From 9f64cbc16f05c7623491fa99faf9a493bac1df61 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sun, 22 Jan 2023 23:37:07 +0100
Subject: [PATCH] Draft support for joining FreeIPA

---
 personal_infra/playbooks/join_ipa.yaml | 21 +++++++++++++++++++++
 personal_infra/puppet/site/01-ipa.pp   |  7 +++++++
 2 files changed, 28 insertions(+)
 create mode 100644 personal_infra/playbooks/join_ipa.yaml
 create mode 100644 personal_infra/puppet/site/01-ipa.pp

diff --git a/personal_infra/playbooks/join_ipa.yaml b/personal_infra/playbooks/join_ipa.yaml
new file mode 100644
index 0000000..4bfe858
--- /dev/null
+++ b/personal_infra/playbooks/join_ipa.yaml
@@ -0,0 +1,21 @@
+---
+- name: join ipa
+  hosts: all
+  collections:
+    - ansible.builtin
+    - community.general
+
+  tasks:
+    - name: join
+      # TODO:
+      # -N: no NTP (LXC doesn't need NTP)
+      command: ipa-client-install -U -N --domain={{ freeipa.domain }} -w {{ freeipa.join_password }} --mkhomedir -p {{ freeipa.join_user }}
+    - name: set idmappings
+      blockinfile:
+        path: /etc/pve/lxc/{{ proxmox.id }}.conf
+        block: |
+          lxc.idmap = u 0 100000 65536
+          lxc.idmap = g 0 100000 65536
+          lxc.idmap = u {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+          lxc.idmap = g {{ freeipa.idrange_start }} {{ freeipa.idrange_start }} {{ freeipa.idrange_size }}
+      delegate_to: "{{ proxmox.host }}"
diff --git a/personal_infra/puppet/site/01-ipa.pp b/personal_infra/puppet/site/01-ipa.pp
new file mode 100644
index 0000000..44f7816
--- /dev/null
+++ b/personal_infra/puppet/site/01-ipa.pp
@@ -0,0 +1,7 @@
+$ipa_client_package = case $facts['os']['family'] {
+  'Debian': { 'freeipa-client' }
+  'RedHat': { 'ipa-client' }
+  default: { fail($facts['os']['family']) }
+}
+
+package {$ipa_client_package:}
-- 
2.47.3