61 lines
1.3 KiB
YAML
61 lines
1.3 KiB
YAML
- hosts: proxmox_all_lxc
|
|
remote_user: root
|
|
tasks:
|
|
- name: Install sssd
|
|
package:
|
|
name:
|
|
- sssd
|
|
- sssd-tools
|
|
- libnss-sss
|
|
- libpam-sss
|
|
- libsss-sudo
|
|
- sudo
|
|
state: latest
|
|
|
|
- name: Create sssd.conf
|
|
copy:
|
|
src: /home/ansible/playbooks/contents/sssd.conf
|
|
dest: /etc/sssd/sssd.conf
|
|
mode: '0600'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Start sssd
|
|
service:
|
|
name: sssd
|
|
state: restarted
|
|
|
|
- name: Update PAM
|
|
shell:
|
|
cmd: pam-auth-update --enable mkhomedir
|
|
|
|
- name: Create sudoers file
|
|
file:
|
|
path: /etc/sudoers.d/unix_admin
|
|
state: touch
|
|
mode: '0440'
|
|
|
|
- name: Add unix_admin to sudoers
|
|
community.general.sudoers:
|
|
name: unix_admin
|
|
state: present
|
|
group: unix_admin
|
|
commands: ALL
|
|
|
|
- name: Edit sshd_config - AuthorizedKeysCommand
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
search_string: 'AuthorizedKeysCommand'
|
|
line: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
|
|
|
|
- name: Edit sshd_config - AuthorizedKeysCommand
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
search_string: 'AuthorizedKeysCommandUser'
|
|
line: AuthorizedKeysCommandUser nobody
|
|
|
|
- name: Restart ssh
|
|
service:
|
|
name: ssh
|
|
state: restarted
|