mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 1 Activity Actions
homeserver/group_vars/ldap.yml
Michael Grote 28f22968da
Some checks failed
ci/woodpecker/push/gitleaks Pipeline was successful
Details
ci/woodpecker/push/ansible-lint Pipeline was successful
Details
ci/woodpecker/push/ansible-playbook Pipeline failed
Details
ci: deploy config on merge or push (#127) 
Reviewed-on: #127
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ci: testing deployment (#128)

Reviewed-on: #128
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ci: test

ci: enable deployment

ci: set ssh-key for deployment

ci: debug

ci: deactivate ansible-lint temporarily

ci: deactivate ansible-galaxy temporarily

ci: debug ssh-key shell redirect

ci: base64

ci: debug

ci: debug

ci: fix output

Revert "ci: deactivate ansible-lint temporarily"

This reverts commit 6729342f26.

ci: fix vault-pass secret

pbs_integration: enable no_log

ci: debug ansible-vault

ci: debug

ci: ansible-vault + move to viczem.keepass (#130)

Reviewed-on: #130
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>

ff

plugin umbennennugn

ff
2024-07-09 22:27:57 +02:00

64 lines
2.2 KiB
YAML
Raw Blame History

---
### geerlingguy_postgres
postgresql_databases:
- name: "{{ lldap_db_name }}"
postgresql_users:
- name: "{{ lldap_db_user }}"
password: "{{ lldap_db_pass }}"
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.0/24
- rule: allow
to_port: "{{ lldap_http_port }}"
protocol: tcp
comment: 'lldap'
from_ip: 192.168.2.0/24
- rule: allow
to_port: "{{ lldap_http_port }}"
protocol: tcp
comment: 'lldap'
from_ip: 10.25.0.0/24
- rule: allow
to_port: 3890
protocol: tcp
comment: 'lldap'
from_ip: 192.168.2.0/24
### mgrote_lldap
lldap_package_url: "https://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/xUbuntu_22.04/amd64/lldap_0.5.0-1+3.1_amd64.deb"
lldap_logging_verbose: "true" # must be a string not a boolean
lldap_http_port: 17170
lldap_http_host: "0.0.0.0"
lldap_ldap_host: "0.0.0.0"
lldap_public_url: http://ldap.mgrote.net:17170
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap_jwt_secret', 'password') }}"
lldap_ldap_base_dn: "dc=mgrote,dc=net"
lldap_admin_username: ladmin # only used on setup
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap_key_seed', 'password') }}"
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
lldap_smtp_server: "docker10.mgrote.net"
lldap_smtp_port: "1025"
lldap_smtp_smtp_encryption: "NONE"
#lldap_smtp_user: "info@mgrote.net" # unused in role
lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
lldap_db_name: "lldap"
lldap_db_user: "lldap"
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap_db_pass', 'password') }}"
lldap_db_host: "localhost"
...
Reference in a new issue View git blame Copy permalink