diff options
| author |  Jonas Gunz <himself@jonasgunz.de>
| 2022-07-19 00:29:05 +0200 |
|---|---|---|
| committer | Jonas Gunz <himself@jonasgunz.de>
| 2022-07-19 00:29:05 +0200 |
| commit | 216bc43ef7a270925ac597806c06030354ba9149 (patch) | |
| tree | fa0c6f50f5797b70debd4955599430c9e29a70a3 /roles/freeradius/tasks/main.yml | |
| parent | ff374a7a4fe2191e494e75d02e3307efa23f4168 (diff) | |
| download | ansible_collection-216bc43ef7a270925ac597806c06030354ba9149.tar.gz | |
freeradius
Diffstat (limited to 'roles/freeradius/tasks/main.yml')
| -rw-r--r-- | roles/freeradius/tasks/main.yml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml new file mode 100644 index 0000000..0144a25 --- /dev/null +++ b/roles/freeradius/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: Install packages + apt: + name: + - freeradius + - freeradius-ldap + become: yes + +- name: Install config + template: + src: ldap.j2 + dest: /etc/freeradius/3.0/mods-available/ldap + become: yes + notify: freeradius + +- name: Install clients + template: + src: clients.conf.j2 + dest: /etc/freeradius/3.0/clients.ansible.conf + become: yes + notify: freeradius + +- name: Clients + lineinfile: + path: /etc/freeradius/3.0/radiusd.conf + search_string: '$INCLUDE clients.ansible.conf' + line: '$INCLUDE clients.ansible.conf' + insertafter: '$INCLUDE clients.conf' + become: yes + notify: freeradius + +- name: Enable LDAP Authentication + file: + src: '/etc/freeradius/3.0/mods-available/ldap' + dest: '/etc/freeradius/3.0/mods-enabled/ldap' + state: 'link' + become: yes + notify: freeradius + +- name: Set EAP Certificate + lineinfile: + path: /etc/freeradius/3.0/mods-available/eap + search_string: '{{ item["s"] }}' + line: '{{ item["l"] }}' + insertafter: 'tls-config tls-common' + become: yes + notify: freeradius + loop: + - s: 'private_key_password' + l: '# private_key_password = notset' + - s: 'private_key_file =' + l: 'private_key_file = {{ radius.cert.privkey }}' + - s: 'certificate_file =' + l: 'certificate_file = {{ radius.cert.cert }}' + - s: 'ca_file =' + l: 'ca_file = {{ radius.cert.ca }}' + - s: 'check_crl =' + l: 'check_crl = no' |