freeradius: add support for sites

2022-08-31 05:04:19 +02:00 · 2022-08-31 05:04:19 +02:00 · a816fb1f01
commit a816fb1f01
parent 4bd54fe371
2 changed files with 46 additions and 12 deletions
--- a/roles/freeradius/defaults/main.yml
+++ b/roles/freeradius/defaults/main.yml
@ -25,4 +25,8 @@ radiusd__tls_cipher_list: DEFAULT
 radiusd__tls_certificate_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
 radiusd__tls_private_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
 radiusd__tls_ca_file: /etc/ssl/certs/ca-certificates.crt
+radiusd__enabled_sites_minimal:
+  - default
+  - inner-tunnel
+radiusd__enabled_sites: []
 ...
--- a/roles/freeradius/tasks/main.yml
+++ b/roles/freeradius/tasks/main.yml
@ -36,6 +36,24 @@
    - hints
    - huntgroups

+- name: Configure freeradius
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/freeradius/3.0/{{ item }}"
+    owner: root
+    group: freerad
+    mode: u=rw,g=r,o=
+  loop:
+    - radiusd.conf
+    #- proxy.conf
+    - clients.conf
+    - dictionary
+    - mods-available/utf8
+    - mods-available/always
+    - mods-available/eap
+  notify:
+    - Restart freeradius
+
 - name: Enumerate available modules
  find:
    paths: /etc/freeradius/3.0/mods-available
@ -66,21 +84,33 @@
  notify:
    - Restart freeradius

- name: Configure freeradius
-  template:
-    src: "{{ item }}.j2"
-    dest: "/etc/freeradius/3.0/{{ item }}"
+- name: Enumerate available sites
+  find:
+    paths: /etc/freeradius/3.0/sites-available
+  register: available_sites
+
+- name: Disable sites
+  file:
+    path: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
+    state: absent
+  loop: "{{ available_sites.files
+            | map(attribute='path')
+            | map('basename')
+            | difference(radiusd__enabled_sites_minimal
+                         | union(radiusd__enabled_sites)) }}"
+  notify:
+    - Restart freeradius
+
+- name: Enable sites
+  file:
+    src: "/etc/freeradius/3.0/sites-available/{{ item }}"
+    dest: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
+    state: link
    owner: root
    group: freerad
    mode: u=rw,g=r,o=
-  loop:
-    - radiusd.conf
-    #- proxy.conf
-    - clients.conf
-    - dictionary
-    - mods-available/utf8
-    - mods-available/always
-    - mods-available/eap
+  loop: "{{ radiusd__enabled_sites_minimal
+            | union(radiusd__enabled_sites) }}"
  notify:
    - Restart freeradius