--- - name: Install packages ansible.builtin.package: name: autofs state: installed - name: Allow NFS home directories for SELinux ansible.posix.seboolean: name: use_nfs_home_dirs state: true persistent: true - name: Configure LDAP server for autofs ansible.builtin.lineinfile: dest: /etc/autofs.conf regexp: '^#?ldap_uri\s*=.*' line: "ldap_uri = {% for u in ldap_server %}ldaps://{{ u }} {% endfor %}" notify: Restart autofs - name: Configure LDAP schema for autofs ansible.builtin.lineinfile: dest: /etc/autofs.conf line: "{{ item }}" insertbefore: "^# auth_conf_file" notify: Restart autofs with_items: - value_attribute = automountInformation - entry_attribute = automountKey - map_attribute = ou - entry_object_class = automount - map_object_class = organizationalUnit - name: Configure LDAP auth for autofs ansible.builtin.template: dest: /etc/autofs_ldap_auth.conf src: autofs_ldap_auth.conf.j2 mode: "0600" owner: root group: "{{ ansible_wheel }}" notify: Restart autofs - name: Create auto.master config ansible.builtin.template: dest: /etc/auto.master src: auto.master.j2 mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart autofs - name: Start autofs service ansible.builtin.service: name: autofs state: started enabled: true - name: Disable authorized_keys file from users ansible.builtin.lineinfile: path: /etc/ssh/sshd_config line: AuthorizedKeysFile none regexp: '^AuthorizedKeysFile\s+.*' notify: Restart sshd - name: Enable authorized_keys file for root ansible.builtin.blockinfile: path: /etc/ssh/sshd_config block: | Match User root AuthorizedKeysFile .ssh/authorized_keys marker: "# {mark} ANSIBLE MANAGED BLOCK (root user)" notify: Restart sshd - name: Move user cache from home directory to tmpfs ansible.builtin.copy: dest: "/etc/profile.d/{{ item }}" src: "{{ item }}" mode: "0644" owner: root group: "{{ ansible_wheel }}" with_items: - usercache.sh - usercache.csh