Dodane / premaknjene datoteke po role-ih iz skupnih v linroom

roles/fri_base/templates/default_keyboard

@@ -0,0 +1,10 @@
+# KEYBOARD CONFIGURATION FILE
+
+# Consult the keyboard(5) manual page.
+
+XKBMODEL="pc105"
+XKBLAYOUT="si"
+XKBVARIANT=""
+XKBOPTIONS=""
+
+BACKSPACE="guess"

roles/fri_base/templates/pamconfig_groups

@@ -0,0 +1,6 @@
+Name: Additional group management through /etc/security/groups.conf
+Default: yes
+Priority: 0
+Auth-Type: Additional
+Auth-Final:
+	optional			pam_group.so

roles/fri_base/templates/security_group.conf

@@ -0,0 +1,108 @@
+#
+# This is the configuration file for the pam_group module.
+#
+
+#
+# *** Please note that giving group membership on a session basis is
+# *** NOT inherently secure. If a user can create an executable that
+# *** is setgid a group that they are infrequently given membership
+# *** of, they can basically obtain group membership any time they
+# *** like. Example: games are allowed between the hours of 6pm and 6am
+# *** user joe logs in at 7pm writes a small C-program toplay.c that
+# *** invokes their favorite shell, compiles it and does
+# *** "chgrp play toplay; chmod g+s toplay". They are basically able
+# *** to play games any time... You have been warned. AGM
+#
+
+*;*;*;Al0000-2400;{{ additional_groups|join(',') }}
+
+#
+# The syntax of the lines is as follows:
+#
+#       services;ttys;users;times;groups
+#
+# white space is ignored and lines maybe extended with '\\n' (escaped
+# newlines). From reading these comments, it is clear that
+# text following a '#' is ignored to the end of the line.
+#
+# the combination of individual users/terminals etc is a logic list
+# namely individual tokens that are optionally prefixed with '!' (logical
+# not) and separated with '&' (logical and) and '|' (logical or).
+#
+# services
+#       is a logic list of PAM service names that the rule applies to.
+#
+# ttys
+#       is a logic list of terminal names that this rule applies to.
+#
+# users
+#       is a logic list of users or a netgroup of users to whom this
+#       rule applies.
+#
+# NB. For these items the simple wildcard '*' may be used only once.
+#     With netgroups no wildcards or logic operators are allowed.
+#
+# times
+#       It is used to indicate "when" these groups are to be given to the
+#       user. The format here is a logic list of day/time-range
+#       entries the days are specified by a sequence of two character
+#       entries, MoTuSa for example is Monday Tuesday and Saturday. Note
+#       that repeated days are unset MoMo = no day, and MoWk = all weekdays
+#       bar Monday. The two character combinations accepted are
+#
+#               Mo Tu We Th Fr Sa Su Wk Wd Al
+#
+#       the last two being week-end days and all 7 days of the week
+#       respectively. As a final example, AlFr means all days except Friday.
+#
+#       Each day/time-range can be prefixed with a '!' to indicate "anything
+#       but"
+#
+#       The time-range part is two 24-hour times HHMM separated by a hyphen
+#       indicating the start and finish time (if the finish time is smaller
+#       than the start time it is deemed to apply on the following day).
+#
+# groups
+#	The (comma or space separated) list of groups that the user
+#	inherits membership of. These groups are added if the previous
+#	fields are satisfied by the user's request
+#
+# For a rule to be active, ALL of service+ttys+users must be satisfied
+# by the applying process.
+#
+
+#
+# Note, to get this to work as it is currently typed you need
+#
+# 1. to run an application as root
+# 2. add the following groups to the /etc/group file:
+#		floppy, play, sound
+#
+
+#
+# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'us' is given access to the floppy (through membership of
+# the floppy group)
+#
+
+#xsh;tty*&!ttyp*;us;Al0000-2400;floppy
+
+#
+# another example: running 'xsh' on tty* (any ttyXXX device),
+# the user 'sword' is given access to games (through membership of
+# the sound and play group) after work hours.
+#
+
+#xsh; tty* ;sword;!Wk0900-1800;sound, play
+#xsh; tty* ;*;Al0900-1800;floppy
+
+#
+# yet another example: any member of the group 'admin' running
+# 'xsh' on tty*, is granted access (at any time) to the group 'plugdev'
+#
+
+#xsh; tty* ;%admin;Al0000-2400;plugdev
+
+#
+# End of group.conf file
+#

roles/fri_base/templates/sssd.conf

@@ -0,0 +1,30 @@
+[sssd]
+config_file_version = 2
+domains = fri1.uni-lj.si
+enable_files_domain = False
+services = nss, pam
+
+[nss]
+filtered_groups = root
+filtered_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/fri1.uni-lj.si]
+ad_domain = fri1.uni-lj.si
+ad_server = dcv1fri1.fri1.uni-lj.si,dcv2fri1.fri1.uni-lj.si
+ad_maximum_machine_account_password_age = 0
+ad_gpo_access_control = permissive
+ad_enabled_domains = fri1.uni-lj.si, student.uni-lj.si, fkkt1.uni-lj.si, ef1.uni-lj.si, fe1.uni-lj.si, ff.uni-lj.si, fmf.uni-lj.si, fu.uni-lj.si, pef.uni-lj.si
+krb5_realm = FRI1.UNI-LJ.SI
+realmd_tags = manages-system joined-with-adcli
+cache_credentials = True
+id_provider = ad
+krb5_store_password_if_offline = True
+default_shell = /bin/bash
+ldap_id_mapping = True
+use_fully_qualified_names = True
+fallback_homedir = /home/%u@%d
+access_provider = ad

roles/fri_base/templates/systemd_group_override.conf

@@ -0,0 +1,2 @@
+[Service] 
+SupplementaryGroups={{ additional_groups|join(' ') }}