Draft support for joining FreeIPA

2 files changed, 28 insertions, 0 deletions

diff --git a/personal_infra/playbooks/join_ipa.yaml b/personal_infra/playbooks/join_ipa.yaml
new file mode 100644
index 00000000..4bfe8585
--- /dev/null
+++ b/personal_infra/playbooks/join_ipa.yaml
@@ -0,0 +1,21 @@
+---
+- name: join ipa
+  hosts: all
+  collections:
+    - ansible.builtin
+    - community.general
+
+  tasks:
+    - name: join
+      # TODO:
+      # -N: no NTP (LXC doesn't need NTP)
+      command: ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password }} --mkhomedir -p {{ freeipa.join_user }}
+    - name: set idmappings
+      blockinfile:
+        path: /etc/pve/lxc/{{ proxmox.id }}.conf
+        block: |
+          lxc.idmap = u 0 100000 65536
+          lxc.idmap = g 0 100000 65536
+          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/puppet/site/01-ipa.pp b/personal_infra/puppet/site/01-ipa.pp
new file mode 100644
index 00000000..44f7816c
--- /dev/null
+++ b/personal_infra/puppet/site/01-ipa.pp
@@ -0,0 +1,7 @@
+$ipa_client_package = case $facts['os']['family'] {
+  'Debian': { 'freeipa-client' }
+  'RedHat': { 'ipa-client' }
+  default: { fail($facts['os']['family']) }
+}
+
+package {$ipa_client_package:}