diff options
Diffstat (limited to 'roles/znc/tasks/freeipa.yml')
-rw-r--r-- | roles/znc/tasks/freeipa.yml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/roles/znc/tasks/freeipa.yml b/roles/znc/tasks/freeipa.yml new file mode 100644 index 0000000..3e3ab07 --- /dev/null +++ b/roles/znc/tasks/freeipa.yml @@ -0,0 +1,49 @@ +- name: create HBAC service + ipahbacsvc: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ znc_hbac_service }}' + description: ZNC IRC Bouncer + state: present + run_once: yes + +- name: create znc-servers hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ znc_hbac_hostgroup }}' + description: ZNC Servers + host: "{{ groups[znc_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + state: present + run_once: yes + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ znc_access_group }}' + description: ZNC Users + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_znc_on_znc_servers + description: Allow ZNC on ZNC servers + hostgroup: + - '{{ znc_hbac_hostgroup }}' + group: + - '{{ znc_access_group }}' + hbacsvc: + - '{{ znc_hbac_service }}' + run_once: yes + +- name: generate PAM configuration + copy: + content: | + auth required pam_sss.so + account required pam_sss.so + dest: /etc/pam.d/znc |