[thelounge] Copy ldap configuration for zamok

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-22 14:44:04 +01:00 · 2021-02-22 14:44:04 +01:00 · 3f4a66eb7c
parent f039121e21
commit 3f4a66eb7c
4 changed files with 20 additions and 9 deletions
--- a/group_vars/irc.yml
+++ b/group_vars/irc.yml
@ -11,3 +11,12 @@ glob_thelounge:
    username: "thelounge"
    realname: "The Lounge User"
    join: "#general"
+  ldap_enable: "false"
+  ldap:
+    url: "ldap://172.16.10.157"
+    primaryKey: "cn"
+    rootDN: "cn=thelounge,ou=service-users,dc=crans,dc=org"
+    rootPassword: "{{ vault_ldap_thelounge_password }}"
+    filter: "(objectclass=inetOrgPerson)"
+    base: "dc=crans,dc=org"
+    scope: "sub"
--- a/host_vars/zamok.adm.crans.org.yml
+++ b/host_vars/zamok.adm.crans.org.yml
@ -8,3 +8,6 @@ loc_borg:
      params:
        - "- name: all"
        - "  password: {{ vault.mysql_zamok_password }}"
+
+loc_thelounge:
+  ldap_enable: "true"
--- a/plays/zamok.yml
+++ b/plays/zamok.yml
@ -6,7 +6,6 @@
    adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
  roles:
    - zamok-tools
-    - thelounge
    - postfix
    - prometheus-node-exporter-postfix

--- a/roles/thelounge/templates/config.js.j2
+++ b/roles/thelounge/templates/config.js.j2
@ -391,11 +391,11 @@ module.exports = {
 	ldap: {
 		// - `enable`: when set to `false`, LDAP support is disabled and all other
 		//   values are ignored.
-		enable: false,
+		enable: {{ thelounge.ldap_enable }},

 		// - `url`: A url of the form `ldaps://<ip>:<port>`.
 		//   For plain connections, use the `ldap` scheme.
-		url: "ldaps://example.com",
+		url: "{{ thelounge.ldap.url }}",

 		// - `tlsOptions`: LDAP connection TLS options (only used if scheme is
 		//   `ldaps://`). It is an object whose values are Node.js' `tls.connect()`
@ -410,7 +410,7 @@ module.exports = {
 		tlsOptions: {},

 		// - `primaryKey`: LDAP primary key. It is set to `"uid"` by default.
-		primaryKey: "uid",
+		primaryKey: "{{ thelounge.ldap.primaryKey }}",

 		// - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it
 		//   to `"ou=accounts,dc=example,dc=com"`.
@ -426,21 +426,21 @@ module.exports = {
 			//     read-only to the DNs of the people that are allowed to log in.
 			//     It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by
 			//     default.
-			rootDN: "cn=thelounge,ou=system-users,dc=example,dc=com",
+			rootDN: "{{ thelounge.ldap.rootDN }}",

 			//   - `rootPassword`: Password of The Lounge LDAP system user.
-			rootPassword: "1234",
+			rootPassword: "{{ thelounge.ldap.rootPassword }}",

 			//   - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"`
 			//     by default.
-			filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)",
+			filter: "{{ thelounge.ldap.filter }}",

 			//   - `base`: LDAP search base (search only within this node). It is set
 			//     to `"dc=example,dc=com"` by default.
-			base: "dc=example,dc=com",
+			base: "{{ thelounge.ldap.base }}",

 			//   - `scope`: LDAP search scope. It is set to `"sub"` by default.
-			scope: "sub",
+			scope: "{{ thelounge.ldap.scope }}",
 		},
 	},