Michael Grote
3d75c0911e
Reviewed-on: #232 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
63 lines
2.2 KiB
YAML
63 lines
2.2 KiB
YAML
---
|
|
### geerlingguy_postgres
|
|
postgresql_databases:
|
|
- name: "{{ lldap_db_name }}"
|
|
postgresql_users:
|
|
- name: "{{ lldap_db_user }}"
|
|
password: "{{ lldap_db_pass }}"
|
|
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 0.0.0.0/0
|
|
- rule: allow
|
|
to_port: 4949
|
|
protocol: tcp
|
|
comment: 'munin'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: "{{ lldap_http_port }}"
|
|
protocol: tcp
|
|
comment: 'lldap'
|
|
from_ip: 192.168.2.0/24
|
|
- rule: allow
|
|
to_port: "{{ lldap_http_port }}"
|
|
protocol: tcp
|
|
comment: 'lldap'
|
|
from_ip: 10.25.0.0/24
|
|
- rule: allow
|
|
to_port: 3890
|
|
protocol: tcp
|
|
comment: 'lldap'
|
|
from_ip: 192.168.2.0/24
|
|
|
|
### mgrote_lldap
|
|
lldap_package_url: "https://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/xUbuntu_22.04/amd64/lldap_0.5.0-1+4.1_amd64.deb"
|
|
lldap_logging_verbose: "true" # must be a string not a boolean
|
|
lldap_http_port: 17170
|
|
lldap_http_host: "0.0.0.0"
|
|
lldap_ldap_host: "0.0.0.0"
|
|
lldap_public_url: http://ldap.mgrote.net:17170
|
|
lldap_jwt_secret: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_jwt_secret', 'password') }}"
|
|
lldap_ldap_base_dn: "dc=mgrote,dc=net"
|
|
lldap_admin_username: ladmin # only used on setup
|
|
lldap_admin_password: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
|
|
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
|
|
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
|
|
lldap_key_seed: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_key_seed', 'password') }}"
|
|
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
|
|
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
|
|
lldap_smtp_server: "docker10.mgrote.net"
|
|
lldap_smtp_port: "1025"
|
|
lldap_smtp_smtp_encryption: "NONE"
|
|
#lldap_smtp_user: "info@mgrote.net" # unused in role
|
|
lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
|
|
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
|
|
lldap_db_name: "lldap"
|
|
lldap_db_user: "lldap"
|
|
lldap_db_pass: "{{ lookup('viczem.keepass.keepass', 'lldap/lldap_db_pass', 'password') }}"
|
|
lldap_db_host: "localhost"
|
|
...
|