2024-11-15 20:53:27 +01:00
3 changed files with 96 additions and 0 deletions
--- a/docker-compose/lldap/docker-compose.yml.j2
+++ b/docker-compose/lldap/docker-compose.yml.j2
@ -0,0 +1,66 @@
+services:
+  lldap:
+    image: lldap/lldap:v0.6.0
+    container_name: lldap
+    restart: unless-stopped
+    pull_policy: missing
+    ports:
+      - "3890:3890"
+      # - "17170:17170" # front-end; ueber traefik
+    volumes:
+      - "lldap_data:/data"
+      - "./lldap_config.toml:/data/lldap_config.toml"
+    environment:
+      TZ: Europe/Berlin
+    networks:
+      - traefik
+      - postfix
+      - internal
+    labels:
+      traefik.enable: true
+      traefik.http.routers.lldap.service: lldap
+      traefik.http.routers.lldap.priority: "10"
+      traefik.http.routers.lldap.rule: Host(`ldap.mgrote.net`)
+      traefik.http.routers.lldap.tls: true
+      traefik.http.routers.lldap.tls.certresolver: resolver_letsencrypt
+      traefik.http.routers.lldap.entrypoints: entry_https
+      traefik.http.services.lldap.loadbalancer.server.port: 17170
+    #healthcheck: # https://github.com/lldap/lldap/issues/18389
+    #  test: ["CMD", "mc", "ready", "local"]
+    #  interval: 5s
+    #  timeout: 5s
+    #  retries: 5
+
+######## Postgres ########
+  lldap-db17:
+    container_name: "lldap-db"
+    image: "postgres:17.0"
+    restart: unless-stopped
+    pull_policy: missing
+    environment:
+      POSTGRES_USER: lldap
+      POSTGRES_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}"
+      TZ: Europe/Berlin
+    volumes:
+      - db17:/var/lib/postgresql/data
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "lldap"]
+      interval: 10s
+      start_period: 30s
+
+######## Networks ########
+networks:
+  traefik:
+    external: true
+  postfix:
+    external: true
+
+######## Volumes ########
+volumes:
+  lldap_data:
+  db17:
+
+# todo heatclheck
+# rolle in friedhof
--- a/docker-compose/lldap/lldap_config.toml.j2
+++ b/docker-compose/lldap/lldap_config.toml.j2
@ -0,0 +1,26 @@
+verbose=true
+
+ldap_host = "0.0.0.0"
+ldap_port = 3890
+
+http_host = "0.0.0.0"
+http_port = 17170
+http_url = "https://ldap.mgrote.net"
+
+jwt_secret = "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}"
+
+ldap_base_dn = "dc=mgrote,dc=net"
+ldap_user_dn = "{{ lookup('viczem.keepass.keepass', 'lldap_admin_user', 'username') }}"
+ldap_user_email = "lldap-admin@mgrote.net"
+ldap_user_pass = "{{ lookup('viczem.keepass.keepass', 'lldap_admin_user', 'password') }}"
+
+database_url = "postgres://lldap:{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}@lldap-db/lldap"
+
+key_seed = "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}"
+
+[smtp_options]
+enable_password_reset=false
+server=postfix
+port=25
+smtp_encryption = "NONE"
+reply_to="Do not reply <info@mgrote.net>"
--- a/host_vars/docker10.mgrote.net.yml
+++ b/host_vars/docker10.mgrote.net.yml
@ -50,8 +50,12 @@ compose_files:
    state: present
  - name: act-runner
    state: present
+  - name: lldap
+    state: present
+    network: traefik
  - name: minio
    state: present
+    network: traefik

 ### oefenweb.ufw
 ufw_rules: