This commit is contained in:
SebClem 2023-04-19 16:45:51 +02:00
parent 923b504c83
commit 20112fea63
Signed by: sebclem
GPG Key ID: 5A4308F6A359EA50
6 changed files with 105 additions and 0 deletions

View File

@ -1,2 +1,3 @@
---
# defaults file for ${REPO_NAME_TITLE}
lldap_version: "v0.4.2"

View File

@ -1,2 +1,7 @@
---
# handlers file for Ansible-Lldap-Role
- name: Restart lldap
ansible.builtin.systemd:
name: lldap
state: restarted

View File

@ -1,2 +1,56 @@
---
# tasks file for Ansible-Lldap-Role
- name: Download lldap
ansible.builtin.unarchive:
src: "{{ lldap_dowload_url }}"
dest: "{{ lldap_install_dir }}"
remote_src: true
extra_opts:
- --strip-components=1
- name: Create lldap user
ansible.builtin.user:
name: "{{ lldap_run_user }}"
system: true
shell: /bin/bash
home: "/var/lib/lldap"
create_home: true
- name: Add lldap service file
ansible.builtin.template:
src: lldap.service.j2
dest: /etc/systemd/system/lldap.service
mode: "644"
- name: Ensure lldap data dir exist
ansible.builtin.file:
path: "{{ lldap_data_dir }}"
owner: "{{ lldap_run_user }}"
group: "{{ lldap_run_group }}"
mode: "750"
state: directory
- name: Ensure lldap config dir exist
ansible.builtin.file:
path: "{{ lldap_config_dir }}"
owner: "root"
group: "{{ lldap_run_group }}"
mode: "770"
state: directory
- name: Update lldap config
ansible.builtin.template:
src: lldap-config.toml.j2
dest: "{{ lldap_config_dir }}/lldap-config.toml"
owner: "root"
group: "{{ lldap_run_group }}"
mode: "640"
notify: Restart lldap
- name: Enable and start lldap service
ansible.builtin.systemd:
name: lldap
daemon_reload: true
enabled: true
state: started

View File

@ -0,0 +1,14 @@
{{ ansible_managed | comment }}
{% for key, value in gitea_config %}
{% if value is string %}
{{ key }}={{ value }}
{% else %}
[{{ key }}]
{% for entry, entry_value in value %}
{{ entry }} = {{ entry_value }}
{% endfor %}
{% endif %}
{% endfor %}

View File

@ -0,0 +1,22 @@
[Unit]
Description=LLDAP
Documentation=https://github.com/lldap/lldap
# Only sqlite
After=network.target
[Service]
# The user/group LLDAP is run under. The working directory (see below) should allow write and read access to this user/group.
User={{ lldap_run_user }}
Group={{ lldap_run_group }}
UMask=027
# The location of the compiled binary
ExecStart={{ lldap_install_dir }}/lldap run --config-file {{ lldap_config_dir }}/lldap-config.toml
# Only allow writes to the following directory and set it to the working directory (user and password data are stored here).
WorkingDirectory={{ lldap_data_dir }}
ReadWriteDirectories={{ lldap_data_dir }}
[Install]
WantedBy=multi-user.target

View File

@ -1,2 +1,11 @@
---
# vars file for Ansible-Lldap-Role
lldap_download_filename: "amd64-lldap.tar.gz"
lldap_dowload_url: "https://github.com/lldap/lldap/releases/download/{{ lldap_version }}/{{ lldap_download_filename }}"
lldap_run_user: "lldap"
lldap_run_group: "{{ lldap_run_user }}"
lldap_config_dir: "/etc/lldap"
lldap_data_dir: "/var/lib/lldap"
lldap_install_dir: "/opt/lldap"