From c31e13a97528a02d2521872e521715473447ba7e Mon Sep 17 00:00:00 2001 From: Johanna Dorothea Reichmann Date: Sat, 5 Nov 2022 12:01:30 +0100 Subject: [PATCH 1/2] feat(nscd): add role --- roles/nscd/defaults/main.yml | 41 +++++++++++++++++++++++++++++++ roles/nscd/tasks/main.yml | 27 ++++++++++++++++++++ roles/nscd/templates/nscd.conf.j2 | 41 +++++++++++++++++++++++++++++++ roles/nscd/vars/main.yml | 4 +++ 4 files changed, 113 insertions(+) create mode 100644 roles/nscd/defaults/main.yml create mode 100644 roles/nscd/tasks/main.yml create mode 100644 roles/nscd/templates/nscd.conf.j2 create mode 100644 roles/nscd/vars/main.yml diff --git a/roles/nscd/defaults/main.yml b/roles/nscd/defaults/main.yml new file mode 100644 index 0000000..c66e185 --- /dev/null +++ b/roles/nscd/defaults/main.yml @@ -0,0 +1,41 @@ +--- + +nscd_config_file: /etc/nscd.conf + +nscd_config_password_enable_cache: true +nscd_config_password_positive_ttl_seconds: 300 +nscd_config_password_negative_ttl_seconds: 10 +nscd_config_password_suggested_size: 221 +nscd_config_password_check_files: true +nscd_config_password_persistent: true +nscd_config_password_shared: true +nscd_config_password_max_db_size_bytes: 33554432 +nscd_config_password_auto_propagate: yes + +nscd_config_group_enable_cache: true +nscd_config_group_positive_ttl_seconds: 900 +nscd_config_group_negative_ttl_seconds: 30 +nscd_config_group_suggested_size: 221 +nscd_config_group_check_files: true +nscd_config_group_persistent: true +nscd_config_group_shared: true +nscd_config_group_max_db_size_bytes: 33554432 +nscd_config_group_auto_propagate: yes + +nscd_config_hosts_enable_cache: true +nscd_config_hosts_positive_ttl_seconds: 1800 +nscd_config_hosts_negative_ttl_seconds: 60 +nscd_config_hosts_suggested_size: 221 +nscd_config_hosts_check_files: true +nscd_config_hosts_persistent: true +nscd_config_hosts_shared: true +nscd_config_hosts_max_db_size_bytes: 33554432 + +nscd_config_services_enable_cache: true +nscd_config_services_positive_ttl_seconds: 28800 +nscd_config_services_negative_ttl_seconds: 20 +nscd_config_services_suggested_size: 221 +nscd_config_services_check_files: true +nscd_config_services_persistent: true +nscd_config_services_shared: true +nscd_config_services_max_db_size_bytes: 33554432 diff --git a/roles/nscd/tasks/main.yml b/roles/nscd/tasks/main.yml new file mode 100644 index 0000000..6ec449b --- /dev/null +++ b/roles/nscd/tasks/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Make sure nscd is installed + apt: + name: "{{ nscd_apt_package_name }}" + state: present + when: ansible_facts['pkg_mgr'] == 'apt' + +- name: Ensure nscd is configured + template: + src: nscd.conf.j2 + dest: "{{ nscd_config_file }}" + owner: root + group: root + mode: "0640" + +- name: Ensure systemd service is enabled + systemd: + service: "{{ nscd_systemd_service_name }}" + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: Ensure systemd service is started + systemd: + service: "{{ nscd_systemd_service_name }}" + state: started + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/roles/nscd/templates/nscd.conf.j2 b/roles/nscd/templates/nscd.conf.j2 new file mode 100644 index 0000000..b881726 --- /dev/null +++ b/roles/nscd/templates/nscd.conf.j2 @@ -0,0 +1,41 @@ +#logfile /var/log/nscd.log +#threads 4 +#max-threads 32 + +enable-cache passwd {{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }} +positive-time-to-live passwd {{ nscd_config_passwd_positive_ttl_seconds }} +negative-time-to-live passwd {{ nscd_config_passwd_negative_ttl_seconds }} +suggested-size passwd {{ nscd_config_passwd_suggested_size }} +check-files passwd {{ nscd_config_passwd_check_files | ternary('yes', 'no') }} +persistent passwd {{ nscd_config_passwd_persistent | ternary('yes', 'no') }} +shared passwd {{ nscd_config_passwd_shared | ternary('yes', 'no') }} +max-db-size passwd {{ nscd_config_passwd_max_db_size_bytes }} +auto-propagate passwd {{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }} + +enable-cache group {{ nscd_config_group_auto_propagate | ternary('yes', 'no') }} +positive-time-to-live group {{ nscd_config_group_positive_ttl_seconds }} +negative-time-to-live group {{ nscd_config_group_negative_ttl_seconds }} +suggested-size group {{ nscd_config_group_suggested_size }} +check-files group {{ nscd_config_group_check_files | ternary('yes', 'no') }} +persistent group {{ nscd_config_group_persistent | ternary('yes', 'no') }} +shared group {{ nscd_config_group_shared | ternary('yes', 'no') }} +max-db-size group {{ nscd_config_group_max_db_size_bytes }} +auto-propagate group {{ nscd_config_group_auto_propagate | ternary('yes', 'no') }} + +enable-cache hosts {{ nscd_config_hosts_auto_propagate | ternary('yes', 'no') }} +positive-time-to-live hosts {{ nscd_config_hosts_positive_ttl_seconds }} +negative-time-to-live hosts {{ nscd_config_hosts_negative_ttl_seconds }} +suggested-size hosts {{ nscd_config_hosts_suggested_size }} +check-files hosts {{ nscd_config_hosts_check_files | ternary('yes', 'no') }} +persistent hosts {{ nscd_config_hosts_persistent | ternary('yes', 'no') }} +shared hosts {{ nscd_config_hosts_shared | ternary('yes', 'no') }} +max-db-size hosts {{ nscd_config_hosts_max_db_size_bytes }} + +enable-cache services {{ nscd_config_services_auto_propagate | ternary('yes', 'no') }} +positive-time-to-live services {{ nscd_config_services_positive_ttl_seconds }} +negative-time-to-live services {{ nscd_config_services_negative_ttl_seconds }} +suggested-size services {{ nscd_config_services_suggested_size }} +check-files services {{ nscd_config_services_check_files | ternary('yes', 'no') }} +persistent services {{ nscd_config_services_persistent | ternary('yes', 'no') }} +shared services {{ nscd_config_services_shared | ternary('yes', 'no') }} +max-db-size services {{ nscd_config_services_max_db_size_bytes }} diff --git a/roles/nscd/vars/main.yml b/roles/nscd/vars/main.yml new file mode 100644 index 0000000..07b2eca --- /dev/null +++ b/roles/nscd/vars/main.yml @@ -0,0 +1,4 @@ +--- + +nscd_apt_package_name: nscd +nscd_systemd_service_name: nscd.service -- 2.45.2 From fb13bd55bfecd10eea1619112e7f35730b5288aa Mon Sep 17 00:00:00 2001 From: Johanna Dorothea Reichmann Date: Sat, 5 Nov 2022 12:15:13 +0100 Subject: [PATCH 2/2] feat(nslcd): add role --- roles/nslcd/defaults/main.yml | 20 ++++++++++++++++++++ roles/nslcd/tasks/main.yml | 27 +++++++++++++++++++++++++++ roles/nslcd/templates/nslcd.conf.j2 | 17 +++++++++++++++++ roles/nslcd/vars/main.yml | 0 4 files changed, 64 insertions(+) create mode 100644 roles/nslcd/defaults/main.yml create mode 100644 roles/nslcd/tasks/main.yml create mode 100644 roles/nslcd/templates/nslcd.conf.j2 create mode 100644 roles/nslcd/vars/main.yml diff --git a/roles/nslcd/defaults/main.yml b/roles/nslcd/defaults/main.yml new file mode 100644 index 0000000..a4ed437 --- /dev/null +++ b/roles/nslcd/defaults/main.yml @@ -0,0 +1,20 @@ +--- + +nslcd_config_uid: nslcd +nslcd_config_gid: nslcd + +nslcd_config_ldap_uri: ldaps://127.0.0.1 +nslcd_config_ldap_base: ~ +nslcd_config_ldap_scope: sub +nslcd_config_ldap_version: 3 +nslcd_config_ldap_bind_dn: ~ +nslcd_config_ldap_bind_pw: ~ +nslcd_config_ldap_root_pw_mod_dn: ~ +nslcd_config_ldap_ssl: on +nslcd_config_ldap_tls_reqcert: always +nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt + +nslcd_config_pam_authz_search: >-2 + (&(objectClass=posixAccount)(uid=$username)(| + (host=$hostname)(host=$fqdn) + )) diff --git a/roles/nslcd/tasks/main.yml b/roles/nslcd/tasks/main.yml new file mode 100644 index 0000000..ebc7f52 --- /dev/null +++ b/roles/nslcd/tasks/main.yml @@ -0,0 +1,27 @@ +--- + +- name: Ensure nslcd is installed + apt: + name: "{{ nslcd_apt_package_name }}" + state: present + when: ansible_facts['pkg_mgr'] == 'apt' + +- name: Ensure config is templated + template: + src: nslcd.conf.j2 + dest: /etc/nslcd.conf + owner: root + group: root + mode: "0640" + +- name: Ensure systemd service is enabled + systemd: + service: "{{ nslcd_systemd_service_name }}" + enabled: true + when: ansible_facts['service_mgr'] == 'systemd' + +- name: Ensure systemd service is running + systemd: + service: "{{ nslcd_systemd_service_name }}" + state: started + when: ansible_facts['service_mgr'] == 'systemd' diff --git a/roles/nslcd/templates/nslcd.conf.j2 b/roles/nslcd/templates/nslcd.conf.j2 new file mode 100644 index 0000000..65ad41b --- /dev/null +++ b/roles/nslcd/templates/nslcd.conf.j2 @@ -0,0 +1,17 @@ +uid {{ nslcd_config_uid }} +gid {{ nslcd_config_gid }} + +uri {{ nslcd_config_ldap_uri }} +base {{ nslcd_config_ldap_base }} +binddn {{ nslcd_config_ldap_bind_dn }} +bindpw {{ nslcd_config_ldap_bind_pw }} +ldap_version {{ nslcd_config_ldap_version }} + +rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }} + +ssl {{ nslcd_config_ldap_ssl }} +tls_reqcert {{ nslcd_config_ldap_tls_reqcert }} +tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }} + +scope {{ nslcd_config_ldap_scope }} +pam_authz_search {{ nslcd_config_ldap_pam_authz_search }} diff --git a/roles/nslcd/vars/main.yml b/roles/nslcd/vars/main.yml new file mode 100644 index 0000000..e69de29 -- 2.45.2