# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Install and configure FREERADIUS TOTP # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # install packages if there are not present in the system - name: install freeradius packages if is not in the system apt: name: "{{ item }}" state: present with_items: - freeradius - freeradius-ldap - libpam-google-authenticator # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config symbolic files to enable modules - name: create a symbolic link ansible.builtin.file: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: freerad group: freerad state: link force: yes loop: # - { src: '"{{ freeradius_mods_enabled_folder }}"ldap', dest: '"{{ freeradius_mods_available_folder }}"ldap' } # - { src: '"{{ freeradius_mods_enabled_folder }}"pam', dest: '"{{ freeradius_mods_available_folder }}"pam' } - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' } - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' } # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/sites-enabled/default - name: config default file ansible.builtin.template: src: default.j2 dest: "{{ freeradius_default_config }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/mods-available/ldap - name: config ldap file ansible.builtin.template: src: ldap.j2 dest: "{{ freeradius_mod_ldap }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/dictionary - name: config dictionary file ansible.builtin.template: src: dictionary.j2 dest: "{{ freeradius_dictionary_config }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/clients.conf - name: config clients.conf file ansible.builtin.template: src: clients.j2 dest: "{{ freeradius_clients_config }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/policy.d/filter - name: config filter file ansible.builtin.template: src: filter.j2 dest: "{{ freeradius_filter_config }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/freeradius/3.0/radiusd.conf - name: config radius.conf file ansible.builtin.template: src: radiusd.j2 dest: "{{ freeradius_base_config }}" owner: freerad group: freerad mode: '0640' backup: yes # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /etc/pam.d/radiusd - name: config pam radiusd file ansible.builtin.template: src: radiusdpam.j2 dest: "{{ freeradius_pam_config }}" owner: root group: root mode: '0644' # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config default file /lib/systemd/system/freeradius.service - name: config freeradius systemd service file ansible.builtin.template: src: freeradiusservice.j2 dest: "{{ freeradius_service_config }}" owner: root group: root mode: '0644' # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # force systemd to reread configs - name: Just force systemd to reread configs (2.4 and above) ansible.builtin.systemd_service: daemon_reload: true notify: restart freeradius # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++