112 lines
3.0 KiB
YAML
112 lines
3.0 KiB
YAML
|
---
|
||
|
- hosts: fs00
|
||
|
# TODO: add more users
|
||
|
vars:
|
||
|
users:
|
||
|
- ctdalek
|
||
|
- regular1
|
||
|
tasks:
|
||
|
- name: setup networking
|
||
|
import_role:
|
||
|
name: ../roles/network_setup
|
||
|
vars:
|
||
|
ipv4_addr: "{{ fs00_ipv4_addr }}"
|
||
|
- name: install NFS packages
|
||
|
apt:
|
||
|
name: "{{ item }}"
|
||
|
loop:
|
||
|
- nfs-kernel-server
|
||
|
- rpcbind
|
||
|
# TODO: put this in an Ansible role
|
||
|
- name: install LDAP packages
|
||
|
apt:
|
||
|
name: "{{ item }}"
|
||
|
loop:
|
||
|
- libnss-ldapd
|
||
|
- ldap-utils
|
||
|
- name: stop and disable nscd
|
||
|
systemd:
|
||
|
name: nscd
|
||
|
state: stopped
|
||
|
enabled: no
|
||
|
- name: copy ldap.conf
|
||
|
template:
|
||
|
src: ../auth1/ldap/ldap.conf.j2
|
||
|
dest: /etc/ldap/ldap.conf
|
||
|
notify:
|
||
|
- restart nslcd
|
||
|
- name: add member->uniqueMember map
|
||
|
lineinfile:
|
||
|
line: map group member uniqueMember
|
||
|
path: /etc/nslcd.conf
|
||
|
notify: restart nslcd
|
||
|
- name: copy nsswitch.conf
|
||
|
copy:
|
||
|
src: ../auth1/ldap/nsswitch.conf
|
||
|
dest: /etc/nsswitch.conf
|
||
|
notify: restart nslcd
|
||
|
- name: create /users directory
|
||
|
file:
|
||
|
path: /users
|
||
|
state: directory
|
||
|
mode: 0755
|
||
|
- name: create skel directory
|
||
|
file:
|
||
|
path: /users/skel
|
||
|
state: directory
|
||
|
mode: 0755
|
||
|
- name: add files to skel directory
|
||
|
copy:
|
||
|
src: "{{ item }}"
|
||
|
dest: /users/skel/
|
||
|
with_fileglob:
|
||
|
- "/etc/skel/.*"
|
||
|
- meta: flush_handlers
|
||
|
- name: create home directories for users
|
||
|
shell:
|
||
|
cmd: |
|
||
|
mkdir -p /users/{{ item }}
|
||
|
cp /users/skel/.* /users/{{ item }}/
|
||
|
chown -R {{ item }}:{{ item }} /users/{{ item }}
|
||
|
warn: false
|
||
|
loop: "{{ users }}"
|
||
|
- name: export /users directory
|
||
|
lineinfile:
|
||
|
path: /etc/exports
|
||
|
line: >-
|
||
|
/users {{ ipv4_subnet }}(sec=sys,rw) phosphoric-acid.{{ base_domain }}(sec=sys,rw,no_root_squash) cobalamin.{{ base_domain }}(sec=krb5p,rw)
|
||
|
notify:
|
||
|
- export all
|
||
|
- restart nfs-server
|
||
|
- name: disable NFSv4
|
||
|
# see https://unix.stackexchange.com/questions/205403/disable-nfsv4-server-on-debian-allow-nfsv3/289324
|
||
|
replace:
|
||
|
path: /etc/default/nfs-kernel-server
|
||
|
regexp: '^RPCNFSDCOUNT=.*$'
|
||
|
replace: 'RPCNFSDCOUNT="8 --no-nfs-version 4"'
|
||
|
notify:
|
||
|
- restart nfs-server
|
||
|
- name: install Kerberos packages
|
||
|
apt:
|
||
|
name: krb5-user
|
||
|
- name: add NFS server principal
|
||
|
command:
|
||
|
cmd: kadmin -p sysadmin/admin
|
||
|
stdin: |
|
||
|
krb5
|
||
|
addprinc -randkey nfs/{{ ansible_fqdn }}
|
||
|
ktadd nfs/{{ ansible_fqdn }}
|
||
|
creates: /etc/krb5.keytab
|
||
|
notify: restart nfs-server
|
||
|
handlers:
|
||
|
- name: export all
|
||
|
command: exportfs -ra
|
||
|
- name: restart nfs-server
|
||
|
systemd:
|
||
|
name: nfs-server
|
||
|
state: restarted
|
||
|
- name: restart nslcd
|
||
|
systemd:
|
||
|
name: nslcd
|
||
|
state: restarted
|