From fb0b3914086484d9284426985984e2c1699ba557 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Fri, 5 Jan 2024 16:13:01 -0500
Subject: ldap, internal CA, internal webserver, dns, etc.

---
 roles/lldap/tasks/main.yml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/lldap/tasks/main.yml

(limited to 'roles/lldap/tasks')

diff --git a/roles/lldap/tasks/main.yml b/roles/lldap/tasks/main.yml
new file mode 100644
index 0000000..79b9a86
--- /dev/null
+++ b/roles/lldap/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: ensure lldap docker/compose exist
+  file:
+    path: /etc/docker/compose/lldap
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: build lldap docker-compose.yml.j2
+  template:
+    src: ../templates/docker-compose.yml.j2
+    dest: /etc/docker/compose/lldap/docker-compose.yml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+
+- name: daemon-reload and enable lldap
+  ansible.builtin.systemd_service:
+    state: restarted
+    enabled: true
+    name: docker-compose@lldap
+ 
+- name: allow ldap on vpn
+  ufw:
+    rule: allow
+    port: '3890'
+    from: '100.64.0.0/10'
-- 
cgit v1.2.3-70-g09d2