roles/nscd/defaults/main.yml

@@ -0,0 +1,41 @@
+---
+
+nscd_config_file: /etc/nscd.conf
+
+nscd_config_password_enable_cache: true
+nscd_config_password_positive_ttl_seconds: 300
+nscd_config_password_negative_ttl_seconds: 10
+nscd_config_password_suggested_size: 221
+nscd_config_password_check_files: true
+nscd_config_password_persistent: true
+nscd_config_password_shared: true
+nscd_config_password_max_db_size_bytes: 33554432
+nscd_config_password_auto_propagate: yes
+
+nscd_config_group_enable_cache: true
+nscd_config_group_positive_ttl_seconds: 900
+nscd_config_group_negative_ttl_seconds: 30
+nscd_config_group_suggested_size: 221
+nscd_config_group_check_files: true
+nscd_config_group_persistent: true
+nscd_config_group_shared: true
+nscd_config_group_max_db_size_bytes: 33554432
+nscd_config_group_auto_propagate: yes
+
+nscd_config_hosts_enable_cache: true
+nscd_config_hosts_positive_ttl_seconds: 1800
+nscd_config_hosts_negative_ttl_seconds: 60
+nscd_config_hosts_suggested_size: 221
+nscd_config_hosts_check_files: true
+nscd_config_hosts_persistent: true
+nscd_config_hosts_shared: true
+nscd_config_hosts_max_db_size_bytes: 33554432
+
+nscd_config_services_enable_cache: true
+nscd_config_services_positive_ttl_seconds: 28800
+nscd_config_services_negative_ttl_seconds: 20
+nscd_config_services_suggested_size: 221
+nscd_config_services_check_files: true
+nscd_config_services_persistent: true
+nscd_config_services_shared: true
+nscd_config_services_max_db_size_bytes: 33554432

roles/nscd/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Make sure nscd is installed
+  apt:
+    name: "{{ nscd_apt_package_name }}"
+    state: present
+  when: ansible_facts['pkg_mgr'] == 'apt'
+
+- name: Ensure nscd is configured
+  template:
+    src: nscd.conf.j2
+    dest: "{{ nscd_config_file }}"
+    owner: root
+    group: root
+    mode: "0640"
+
+- name: Ensure systemd service is enabled
+  systemd:
+    service: "{{ nscd_systemd_service_name }}"
+    enabled: true
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd service is started
+  systemd:
+    service: "{{ nscd_systemd_service_name }}"
+    state: started
+  when: ansible_facts['service_mgr'] == 'systemd'

roles/nscd/templates/nscd.conf.j2

@@ -0,0 +1,41 @@
+#logfile	/var/log/nscd.log
+#threads	4
+#max-threads	32
+
+enable-cache		passwd	{{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }}
+positive-time-to-live	passwd	{{ nscd_config_passwd_positive_ttl_seconds }}
+negative-time-to-live	passwd	{{ nscd_config_passwd_negative_ttl_seconds }}
+suggested-size		passwd	{{ nscd_config_passwd_suggested_size }}
+check-files		passwd	{{ nscd_config_passwd_check_files | ternary('yes', 'no') }}
+persistent		passwd	{{ nscd_config_passwd_persistent | ternary('yes', 'no') }}
+shared			passwd	{{ nscd_config_passwd_shared | ternary('yes', 'no') }}
+max-db-size		passwd	{{ nscd_config_passwd_max_db_size_bytes }}
+auto-propagate		passwd	{{ nscd_config_passwd_auto_propagate | ternary('yes', 'no') }}
+
+enable-cache		group	{{ nscd_config_group_auto_propagate | ternary('yes', 'no') }}
+positive-time-to-live	group	{{ nscd_config_group_positive_ttl_seconds }}
+negative-time-to-live	group	{{ nscd_config_group_negative_ttl_seconds }}
+suggested-size		group	{{ nscd_config_group_suggested_size }}
+check-files		group	{{ nscd_config_group_check_files | ternary('yes', 'no') }}
+persistent		group	{{ nscd_config_group_persistent | ternary('yes', 'no') }}
+shared			group	{{ nscd_config_group_shared | ternary('yes', 'no') }}
+max-db-size		group	{{ nscd_config_group_max_db_size_bytes }}
+auto-propagate		group	{{ nscd_config_group_auto_propagate | ternary('yes', 'no') }}
+
+enable-cache		hosts	{{ nscd_config_hosts_auto_propagate | ternary('yes', 'no') }}
+positive-time-to-live	hosts	{{ nscd_config_hosts_positive_ttl_seconds }}
+negative-time-to-live	hosts	{{ nscd_config_hosts_negative_ttl_seconds }}
+suggested-size		hosts	{{ nscd_config_hosts_suggested_size }}
+check-files		hosts	{{ nscd_config_hosts_check_files | ternary('yes', 'no') }}
+persistent		hosts	{{ nscd_config_hosts_persistent | ternary('yes', 'no') }}
+shared			hosts	{{ nscd_config_hosts_shared | ternary('yes', 'no') }}
+max-db-size		hosts	{{ nscd_config_hosts_max_db_size_bytes }}
+
+enable-cache		services	{{ nscd_config_services_auto_propagate | ternary('yes', 'no') }}
+positive-time-to-live	services	{{ nscd_config_services_positive_ttl_seconds }}
+negative-time-to-live	services	{{ nscd_config_services_negative_ttl_seconds }}
+suggested-size		services	{{ nscd_config_services_suggested_size }}
+check-files		services	{{ nscd_config_services_check_files | ternary('yes', 'no') }}
+persistent		services	{{ nscd_config_services_persistent | ternary('yes', 'no') }}
+shared			services	{{ nscd_config_services_shared | ternary('yes', 'no') }}
+max-db-size		services	{{ nscd_config_services_max_db_size_bytes }}

