From 1e2e45551ecb6cacd86fea30177cf4a25ec19df6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 17 Dec 2024 20:14:02 +0000
Subject: [PATCH] autofs: Require TLS authentication for NFS mounts

---
 roles/autofs/templates/auto.master.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/autofs/templates/auto.master.j2 b/roles/autofs/templates/auto.master.j2
index bec2b4b..53c7637 100644
--- a/roles/autofs/templates/auto.master.j2
+++ b/roles/autofs/templates/auto.master.j2
@@ -1,6 +1,6 @@
 {% if autofs_home %}
-/home  ldap:///ou=People,{{ ldap_basedn }} rw,nosuid,nodev,rsize=1048576,wsize=1048576
+/home  ldap:///ou=People,{{ ldap_basedn }} rw,nosuid,nodev,rsize=1048576,wsize=1048576,xprtsec=mtls
 {% endif %}
 {% if autofs_roles %}
-/roles ldap:///ou=Groups,{{ ldap_basedn }} rw,nosuid,nodev,rsize=1048576,wsize=1048576 --ghost
+/roles ldap:///ou=Groups,{{ ldap_basedn }} rw,nosuid,nodev,rsize=1048576,wsize=1048576,xprtsec=mtls --ghost
 {% endif %}