--- ### geerlingguy_postgres postgresql_databases: - name: "{{ lldap_db_name }}" postgresql_users: - name: "{{ lldap_db_user }}" password: "{{ lldap_db_pass }}" ### oefenweb.ufw ufw_rules: - rule: allow to_port: 22 protocol: tcp comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 - rule: allow to_port: 9080 protocol: tcp comment: 'promtail' from_ip: 192.168.2.0/24 - rule: allow to_port: "{{ lldap_http_port }}" protocol: tcp comment: 'lldap' from_ip: 192.168.2.0/24 - rule: allow to_port: "{{ lldap_http_port }}" protocol: tcp comment: 'lldap' from_ip: 10.25.0.0/24 - rule: allow to_port: 3890 protocol: tcp comment: 'lldap' from_ip: 192.168.2.0/24 ### mgrote_lldap lldap_package_url: "https://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/xUbuntu_22.04/amd64/lldap_0.5.0-1+3.1_amd64.deb" lldap_logging_verbose: "true" # must be a string not a boolean lldap_http_port: 17170 lldap_http_host: "0.0.0.0" lldap_ldap_host: "0.0.0.0" lldap_public_url: http://ldap.mgrote.net:17170 lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}" lldap_ldap_base_dn: "dc=mgrote,dc=net" lldap_admin_username: ladmin # only used on setup lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}" lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}" #lldap_smtp_from: "lldap@mgrote.net" # unused in role lldap_smtp_reply_to: "Do not reply " lldap_smtp_server: "docker10.mgrote.net" lldap_smtp_port: "1025" lldap_smtp_smtp_encryption: "NONE" #lldap_smtp_user: "info@mgrote.net" # unused in role lldap_smtp_enable_password_reset: "true" # must be a string not a boolean # "meta vars"; daraus werden die db-url und die postgres-db abgeleitet lldap_db_name: "lldap" lldap_db_user: "lldap" lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}" lldap_db_host: "localhost" ...