From 070e69cccdd5c37b2590a5ed65e981db365de191 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Tue, 28 Jun 2022 11:35:20 +0200
Subject: [PATCH] [proxmox] Deploy service-proxmox-user on virtus to sync the
 list of users

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/virtu.yml               | 20 ++++++++++++++++++++
 group_vars/virtu_adh.yml           | 25 +++++++++++++++++++++++++
 host_vars/daniel.adm.crans.org.yml |  3 +++
 host_vars/gulp.adm.crans.org.yml   |  3 +++
 host_vars/jack.adm.crans.org.yml   |  3 +++
 host_vars/odlyd.adm.crans.org.yml  |  3 +++
 plays/root.yml                     |  3 +++
 roles/service/tasks/main.yml       |  2 +-
 8 files changed, 61 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/virtu_adh.yml

diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml
index 570a04cb..3db203e8 100644
--- a/group_vars/virtu.yml
+++ b/group_vars/virtu.yml
@@ -4,3 +4,23 @@ glob_debian_images:
   rsync_host: 'eclat.adm.crans.org'
   rsync_module: 'mirror'
   include_extra_images: false
+
+glob_service_proxmox_user:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git
+    version: main
+  name: proxmox-user
+  install_dir: /var/local/services/proxmox-user
+  generated: false
+  cron:
+    frequency: "*/2 * * * *"
+    options: ""
+  config:
+    ldap:
+      admin:
+        uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+        userBase: "ou=passwd,dc=crans,dc=org"
+        realm: "pam"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml
new file mode 100644
index 00000000..d3a5f3e9
--- /dev/null
+++ b/group_vars/virtu_adh.yml
@@ -0,0 +1,25 @@
+glob_service_proxmox_user:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git
+    version: main
+  name: proxmox-user
+  install_dir: /var/local/services/proxmox-user
+  generated: false
+  cron:
+    frequency: "*/2 * * * *"
+    options: ""
+  config:
+    ldap:
+      admin:
+        uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+        userBase: "ou=passwd,dc=crans,dc=org"
+        realm: "pam"
+      user:
+        uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ipv4 | first }}/"
+        userBase: "ou=users,dc=adh,dc=crans,dc=org"
+        realm: "pve"
+        binddn: "{{ vault.ldap_adh_reader.binddn }}"
+        passwd: "{{ vault.ldap_adh_reader.bindpass }}"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index fe23407a..96967505 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -8,3 +8,6 @@ loc_postgres:
   version: 13
   replica: true
   addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml
index 119fa7ab..4c4ef29d 100644
--- a/host_vars/gulp.adm.crans.org.yml
+++ b/host_vars/gulp.adm.crans.org.yml
@@ -1,3 +1,6 @@
 ---
 loc_debian_images:
   include_extra_images: true
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index 7a83dd68..ac4ac7e0 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -8,3 +8,6 @@ loc_postgres:
   version: 13
   replica: true
   addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml
index 119fa7ab..4c4ef29d 100644
--- a/host_vars/odlyd.adm.crans.org.yml
+++ b/host_vars/odlyd.adm.crans.org.yml
@@ -1,3 +1,6 @@
 ---
 loc_debian_images:
   include_extra_images: true
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/plays/root.yml b/plays/root.yml
index e9d7d0ad..6a632c76 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -3,8 +3,11 @@
 # root is the first playbook to launch (as root) whe initiation a new server
 
 - hosts: virtu
+  vars:
+    service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}"
   roles:
     - proxmox-apt-sources
+    - service
 
 - hosts: server
   roles:
diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml
index 78c40fa8..11525d34 100644
--- a/roles/service/tasks/main.yml
+++ b/roles/service/tasks/main.yml
@@ -55,7 +55,7 @@
   template:
     src: cron.d/service.j2
     dest: "/etc/cron.d/services-{{ service.name }}"
-  when: service.cron is defined
+  when: service.cron is defined and service.cron.frequency is defined
 
 - name: Deploy service configuration
   template: