From: alex <alex@pdp7.net>
Date: Sun, 22 Jan 2023 22:37:07 +0000 (+0100)
Subject: Draft support for joining FreeIPA
X-Git-Tag: 20240214-emacs~483
X-Git-Url: https://xn--ix-yja.es/gitweb/?a=commitdiff_plain;h=9f64cbc16f05c7623491fa99faf9a493bac1df61;p=alex.git

Draft support for joining FreeIPA
---

diff --git a/personal_infra/playbooks/join_ipa.yaml b/personal_infra/playbooks/join_ipa.yaml
new file mode 100644
index 0000000..4bfe858
--- /dev/null
+++ b/personal_infra/playbooks/join_ipa.yaml
@@ -0,0 +1,21 @@
+---
+- name: join ipa
+  hosts: all
+  collections:
+    - ansible.builtin
+    - community.general
+
+  tasks:
+    - name: join
+      # TODO:
+      # -N: no NTP (LXC doesn't need NTP)
+      command: ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password }} --mkhomedir -p {{ freeipa.join_user }}
+    - name: set idmappings
+      blockinfile:
+        path: /etc/pve/lxc/{{ proxmox.id }}.conf
+        block: |
+          lxc.idmap = u 0 100000 65536
+          lxc.idmap = g 0 100000 65536
+          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/puppet/site/01-ipa.pp b/personal_infra/puppet/site/01-ipa.pp
new file mode 100644
index 0000000..44f7816
--- /dev/null
+++ b/personal_infra/puppet/site/01-ipa.pp
@@ -0,0 +1,7 @@
+$ipa_client_package = case $facts['os']['family'] {
+  'Debian': { 'freeipa-client' }
+  'RedHat': { 'ipa-client' }
+  default: { fail($facts['os']['family']) }
+}
+
+package {$ipa_client_package:}