From 64af45d300fea89ab1cf2ab37fc456291cab9d6f Mon Sep 17 00:00:00 2001 From: The_miro Date: Mon, 27 Apr 2026 16:39:34 +0200 Subject: [PATCH] Add setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml --- .../ansible/deploy-baseuser-sync.yml | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml diff --git a/setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml b/setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml new file mode 100644 index 0000000..19ddb09 --- /dev/null +++ b/setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml @@ -0,0 +1,48 @@ +--- +- name: Deploy BaseUser auto-group sync + hosts: all + become: yes + + tasks: + + - name: Install script + copy: + src: auto-add-baseuser.sh + dest: /usr/local/bin/auto-add-baseuser.sh + mode: '0755' + + - name: Install systemd service + copy: + dest: /etc/systemd/system/baseuser-sync.service + mode: '0644' + content: | + [Unit] + Description=Sync FreeIPA BaseUser membership to local group + After=sssd.service + + [Service] + Type=oneshot + ExecStart=/usr/local/bin/auto-add-baseuser.sh + + - name: Install systemd path unit + copy: + dest: /etc/systemd/system/baseuser-sync.path + mode: '0644' + content: | + [Unit] + Description=Trigger BaseUser sync on login + + [Path] + PathExistsGlob=/run/user/* + + [Install] + WantedBy=multi-user.target + + - name: Reload systemd + command: systemctl daemon-reload + + - name: Enable and start path unit + systemd: + name: baseuser-sync.path + enabled: yes + state: started