ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5c1eafeeec
ansible/roles/openldap/defaults/main.yaml
ace 131a1acc84
fix openldap and postfix
2021-01-25 21:24:07 +03:00

281 lines
8.7 KiB
YAML
Raw Blame History

openldap_short_name: "openldap"
openldap_default_values:
replicaCount: 1
# Define deployment strategy - IMPORTANT: use rollingUpdate: null when use Recreate strategy.
# It prevents from merging with existing map keys which are forbidden.
strategy:
type: RollingUpdate
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 1
# maxUnavailable: 0
#
# or
#
# type: Recreate
# rollingUpdate: null
image:
# From repository https://github.com/osixia/docker-openldap
repository: osixia/openldap
tag: 1.4.0
pullPolicy: Always
# Spcifies an existing secret to be used for admin and config user passwords
existingSecret: ""
# settings for enabling TLS
tls:
enabled: true
secret: "{{ openldap_short_name }}.{{ domain }}-secret" # The name of a kubernetes.io/tls type secret to use for TLS
CA:
enabled: true
secret: "{{ openldap_short_name }}.{{ domain }}-ca" # The name of a generic secret to use for custom CA certificate (ca.crt)
## Add additional labels to all resources
extraLabels: {}
## Add additional annotations to pods
podAnnotations: {}
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: "{{ openldap_short_name }}.{{ domain }}"
clusterIP: ""
ldapPort: 389
sslLdapPort: 636 # Only used if tls.enabled is true
## List of IP addresses at which the service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
loadBalancerIP: "{{ openldap_loadbalancer_ip | default(omit) }}"
loadBalancerSourceRanges: []
type: LoadBalancer
# Default configuration for openldap as environment variables. These get injected directly in the container.
# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
env:
LDAP_ORGANISATION: "{{ ldap_org | default('GHP') }}"
LDAP_DOMAIN: "{{ ldap_domain | default(domain) }}"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_ENFORCE: "false"
LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_TLS_VERIFY_CLIENT: "try"
# Default Passwords to use, stored as a secret. If unset, passwords are auto-generated.
# You can override these at install time with
# helm install openldap --set openldap.adminPassword=<passwd>,openldap.configPassword=<passwd>
adminPassword: "{{ openldap_admin_pass | default(openldap_admin_password) }}"
configPassword: "{{ openldap_config_pass | default(openldap_config_password) }}"
# Custom openldap configuration files used to override default settings
customLdifFiles:
01-pw-pbkdf2.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-pbkdf2
02-acl.ldif: |-
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to * by users read by anonymous auth by * none
03-default-users.ldif: |-
dn: ou=groups,{{ openldap_domain }}
changetype: add
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: ou=users,{{ openldap_domain }}
changetype: add
objectClass: organizationalUnit
objectClass: top
ou: users
dn: ou=services,{{ openldap_domain }}
changetype: add
objectClass: organizationalUnit
objectClass: top
ou: services
dn: uid=admin,ou=users,{{ openldap_domain }}
changetype: add
uid: admin
cn: admin
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/admin
uidNumber: 14583103
gidNumber: 14564103
userPassword: {{ openldap_admin_pbkdf2_sha512_hash }}
gecos: Admin user
dn: uid=systemuser,ou=services,{{ openldap_domain }}
changetype: add
uid: systemuser
cn: systemuser
sn: 4
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/systemuser
uidNumber: 14583104
gidNumber: 14564104
userPassword: {{ systemuser_pbkdf2_sha512_hash }}
mail: systemuser@{{ domain }}
gecos: System user
dn: uid=nextcloud,ou=users,{{ openldap_domain }}
changetype: add
uid: nextcloud
cn: nextcloud
sn: 6
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/nextcloud
uidNumber: 14583106
gidNumber: 14564106
userPassword: {{ nextcloud_ldap_pbkdf2_sha512_hash }}
mail: nextcloud@{{ domain }}
gecos: Nexcloud user
dn: uid=ldapbind,ou=services,{{ openldap_domain }}
changetype: add
uid: ldapbind
cn: ldapbind
sn: 7
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /sbin/nologin
homeDirectory: /home/ldapbind
uidNumber: 14583107
gidNumber: 14564107
userPassword: {{ ldapbind_pbkdf2_sha512_hash }}
gecos: LDAP bind user
dn: uid=bitwarden,ou=users,{{ openldap_domain }}
changetype: add
uid: bitwarden
cn: bitwarden
sn: 8
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/bitwarden
uidNumber: 14583108
gidNumber: 14564108
userPassword: {{ bitwarden_ldap_pbkdf2_sha512_hash }}
mail: bitwarden@{{ domain }}
gecos: Bitwarden user
dn: uid=gitea,ou=users,{{ openldap_domain }}
changetype: add
uid: gitea
cn: gitea
sn: 9
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/gitea
uidNumber: 14583109
gidNumber: 14564109
userPassword: {{ gitea_ldap_pbkdf2_sha512_hash }}
mail: gitea@{{ domain }}
gecos: Gitea user
dn: uid=wikijs,ou=users,{{ openldap_domain }}
changetype: add
uid: wikijs
cn: wikijs
sn: 10
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/wikijs
uidNumber: 14583110
gidNumber: 14564110
userPassword: {{ wikijs_ldap_pbkdf2_sha512_hash }}
mail: wikijs@{{ domain }}
gecos: WikiJS user
dn: uid=peertube,ou=users,{{ openldap_domain }}
changetype: add
uid: peertube
cn: peertube
sn: 11
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/peertube
uidNumber: 14583111
gidNumber: 14564111
userPassword: {{ peertube_ldap_pbkdf2_sha512_hash }}
mail: peertube@{{ domain }}
gecos: PeerTube user
dn: cn=admin,ou=groups,{{ openldap_domain }}
changetype: add
objectClass: groupOfUniqueNames
cn: admin
description: Admin users
uniqueMember: cn=admin,{{ openldap_domain }}
06-memberof.ldif: |-
dn: cn=services,ou=groups,{{ openldap_domain }}
changetype: add
objectClass: groupOfUniqueNames
cn: services
description: System users
uniqueMember: uid=systemuser,ou=services,{{ openldap_domain }}
uniqueMember: uid=ldapbind,ou=services,{{ openldap_domain }}
uniqueMember: uid=nextcloud,ou=users,{{ openldap_domain }}
uniqueMember: uid=bitwarden,ou=users,{{ openldap_domain }}
uniqueMember: uid=gitea,ou=users,{{ openldap_domain }}
uniqueMember: uid=wikijs,ou=users,{{ openldap_domain }}
uniqueMember: uid=peertube,ou=users,{{ openldap_domain }}
dn: cn=users,ou=groups,{{ openldap_domain }}
changetype: add
objectClass: groupOfUniqueNames
cn: users
description: Simple users
{% for user in openldap_simple_users %}
uniqueMember: uid={{ user.name }},ou=users,{{ openldap_domain }}
{% endfor %}
{% for user in openldap_custom_users %}
uniqueMember: uid={{ user.name }},ou=users,{{ openldap_domain }}
{% endfor %}
## Persist data to a persistent volume
persistence:
enabled: true
## database data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: "{{ openldap_storage | default('nfs-ssd') }}"
accessMode: "{{ openldap_storage_mode | default('ReadWriteMany') }}"
size: "{{ openldap_size | default('8Gi') }}"
# existingClaim: ""
## test container details
test:
enabled: false
Reference in New Issue View Git Blame Copy Permalink