diff options
Diffstat (limited to 'roles/linux_desktop/tasks/freeipa.yml')
-rw-r--r-- | roles/linux_desktop/tasks/freeipa.yml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/roles/linux_desktop/tasks/freeipa.yml b/roles/linux_desktop/tasks/freeipa.yml new file mode 100644 index 0000000..f7a09e1 --- /dev/null +++ b/roles/linux_desktop/tasks/freeipa.yml @@ -0,0 +1,33 @@ +- name: create linux-desktops hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_desktop_hbac_hostgroup}}' + description: Linux Desktops + host: "{{ groups[linux_desktop_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + run_once: yes + +- name: create desktop access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ linux_desktop_access_group }}' + description: linux desktop access + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule for gdm + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_gdm_on_linux_desktops + description: Allow login to GDM on linux desktops + hostgroup: + - '{{ linux_desktop_hbac_hostgroup }}' + group: + - '{{ linux_desktop_access_group }}' + hbacsvc: + - gdm + - gdm-password + run_once: yes |