diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
| commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
| tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /roles/jellyfin/tasks/freeipa.yml | |
| download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip | |
initial commit
Diffstat (limited to 'roles/jellyfin/tasks/freeipa.yml')
| -rw-r--r-- | roles/jellyfin/tasks/freeipa.yml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/roles/jellyfin/tasks/freeipa.yml b/roles/jellyfin/tasks/freeipa.yml new file mode 100644 index 0000000..06cfd25 --- /dev/null +++ b/roles/jellyfin/tasks/freeipa.yml @@ -0,0 +1,67 @@ +- name: create user + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_user }}' + loginshell: /sbin/nologin + homedir: '{{ jellyfin_home }}' + givenname: Jellyfin + sn: Service Account + state: present + run_once: True + +- name: retrieve user keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: '{{ jellyfin_user }}' + keytab_path: '{{ jellyfin_keytab }}' + keytab_owner: '{{ jellyfin_user }}' + +- name: create media access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_media_access_group }}' + nonposix: no + action: group + state: present + run_once: True + +- name: add user to media access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_media_access_group }}' + user: '{{ jellyfin_user }}' + action: member + state: present + run_once: True + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_access_group }}' + action: group + state: present + run_once: True + +- name: create admin group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ jellyfin_admin_group }}' + state: present + run_once: True + +- name: configure gssproxy for kerberized NFS + include_role: + name: gssproxy_client + vars: + gssproxy_name: jellyfin + gssproxy_section: service/jellyfin + gssproxy_keytab: /etc/krb5.keytab + gssproxy_client_keytab: '{{ jellyfin_keytab }}' + gssproxy_cred_usage: initiate + gssproxy_euid: '{{ jellyfin_user }}' |