aboutsummaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/nginx_reverse_proxy/tasks/main.yml2
-rw-r--r--roles/sssd/defaults/main.yml1
-rw-r--r--roles/sssd/files/sshd_sss_authorized_keys.conf5
-rw-r--r--roles/sssd/handlers/main.yml5
-rw-r--r--roles/sssd/tasks/main.yml9
5 files changed, 21 insertions, 1 deletions
diff --git a/roles/nginx_reverse_proxy/tasks/main.yml b/roles/nginx_reverse_proxy/tasks/main.yml
index 975bf71..4143880 100644
--- a/roles/nginx_reverse_proxy/tasks/main.yml
+++ b/roles/nginx_reverse_proxy/tasks/main.yml
@@ -10,7 +10,7 @@
when:
- '{{ cert_changed | default(False) }}'
notify:
- - Restart nginx
+ - restart nginx
- name: Install nginx config
template:
diff --git a/roles/sssd/defaults/main.yml b/roles/sssd/defaults/main.yml
index 381bb74..4544fb3 100644
--- a/roles/sssd/defaults/main.yml
+++ b/roles/sssd/defaults/main.yml
@@ -8,3 +8,4 @@ sssd_ldap:
user_dn: 'ou=users,dc=example,dc=com'
group_dn: 'ou=groups,dc=example,dc=com'
access_filter: '&(objectClass=posixAccount)'
+ sshd_keys_from_sss: false
diff --git a/roles/sssd/files/sshd_sss_authorized_keys.conf b/roles/sssd/files/sshd_sss_authorized_keys.conf
new file mode 100644
index 0000000..e4f17bd
--- /dev/null
+++ b/roles/sssd/files/sshd_sss_authorized_keys.conf
@@ -0,0 +1,5 @@
+# vi: ft=sshdconfig
+# This file is managed by Ansible. Do NOT change.
+
+AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
+AuthorizedKeysCommandUser nobody
diff --git a/roles/sssd/handlers/main.yml b/roles/sssd/handlers/main.yml
index ac65088..add6945 100644
--- a/roles/sssd/handlers/main.yml
+++ b/roles/sssd/handlers/main.yml
@@ -4,3 +4,8 @@
name: sssd
state: restarted
become: yes
+- name: Restart sshd
+ systemd:
+ name: sshd
+ state: restarted
+ become: yes
diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index a7f2b5e..e24cdfd 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -35,3 +35,12 @@
line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022'
insertafter: '^session optional pam_sss\.so'
become: yes
+
+- name: Configure SSH Key login via LDAP
+ copy:
+ src: sshd_sss_authorized_keys.conf
+ dest: /etc/ssh/sshd_config.d/sss_authorized_keys.conf
+ become: yes
+ when: sssd_ldap.sshd_keys_from_sss | default(false)
+ notify:
+ - Restart sshd
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 20:27:09 +0000