ansible/roles/freeradius/tasks/main.yml

128 lines
3 KiB
YAML
Raw Normal View History

---
- name: Install freeradius
apt:
name: freeradius
install_recommends: false
- name: Remove unused files
file:
path: "/etc/freeradius/3.0/{{ item }}"
state: absent
loop:
- templates.conf
- trigger.conf
- README.rst
- panic.gdb
- experimental.conf
- certs/ca.cnf
- certs/bootstrap
- certs/client.cnf
- certs/inner-server.cnf
- certs/server.cnf
- certs/README
- certs/Makefile
- certs/xpextensions
2022-08-31 04:54:20 +02:00
- policy.d/dhcp
- policy.d/debug
- policy.d/control
- policy.d/abfab-tr
- policy.d/moonshot-targeted-ids
- mods-config/unbound/
- mods-config/perl/
- mods-config/python3/
- mods-config/sql/
- mods-config/README.rst
- users
- hints
- huntgroups
2022-08-31 05:04:19 +02:00
- name: Configure freeradius
template:
src: "{{ item }}.j2"
dest: "/etc/freeradius/3.0/{{ item }}"
owner: root
group: freerad
mode: u=rw,g=r,o=
loop:
- radiusd.conf
#- proxy.conf
- clients.conf
- dictionary
- mods-available/utf8
- mods-available/always
- mods-available/eap
2022-09-01 02:21:12 +02:00
- mods-available/eap_inner
- mods-config/attr_filter/access_challenge
- mods-config/attr_filter/access_reject
- sites-available/inner-tunnel
- sites-available/default
2022-08-31 05:04:19 +02:00
notify:
- Restart freeradius
- name: Enumerate available modules
find:
paths: /etc/freeradius/3.0/mods-available
register: available_modules
- name: Disable modules
file:
path: "/etc/freeradius/3.0/mods-enabled/{{ item }}"
state: absent
loop: "{{ available_modules.files
| map(attribute='path')
| map('basename')
| difference(radiusd__enabled_modules_minimal
| union(radiusd__enabled_modules)) }}"
notify:
- Restart freeradius
- name: Enable modules
file:
src: "/etc/freeradius/3.0/mods-available/{{ item }}"
dest: "/etc/freeradius/3.0/mods-enabled/{{ item }}"
state: link
owner: root
group: freerad
mode: u=rw,g=r,o=
loop: "{{ radiusd__enabled_modules_minimal
2022-09-01 08:19:15 +02:00
| union(radiusd__enabled_modules) }}"
notify:
- Restart freeradius
2022-08-31 05:04:19 +02:00
- name: Enumerate available sites
find:
paths: /etc/freeradius/3.0/sites-available
register: available_sites
- name: Disable sites
file:
path: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
state: absent
loop: "{{ available_sites.files
| map(attribute='path')
| map('basename')
| difference(radiusd__enabled_sites_minimal
| union(radiusd__enabled_sites)) }}"
notify:
- Restart freeradius
- name: Enable sites
file:
src: "/etc/freeradius/3.0/sites-available/{{ item }}"
dest: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
state: link
owner: root
group: freerad
mode: u=rw,g=r,o=
2022-08-31 05:04:19 +02:00
loop: "{{ radiusd__enabled_sites_minimal
| union(radiusd__enabled_sites) }}"
notify:
- Restart freeradius
- name: Enable and start freeradius
systemd:
name: freeradius.service
state: started
enabled: true
...