remove fqdn

2023-08-30 23:13:59 +02:00
parent 85fb26bf52
commit 52f7e7e153
19 changed files with 96 additions and 96 deletions
--- a/roles/realmd/tasks/main.yaml
+++ b/roles/realmd/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install realmd and dependencies"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -16,7 +16,7 @@
     - packagekit

 - name: Check if computer is joined to domain
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    line: "^ad_access_filter"
@ -25,22 +25,22 @@
  register: checkjoined

 - name: "Get join password from local environment variable"
-  ansible.builtin.set_fact:
+  set_fact:
    join_passw: "{{ lookup('env', 'JOIN_PASSW') }}"
  delegate_to: localhost
  when: checkjoined.found == 0

 - name: Join to AD with realmd
-  ansible.builtin.shell:
+  shell:
    cmd: echo {{ join_passw }} | realm join -v -U tormakris_admin intra.tormakris.dev
  when: checkjoined.found == 0

 - name: Enable pam homedir create on first logon
-  ansible.builtin.command:
+  command:
    cmd: pam-auth-update --enable mkhomedir

 - name: Check if ad_gpo_access_control is disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    regexp: "^ad_gpo_access_control"
@ -49,14 +49,14 @@
  register: checkadgpoac

 - name: Set ad_gpo_access_control to disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_gpo_access_control = disabled"
  when: checkadgpoac.found == 0

 - name: Check if ad_access_filter is set
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    regexp: "^ad_access_filter"
@ -65,19 +65,19 @@
  register: checkadaf

 - name: Set ad_gpo_access_control to disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_access_filter = memberOf=CN=LinuxUsers,OU=Service Groups,DC=intra,DC=tormakris,DC=dev"
  when: checkadaf.found == 0

 - name: "Restart sssd"
-  ansible.builtin.service:
+  service:
    name: sssd
    state: restarted

 - name: Check if group is presend in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sudoers
    regexp: "^%linuxadmins"
@ -86,7 +86,7 @@
  register: checksudoers

 - name: Define group in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"