58 lines
1.3 KiB
YAML
58 lines
1.3 KiB
YAML
---
|
|
|
|
- name: 'Install sssd with pacman'
|
|
community.general.pacman:
|
|
name: sssd
|
|
state: present
|
|
when: ansible_pkg_mgr == "pacman"
|
|
|
|
- name: 'Install sssd with apt'
|
|
ansible.builtin.apt:
|
|
name: sssd
|
|
state: present
|
|
when: ansible_pkg_mgr == "apt"
|
|
|
|
- name: 'Build sssd config'
|
|
ansible.builtin.template:
|
|
src: sssd.conf.j2
|
|
dest: /etc/sssd/sssd.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
|
|
- name: 'Enable SSSD'
|
|
ansible.builtin.systemd_service:
|
|
name: sssd.service
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: 'Enable SSSD as a passwd db'
|
|
ansible.builtin.lineinfile:
|
|
path: '/etc/nsswitch.conf'
|
|
regexp: '^passwd:.*$'
|
|
line: 'passwd: files sss'
|
|
|
|
- name: 'Enable SSSD as a group db'
|
|
ansible.builtin.lineinfile:
|
|
path: '/etc/nsswitch.conf'
|
|
regexp: '^group:.*$'
|
|
line: 'group: files [SUCCESS=merge] sss'
|
|
|
|
- name: 'Deploy SSH key handling'
|
|
ansible.builtin.template:
|
|
src: 10-kanidm-keys.conf.j2
|
|
dest: /etc/ssh/sshd_config.d/10-kanidm-keys.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
notify: Restart SSH
|
|
|
|
- name: 'Allow sudo for authorized groups'
|
|
ansible.builtin.template:
|
|
src: sso_admins.conf.j2
|
|
dest: /etc/sudoers.d/10-sso
|
|
validate: /usr/sbin/visudo -cf %s
|
|
mode: "0440"
|
|
owner: root
|
|
group: root
|