diff options
| author | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-07 16:27:49 +0100 |
|---|---|---|
| committer | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-12 14:56:32 +0100 |
| commit | e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84 (patch) | |
| tree | 41ba5163cf6f110521f2ebc9035f77d2754796a0 /roles/space_server/tasks/radius.yml | |
| download | labitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.tar.gz labitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.tar.xz labitat-ansible-e8cdba85c48dcbbd42e6fcb5be3aa2912008cb84.zip | |
initial commit
Diffstat (limited to 'roles/space_server/tasks/radius.yml')
| -rw-r--r-- | roles/space_server/tasks/radius.yml | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml new file mode 100644 index 0000000..3226d2e --- /dev/null +++ b/roles/space_server/tasks/radius.yml @@ -0,0 +1,105 @@ +--- +- name: Install our freeradius-assha package + dnf: + name: '{{ item }}' + state: latest + with_fileglob: + - 'radius/freeradius-assha-*.fc{{ ansible_distribution_major_version }}.*.rpm' + notify: + - restart radiusd + tags: + - packages + +- name: Make sure curl and diffutils are installed + dnf: + name: '{{ item }}' + state: latest + with_items: + - curl + - diffutils + tags: + - packages + +- name: Disable default site + file: + path: '/etc/raddb/sites-enabled/default' + state: absent + notify: + - restart radiusd +- name: Configure radiusd + copy: + src: 'radius/{{ item }}' + dest: '/etc/raddb/{{ item }}' + owner: root + group: radiusd + mode: 0640 + with_items: + - radiusd.conf + - mods-available/eap + - sites-available/labitat + notify: + - restart radiusd +- name: Configure radius clients + template: + src: 'radius/clients.conf.j2' + dest: '/etc/raddb/clients.conf' + owner: root + group: radiusd + mode: 0640 + notify: + - restart radiusd +- name: Enable labitat site + file: + path: '/etc/raddb/sites-enabled/labitat' + state: link + src: '../sites-available/labitat' + owner: root + group: radiusd + force: yes + notify: + - restart radiusd + +- name: Create getusers script + template: + src: 'radius/getusers.sh.j2' + dest: '/etc/raddb/getusers.sh' + owner: root + group: radiusd + mode: 0750 +- name: Create getusers service and timer + copy: + src: 'radius/{{ item }}' + dest: '/etc/systemd/system/{{ item }}' + with_items: + - getusers.service + - getusers.timer + notify: + - restart getusers + +- name: Enable getusers timer + systemd: + name: getusers.timer + enabled: yes + masked: no + state: started + when: "'container' not in ansible_env" +- name: '- when in nspawn' + command: systemctl enable getusers.timer + args: + creates: '/etc/systemd/system/timers.target.wants/getusers.timer' + when: "'container' in ansible_env" + +- name: Enable radiusd service + systemd: + name: radiusd.service + enabled: yes + masked: no + state: started + when: "'container' not in ansible_env" +- name: '- when in nspawn' + command: systemctl enable radiusd.service + args: + creates: '/etc/systemd/system/multi-user.target.wants/radiusd.service' + when: "'container' in ansible_env" + +# vim: set ts=2 sw=2 et: |