From b8ffbfe27eae919750ef4d3facf02393d1004287 Mon Sep 17 00:00:00 2001
From: Elizabeth Alexander Hunt <me@liz.coffee>
Date: Wed, 7 May 2025 18:10:57 -0700
Subject: .git was corrupted on the machine i worked on these many commits. so
 here it is all at once :P

---
 group_vars/all.yml           |  2 ++
 group_vars/labdns.yml        |  1 +
 group_vars/mail.yml          | 13 +++++++------
 group_vars/oci.yml           |  3 +++
 group_vars/swarm_cluster.yml |  3 +++
 5 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 group_vars/oci.yml

(limited to 'group_vars')

diff --git a/group_vars/all.yml b/group_vars/all.yml
index f6747d0..717a983 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -22,6 +22,8 @@ domain: "liz.coffee"
 idm_domain: "idm.{{ domain }}"
 headscale_host: "vpn.{{ domain }}"
 mail_domain: "mail.{{ domain }}"
+oci_domain: "oci.{{ domain }}"
+passwd_domain: "passwd.{{ domain }}"
 
 info_mail_user: "info"
 info_mail: "{{ info_mail_user }}@{{ domain }}"
diff --git a/group_vars/labdns.yml b/group_vars/labdns.yml
index c1985c9..d0b0c6a 100644
--- a/group_vars/labdns.yml
+++ b/group_vars/labdns.yml
@@ -3,6 +3,7 @@
 labdns_base: "{{ swarm_base }}/labdns"
 
 internal_services:
+  - oci.{{ domain }}
   - ci.{{ domain }}
   - test.{{ domain }}
   - bin.{{ domain }}
diff --git a/group_vars/mail.yml b/group_vars/mail.yml
index 1114ca8..0a964e2 100644
--- a/group_vars/mail.yml
+++ b/group_vars/mail.yml
@@ -16,15 +16,16 @@ ldap_server_host: "ldaps://{{ ldap_server }}:3636"
 ldap_search_base: "{{ 'dc=' ~ idm_domain | regex_replace('\\.', ',dc=') }}"
 ldap_bind_dn: "dn=token"
 
-ldap_query_filter_user: "(&(class=account)(emailprimary=%s))"
-ldap_query_filter_group: "(&(class=group)(mail=%s))"
-ldap_query_filter_alias: "(&(class=account)(emailalternative=%s))"
+ldap_memberof_query: "(memberof=mail)"
+ldap_query_filter_user: "(&(class=account)(emailprimary=%s){{ ldap_memberof_query }})"
+ldap_query_filter_group: "(&(class=group)(mail=%s){{ ldap_memberof_query }})"
+ldap_query_filter_alias: "(&(class=account)(emailalternative=%s)(memberof=mail){{ ldap_memberof_query }})"
 ldap_query_filter_domain: "(mail=*@%s)"
-ldap_query_filter_senders: "(&(class=account)(|(emailprimary=%s)(emailalternative=%s)))"
+ldap_query_filter_senders: "(&(class=account)(|(emailprimary=%s)(emailalternative=%s)){{ ldap_memberof_query }})"
 
 dovecot_user_filter: >
-  (&(class=account)(name=%u)
-  (memberOf=cn=mail,{{ ldap_search_base }}))
+  (&(class=account)(name=%u){{ ldap_memberof_query }})
+
 dovecot_auth_bind_userdn: "name=%u,{{ ldap_search_base }}"
 
 roundcube_default_host: "ssl://{{ mail_domain }}"
diff --git a/group_vars/oci.yml b/group_vars/oci.yml
new file mode 100644
index 0000000..7bc2db0
--- /dev/null
+++ b/group_vars/oci.yml
@@ -0,0 +1,3 @@
+---
+
+oci_base: "{{ swarm_base }}/oci"
diff --git a/group_vars/swarm_cluster.yml b/group_vars/swarm_cluster.yml
index bf0744d..25324ae 100644
--- a/group_vars/swarm_cluster.yml
+++ b/group_vars/swarm_cluster.yml
@@ -1,3 +1,6 @@
 ---
 
 swarm_base: "{{ ceph_base }}/docker"
+
+oci_username: "readonly"
+oci_password: "readonly"
-- 
cgit v1.2.3-70-g09d2