Dustin C. Hatch
4a91b55a49
The *DCH Root CA* certificate needs to be trusted on all hosts, as most internal communication is secured with certificates it has issued.
23 lines
459 B
YAML
23 lines
459 B
YAML
- hosts: pyrocufflink:!samba-dc
|
|
roles:
|
|
- winbind
|
|
- nsswitch
|
|
- system-auth
|
|
- sudo
|
|
tasks:
|
|
- name: ensure winbind is running
|
|
service:
|
|
name=winbind
|
|
state=started
|
|
- name: ensure server admins can use sudo
|
|
copy:
|
|
dest: /etc/sudoers.d/20_server-admins
|
|
content: |
|
|
%server\ admins ALL=(ALL) ALL
|
|
mode: '0440'
|
|
validate: visudo -cf %s
|
|
- hosts: pyrocufflink
|
|
roles:
|
|
- role: trustca
|
|
ca: dch-root-ca
|