From 0e03b128c876f592f6f842a0922146f09bcd7233 Mon Sep 17 00:00:00 2001
From: Gergely Polonkai <gergely@polonkai.eu>
Date: Mon, 19 Apr 2021 04:59:51 +0200
Subject: [PATCH] Add config for the Kerberos client

---
 machina.yml                                 |  1 +
 playbooks/configs.yml                       | 18 ++++++++++++++++++
 playbooks/templates/krb5.conf               | 20 ++++++++++++++++++++
 playbooks/templates/krb5.conf.d-polonkai.eu |  9 +++++++++
 4 files changed, 48 insertions(+)
 create mode 100644 playbooks/configs.yml
 create mode 100644 playbooks/templates/krb5.conf
 create mode 100644 playbooks/templates/krb5.conf.d-polonkai.eu

diff --git a/machina.yml b/machina.yml
index 81cfb15..cafafa7 100644
--- a/machina.yml
+++ b/machina.yml
@@ -8,3 +8,4 @@
 - import_playbook: playbooks/spotify-install.yml hostlist=machina
 - import_playbook: playbooks/systemd-user.yml hostlist=machina
 - import_playbook: playbooks/cjdns.yml hostlist=machina
+- import_playbook: playbooks/configs.yml hostlist=machina
diff --git a/playbooks/configs.yml b/playbooks/configs.yml
new file mode 100644
index 0000000..be30df7
--- /dev/null
+++ b/playbooks/configs.yml
@@ -0,0 +1,18 @@
+- hosts: "{{ hostlist }}"
+  tasks:
+    - name: Install the Kerberos domain configuration for polonkai.eu
+      become: true
+      copy:
+        src: templates/krb5.conf.d-polonkai.eu
+        dest: /etc/krb5.conf.d/polonkai.eu
+        owner: root
+        group: root
+        mode: 0644
+    - name: Update the main Kerberos configuration file
+      become: true
+      copy:
+        src: templates/krb5.conf
+        dest: /etc/krb5.conf
+        owner: root
+        group: root
+        mode: 0644
diff --git a/playbooks/templates/krb5.conf b/playbooks/templates/krb5.conf
new file mode 100644
index 0000000..9f68f4b
--- /dev/null
+++ b/playbooks/templates/krb5.conf
@@ -0,0 +1,20 @@
+includedir /etc/krb5.conf.d/
+
+[logging]
+    default = FILE:/var/log/krb5libs.log
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+    dns_lookup_realm = true
+    dns_lookup_kdc = true
+    ticket_lifetime = 24h
+    renew_lifetime = 7d
+    forwardable = true
+    rdns = false
+    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
+    spake_preauth_groups = edwards25519
+    dns_canonicalize_hostname = fallback
+    qualify_shortname = ""
+    default_realm = POLONKAI.EU
+    default_ccache_name = KEYRING:persistent:%{uid}
diff --git a/playbooks/templates/krb5.conf.d-polonkai.eu b/playbooks/templates/krb5.conf.d-polonkai.eu
new file mode 100644
index 0000000..3d4f9ca
--- /dev/null
+++ b/playbooks/templates/krb5.conf.d-polonkai.eu
@@ -0,0 +1,9 @@
+[realms]
+POLONKAI.EU = {
+    kdc = kerberos.polonkai.eu
+    admin_server = kerberos.polonkai.eu
+}
+
+[domain_realm]
+    .polonkai.eu = POLONKAI.EU
+    polonkai.eu = POLONKAI.EU
\ No newline at end of file