diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-05 16:13:01 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-05 16:13:01 -0500 |
| commit | fb0b3914086484d9284426985984e2c1699ba557 (patch) | |
| tree | 963a2288a3b33f389972a78efaf3b6462bbe1925 /roles/lldap | |
| parent | b62d5f559b81556a1dd6197c72a0c43ba1744477 (diff) | |
| download | oldinfra-fb0b3914086484d9284426985984e2c1699ba557.tar.gz oldinfra-fb0b3914086484d9284426985984e2c1699ba557.zip | |
ldap, internal CA, internal webserver, dns, etc.
Diffstat (limited to 'roles/lldap')
| -rw-r--r-- | roles/lldap/tasks/main.yml | 28 | ||||
| -rw-r--r-- | roles/lldap/templates/docker-compose.yml.j2 | 18 |
2 files changed, 46 insertions, 0 deletions
diff --git a/roles/lldap/tasks/main.yml b/roles/lldap/tasks/main.yml new file mode 100644 index 0000000..79b9a86 --- /dev/null +++ b/roles/lldap/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: ensure lldap docker/compose exist + file: + path: /etc/docker/compose/lldap + state: directory + owner: root + group: root + mode: 0700 + +- name: build lldap docker-compose.yml.j2 + template: + src: ../templates/docker-compose.yml.j2 + dest: /etc/docker/compose/lldap/docker-compose.yml + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: daemon-reload and enable lldap + ansible.builtin.systemd_service: + state: restarted + enabled: true + name: docker-compose@lldap + +- name: allow ldap on vpn + ufw: + rule: allow + port: '3890' + from: '100.64.0.0/10' diff --git a/roles/lldap/templates/docker-compose.yml.j2 b/roles/lldap/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..c4757b2 --- /dev/null +++ b/roles/lldap/templates/docker-compose.yml.j2 @@ -0,0 +1,18 @@ +version: "3" + +volumes: + lldap_data: + driver: local + +services: + lldap: + image: lldap/lldap:stable + ports: + - "{{ johan_ip }}:3890:3890" + - "127.0.0.1:17170:17170" + volumes: + - "lldap_data:/data" + environment: + - LLDAP_JWT_SECRET="{{ lldap_jwt_secret }}" + - LLDAP_LDAP_USER_PASS="{{ lldap_user_pass }}" + - LLDAP_LDAP_BASE_DN=dc=simponic,dc=xyz |