generated from sebclem/ansible-role-template
init
This commit is contained in:
parent
923b504c83
commit
20112fea63
@ -1,2 +1,3 @@
|
||||
---
|
||||
# defaults file for ${REPO_NAME_TITLE}
|
||||
lldap_version: "v0.4.2"
|
||||
|
@ -1,2 +1,7 @@
|
||||
---
|
||||
# handlers file for Ansible-Lldap-Role
|
||||
|
||||
- name: Restart lldap
|
||||
ansible.builtin.systemd:
|
||||
name: lldap
|
||||
state: restarted
|
||||
|
@ -1,2 +1,56 @@
|
||||
---
|
||||
# tasks file for Ansible-Lldap-Role
|
||||
|
||||
- name: Download lldap
|
||||
ansible.builtin.unarchive:
|
||||
src: "{{ lldap_dowload_url }}"
|
||||
dest: "{{ lldap_install_dir }}"
|
||||
remote_src: true
|
||||
extra_opts:
|
||||
- --strip-components=1
|
||||
|
||||
- name: Create lldap user
|
||||
ansible.builtin.user:
|
||||
name: "{{ lldap_run_user }}"
|
||||
system: true
|
||||
shell: /bin/bash
|
||||
home: "/var/lib/lldap"
|
||||
create_home: true
|
||||
|
||||
- name: Add lldap service file
|
||||
ansible.builtin.template:
|
||||
src: lldap.service.j2
|
||||
dest: /etc/systemd/system/lldap.service
|
||||
mode: "644"
|
||||
|
||||
- name: Ensure lldap data dir exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ lldap_data_dir }}"
|
||||
owner: "{{ lldap_run_user }}"
|
||||
group: "{{ lldap_run_group }}"
|
||||
mode: "750"
|
||||
state: directory
|
||||
|
||||
- name: Ensure lldap config dir exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ lldap_config_dir }}"
|
||||
owner: "root"
|
||||
group: "{{ lldap_run_group }}"
|
||||
mode: "770"
|
||||
state: directory
|
||||
|
||||
- name: Update lldap config
|
||||
ansible.builtin.template:
|
||||
src: lldap-config.toml.j2
|
||||
dest: "{{ lldap_config_dir }}/lldap-config.toml"
|
||||
owner: "root"
|
||||
group: "{{ lldap_run_group }}"
|
||||
mode: "640"
|
||||
notify: Restart lldap
|
||||
|
||||
- name: Enable and start lldap service
|
||||
ansible.builtin.systemd:
|
||||
name: lldap
|
||||
daemon_reload: true
|
||||
enabled: true
|
||||
state: started
|
||||
|
14
templates/lldap-config.toml.j2
Normal file
14
templates/lldap-config.toml.j2
Normal file
@ -0,0 +1,14 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for key, value in gitea_config %}
|
||||
{% if value is string %}
|
||||
{{ key }}={{ value }}
|
||||
{% else %}
|
||||
|
||||
[{{ key }}]
|
||||
{% for entry, entry_value in value %}
|
||||
{{ entry }} = {{ entry_value }}
|
||||
{% endfor %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
22
templates/lldap.service.j2
Normal file
22
templates/lldap.service.j2
Normal file
@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=LLDAP
|
||||
Documentation=https://github.com/lldap/lldap
|
||||
|
||||
# Only sqlite
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
# The user/group LLDAP is run under. The working directory (see below) should allow write and read access to this user/group.
|
||||
User={{ lldap_run_user }}
|
||||
Group={{ lldap_run_group }}
|
||||
UMask=027
|
||||
|
||||
# The location of the compiled binary
|
||||
ExecStart={{ lldap_install_dir }}/lldap run --config-file {{ lldap_config_dir }}/lldap-config.toml
|
||||
|
||||
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here).
|
||||
WorkingDirectory={{ lldap_data_dir }}
|
||||
ReadWriteDirectories={{ lldap_data_dir }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,2 +1,11 @@
|
||||
---
|
||||
# vars file for Ansible-Lldap-Role
|
||||
|
||||
lldap_download_filename: "amd64-lldap.tar.gz"
|
||||
lldap_dowload_url: "https://github.com/lldap/lldap/releases/download/{{ lldap_version }}/{{ lldap_download_filename }}"
|
||||
lldap_run_user: "lldap"
|
||||
lldap_run_group: "{{ lldap_run_user }}"
|
||||
|
||||
lldap_config_dir: "/etc/lldap"
|
||||
lldap_data_dir: "/var/lib/lldap"
|
||||
lldap_install_dir: "/opt/lldap"
|
||||
|
Loading…
Reference in New Issue
Block a user