Add LDAP role for void lxc containers

roles/ldap/tasks/ldap.yml

@@ -0,0 +1,56 @@
+---
+- name: ldap - install
+  package: name={{ item }}
+  with_items:
+  - nss-pam-ldapd
+
+- name: ldap - /etc/nsswitch.conf
+  template: dest=/etc/nsswitch.conf src=nsswitch.conf.j2 owner=root group=root mode=0644
+
+- name: ldap - /etc/nslcd.conf
+  template: dest=/etc/nslcd.conf src=nslcd.conf.j2 owner=root group=nslcd mode=0640
+  notify: restart nslcd
+
+- name: ldap - start nslcd
+  service: name=nslcd enabled=yes state=started
+
+- name: ldap - PAM
+  pamd:
+    name: "{{ item.name }}"
+    type: "{{ item.type }}"
+    new_type: "{{ item.type }}"
+    control: required
+    new_control: "{{ item.control }}"
+    module_path: pam_unix.so
+    new_module_path: "{{ item.module_path }}"
+    module_arguments: "{{ item.module_arguments }}"
+    state: "{{ item.state }}"
+  with_items:
+  - { name: system-auth, type: auth, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: account, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: password, control: sufficient, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: before }
+  - { name: system-auth, type: session, control: optional, module_path: pam_ldap.so, module_arguments: minimum_uid=1000, state: after }
+
+- name: ldap - enable passwd change
+  lineinfile:
+    dest: /etc/pam.d/passwd
+    line: "password        sufficient      pam_ldap.so"
+    insertbefore: "^password"
+    firstmatch: yes
+    state: present
+
+- name: ldap - sudoers ensure includedir
+  lineinfile:
+    dest: /etc/sudoers
+    line: "#includedir /etc/sudoers.d"
+    state: present
+    validate: "/usr/sbin/visudo -cf %s"
+
+- name: sudoers - create
+  copy:
+    content: "%admin ALL=(ALL) ALL"
+    dest: "/etc/sudoers.d/admin"
+    mode: 0440
+    owner: root
+    group: root
+    validate: "/usr/sbin/visudo -cf %s"