blob: 9d494b3c50e0a8194d2f0ab1d9da5803c38f1c23 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
---
- name: Install our freeradius-assha package
dnf:
name: '{{ item }}'
state: latest
with_fileglob:
- 'radius/freeradius-assha-*.fc{{ ansible_distribution_major_version }}.*.rpm'
notify:
- restart radiusd
tags:
- packages
- name: Make sure curl and diffutils are installed
dnf:
name: '{{ item }}'
state: latest
with_items:
- curl
- diffutils
tags:
- packages
- name: Disable default site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
state: absent
with_items:
- default
- inner-tunnel
notify:
- restart radiusd
- name: Configure radiusd
copy:
src: 'radius/{{ item }}'
dest: '/etc/raddb/{{ item }}'
owner: root
group: radiusd
mode: 0640
with_items:
- radiusd.conf
- mods-available/eap
- sites-available/labitat
- sites-available/labitat-inner
notify:
- restart radiusd
- name: Configure radius clients
template:
src: 'radius/clients.conf.j2'
dest: '/etc/raddb/clients.conf'
owner: root
group: radiusd
mode: 0640
notify:
- restart radiusd
- name: Enable labitat site
file:
path: '/etc/raddb/sites-enabled/{{ item }}'
state: link
src: '../sites-available/{{ item }}'
owner: root
group: radiusd
force: yes
with_items:
- labitat
- labitat-inner
notify:
- restart radiusd
- name: Create getusers script
template:
src: 'radius/getusers.sh.j2'
dest: '/etc/raddb/getusers.sh'
owner: root
group: radiusd
mode: 0750
- name: Create getusers service and timer
copy:
src: 'radius/{{ item }}'
dest: '/etc/systemd/system/{{ item }}'
with_items:
- getusers.service
- getusers.timer
notify:
- restart getusers
- name: Enable getusers timer
systemd:
name: getusers.timer
enabled: yes
masked: no
state: started
when: "'container' not in ansible_env"
- name: '- when in nspawn'
command: systemctl enable getusers.timer
args:
creates: '/etc/systemd/system/timers.target.wants/getusers.timer'
when: "'container' in ansible_env"
- name: Enable radiusd service
systemd:
name: radiusd.service
enabled: yes
masked: no
state: started
when: "'container' not in ansible_env"
- name: '- when in nspawn'
command: systemctl enable radiusd.service
args:
creates: '/etc/systemd/system/multi-user.target.wants/radiusd.service'
when: "'container' in ansible_env"
# vim: set ts=2 sw=2 et:
|