roles/nscd/vars/main.yml

@@ -0,0 +1,4 @@
+---
+
+nscd_apt_package_name: nscd
+nscd_systemd_service_name: nscd.service

roles/nslcd/defaults/main.yml

@@ -0,0 +1,20 @@
+---
+
+nslcd_config_uid: nslcd
+nslcd_config_gid: nslcd
+
+nslcd_config_ldap_uri: ldaps://127.0.0.1
+nslcd_config_ldap_base: ~
+nslcd_config_ldap_scope: sub
+nslcd_config_ldap_version: 3
+nslcd_config_ldap_bind_dn: ~
+nslcd_config_ldap_bind_pw: ~
+nslcd_config_ldap_root_pw_mod_dn: ~
+nslcd_config_ldap_ssl: on
+nslcd_config_ldap_tls_reqcert: always
+nslcd_config_ldap_tls_cacertfile: /etc/ssl/certs/ca-certificates.crt
+
+nslcd_config_pam_authz_search: >-2
+  (&(objectClass=posixAccount)(uid=$username)(|
+    (host=$hostname)(host=$fqdn)
+  ))

roles/nslcd/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Ensure nslcd is installed
+  apt:
+    name: "{{ nslcd_apt_package_name }}"
+    state: present
+  when: ansible_facts['pkg_mgr'] == 'apt'
+
+- name: Ensure config is templated
+  template:
+    src: nslcd.conf.j2
+    dest: /etc/nslcd.conf
+    owner: root
+    group: root
+    mode: "0640"
+
+- name: Ensure systemd service is enabled
+  systemd:
+    service: "{{ nslcd_systemd_service_name }}"
+    enabled: true
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd service is running
+  systemd:
+    service: "{{ nslcd_systemd_service_name }}"
+    state: started
+  when: ansible_facts['service_mgr'] == 'systemd'

roles/nslcd/templates/nslcd.conf.j2

@@ -0,0 +1,17 @@
+uid {{ nslcd_config_uid }}
+gid {{ nslcd_config_gid }}
+
+uri {{ nslcd_config_ldap_uri }}
+base {{ nslcd_config_ldap_base }}
+binddn {{ nslcd_config_ldap_bind_dn }}
+bindpw {{ nslcd_config_ldap_bind_pw }}
+ldap_version {{ nslcd_config_ldap_version }}
+
+rootpwmoddn {{ nslcd_config_ldap_root_pw_mod_dn }}
+
+ssl {{ nslcd_config_ldap_ssl }}
+tls_reqcert {{ nslcd_config_ldap_tls_reqcert }}
+tls_cacertfile {{ nslcd_config_ldap_tls_cacertfile }}
+
+scope {{ nslcd_config_ldap_scope }}
+pam_authz_search {{ nslcd_config_ldap_pam_authz_search }}