homeserver/group_vars/ldap.yml
Michael Grote 33d734125f
All checks were successful
ci/woodpecker/push/gitleaks Pipeline was successful
ci/woodpecker/push/ansible-lint Pipeline was successful
redeploy nextcloud with ldap (#96)
Reviewed-on: #96
2024-06-03 21:23:53 +02:00

63 lines
2.1 KiB
YAML

---
### geerlingguy_postgres
postgresql_databases:
- name: "{{ lldap_db_name }}"
postgresql_users:
- name: "{{ lldap_db_user }}"
password: "{{ lldap_db_pass }}"
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.0/24
- rule: allow
to_port: "{{ lldap_http_port }}"
protocol: tcp
comment: 'lldap'
from_ip: 192.168.2.0/24
- rule: allow
to_port: "{{ lldap_http_port }}"
protocol: tcp
comment: 'lldap'
from_ip: 10.25.0.0/24
- rule: allow
to_port: 3890
protocol: tcp
comment: 'lldap'
from_ip: 192.168.2.0/24
### mgrote_lldap
lldap_package_url: "https://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/xUbuntu_22.04/amd64/lldap_0.5.0-1+3.1_amd64.deb"
lldap_logging_verbose: "true" # must be a string not a boolean
lldap_http_port: 17170
lldap_http_host: "0.0.0.0"
lldap_ldap_host: "0.0.0.0"
lldap_public_url: http://ldap.mgrote.net:17170
lldap_jwt_secret: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}"
lldap_ldap_base_dn: "dc=mgrote,dc=net"
lldap_admin_username: ladmin # only used on setup
lldap_admin_password: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') }}" # only used on setup; also bind-secret
lldap_admin_mailaddress: lldap-admin@mgrote.net # only used on setup
lldap_database_url: "postgres://{{ lldap_db_user }}:{{ lldap_db_pass }}@{{ lldap_db_host }}/{{ lldap_db_name }}"
lldap_key_seed: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}"
#lldap_smtp_from: "lldap@mgrote.net" # unused in role
lldap_smtp_reply_to: "Do not reply <info@mgrote.net>"
lldap_smtp_server: "docker10.mgrote.net"
lldap_smtp_port: "1025"
lldap_smtp_smtp_encryption: "NONE"
#lldap_smtp_user: "info@mgrote.net" # unused in role
lldap_smtp_enable_password_reset: "true" # must be a string not a boolean
# "meta vars"; daraus werden die db-url und die postgres-db abgeleitet
lldap_db_name: "lldap"
lldap_db_user: "lldap"
lldap_db_pass: "{{ lookup('keepass', 'lldap_db_pass', 'password') }}"
lldap_db_host: "localhost"
...