From 0583f5c85f0c54771ca2ed3377877b4038290ea3 Mon Sep 17 00:00:00 2001
From: jakub <jakub@zacekj.cz>
Date: Fri, 24 Apr 2026 11:56:42 +0000
Subject: [PATCH] Add initial_install/roles/freeipa_client/tasks/main.yml

---
 .../roles/freeipa_client/tasks/main.yml       | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 initial_install/roles/freeipa_client/tasks/main.yml

diff --git a/initial_install/roles/freeipa_client/tasks/main.yml b/initial_install/roles/freeipa_client/tasks/main.yml
new file mode 100644
index 0000000..87e0b5f
--- /dev/null
+++ b/initial_install/roles/freeipa_client/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+- name: Install FreeIPA client packages
+  ansible.builtin.package:
+    name:
+      - freeipa-client
+      - sssd
+      - sssd-tools
+      - oddjob
+      - oddjob-mkhomedir
+    state: present
+
+- name: Set hostname
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Configure resolv.conf
+  ansible.builtin.copy:
+    dest: /etc/resolv.conf
+    content: |
+      search im.lab
+      nameserver ipa.im.lab
+  when: ansible_facts.os_family != "Debian"
+
+- name: Enroll to FreeIPA
+  ansible.builtin.command: >
+    ipa-client-install
+    --domain=im.lab
+    --realm=IPA.IM.LAB
+    --server=ipa.im.lab
+    --hostname={{ inventory_hostname }}
+    --mkhomedir
+    --unattended
+  args:
+    creates: /etc/ipa/default.conf
+
+- name: Configure SSSD
+  freeipa.ansible_freeipa.ipaclient_setup_sssd:
+    servers: ["ipa.im.lab"]
+    domain: im.lab
+    realm: IPA.IM.LAB
+    hostname: "{{ inventory_hostname }}"
+    no_krb5_offline_passwords: yes
+  notify: Restart SSSD
+
+- name: Enable and start SSSD
+  ansible.builtin.service:
+    name: sssd
+    state: started
+    enabled: true
\ No newline at end of file