45 lines
1 KiB
YAML
45 lines
1 KiB
YAML
---
|
|
- name: Install necessary packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- tlog
|
|
- sssd
|
|
|
|
- name: Configure SSSD on the system for files domain
|
|
community.general.ini_file:
|
|
path: "/etc/sssd/sssd.conf"
|
|
section: sssd
|
|
option: enable_files_domain
|
|
value: "true"
|
|
mode: '0600'
|
|
notify: restart_sssd
|
|
|
|
- name: Add session recording configuration
|
|
ansible.builtin.template:
|
|
src: "etc/sssd/conf.d/session-recording.conf"
|
|
dest: "/etc/sssd/conf.d/session-recording.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
notify: restart_sssd
|
|
|
|
- name: Enable the files domain through authselect
|
|
ansible.builtin.command: >
|
|
/usr/bin/authselect select custom/sssd-rocky
|
|
without-nullok
|
|
with-faillock
|
|
with-mkhomedir
|
|
with-sudo
|
|
with-files-domain
|
|
--force
|
|
notify: restart_sssd
|
|
changed_when: true
|
|
|
|
- name: Configure tlog itself
|
|
ansible.builtin.template:
|
|
src: "etc/tlog/tlog-rec-session.conf"
|
|
dest: "/etc/tlog/tlog-rec-session.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
...
|