127 lines
3 KiB
YAML
127 lines
3 KiB
YAML
---
|
|
- name: Install freeradius
|
|
apt:
|
|
name: freeradius
|
|
install_recommends: false
|
|
|
|
- name: Remove unused files
|
|
file:
|
|
path: "/etc/freeradius/3.0/{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- templates.conf
|
|
- trigger.conf
|
|
- README.rst
|
|
- panic.gdb
|
|
- experimental.conf
|
|
- certs/ca.cnf
|
|
- certs/bootstrap
|
|
- certs/client.cnf
|
|
- certs/inner-server.cnf
|
|
- certs/server.cnf
|
|
- certs/README
|
|
- certs/Makefile
|
|
- certs/xpextensions
|
|
- policy.d/dhcp
|
|
- policy.d/debug
|
|
- policy.d/control
|
|
- policy.d/abfab-tr
|
|
- policy.d/moonshot-targeted-ids
|
|
- mods-config/unbound/
|
|
- mods-config/perl/
|
|
- mods-config/python3/
|
|
- mods-config/sql/
|
|
- mods-config/README.rst
|
|
- users
|
|
- hints
|
|
- huntgroups
|
|
|
|
- name: Configure freeradius
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/etc/freeradius/3.0/{{ item }}"
|
|
owner: root
|
|
group: freerad
|
|
mode: u=rw,g=r,o=
|
|
loop:
|
|
- radiusd.conf
|
|
#- proxy.conf
|
|
- clients.conf
|
|
- dictionary
|
|
- mods-available/utf8
|
|
- mods-available/always
|
|
- mods-available/eap
|
|
- mods-available/eap_inner
|
|
- mods-config/attr_filter/access_challenge
|
|
- mods-config/attr_filter/access_reject
|
|
- sites-available/inner-tunnel
|
|
- sites-available/default
|
|
notify:
|
|
- Restart freeradius
|
|
|
|
- name: Enumerate available modules
|
|
find:
|
|
paths: /etc/freeradius/3.0/mods-available
|
|
register: available_modules
|
|
|
|
- name: Disable modules
|
|
file:
|
|
path: "/etc/freeradius/3.0/mods-enabled/{{ item }}"
|
|
state: absent
|
|
loop: "{{ available_modules.files
|
|
| map(attribute='path')
|
|
| map('basename')
|
|
| difference(radiusd__enabled_modules_minimal
|
|
| union(radiusd__enabled_modules)) }}"
|
|
notify:
|
|
- Restart freeradius
|
|
|
|
- name: Enable modules
|
|
file:
|
|
src: "/etc/freeradius/3.0/mods-available/{{ item }}"
|
|
dest: "/etc/freeradius/3.0/mods-enabled/{{ item }}"
|
|
state: link
|
|
owner: root
|
|
group: freerad
|
|
mode: u=rw,g=r,o=
|
|
loop: "{{ radiusd__enabled_modules_minimal
|
|
| union(radiusd__enabled_modules) }}"
|
|
notify:
|
|
- Restart freeradius
|
|
|
|
- name: Enumerate available sites
|
|
find:
|
|
paths: /etc/freeradius/3.0/sites-available
|
|
register: available_sites
|
|
|
|
- name: Disable sites
|
|
file:
|
|
path: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
|
|
state: absent
|
|
loop: "{{ available_sites.files
|
|
| map(attribute='path')
|
|
| map('basename')
|
|
| difference(radiusd__enabled_sites_minimal
|
|
| union(radiusd__enabled_sites)) }}"
|
|
notify:
|
|
- Restart freeradius
|
|
|
|
- name: Enable sites
|
|
file:
|
|
src: "/etc/freeradius/3.0/sites-available/{{ item }}"
|
|
dest: "/etc/freeradius/3.0/sites-enabled/{{ item }}"
|
|
state: link
|
|
owner: root
|
|
group: freerad
|
|
mode: u=rw,g=r,o=
|
|
loop: "{{ radiusd__enabled_sites_minimal
|
|
| union(radiusd__enabled_sites) }}"
|
|
notify:
|
|
- Restart freeradius
|
|
|
|
- name: Enable and start freeradius
|
|
systemd:
|
|
name: freeradius.service
|
|
state: started
|
|
enabled: true
|
|
...
|