21 lines
502 B
YAML
21 lines
502 B
YAML
- hosts: samba-dc
|
|
tasks:
|
|
- name: load domain secrets
|
|
include_vars: '{{ item }}'
|
|
with_fileglob: vault/samba-dc/{{ krb5_realm }}
|
|
- import_playbook: samba-dc.yml
|
|
- hosts: samba-dc
|
|
roles:
|
|
- nsswitch
|
|
- system-auth
|
|
- sudo
|
|
tasks:
|
|
- name: ensure domain admins can use sudo
|
|
copy:
|
|
content: |
|
|
%domain\ admins ALL=(ALL) ALL
|
|
%{{ workgroup }}\\domain\ admins ALL=(ALL) ALL
|
|
dest: /etc/sudoers.d/10_domain-admins
|
|
mode: '0440'
|
|
validate: visudo -cf %s
|