initial: no secrets

2026-06-20 08:22:40 +02:00 · 2024-02-12 17:01:18 +01:00
commit cf9efd55b5
186 changed files with 8697 additions and 0 deletions
@@ -0,0 +1,157 @@
+- name: Install LDAP packages
+  apt:
+    pkg:
+      - slapd
+      - ldap-utils
+      - python3-ldap
+
+- name: directory /var/lib/slapd/
+  file:
+    path: /var/lib/ldap/
+    owner: root
+    group: openldap
+    mode: 0770
+    state: directory
+
+- name: slapd-LDAP Conf
+  template:
+    src: slapd.conf
+    dest: /etc/ldap/slapd.conf
+    owner: openldap
+  notify:
+    - restart slapd
+
+- name: Disable & mask broken debian slapd unit
+  systemd:
+    name: slapd
+    state: stopped
+    enabled: false
+    masked: yes
+
+- name: Copy slapd systemd unit
+  template:
+    src: slapd-custom.service
+    dest: /etc/systemd/system/slapd-custom.service
+    mode: 0644
+  notify:
+    - daemon reload
+    - restart slapd
+
+- name: Enable and start slapd custom service
+  systemd:
+    name: slapd-custom.service
+    state: started
+    enabled: yes
+
+- name: LDAP master conf
+  template:
+    src: ldap.conf
+    dest: /etc/ldap/ldap.conf
+    owner: openldap
+  notify:
+    - restart slapd
+
+- name: LDAP extra schemas
+  copy:
+    src: verification.schema
+    dest: /etc/ldap/schema/verification.schema
+    owner: openldap
+  notify:
+    - restart slapd
+
+- meta: flush_handlers
+
+- name: Wait for LDAP to become ready
+  wait_for:
+    port: 389
+    timeout: 30
+    delay: 5
+
+- name: Create LDAP root (1)
+  ldap_entry:
+    dn: "{{ ldap_suffix }}"
+    objectClass:
+      - dcObject
+      - organization
+    attributes: |
+        { "o" : "{{ ldap_org }}", "dc" : "{{ ldap_dc }}" }
+    state: present
+    server_uri: "ldap://localhost"
+    bind_dn: "{{ ldap_bind_dn }}"
+    bind_pw: "{{ ldap_password }}"
+
+- name: Create LDAP root (2)
+  ldap_entry:
+    dn: "cn=Manager,dc=atlantishq,dc=de"
+    objectClass:
+      - organizationalRole
+    attributes: |
+        { "cn" : "Manager" }
+    state: present
+    server_uri: "ldap://localhost"
+    bind_dn: "{{ ldap_bind_dn }}"
+    bind_pw: "{{ ldap_password }}"
+
+- name: Create LDAP Group people
+  ldap_entry:
+    dn: "ou=People,{{ ldap_suffix }}"
+    objectClass:
+      - organizationalUnit
+    state: present
+    server_uri: "ldap://localhost"
+    bind_dn: "{{ ldap_bind_dn }}"
+    bind_pw: "{{ ldap_password }}"
+
+- name: Create LDAP groups root
+  ldap_entry:
+    dn: "ou=groups,{{ ldap_suffix }}"
+    objectClass:
+      - organizationalUnit
+    state: present
+    server_uri: "ldap://localhost"
+    bind_dn: "{{ ldap_bind_dn }}"
+    bind_pw: "{{ ldap_password }}"
+
+- name: Create LDAP groups
+  ldap_entry:
+    dn: "cn={{ item }},ou=groups,{{ ldap_suffix }}"
+    objectClass:
+      - groupOfNames
+    attributes: { "member" : "" }
+    state: present
+    server_uri: "ldap://localhost"
+    bind_dn: "{{ ldap_bind_dn }}"
+    bind_pw: "{{ ldap_password }}"
+  with_items:
+    - nextcloud
+    - images
+    - mail
+    - soundlib
+    - monitoring
+    - pki
+
+- name: Deploy Backup Script
+  copy:
+    src: slapd_backup.sh
+    dest: /opt/
+    mode: 0700
+
+- name: deploy LDAP fixer scripts
+  template:
+    src: fix_ldap.py
+    dest: /opt/fix_ldap.py
+    mode: 0700
+
+- name: Create cronjob Slapd backup
+  cron:
+    hour: "0"
+    minute: "30"
+    name: SLAPD Backup (slapcat)
+    job: "/opt/slapd_backup.sh"
+
+- name: Create cronjob LDAP fixer
+  cron:
+    hour: "*"
+    minute: "*"
+    name: LDAP keycloak fixer
+    job: "/opt/fix_ldap.py"