Limit access to hosts that have sssd running

group_vars/adm.yml

@@ -7,3 +7,6 @@ firewall_in:
   - {proto: tcp, port: 80, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
   - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
+
+sssd_allow_groups:
+  - sysadm

group_vars/mail.yml

@@ -2,6 +2,7 @@
 datadisks:
   - {size: 10, type: nvme}
 mem_size: 4192
+
 firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 25}
@@ -11,3 +12,6 @@ firewall_in:
   - {proto: tcp, port: 587}
   - {proto: tcp, port: 993}
   - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
+
+sssd_allow_groups:
+  - sysadm

group_vars/nas.yml

@@ -10,3 +10,6 @@ firewall_in:
   - {proto: tcp, port: 2049, from: [172.20.20.0/22]}
   - {proto: tcp, port: 2049, from: [172.20.30.0/24]}
   - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
+
+sssd_allow_groups:
+  - root

group_vars/nms.yml

@@ -33,3 +33,6 @@ firewall_in:
 firewall_raw:
   - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
   - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
+
+sssd_allow_groups:
+  - sysadm

group_vars/print.yml

@@ -22,3 +22,6 @@ firewall_in:
 firewall_raw:
   - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT"
   - "-A INPUT -i eth1 -p vrrp -j ACCEPT"
+
+sssd_allow_groups:
+  - sysadm

group_vars/shell.yml

@@ -1,6 +1,4 @@
 ---
-
-# beef up shell hosts
 dsk_size: 40
 mem_size: 8192
 num_cpus: 4
@@ -13,3 +11,6 @@ firewall_in:
 
 ssh_hostnames:
   - shell.foo.sh
+
+sssd_allow_groups:
+  - foosh

group_vars/static.yml

@@ -3,3 +3,6 @@ firewall_in:
   - {proto: tcp, port: 22, from: [172.20.20.0/22]}
   - {proto: tcp, port: 443, from: [172.20.20.0/22]}
   - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
+
+sssd_allow_groups:
+  - root