init

defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 # defaults file for ${REPO_NAME_TITLE}
+lldap_version: "v0.4.2"

handlers/main.yml

@@ -1,2 +1,7 @@
 ---
 # handlers file for Ansible-Lldap-Role
+
+- name: Restart lldap
+  ansible.builtin.systemd:
+    name: lldap
+    state: restarted

tasks/main.yml

@@ -1,2 +1,56 @@
 ---
 # tasks file for Ansible-Lldap-Role
+
+- name: Download lldap
+  ansible.builtin.unarchive:
+    src: "{{ lldap_dowload_url }}"
+    dest: "{{ lldap_install_dir }}"
+    remote_src: true
+    extra_opts:
+      - --strip-components=1
+
+- name: Create lldap user
+  ansible.builtin.user:
+    name: "{{ lldap_run_user }}"
+    system: true
+    shell: /bin/bash
+    home: "/var/lib/lldap"
+    create_home: true
+
+- name: Add lldap service file
+  ansible.builtin.template:
+    src: lldap.service.j2
+    dest: /etc/systemd/system/lldap.service
+    mode: "644"
+
+- name: Ensure lldap data dir exist
+  ansible.builtin.file:
+    path: "{{ lldap_data_dir }}"
+    owner: "{{ lldap_run_user }}"
+    group: "{{ lldap_run_group }}"
+    mode: "750"
+    state: directory
+
+- name: Ensure lldap config dir exist
+  ansible.builtin.file:
+    path: "{{ lldap_config_dir }}"
+    owner: "root"
+    group: "{{ lldap_run_group }}"
+    mode: "770"
+    state: directory
+
+- name: Update lldap config
+  ansible.builtin.template:
+    src: lldap-config.toml.j2
+    dest: "{{ lldap_config_dir }}/lldap-config.toml"
+    owner: "root"
+    group: "{{ lldap_run_group }}"
+    mode: "640"
+  notify: Restart lldap
+
+- name: Enable and start lldap service
+  ansible.builtin.systemd:
+    name: lldap
+    daemon_reload: true
+    enabled: true
+    state: started

templates/lldap-config.toml.j2

@@ -0,0 +1,14 @@
+{{ ansible_managed | comment }}
+
+{% for key, value in gitea_config %}
+{% if value is string %}
+{{ key }}={{ value }}
+{% else %}
+
+[{{ key }}]
+{% for entry, entry_value in value %}
+{{ entry }} = {{ entry_value }}
+{% endfor %}
+
+{% endif %}
+{% endfor %}

templates/lldap.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=LLDAP
+Documentation=https://github.com/lldap/lldap
+
+# Only sqlite
+After=network.target
+
+[Service]
+# The user/group LLDAP is run under. The working directory (see below) should allow write and read access to this user/group.
+User={{ lldap_run_user }}
+Group={{ lldap_run_group }}
+UMask=027
+
+# The location of the compiled binary
+ExecStart={{ lldap_install_dir }}/lldap run --config-file {{ lldap_config_dir }}/lldap-config.toml
+
+# Only allow writes to the following directory and set it to the working directory (user and password data are stored here).
+WorkingDirectory={{ lldap_data_dir }}
+ReadWriteDirectories={{ lldap_data_dir }}
+
+[Install]
+WantedBy=multi-user.target

vars/main.yml

@@ -1,2 +1,11 @@
 ---
 # vars file for Ansible-Lldap-Role
+
+lldap_download_filename: "amd64-lldap.tar.gz"
+lldap_dowload_url: "https://github.com/lldap/lldap/releases/download/{{ lldap_version }}/{{ lldap_download_filename }}"
+lldap_run_user: "lldap"
+lldap_run_group: "{{ lldap_run_user }}"
+
+lldap_config_dir: "/etc/lldap"
+lldap_data_dir: "/var/lib/lldap"
+lldap_install_dir: "/opt/lldap"