75 lines
1.7 KiB
YAML
75 lines
1.7 KiB
YAML
---
|
|
- name: Add buster-backports to apt sources
|
|
apt_repository:
|
|
repo: deb {{ debian_mirror }} buster-backports main
|
|
state: present
|
|
|
|
- name: Pin freeradius from backports
|
|
template:
|
|
src: apt/preferences.d/freeradius_python3.j2
|
|
dest: /etc/apt/preferences.d/freeradius_python3
|
|
|
|
- name: Install freeradius
|
|
apt:
|
|
update_cache: true
|
|
install_recommends: false
|
|
name:
|
|
- freeradius
|
|
- freeradius-common
|
|
- freeradius-utils
|
|
- freeradius-python3
|
|
- libfreeradius3
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
- name: Deploy freeradius configuration
|
|
template:
|
|
src: "freeradius/3.0/{{ item }}.j2"
|
|
dest: "/etc/freeradius/3.0/{{ item }}"
|
|
owner: freerad
|
|
group: freerad
|
|
mode: '0640'
|
|
loop:
|
|
- radiusd.conf
|
|
- clients.conf
|
|
- sites-enabled/default
|
|
- sites-enabled/inner-tunnel
|
|
- mods-enabled/eap
|
|
- mods-enabled/python3
|
|
notify: Restart freeradius
|
|
|
|
- name: Bring auth.py from re2o
|
|
file:
|
|
src: /var/www/re2o/freeradius_utils/auth.py
|
|
dest: /etc/freeradius/3.0/auth.py
|
|
state: link
|
|
force: true
|
|
notify: Restart freeradius
|
|
|
|
- name: Ensure ${certdir}/letsencrypt directory exists
|
|
file:
|
|
path: /etc/freeradius/3.0/certs/letsencrypt
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: Symlink radius certificates
|
|
file:
|
|
src: /etc/letsencrypt/live/crans.org/{{ item }}
|
|
dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }}
|
|
state: link
|
|
force: true
|
|
loop:
|
|
- fullchain.pem
|
|
- privkey.pem
|
|
|
|
- name: Set permissions on certificates
|
|
file:
|
|
path: /etc/letsencrypt/{{ item }}
|
|
group: freerad
|
|
mode: '0755'
|
|
recurse: true
|
|
loop:
|
|
- live
|
|
- archive
|