syntaxerrormmm/pnglug-mattiussi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ultime modifiche.

Browse source
This commit is contained in:
Emiliano Vavassori 2025-07-13 22:48:41 +02:00
parent 6951028ae5
commit 73a828502c
12 changed files with 184 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
deploy.sh
View file

@ -1,3 +1,3 @@
#!/bin/bash
ansible-playbook deploy.yml --limit localhost
ansible-playbook deploy.yml

3
hosts
View file

@ -1,2 +1 @@
#localhost ansible_connection=local
zorin ansible_host=192.168.33.243 ansible_user=utente ansible_connection=ssh
localhost ansible_connection=local

6
roles/gvfs/handlers/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Daemon reload
ansible.builtin.systemd_service:
daemon_reload: true
become: true
become_user: true

10
roles/gvfs/tasks/main.yml Normal file
View file

@ -0,0 +1,10 @@
---
# Sistemiamo GVFS
- name: Aggiustiamo gvfs
ansible.builtin.lineinfile:
path: /usr/lib/systemd/user/gvfs-daemon.service
line: 'Environment="KRB5CCNAME=FILE:/tmp/.krb5cc_%U"'
insertafter: "^[Service]"
state: present
notify: Daemon reload

27
roles/pam/tasks/main.yml Normal file
View file

@ -0,0 +1,27 @@
---
# Impostazioni per pam
- name: Creazione mountpoint in skel
ansible.builtin.file:
path: /etc/skel/Personale
state: directory
owner: root
group: root
mode: '0755'
- name: Installazione componenti mancanti
ansible.builtin.apt:
name: libpam-mount
state: present
- name: Attivazione servizi pam-mount
ansible.builtin.command: pam-auth-update --enable libpam-mount
- name: Configurazione pam_mount
ansible.builtin.template:
src: pam_mount.conf.xml
dest: /etc/security/pam_mount.conf.xml
backup: true
owner: root
group: root
mode: '0644'

28
roles/pam/templates/pam_mount.conf.xml Normal file
View file

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<mntoptions deny="suid,dev,exec" />
<mntoptions allow="*" />
<mntoptions require="nosuid,nodev,noexec" />
<logout wait="0" hup="no" term="no" kill="no" />
<volume
fstype="cifs"
sgrp="domain users"
server="{{ server }}"
path="{{ personal_share }}/%(DOMAIN_USER)"
mountpoint="~/Personale"
options="vers=3.0,sec=krb5i,cruid=%(USERUID),nodev,nosuid,noexec,rw"
/>
<mkmountpoint enable="1" remove="true" />
</pam_mount>
<!-- vim:sts=4:sw=4 -->

18
roles/samba/tasks/main.yml Normal file
View file

@ -0,0 +1,18 @@
---
# Sistemazione file samba
- name: Installazione prerequisiti
ansible.builtin.apt:
name:
- samba-common
- cifs-utils
state: present
- name: Configuriamo samba da template
ansible.builtin.template:
src: smb.conf
dest: /etc/samba/smb.conf
backup: true
owner: root
group: root
mode: '0644'

5
roles/samba/templates/smb.conf Normal file
View file

@ -0,0 +1,5 @@
[global]
workgroup = {{ netbios }}
realm = {{ realm }}
encrypt passwords = yes
client protection = encrypt

7
roles/sssd/handlers/main.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Restart sssd
ansible.builtin.service:
name: sssd
state: restarted
become: true
become_user: root

67
roles/sssd/tasks/main.yml Normal file
View file

@ -0,0 +1,67 @@
---
# Impostazioni tratte da https://www.pierreblazquez.com/2024/02/04/how-to-join-debian-12-to-an-active-directory-domain/
#
# Impostazione del servizio sssd
- name: Aggiunta suffisso di default
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: "default_domain_suffix = {{ domain }}"
insertafter: '^domains ='
notify: Restart sssd
- name: Disattivazione pac responder
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: implicit_pac_responder = false
insertafter: '^config_file_version = 2'
notify: Restart sssd
- name: Rimozione services
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: absent
line: '^services ='
notify: Restart sssd
- name: Aggiunta specifica cachedir per krb5
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: krb5_ccachedir = /tmp
insertafter: '^krb5_store_password_if_offline = True'
notify: Restart sssd
- name: Aggiunta ccname template per krb5
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: krb5_ccname_template = FILE:%d/.krb5cc_%U
insertafter: 'krb5_ccachedir = /tmp'
notify: Restart sssd
- name: Aggiunta full name format
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: full_name_format = %1$s
insertafter: '^ad_domain ='
notify: Restart sssd
- name: Aggiunta override homedir
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: override_homedir = /home/%u@%d
insertafter: '^fallback_homedir ='
notify: Restart sssd
- name: Aggiunta dydns_update, disabilitato
ansible.builtin.lineinfile:
path: /etc/sssd/sssd.conf
state: present
line: dydns_update = False
insertafter: '^fallback_homedir ='
notify: Restart sssd

3
roles/sudoers/99-domain_admins Normal file
View file

@ -0,0 +1,3 @@
%domain\ admins ALL=(ALL) ALL
%domain\ admins@{{ domain }} ALL=(ALL) ALL
%{{ netbios }}\\domain\ admins ALL=(ALL) ALL

11
roles/sudoers/tasks/main.yml Normal file
View file

@ -0,0 +1,11 @@
---
# Impostiamo che i domain admins siano anche sudoers.
- name: Impostiamo domain admins come sudoers.
ansible.builtin.template:
src: 99-domain_admins
dest: /etc/sudoers.d/99-domain_admins
owner: root
group: root
mode: '0440'
validate: visudo -c -f %s