Erste Version, die direkt funktioniert

2025-08-06 08:46:39 +02:00 · 2025-08-06 08:46:39 +02:00 · 1d41476110
commit 1d41476110
parent efd48de6c7
4 changed files with 26 additions and 11 deletions
--- a/lmn-client.yml
+++ b/lmn-client.yml
@ -22,13 +22,13 @@
  remote_user: ansible
  become: true
  pre_tasks:
-    - name: Ask for global-admin AD password
-      ansible.builtin.pause:
-        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
-        echo: false
-      register: adpw
-      no_log: true
-      when: "ansible_cmdline.adpw is not defined"
+#    - name: Ask for global-admin AD password
+#      ansible.builtin.pause:
+#        prompt: "Enter global-admin AD password. Leave empty to skip domain join"
+#        echo: false
+#      register: adpw
+#      no_log: true
+#      when: "ansible_cmdline.adpw is not defined"
    - name: Preseed apparmor
      ansible.builtin.debconf:
        name: apparmor
--- a/qgm-vars.yml
+++ b/qgm-vars.yml
@ -0,0 +1,14 @@
+domain: "{{ ansible_domain }}"
+ansible_become_password: 'geheim2324'
+
+# Comment out on productive systems when ssh key is provided
+security_defaultuser_login_disable: false
+
+## Configure additional apt options. E.g. Apt-cacher?
+apt_conf: "Acquire::http::Proxy \"http://10.16.1.2:3142/\";"
+
+ntp_serv: "server.{{ domain }}"
+
+joinpw: "QGPWllmC!ga"
+
+grub_pwd: "geheimgeheim!!"
--- a/roles/lmn_network/tasks/main.yml
+++ b/roles/lmn_network/tasks/main.yml
@ -5,14 +5,14 @@
    mode: '0644'
    content: >
      {{ apt_conf }}
-  when: apt_conf | bool | default(false)
+  when: apt_conf is defined

 - name: Set NTP server
  ansible.builtin.lineinfile:
    path: /etc/systemd/timesyncd.conf
    insertafter: '^#NTP='
    line: NTP={{ ntp_serv }}
-  when: ntp_serv | bool | default(false)
+  when: ntp_serv is defined

 - name: Add proposed-updates repository
  ansible.builtin.apt_repository:
--- a/roles/lmn_sssd/tasks/main.yml
+++ b/roles/lmn_sssd/tasks/main.yml
@ -17,8 +17,9 @@
 - name: Join the domain
  ansible.builtin.shell:
    cmd: >
-      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') }}" |
+      echo "{{ ansible_cmdline.adpw | default('') + adpw.user_input | default('') + joinpw | default('') }}" |
      adcli join --stdin-password -U global-admin {{ domain | upper }}
  when: >
    ansible_cmdline.adpw | default('') | length > 0 or
-    adpw.user_input | default('') | length > 0
+    adpw.user_input | default('') | length > 0 or
+    joinpw is defined