trixie/roles/fvs-mount/tasks/main.yml

---
- name: install needed packages
  apt:
    name:
      - libpam-mount
      - cifs-utils
      - sshfs
    state: latest

- name: configure pam_mount
  blockinfile:
    dest: /etc/security/pam_mount.conf.xml
    block: |
      <volume
        fstype="fuse"
        path="sshfs#%(USER)@{{ home_server }}:"
        mountpoint="/home/%(USER)"
        options="allow_other,default_permissions,reconnect,password_stdin"
        ssh="0" noroot="0"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>

      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_home }}"
        mountpoint="/media/%(USER)/winhome"
        options="dir_mode=0750,file_mode=0640"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>

      <volume
        fstype="cifs"
        server="{{ smb_server }}"
        path="{{ smb_share }}"
        mountpoint="/media/%(USER)/winshare"
        options="dir_mode=0750,file_mode=0640"
      ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>
    insertafter: "<!-- Volume definitions -->"

- name: make sure .ssh exists
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'

- name: provide public key of home server
  lineinfile:
    path: /root/.ssh/known_hosts
    line: "{{ ssh_hostkey }}"
    create: yes
Further split roles. Mount user home on the clients (sshfs). The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml 2020-12-18 08:14:43 +01:00			`---`
			`- name: install needed packages`
			`apt:`
			`name:`
			`- libpam-mount`
			`- cifs-utils`
			`- sshfs`
			`state: latest`

			`- name: configure pam_mount`
			`blockinfile:`
			`dest: /etc/security/pam_mount.conf.xml`
			`block: \|`
Nicer ordering. 2021-02-08 10:57:43 +01:00			`<volume`
			`fstype="fuse"`
			`path="sshfs#%(USER)@{{ home_server }}:"`
			`mountpoint="/home/%(USER)"`
PAM-mount fails with this option set. 2021-07-05 10:53:05 +02:00			`options="allow_other,default_permissions,reconnect,password_stdin"`
Nicer ordering. 2021-02-08 10:57:43 +01:00			`ssh="0" noroot="0"`
Add user 'virti' to run libvirt VMs. 2022-06-02 11:01:56 +02:00			`><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>`
Nicer ordering. 2021-02-08 10:57:43 +01:00
Further split roles. Mount user home on the clients (sshfs). The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml 2020-12-18 08:14:43 +01:00			`<volume`
			`fstype="cifs"`
			`server="{{ smb_server }}"`
			`path="{{ smb_home }}"`
			`mountpoint="/media/%(USER)/winhome"`
			`options="dir_mode=0750,file_mode=0640"`
Add user 'virti' to run libvirt VMs. 2022-06-02 11:01:56 +02:00			`><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>`
Nicer ordering. 2021-02-08 10:57:43 +01:00
Further split roles. Mount user home on the clients (sshfs). The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml 2020-12-18 08:14:43 +01:00			`<volume`
			`fstype="cifs"`
			`server="{{ smb_server }}"`
			`path="{{ smb_share }}"`
			`mountpoint="/media/%(USER)/winshare"`
			`options="dir_mode=0750,file_mode=0640"`
Add user 'virti' to run libvirt VMs. 2022-06-02 11:01:56 +02:00			`><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>virti</user></or></not></volume>`
Further split roles. Mount user home on the clients (sshfs). The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml 2020-12-18 08:14:43 +01:00			`insertafter: "<!-- Volume definitions -->"`
Provide ssh hostkey. 2020-12-18 08:52:25 +01:00
			`- name: make sure .ssh exists`
			`file:`
			`path: /root/.ssh`
			`state: directory`
			`mode: '0700'`

			`- name: provide public key of home server`
			`lineinfile:`
			`path: /root/.ssh/known_hosts`
			`line: "{{ ssh_hostkey }}"`
			`create: yes`