patch undefined: Updated the DNS configuration in the resolv.conf.j2 template to include both the local host and the Ansible-managed DNS server.

Added a new line to the `resolv.conf.j2` template to specify the Ansible-managed DNS server (`{{ addc_ansible_host }}`). This ensures that the system uses both the local host and the managed DNS server for DNS resolution.
2025-10-19 22:25:19 +02:00
parent 0104e69124
commit 6c75e2910b
18 changed files with 549 additions and 239 deletions
--- a/templates/krb5.conf.j2
+++ b/templates/krb5.conf.j2
@@ -1,17 +0,0 @@
-[libdefaults]
-    default_realm = {{ samba_realm }}
-    dns_lookup_realm = false
-    dns_lookup_kdc = true
-    ticket_lifetime = 24h
-    forwardable = yes
-    rdns = false
-
-[realms]
-    {{ samba_realm }} = {
-        kdc = {{ samba_hostname }}
-        admin_server = {{ samba_hostname }}
-    }
-
-[domain_realm]
-    .{{ samba_realm | lower }} = {{ samba_realm }}
-    {{ samba_realm | lower }} = {{ samba_realm }}
--- a/templates/ntp.conf.j2
+++ b/templates/ntp.conf.j2
@@ -0,0 +1,37 @@
+# This configuration file is managed by Ansible.
+# It is configured to run as an Active Directory Domain Controller.
+
+# Enable kernel time discipline (important for a DC)
+tos maxclock 10
+
+# Use your own local clock as a reliable fallback/default
+# Local clock. Note that is not the "localhost" address!
+server  127.127.1.0     # Undisciplined local clock
+fudge   127.127.1.0 stratum 10
+
+# Where to retrieve the time from
+# Optionally, add external sources for greater accuracy (NTP pool)
+# You should choose servers close to your location or use a reliable pool.
+server 0.pool.ntp.org iburst prefer
+server 1.pool.ntp.org iburst prefer
+server 1.pool.ntp.org iburst prefer
+
+# Drift file location
+driftfile       /var/lib/ntp/ntp.drift
+logfile         /var/log/ntp
+ntpsigndsocket  {{ ntp_signd_path }}
+
+# Access control
+# Default restriction: Allow clients only to query the time
+restrict default kod nomodify notrap nopeer limited mssntp
+
+# No restrictions for "localhost"
+restrict 127.0.0.1
+
+# Enable the time sources to only provide time to this host
+restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
+restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
+restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
+
+# tell NTP not to panic and exit
+tinker panic 0
--- a/templates/resolv.conf.j2
+++ b/templates/resolv.conf.j2
@@ -1,5 +1,3 @@
-# Managed by Ansible - Samba AD DC DNS
-
-{% for ns in samba_dns_nameservers %}
-nameserver {{ ns }}
-{% endfor %}
+# Managed by Ansible - Samba AD DC DNS- DO NOT EDIT MANUALLY
+search {{ addc_tld }}
+nameserver {{ addc_ansible_host }}
--- a/templates/smb.conf.j2
+++ b/templates/smb.conf.j2
@@ -1,15 +0,0 @@
-[global]
-    workgroup = {{ samba_domain }}
-    realm = {{ samba_realm }}
-    netbios name = {{ samba_hostname | upper }}
-    server role = active directory domain controller
-    dns forwarder = 8.8.8.8
-    idmap_ldb:use rfc2307 = yes
-
-[sysvol]
-    path = /var/lib/samba/sysvol
-    read only = no
-
-[netlogon]
-    path = /var/lib/samba/sysvol/{{ samba_realm | lower }}/scripts
-    read only = no