From 9f64cbc16f05c7623491fa99faf9a493bac1df61 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sun, 22 Jan 2023 23:37:07 +0100
Subject: Draft support for joining FreeIPA

---
 personal_infra/playbooks/join_ipa.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 personal_infra/playbooks/join_ipa.yaml

(limited to 'personal_infra/playbooks')

diff --git a/personal_infra/playbooks/join_ipa.yaml b/personal_infra/playbooks/join_ipa.yaml
new file mode 100644
index 00000000..4bfe8585
--- /dev/null
+++ b/personal_infra/playbooks/join_ipa.yaml
@@ -0,0 +1,21 @@
+---
+- name: join ipa
+  hosts: all
+  collections:
+    - ansible.builtin
+    - community.general
+
+  tasks:
+    - name: join
+      # TODO:
+      # -N: no NTP (LXC doesn't need NTP)
+      command: ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password }} --mkhomedir -p {{ freeipa.join_user }}
+    - name: set idmappings
+      blockinfile:
+        path: /etc/pve/lxc/{{ proxmox.id }}.conf
+        block: |
+          lxc.idmap = u 0 100000 65536
+          lxc.idmap = g 0 100000 65536
+          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      delegate_to: "{{ proxmox.host }}"
-- 
cgit v1.2.3