forked from infra/ansible
88 lines
2.3 KiB
YAML
88 lines
2.3 KiB
YAML
---
|
|
|
|
- name: Install radius server
|
|
apt: name={{item}} state=latest
|
|
tags: radius
|
|
with_items:
|
|
- freeradius
|
|
- freeradius-ldap
|
|
|
|
- name: Create configuration directories
|
|
file: path={{item}} state=directory owner=freerad group=freerad
|
|
tags: radius
|
|
with_items:
|
|
- /etc/raddb
|
|
- /etc/raddb/certs
|
|
- /etc/raddb/modules
|
|
- /etc/raddb/sites-enabled
|
|
|
|
- name: Ensure certificates are available
|
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/raddb/certs/srv.key -out /etc/raddb/certs/srv.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/raddb/certs/srv.crt
|
|
tags: radius
|
|
notify: Restart freeradius
|
|
|
|
- name: Ensure correct certificate permissions
|
|
file: path=/etc/raddb/certs/srv.key owner=freerad mode=0400
|
|
tags: radius
|
|
notify: Restart freeradius
|
|
|
|
- name: Create DH parameters
|
|
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
|
|
tags: radius
|
|
notify: Restart freeradius
|
|
with_items:
|
|
- /etc/raddb/certs/dh
|
|
|
|
- name: Set radiusd options
|
|
copy: src=default/freeradius dest=/etc/default/freeradius
|
|
tags: radius
|
|
notify: Restart freeradius
|
|
|
|
- name: Configure radius server
|
|
copy: src={{item}} dest=/etc/{{item}} owner=root group=freerad
|
|
tags: radius
|
|
notify: Restart freeradius
|
|
with_items:
|
|
- raddb/acct_users
|
|
- raddb/attrs
|
|
- raddb/attrs.access_challenge
|
|
- raddb/attrs.access_reject
|
|
- raddb/attrs.accounting_response
|
|
- raddb/attrs.pre-proxy
|
|
- raddb/clients.conf
|
|
- raddb/dictionary
|
|
- raddb/eap.conf
|
|
- raddb/hints
|
|
- raddb/huntgroups
|
|
- raddb/ldap.attrmap
|
|
- raddb/policy.conf
|
|
- raddb/proxy.conf
|
|
- raddb/radiusd.conf
|
|
- raddb/preproxy_users
|
|
- raddb/users
|
|
- raddb/modules/acct_unique
|
|
- raddb/modules/attr_filter
|
|
- raddb/modules/chap
|
|
- raddb/modules/detail
|
|
- raddb/modules/digest
|
|
- raddb/modules/exec
|
|
- raddb/modules/expr
|
|
- raddb/modules/expiration
|
|
- raddb/modules/files
|
|
- raddb/modules/ldap
|
|
- raddb/modules/logintime
|
|
- raddb/modules/mschap
|
|
- raddb/modules/pap
|
|
- raddb/modules/preprocess
|
|
- raddb/modules/pap
|
|
- raddb/modules/radutmp
|
|
- raddb/modules/realm
|
|
- raddb/modules/unix
|
|
- raddb/sites-enabled/control-socket
|
|
- raddb/sites-enabled/default
|
|
- raddb/sites-enabled/inner-tunnel
|
|
|
|
- name: Start the radius server
|
|
service: name=freeradius state=started enabled=yes
|
|
tags: radius
|