Add LLDAP.
This commit is contained in:
parent
b27a553dfb
commit
1e26499932
10 changed files with 139 additions and 0 deletions
6
env.yml
6
env.yml
|
@ -1,4 +1,5 @@
|
||||||
domain: viyurz.fr
|
domain: viyurz.fr
|
||||||
|
ldap_base_dn: dc=viyurz,dc=fr
|
||||||
timezone: "Europe/Paris"
|
timezone: "Europe/Paris"
|
||||||
host_uid: 1000
|
host_uid: 1000
|
||||||
project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}"
|
project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}"
|
||||||
|
@ -43,6 +44,7 @@ projects:
|
||||||
- etebase
|
- etebase
|
||||||
- hedgedoc
|
- hedgedoc
|
||||||
- homepage
|
- homepage
|
||||||
|
- lldap
|
||||||
- mailserver
|
- mailserver
|
||||||
- postgres
|
- postgres
|
||||||
- reverse-proxy
|
- reverse-proxy
|
||||||
|
@ -56,6 +58,7 @@ projects:
|
||||||
projects_to_backup:
|
projects_to_backup:
|
||||||
- etebase
|
- etebase
|
||||||
- hedgedoc
|
- hedgedoc
|
||||||
|
- lldap
|
||||||
- mailserver
|
- mailserver
|
||||||
- postgres
|
- postgres
|
||||||
- synapse
|
- synapse
|
||||||
|
@ -84,6 +87,7 @@ ports:
|
||||||
etebase: 3735
|
etebase: 3735
|
||||||
hedgedoc: 8086
|
hedgedoc: 8086
|
||||||
homepage: 8082
|
homepage: 8082
|
||||||
|
lldap: 17170
|
||||||
mailserver_smtp: 1025
|
mailserver_smtp: 1025
|
||||||
mailserver_smtps: 1465
|
mailserver_smtps: 1465
|
||||||
mailserver_imaps: 1993
|
mailserver_imaps: 1993
|
||||||
|
@ -108,6 +112,7 @@ users:
|
||||||
hedgedoc: 1004
|
hedgedoc: 1004
|
||||||
hedgedoc_mysql: 1005
|
hedgedoc_mysql: 1005
|
||||||
homepage: 8686
|
homepage: 8686
|
||||||
|
lldap: 1007
|
||||||
mailserver: 8
|
mailserver: 8
|
||||||
postgres: 70
|
postgres: 70
|
||||||
searxng: 977
|
searxng: 977
|
||||||
|
@ -127,6 +132,7 @@ volumes:
|
||||||
etebase_datadir: /mnt/etebasedata
|
etebase_datadir: /mnt/etebasedata
|
||||||
hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
|
hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
|
||||||
hedgedoc_configdir: /mnt/hedgedoc/config
|
hedgedoc_configdir: /mnt/hedgedoc/config
|
||||||
|
lldap_datadir: /mnt/lldapdata
|
||||||
mailserver_datadir: /mnt/mailserverdata
|
mailserver_datadir: /mnt/mailserverdata
|
||||||
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
|
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
|
||||||
mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
|
mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
vars:
|
vars:
|
||||||
run_backup: false
|
run_backup: false
|
||||||
|
run_setup: true
|
||||||
run_update: true
|
run_update: true
|
||||||
vars_prompt:
|
vars_prompt:
|
||||||
- name: selected_projects
|
- name: selected_projects
|
||||||
|
|
25
roles/lldap/tasks/backup.yml
Normal file
25
roles/lldap/tasks/backup.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
- name: "Backup PostgreSQL lldap database & {{ volumes['lldap_datadir'] }} directory"
|
||||||
|
shell: >
|
||||||
|
docker exec postgres
|
||||||
|
pg_dump -c {{ role_name }} |
|
||||||
|
borg create
|
||||||
|
--compression lzma
|
||||||
|
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
|
||||||
|
"{{ volumes['lldap_datadir'] }}"
|
||||||
|
-
|
||||||
|
--stdin-name dump_{{ role_name }}.sql
|
||||||
|
environment:
|
||||||
|
DOCKER_HOST: "{{ docker_host }}"
|
||||||
|
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Prune borg repository
|
||||||
|
command:
|
||||||
|
cmd: |
|
||||||
|
borg prune
|
||||||
|
--glob-archives='{{ role_name }}-*'
|
||||||
|
{{ borg_prune_options }}
|
||||||
|
{{ borg_repodir }}
|
||||||
|
environment:
|
||||||
|
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
|
||||||
|
become: true
|
14
roles/lldap/tasks/main.yml
Normal file
14
roles/lldap/tasks/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
- name: Include backup tasks
|
||||||
|
include_tasks:
|
||||||
|
file: backup.yml
|
||||||
|
when: run_backup | default(false) | bool
|
||||||
|
|
||||||
|
- name: Include setup tasks
|
||||||
|
include_tasks:
|
||||||
|
file: setup.yml
|
||||||
|
when: run_setup | default(false) | bool
|
||||||
|
|
||||||
|
- name: Include update tasks
|
||||||
|
include_tasks:
|
||||||
|
