From 86a82a1d2a6f4897cd9252f3eee9026ae28c4f29 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Thu, 14 Nov 2024 13:37:54 +0000 Subject: [PATCH] changed Files: docker-compose/lldap/docker-compose.yml.j2 docker-compose/lldap/lldap_config.toml.j2 host_vars/docker10.mgrote.net.yml Signed-off-by: Michael Grote --- docker-compose/lldap/docker-compose.yml.j2 | 66 ++++++++++++++++++++++ docker-compose/lldap/lldap_config.toml.j2 | 26 +++++++++ host_vars/docker10.mgrote.net.yml | 4 ++ 3 files changed, 96 insertions(+) create mode 100644 docker-compose/lldap/docker-compose.yml.j2 create mode 100755 docker-compose/lldap/lldap_config.toml.j2 diff --git a/docker-compose/lldap/docker-compose.yml.j2 b/docker-compose/lldap/docker-compose.yml.j2 new file mode 100644 index 00000000..05187382 --- /dev/null +++ b/docker-compose/lldap/docker-compose.yml.j2 @@ -0,0 +1,66 @@ +services: + lldap: + image: lldap/lldap:v0.6.0 + container_name: lldap + restart: unless-stopped + pull_policy: missing + ports: + - "3890:3890" + # - "17170:17170" # front-end; ueber traefik + volumes: + - "lldap_data:/data" + - "./lldap_config.toml:/data/lldap_config.toml" + environment: + TZ: Europe/Berlin + networks: + - traefik + - postfix + - internal + labels: + traefik.enable: true + traefik.http.routers.lldap.service: lldap + traefik.http.routers.lldap.priority: "10" + traefik.http.routers.lldap.rule: Host(`ldap.mgrote.net`) + traefik.http.routers.lldap.tls: true + traefik.http.routers.lldap.tls.certresolver: resolver_letsencrypt + traefik.http.routers.lldap.entrypoints: entry_https + traefik.http.services.lldap.loadbalancer.server.port: 17170 + #healthcheck: # https://github.com/lldap/lldap/issues/18389 + # test: ["CMD", "mc", "ready", "local"] + # interval: 5s + # timeout: 5s + # retries: 5 + +######## Postgres ######## + lldap-db17: + container_name: "lldap-db" + image: "postgres:17.0" + restart: unless-stopped + pull_policy: missing + environment: + POSTGRES_USER: lldap + POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}" + TZ: Europe/Berlin + volumes: + - db17:/var/lib/postgresql/data + networks: + - internal + healthcheck: + test: ["CMD", "pg_isready", "-U", "lldap"] + interval: 10s + start_period: 30s + +######## Networks ######## +networks: + traefik: + external: true + postfix: + external: true + +######## Volumes ######## +volumes: + lldap_data: + db17: + +# todo heatclheck +# rolle in friedhof diff --git a/docker-compose/lldap/lldap_config.toml.j2 b/docker-compose/lldap/lldap_config.toml.j2 new file mode 100755 index 00000000..31d55223 --- /dev/null +++ b/docker-compose/lldap/lldap_config.toml.j2 @@ -0,0 +1,26 @@ +verbose=true + +ldap_host = "0.0.0.0" +ldap_port = 3890 + +http_host = "0.0.0.0" +http_port = 17170 +http_url = "https://ldap.mgrote.net" + +jwt_secret = "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}" + +ldap_base_dn = "dc=mgrote,dc=net" +ldap_user_dn = "{{ lookup('viczem.keepass.keepass', 'lldap_admin_user', 'username') }}" +ldap_user_email = "lldap-admin@mgrote.net" +ldap_user_pass = "{{ lookup('viczem.keepass.keepass', 'lldap_admin_user', 'password') }}" + +database_url = "postgres://lldap:{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}@lldap-db/lldap" + +key_seed = "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}" + +[smtp_options] +enable_password_reset=false +server=postfix +port=25 +smtp_encryption = "NONE" +reply_to="Do not reply " diff --git a/host_vars/docker10.mgrote.net.yml b/host_vars/docker10.mgrote.net.yml index cc9b4922..1bb9a7df 100644 --- a/host_vars/docker10.mgrote.net.yml +++ b/host_vars/docker10.mgrote.net.yml @@ -50,8 +50,12 @@ compose_files: state: present - name: act-runner state: present + - name: lldap + state: present + network: traefik - name: minio state: present + network: traefik ### oefenweb.ufw ufw_rules: