[thelounge] Copy ldap configuration for zamok

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

group_vars/irc.yml

@@ -11,3 +11,12 @@ glob_thelounge:
     username: "thelounge"
     realname: "The Lounge User"
     join: "#general"
+  ldap_enable: "false"
+  ldap:
+    url: "ldap://172.16.10.157"
+    primaryKey: "cn"
+    rootDN: "cn=thelounge,ou=service-users,dc=crans,dc=org"
+    rootPassword: "{{ vault_ldap_thelounge_password }}"
+    filter: "(objectclass=inetOrgPerson)"
+    base: "dc=crans,dc=org"
+    scope: "sub"

host_vars/zamok.adm.crans.org.yml

@@ -8,3 +8,6 @@ loc_borg:
       params:
         - "- name: all"
         - "  password: {{ vault.mysql_zamok_password }}"
+
+loc_thelounge:
+  ldap_enable: "true"

plays/zamok.yml

@@ -6,7 +6,6 @@
     adh: '{{ glob_adh | combine(loc_adh | default({}), recursive=True) }}'
   roles:
     - zamok-tools
-    - thelounge
     - postfix
     - prometheus-node-exporter-postfix
 

roles/thelounge/templates/config.js.j2

@@ -391,11 +391,11 @@ module.exports = {
 	ldap: {
 		// - `enable`: when set to `false`, LDAP support is disabled and all other
 		//   values are ignored.
-		enable: false,
+		enable: {{ thelounge.ldap_enable }},
 
 		// - `url`: A url of the form `ldaps://<ip>:<port>`.
 		//   For plain connections, use the `ldap` scheme.
-		url: "ldaps://example.com",
+		url: "{{ thelounge.ldap.url }}",
 
 		// - `tlsOptions`: LDAP connection TLS options (only used if scheme is
 		//   `ldaps://`). It is an object whose values are Node.js' `tls.connect()`
@@ -410,7 +410,7 @@ module.exports = {
 		tlsOptions: {},
 
 		// - `primaryKey`: LDAP primary key. It is set to `"uid"` by default.
-		primaryKey: "uid",
+		primaryKey: "{{ thelounge.ldap.primaryKey }}",
 
 		// - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it
 		//   to `"ou=accounts,dc=example,dc=com"`.
@@ -426,21 +426,21 @@ module.exports = {
 			//     read-only to the DNs of the people that are allowed to log in.
 			//     It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by
 			//     default.
-			rootDN: "cn=thelounge,ou=system-users,dc=example,dc=com",
+			rootDN: "{{ thelounge.ldap.rootDN }}",
 
 			//   - `rootPassword`: Password of The Lounge LDAP system user.
-			rootPassword: "1234",
+			rootPassword: "{{ thelounge.ldap.rootPassword }}",
 
 			//   - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"`
 			//     by default.
-			filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)",
+			filter: "{{ thelounge.ldap.filter }}",
 
 			//   - `base`: LDAP search base (search only within this node). It is set
 			//     to `"dc=example,dc=com"` by default.
-			base: "dc=example,dc=com",
+			base: "{{ thelounge.ldap.base }}",
 
 			//   - `scope`: LDAP search scope. It is set to `"sub"` by default.
-			scope: "sub",
+			scope: "{{ thelounge.ldap.scope }}",
 		},
 	},