The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Dotfiles/setup/modules/FreeipaAnsible/ansible
History
Amir Alexander Abdelbaki 87b62f368b feat(ansipa): rework binary blocking as per-user policy; add local_sudo device policy 
policy-block-binary-<name> is now a FreeIPA *user* group instead of a host group,
so restrictions follow the user to every enrolled machine. The PATH wrapper is
installed on all hosts and checks group membership at runtime via id(1)/SSSD,
passing non-members through transparently. __ in the group name decodes to .
so Flatpak app IDs are supported (flatpak run fallback included). AppArmor layer
removed since per-user confinement requires a different approach and the wrapper
alone is sufficient. Adds local_sudo_<username> host group policy which writes
a sudoers drop-in granting that user full sudo on the specific device, reverted
on group leave.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-20 16:31:43 +02:00
..
ansipa-enforce-policies.sh feat(ansipa): rework binary blocking as per-user policy; add local_sudo device policy 2026-05-20 16:31:43 +02:00
ansipa-fetch-alerts.sh fix(freeipa): harden container SMB setup and fetch-alerts script 2026-05-20 13:13:53 +02:00
ansipa-install-flatpaks.service setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-flatpaks.sh setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-flatpaks.timer setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
ansipa-install-modules.service setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-modules.sh setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-modules.timer setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
ansipa-install-packages.sh Add setup/modules/FreeipaAnsible/ansible/ansipa-install-packages.sh 2026-04-27 16:44:59 +02:00
ansipa-install.service Add setup/modules/FreeipaAnsible/ansible/ansipa-install.service 2026-04-27 16:44:01 +02:00
ansipa-install.timer Add setup/modules/FreeipaAnsible/ansible/ansipa-install.timer 2026-04-27 16:44:18 +02:00
ansipa-scan-notify.sh feat(freeipa): scan result reporting, alert notifications, and SMB share 2026-05-20 12:32:21 +02:00
auto-add-baseuser.sh Update setup/modules/FreeipaAnsible/ansible/auto-add-baseuser.sh 2026-04-27 16:37:39 +02:00
baseuser-sync.path Add setup/modules/FreeipaAnsible/ansible/baseuser-sync.path 2026-04-27 16:39:11 +02:00
baseuser-sync.service Add setup/modules/FreeipaAnsible/ansible/baseuser-sync.service 2026-04-27 16:38:37 +02:00
collect-luks-keys.yml feat(ansipa): store LUKS backup keys on SMB share with KeyAdmin access control 2026-05-20 15:33:17 +02:00
deploy-ansipa-install.yml setup: add FreeIPA Flatpak group installer (fp_install_* groups) 2026-05-18 11:52:27 +02:00
deploy-ansipa-modules.yml setup: add freeipa-client module and FreeIPA group-based module automation 2026-05-18 11:40:51 +02:00
deploy-ansipa-policies.yml feat(ansipa): add daemon enable/disable policy via host-group regex 2026-05-20 15:25:15 +02:00
deploy-baseuser-sync.yml Add setup/modules/FreeipaAnsible/ansible/deploy-baseuser-sync.yml 2026-04-27 16:39:34 +02:00
manage-sudo-rules.yml feat(freeipa): add policy enforcement for binary blocking, backups, scans, and sudo 2026-05-20 11:34:09 +02:00