-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.yml
173 lines (146 loc) · 3.66 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
---
glauth_main_version: "{{ glauth_version[0:3] }}"
glauth_install_path: /usr/local/bin/glauth/{{ glauth_version }}
glauth_delegate_to: localhost
glauth_local_tmp_directory: "{{
lookup('env', 'CUSTOM_LOCAL_TMP_DIRECTORY') |
default(lookup('env', 'HOME') ~ '/.cache/ansible/glauth', true) }}/{{ glauth_version }}"
glauth_requirements:
- iproute2
- gzip
# ----------------------------------------------------------------------------------------
glauth_defaults_service:
aws:
key_id: ""
secret_key: ""
region: ""
listen:
ldap: ""
ldaps: ""
tls:
cert_file:
key_file:
# https://github.com/glauth/glauth/blob/master/v2/pkg/config/config.go
glauth_defaults_config:
debug: false
syslog: false
watch_config: true
config_file: ""
yubikey:
clientid: ""
secret: ""
aws:
access_key_id: ""
secret_access_key: ""
region: ""
ldap:
enabled: true
listen:
address: "0.0.0.0"
port: "389"
ldaps:
enabled: false
listen:
address: "0.0.0.0"
port: "636"
tls:
cert_file: "certs/server.crt"
key_file: "certs/server.key"
glauth_defaults_backends: {}
# config:
# base_dn: "dc=glauth,dc=com"
# name_format: "cn"
# group_format: "ou"
# insecure: true
# servers: []
# sshkeyattr: ""
# use_graph_api: false
# plugin: ""
# plugin_handler: ""
# database: ""
# anonymous_dse: ""
# sqlite:
# base_dn:
# database: ""
# mysql:
# database: "glauth:glauth@tcp(192.168.1.22:3306)/glauth"
# postgres:
# database: "host=192.168.1.22 port=5432 dbname=glauth user=glauth password=glauth sslmode=disable"
# ldap:
# servers:
# - "ldaps://server1:636"
# - "ldaps://server2:636"
# # Ignore SSL certificate errors when connecting to backend LDAP servers.
# insecure: true
# plugin: {}
glauth_defaults_frontends:
allowed_base_dn: ""
listen:
address: "0.0.0.0"
port: 0
tls:
enabled: false
cert_file: "certs/server.crt"
key_file: "certs/server.key"
glauth_defaults_users: {}
# admin:
# enabled: true
# given_name: Admin
# sn: ""
# mail: ""
# uid: 6000
# primary_group: 6000
# other_groups: []
# pass:
# to create a passSHA256: echo -n "mysecret" | openssl dgst -sha256
# sha256: ""
# sha256_apps: []
# bcrypt: ""
# bcrypt_apps: []
# ssh_keys: []
# otp_secret: ""
# yubikey: ""
# login_shell: ""
# home_dir: ""
# capabilities:
# search:
# object: ""
# custom_attrs: {}
glauth_defaults_groups: {}
glauth_defaults_behaviors:
ignore_capabilities: false
limit_failed_binds: true
number_of_failed_binds: 3
period_of_failed_binds: 10
block_failed_binds_for: 60
prune_source_table_every: 600
prune_sources_older_than: 600
glauth_defaults_api:
enabled: false
listen:
address: "127.0.0.1"
port: "5555"
tls:
enabled: false
cert_file: "certs/server.crt"
key_file: "certs/server.key"
internals: true
secret_token: ""
glauth_defaults_helper:
enabled: true
base_dn: ""
datastore: ""
plugin: "" # Path to plugin library, for plugin backend only
plugin_handler: "" # Name of plugin's main handler function
database: "" # For MySQL backend only TODO REname to match plugin
# ----------------------------------------------------------------------------------------
glauth_defaults_directory: /etc/default
glauth_plugins: []
go_arch_map:
x86_64: 'amd64'
aarch64: 'arm64'
armv7l: 'armv7'
armv6l: 'armv6'
system_architecture: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
systemd_lib_directory: /lib/systemd/system
...