Further split roles. Mount user home on the clients (sshfs).

The following roles are available: fvs-sssd Configures LDAP as ID and AUTH provider using sssd. fvs-mount Provides all private user directories on login with pam_mount. Machines provided so far are: The server providing the home directory: fvs-home.yml A standard client: fvs-client.yml
2020-12-18 08:14:43 +01:00 · 2020-12-18 08:14:43 +01:00 · 7238875d0c
commit 7238875d0c
parent 77c8c26e38
10 changed files with 91 additions and 88 deletions
--- a/roles/fvs-mount/tasks/main.yml
+++ b/roles/fvs-mount/tasks/main.yml
@ -0,0 +1,35 @@
+---
+- name: install needed packages
+  apt:
+    name:
+      - libpam-mount
+      - cifs-utils
+      - sshfs
+    state: latest
+
+- name: configure pam_mount
+  blockinfile:
+    dest: /etc/security/pam_mount.conf.xml
+    block: |
+      <volume
+        fstype="cifs"
+        server="{{ smb_server }}"
+        path="{{ smb_home }}"
+        mountpoint="/media/%(USER)/winhome"
+        options="dir_mode=0750,file_mode=0640"
+      ><not><or><user>ansible</user><user>Debian-gdm</user></or></not></volume>
+      <volume
+        fstype="cifs"
+        server="{{ smb_server }}"
+        path="{{ smb_share }}"
+        mountpoint="/media/%(USER)/winshare"
+        options="dir_mode=0750,file_mode=0640"
+      ><not><or><user>ansible</user><user>Debian-gdm</user></or></not></volume>
+      <volume
+        fstype="fuse"
+        path="sshfs#%(USER)@{{ home_server }}:"
+        mountpoint="/home/%(USER)"
+        options="allow_other,default_permissions,reconnect,password_stdin"
+        ssh="0" noroot="0"
+      ><not><or><user>ansible</user><user>Debian-gdm</user></or></not></volume>
+    insertafter: "<!-- Volume definitions -->"