From 1d41476110146afe45e3b77d331ffad17e7914d1 Mon Sep 17 00:00:00 2001
From: Frank Schiebel <codeberg@ua25.de>
Date: Wed, 6 Aug 2025 08:46:39 +0200
Subject: [PATCH] Erste Version, die direkt funktioniert

---
 lmn-client.yml                   | 14 +++++++-------
 qgm-vars.yml                     | 14 ++++++++++++++
 roles/lmn_network/tasks/main.yml |  4 ++--
 roles/lmn_sssd/tasks/main.yml    |  5 +++--
 4 files changed, 26 insertions(+), 11 deletions(-)
 create mode 100644 qgm-vars.yml

diff --git a/lmn-client.yml b/lmn-client.yml
index 5584d6e..fd412ca 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -22,13 +22,13 @@
   remote_user: ansible
   become: true
   pre_tasks:
-    - name: Ask for global-admin AD password
-      ansible.builtin.pause:
-        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
-        echo: false
-      register: adpw
-      no_log: true
-      when: "ansible_cmdline.adpw is not defined"
+#    - name: Ask for global-admin AD password
+#      ansible.builtin.pause:
+#        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
+#        echo: false
+#      register: adpw
+#      no_log: true
+#      when: "ansible_cmdline.adpw is not defined"
     - name: Preseed apparmor
       ansible.builtin.debconf:
         name: apparmor
diff --git a/qgm-vars.yml b/qgm-vars.yml
new file mode 100644
index 0000000..49766a2
--- /dev/null
+++ b/qgm-vars.yml
@@ -0,0 +1,14 @@
+domain: "{{ ansible_domain }}"
+ansible_become_password: 'geheim2324'
+
+# Comment out on productive systems when ssh key is provided
+security_defaultuser_login_disable: false
+
+## Configure additional apt options. E.g. Apt-cacher?
+apt_conf: "Acquire::http::Proxy \"http://10.16.1.2:3142/\";"
+
+ntp_serv: "server.{{ domain }}"
+
+joinpw: "QGPWllmC!ga"
+
+grub_pwd: "geheimgeheim!!"
diff --git a/roles/lmn_network/tasks/main.yml b/roles/lmn_network/tasks/main.yml
index 571c107..311e4ce 100644
--- a/roles/lmn_network/tasks/main.yml
+++ b/roles/lmn_network/tasks/main.yml
@@ -5,14 +5,14 @@
     mode: '0644'
     content: >
       {{ apt_conf }}
-  when: apt_conf | bool | default(false)
+  when: apt_conf is defined
 
 - name: Set NTP server
   ansible.builtin.lineinfile:
     path: /etc/systemd/timesyncd.conf
     insertafter: '^#NTP='
     line: NTP={{ ntp_serv }}
-  when: ntp_serv | bool | default(false)
+  when: ntp_serv is defined
 
 - name: Add proposed-updates repository
   ansible.builtin.apt_repository:
diff --git a/roles/lmn_sssd/tasks/main.yml b/roles/lmn_sssd/tasks/main.yml
index ed44ce5..cd4031f 100644
--- a/roles/lmn_sssd/tasks/main.yml
+++ b/roles/lmn_sssd/tasks/main.yml
@@ -17,8 +17,9 @@
 - name: Join the domain
   ansible.builtin.shell:
     cmd: >
-      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" |
+      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') + joinpw | default('') }}" |
       adcli join --stdin-password -U global-admin {{ domain | upper }}
   when: >
     ansible_cmdline.adpw | default('') | length > 0 or
-    adpw.user_input | default('') | length > 0
+    adpw.user_input | default('') | length > 0 or
+    joinpw is defined