Add LLDAP.

This commit is contained in:
Viyurz 2024-03-30 17:28:32 +01:00
parent b27a553dfb
commit 1e26499932
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
10 changed files with 139 additions and 0 deletions

View file

@ -1,4 +1,5 @@
domain: viyurz.fr domain: viyurz.fr
ldap_base_dn: dc=viyurz,dc=fr
timezone: "Europe/Paris" timezone: "Europe/Paris"
host_uid: 1000 host_uid: 1000
project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}" project_dir: "{{ ansible_env['HOME'] }}/docker-projects/{{ role_name }}"
@ -43,6 +44,7 @@ projects:
- etebase - etebase
- hedgedoc - hedgedoc
- homepage - homepage
- lldap
- mailserver - mailserver
- postgres - postgres
- reverse-proxy - reverse-proxy
@ -56,6 +58,7 @@ projects:
projects_to_backup: projects_to_backup:
- etebase - etebase
- hedgedoc - hedgedoc
- lldap
- mailserver - mailserver
- postgres - postgres
- synapse - synapse
@ -84,6 +87,7 @@ ports:
etebase: 3735 etebase: 3735
hedgedoc: 8086 hedgedoc: 8086
homepage: 8082 homepage: 8082
lldap: 17170
mailserver_smtp: 1025 mailserver_smtp: 1025
mailserver_smtps: 1465 mailserver_smtps: 1465
mailserver_imaps: 1993 mailserver_imaps: 1993
@ -108,6 +112,7 @@ users:
hedgedoc: 1004 hedgedoc: 1004
hedgedoc_mysql: 1005 hedgedoc_mysql: 1005
homepage: 8686 homepage: 8686
lldap: 1007
mailserver: 8 mailserver: 8
postgres: 70 postgres: 70
searxng: 977 searxng: 977
@ -127,6 +132,7 @@ volumes:
etebase_datadir: /mnt/etebasedata etebase_datadir: /mnt/etebasedata
hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data hedgedoc_mysql_datadir: /mnt/hedgedoc/mysql-data
hedgedoc_configdir: /mnt/hedgedoc/config hedgedoc_configdir: /mnt/hedgedoc/config
lldap_datadir: /mnt/lldapdata
mailserver_datadir: /mnt/mailserverdata mailserver_datadir: /mnt/mailserverdata
mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem" mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem" mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"

View file

@ -7,6 +7,7 @@
hosts: localhost hosts: localhost
vars: vars:
run_backup: false run_backup: false
run_setup: true
run_update: true run_update: true
vars_prompt: vars_prompt:
- name: selected_projects - name: selected_projects

View file

@ -0,0 +1,25 @@
- name: "Backup PostgreSQL lldap database & {{ volumes['lldap_datadir'] }} directory"
shell: >
docker exec postgres
pg_dump -c {{ role_name }} |
borg create
--compression lzma
"{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
"{{ volumes['lldap_datadir'] }}"
-
--stdin-name dump_{{ role_name }}.sql
environment:
DOCKER_HOST: "{{ docker_host }}"
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true
- name: Prune borg repository
command:
cmd: |
borg prune
--glob-archives='{{ role_name }}-*'
{{ borg_prune_options }}
{{ borg_repodir }}
environment:
BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
become: true

View file

@ -0,0 +1,14 @@
- name: Include backup tasks
include_tasks:
file: backup.yml
when: run_backup | default(false) | bool
- name: Include setup tasks
include_tasks:
file: setup.yml
when: run_setup | default(false) | bool
- name: Include update tasks
include_tasks:
file: update.yml
when: run_update | default(false) | bool

View file

@ -0,0 +1,24 @@
- name: "Create {{ project_dir }} project directory"
file:
path: "{{ project_dir }}"
state: directory
- name: Template docker-compose.yaml & .env to project directory
template:
src: "{{ item }}"
dest: "{{ project_dir }}/{{ item }}"
owner: "{{ host_uid }}"
group: "{{ host_uid }}"
mode: '600'
loop:
- docker-compose.yaml
- .env
- name: "Create (if not exists) directory {{ volumes['lldap_datadir'] }} & set permissions"
file:
path: "{{ volumes['lldap_datadir'] }}"
state: directory
owner: "{{ users['lldap'] + uid_shift }}"
group: "{{ users['lldap'] + uid_shift }}"
mode: '700'
become: true

View file

@ -0,0 +1,23 @@
- name: Pull project services
community.docker.docker_compose:
project_src: "{{ project_dir }}"
recreate: never
pull: true
debug: true
when: docker_pull_images | bool
register: lldap_docker_compose_pull_result
- name: Display pulled image(s) name
set_fact:
lldap_pulled_images: "{{ lldap_pulled_images | default([]) + [item.pulled_image.name] }}"
loop: "{{ lldap_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
- name: Include backup tasks
include_tasks:
file: backup.yml
# Make a backup if we didn't already make one and we pulled a new image
when: not run_backup and lldap_pulled_images is defined
- name: Create/Restart project services
community.docker.docker_compose:
project_src: "{{ project_dir }}"

View file

@ -0,0 +1,7 @@
UID={{ users['lldap'] }}
GID={{ users['lldap'] }}
TZ={{ timezone }}
LLDAP_LDAP_BASE_DN={{ ldap_base_dn }}
LLDAP_JWT_SECRET='{{ lldap_secrets["jwt_secret"] }}'
LLDAP_KEY_SEED='{{ lldap_secrets["key_seed"] }}'
LLDAP_DATABASE_URL='postgres://{{ lldap_secrets["postgres_user"] }}:{{ lldap_secrets["postgres_password"] }}@postgres.{{ domain }}/lldap'

View file

@ -0,0 +1,20 @@
services:
lldap:
container_name: lldap
image: docker.io/lldap/lldap:latest-alpine-rootless
restart: always
user: {{ users['lldap'] }}:{{ users['lldap'] }}
env_file: .env
networks:
- authelia
- mailserver
ports:
- {{ ports['lldap'] }}:17170
volumes:
- {{ volumes['lldap_datadir'] }}:/data
networks:
authelia:
name: authelia
mailserver:
name: mailserver

View file

@ -131,6 +131,19 @@ server {
} }
# LLDAP
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ldap.{{ domain }};
location / {
proxy_pass http://127.0.0.1:{{ ports['lldap'] }};
}
}
# SearXNG # SearXNG
server { server {
listen 443 ssl http2; listen 443 ssl http2;

View file

@ -13,6 +13,12 @@ coturn_secrets:
hedgedoc_secrets: hedgedoc_secrets:
mysql_root_password: mysql_root_password:
lldap_secrets:
jwt_secret:
key_seed:
postgres_user:
postgres_password:
searxng_secrets: searxng_secrets:
searxng_secret: searxng_secret: