82 lines
2 KiB
YAML
82 lines
2 KiB
YAML
---
|
|
|
|
# Role ansible-role-certbot : defina auto renew, schedule, ...
|
|
# WARNING: you need to open the port 80 (iptables)
|
|
certbot_auto_renew: true
|
|
certbot_auto_renew_user: "root"
|
|
certbot_auto_renew_hour: "5"
|
|
certbot_auto_renew_minute: "0"
|
|
certbot_auto_renew_options: "--quiet --no-self-upgrade --pre-hook 'iptables -A INPUT -p tcp --dport 80 -j ACCEPT' --deploy-hook 'cp -pf /etc/letsencrypt/live/{{ inventory_hostname }}/*.pem /etc/ldap/sasl2/ && chown openldap: /etc/ldap/sasl2/*.pem && systemctl restart slapd' --post-hook 'iptables -D INPUT -p tcp --dport 80 -j ACCEPT'"
|
|
certbot_create_if_missing: true
|
|
certbot_create_method: standalone
|
|
certbot_create_standalone_stop_services: []
|
|
certbot_certs:
|
|
- domains:
|
|
- "{{ inventory_hostname }}"
|
|
|
|
openldap_schemas:
|
|
- core
|
|
- cosine
|
|
- nis
|
|
- inetorgperson
|
|
- rfc2739
|
|
openldap_bases:
|
|
rootdn: cn=admin
|
|
suffix: dc=wirebrass,dc=fr
|
|
includes: [ slapd.access ]
|
|
indexes:
|
|
- [ "uid,uidNumber,gidNumber,memberUID", "pres,eq" ]
|
|
# slave:
|
|
# rid:
|
|
# provider: ldaps://:636
|
|
# binddn: cn=bind,dc=dn
|
|
# credentials: bindpw
|
|
# bindmethod: simple
|
|
|
|
ldap_host: "localhost"
|
|
ldap_port: "389"
|
|
|
|
ldap_root_dn: "dc=wirebrass,dc=fr"
|
|
ldap_domain: "wirebrass.fr"
|
|
|
|
ldap_admin_user_dn: "cn=admin,dc=wirebrass,dc=fr"
|
|
ldap_admin_user_password: "{{ vault_ldap_admin_user_password }}"
|
|
|
|
ldap_config_admin_user_dn: "cn=admin,cn=config"
|
|
ldap_config_admin_user_password: "{{ vault_ldap_config_admin_user_password }}"
|
|
|
|
ldap_people:
|
|
- userA:
|
|
uid: userA
|
|
cn: userA
|
|
uidNumber: 60012
|
|
gidNumber: 60012
|
|
- userB:
|
|
uid: userB
|
|
cn: userB
|
|
uidNumber: 60013
|
|
gidNumber: 60013
|
|
|
|
ldap_groups:
|
|
- marketing:
|
|
cn: marketing
|
|
gidNumber: 60002
|
|
description: "Service MARKETING"
|
|
memberUid:
|
|
- userB
|
|
#- userA
|
|
- it:
|
|
cn: it
|
|
gidNumber: 60003
|
|
description: "Service Informatique"
|
|
|
|
|
|
ldap_accounts:
|
|
- svc-ssh:
|
|
cn: svc-ssh
|
|
description: "SSH read user"
|
|
userPassword: "test"
|
|
|
|
ldap_applications:
|
|
- sudoers
|