file: update.yml
|
||||||
|
when: run_update | default(false) | bool
|
24
roles/lldap/tasks/setup.yml
Normal file
24
roles/lldap/tasks/setup.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
- name: "Create {{ project_dir }} project directory"
|
||||||
|
file:
|
||||||
|
path: "{{ project_dir }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Template docker-compose.yaml & .env to project directory
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ project_dir }}/{{ item }}"
|
||||||
|
owner: "{{ host_uid }}"
|
||||||
|
group: "{{ host_uid }}"
|
||||||
|
mode: '600'
|
||||||
|
loop:
|
||||||
|
- docker-compose.yaml
|
||||||
|
- .env
|
||||||
|
|
||||||
|
- name: "Create (if not exists) directory {{ volumes['lldap_datadir'] }} & set permissions"
|
||||||
|
file:
|
||||||
|
path: "{{ volumes['lldap_datadir'] }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ users['lldap'] + uid_shift }}"
|
||||||
|
group: "{{ users['lldap'] + uid_shift }}"
|
||||||
|
mode: '700'
|
||||||
|
become: true
|
23
roles/lldap/tasks/update.yml
Normal file
23
roles/lldap/tasks/update.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
- name: Pull project services
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "{{ project_dir }}"
|
||||||
|
recreate: never
|
||||||
|
pull: true
|
||||||
|
debug: true
|
||||||
|
when: docker_pull_images | bool
|
||||||
|
register: lldap_docker_compose_pull_result
|
||||||
|
|
||||||
|
- name: Display pulled image(s) name
|
||||||
|
set_fact:
|
||||||
|
lldap_pulled_images: "{{ lldap_pulled_images | default([]) + [item.pulled_image.name] }}"
|
||||||
|
loop: "{{ lldap_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
|
||||||
|
|
||||||
|
- name: Include backup tasks
|
||||||
|
include_tasks:
|
||||||
|
file: backup.yml
|
||||||
|
# Make a backup if we didn't already make one and we pulled a new image
|
||||||
|
when: not run_backup and lldap_pulled_images is defined
|
||||||
|
|
||||||
|
- name: Create/Restart project services
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "{{ project_dir }}"
|
7
roles/lldap/templates/.env
Normal file
7
roles/lldap/templates/.env
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
UID={{ users['lldap'] }}
|
||||||
|
GID={{ users['lldap'] }}
|
||||||
|
TZ={{ timezone }}
|
||||||
|
LLDAP_LDAP_BASE_DN={{ ldap_base_dn }}
|
||||||
|
LLDAP_JWT_SECRET='{{ lldap_secrets["jwt_secret"] }}'
|
||||||
|
LLDAP_KEY_SEED='{{ lldap_secrets["key_seed"] }}'
|
||||||
|
LLDAP_DATABASE_URL='postgres://{{ lldap_secrets["postgres_user"] }}:{{ lldap_secrets["postgres_password"] }}@postgres.{{ domain }}/lldap'
|
20
roles/lldap/templates/docker-compose.yaml
Normal file
20
roles/lldap/templates/docker-compose.yaml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
services:
|
||||||
|
lldap:
|
||||||
|
container_name: lldap
|
||||||
|
image: docker.io/lldap/lldap:latest-alpine-rootless
|
||||||
|
restart: always
|
||||||
|
user: {{ users['lldap'] }}:{{ users['lldap'] }}
|
||||||
|
env_file: .env
|
||||||
|
networks:
|
||||||
|
- authelia
|
||||||
|
- mailserver
|
||||||
|
ports:
|
||||||
|
- {{ ports['lldap'] }}:17170
|
||||||
|
volumes:
|
||||||
|
- {{ volumes['lldap_datadir'] }}:/data
|
||||||
|
|
||||||
|
networks:
|
||||||
|
authelia:
|
||||||
|
name: authelia
|
||||||
|
mailserver:
|
||||||
|
name: mailserver
|
|
@ -131,6 +131,19 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# LLDAP
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name ldap.{{ domain }};
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:{{ ports['lldap'] }};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# SearXNG
|
# SearXNG
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
|
|
|
@ -13,6 +13,12 @@ coturn_secrets:
|
||||||
hedgedoc_secrets:
|
hedgedoc_secrets:
|
||||||
mysql_root_password:
|
mysql_root_password:
|
||||||
|
|
||||||
|
lldap_secrets:
|
||||||
|
jwt_secret:
|
||||||
|
key_seed:
|
||||||
|
postgres_user:
|
||||||
|
postgres_password:
|
||||||
|
|
||||||
searxng_secrets:
|
searxng_secrets:
|
||||||
searxng_secret:
|
searxng_secret:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue