "pacman"
- name: 'Fetch kanidm PPA key'
ansible.builtin.apt_key:
url: >-
https://kanidm.github.io/kanidm_ppa/KEY.gpg
state: present
id: 'EA20E95D68A65191FE8CE79576CC814060B23E66'
when: ansible_pkg_mgr == "apt"
- name: 'Create kanidm PPA'
ansible.builtin.apt_repository:
repo: >-
deb https://kanidm.github.io/kanidm_ppa/{{ ansible_distribution | lower }} ./
state: present
when: ansible_pkg_mgr == "apt"
- name: 'Install kanidm with apt'
ansible.builtin.apt:
name: kanidm-unixd-clients
state: present
update_cache: yes
when: ansible_pkg_mgr == "apt"
- name: 'Ensure kanidm config directory exists'
ansible.builtin.file:
path: /etc/kanidm
state: directory
owner: root
group: root
mode: "0755"
- name: 'Install kanidm config files'
ansible.builtin.template:
src: '{{ item }}.j2'
dest: '/etc/kanidm/{{ item }}'
owner: root
group: root
mode: "0644"
with_items:
- unixd
- config
- name: 'Enable kanidm daemons'
ansible.builtin.systemd_service:
state: started
enabled: yes
name: "{{ item }}"
daemon_reload: yes
with_items:
- kanidm-unixd
- kanidm-unixd-tasks
- name: 'Enable kanidm as a passwd db'
ansible.builtin.lineinfile:
path: '/etc/nsswitch.conf'
regexp: "^{{ item }}:.*$"
line: "{{ item }}: files {{ (item == 'group') | ternary('[SUCCESS=merge]', '') }} kanidm"
with_items:
- passwd
- group
- name: 'Deploy SSH key handling'
ansible.builtin.template:
src: 10-kanidm-keys.conf.j2
dest: /etc/ssh/sshd_config.d/10-kanidm-keys.conf
owner: root
group: root
mode: "0644"
notify: Restart SSH
- name: 'Deploy sleep fix hack'
ansible.builtin.copy:
src: kanidm-hack.sh
dest: /usr/lib/systemd/system-sleep/
owner: root
group: root
mode: "0755"
Reference in New Issue View Git Blame Copy Permalink