Initial Commit

ldap_unix.yml

@@ -0,0 +1,60 @@
+- hosts: proxmox_all_lxc
+  remote_user: root
+  tasks:
+  - name: Install sssd
+    package: 
+      name: 
+      - sssd
+      - sssd-tools
+      - libnss-sss
+      - libpam-sss
+      - libsss-sudo
+      - sudo
+      state: latest
+  
+  - name: Create sssd.conf
+    copy: 
+      src: /home/ansible/playbooks/contents/sssd.conf
+      dest: /etc/sssd/sssd.conf
+      mode: '0600'
+      owner: root
+      group: root
+
+  - name: Start sssd
+    service: 
+      name: sssd
+      state: restarted
+  
+  - name: Update PAM
+    shell: 
+      cmd: pam-auth-update --enable mkhomedir
+
+  - name: Create sudoers file
+    file:
+      path: /etc/sudoers.d/unix_admin
+      state: touch
+      mode: '0440'
+  
+  - name: Add unix_admin to sudoers
+    community.general.sudoers:
+      name: unix_admin
+      state: present
+      group: unix_admin
+      commands: ALL
+
+  - name: Edit sshd_config - AuthorizedKeysCommand
+    lineinfile: 
+      path: /etc/ssh/sshd_config
+      search_string: 'AuthorizedKeysCommand'
+      line: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
+
+  - name: Edit sshd_config - AuthorizedKeysCommand
+    lineinfile: 
+      path: /etc/ssh/sshd_config
+      search_string: 'AuthorizedKeysCommandUser'
+      line: AuthorizedKeysCommandUser nobody
+
+  - name: Restart ssh
+    service: 
+      name: ssh
+      state: restarted