diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-01-31 22:14:19 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-01-31 22:14:19 +0100 |
commit | 772a7ce546155262c25c026001b80a36edb7f180 (patch) | |
tree | 12d4ead6540940e1145560a862413f53b7ada565 | |
parent | switch to whawty-auth 0.2 (diff) |
apps/whawty: switch to new 0.3 release candidate
7 files changed, 18 insertions, 18 deletions
diff --git a/files/chaos-at-home/bind-zones/db.chaos-at-home.org b/files/chaos-at-home/bind-zones/db.chaos-at-home.org index d074a48c..c091743f 100644 --- a/files/chaos-at-home/bind-zones/db.chaos-at-home.org +++ b/files/chaos-at-home/bind-zones/db.chaos-at-home.org @@ -2,7 +2,7 @@ $origin chaos-at-home.org. $TTL 1h @ SOA ns0 hostmaster ( - 2024012600 + 2024013100 1h 15m 30d @@ -67,7 +67,6 @@ jump 600 CNAME magenta.jump web 600 CNAME magenta.web mail 600 CNAME magenta.mail passwd 600 CNAME magenta.passwd -passwd-ng 600 CNAME magenta.passwd login 600 CNAME magenta.login node-red 600 CNAME magenta.node-red @@ -78,6 +77,7 @@ caldav CNAME web ; TODO: internal service should only be resolvable from within chaos-at-home network mon A 192.168.32.230 greenbone A 192.168.32.231 +ldap A 192.168.32.1 ; old: clean this up as soon as everything is moved to caldav webdav CNAME web diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml index 076b8074..cbb08903 100644 --- a/inventory/host_vars/ch-apps/whawty.yml +++ b/inventory/host_vars/ch-apps/whawty.yml @@ -5,7 +5,7 @@ _whawty_auth_zfs_base_: whawty_auth_instances: passwd.chaos-at-home.org: - version: 0.2 + version: 0.3-rc1 port: 3080 store: "{{ whawty_auth_store__chaos_at_home }}" sync: diff --git a/roles/apps/whawty/auth/defaults/main.yml b/roles/apps/whawty/auth/defaults/main.yml index a7f2dea8..8f203802 100644 --- a/roles/apps/whawty/auth/defaults/main.yml +++ b/roles/apps/whawty/auth/defaults/main.yml @@ -1,7 +1,7 @@ --- # whawty_auth_instances: # test: -# version: 0.2-rc9 +# version: 0.3-rc1 # port: 3080 # store: # default: 1 diff --git a/roles/apps/whawty/auth/instance/tasks/main.yml b/roles/apps/whawty/auth/instance/tasks/main.yml index ece9fd14..8bada57c 100644 --- a/roles/apps/whawty/auth/instance/tasks/main.yml +++ b/roles/apps/whawty/auth/instance/tasks/main.yml @@ -62,10 +62,10 @@ include_role: name: "x509/{{ whawty_auth_instances[whawty_auth_instance].publish.zone.certificate_provider }}/cert" -- name: generate app web config +- name: generate app listener config template: - src: web.yml.j2 - dest: "{{ whawty_auth_instance_basepath }}/config/web.yml" + src: listener.yml.j2 + dest: "{{ whawty_auth_instance_basepath }}/config/listener.yml" mode: 0400 owner: app @@ -106,7 +106,7 @@ vars: whawty_auth_instance_config_hash_items__yaml: | - path: "{{ whawty_auth_instance_basepath }}/config/store.yml" - - path: "{{ whawty_auth_instance_basepath }}/config/web.yml" + - path: "{{ whawty_auth_instance_basepath }}/config/listener.yml" {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} - path: "{{ whawty_auth_instance_basepath }}/sync/group" - path: "{{ whawty_auth_instance_basepath }}/sync/passwd" diff --git a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 new file mode 100644 index 00000000..a69bdc58 --- /dev/null +++ b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 @@ -0,0 +1,8 @@ +https: + listen: + - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" + tls: + certificate: /tls/publish-crt.pem + certificate-key: /tls/publish-key.pem + min-protocol-version: "TLSv1.3" + prefer-server-ciphers: true diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 index 99c6e733..01a956cc 100644 --- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -7,10 +7,8 @@ containers: image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}" args: - "run" - - "--web-addr" - - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" - - "--web-config" - - "/config/web.yml" + - "--listener" + - "/config/listener.yml" env: - name: "WHAWTY_AUTH_STORE_CONFIG" value: "/config/store.yml" diff --git a/roles/apps/whawty/auth/instance/templates/web.yml.j2 b/roles/apps/whawty/auth/instance/templates/web.yml.j2 deleted file mode 100644 index d7f35f2e..00000000 --- a/roles/apps/whawty/auth/instance/templates/web.yml.j2 +++ /dev/null @@ -1,6 +0,0 @@ ---- -tls: - certificate: /tls/publish-crt.pem - certificate-key: /tls/publish-key.pem - min-protocol-version: "TLSv1.3" - prefer-server-ciphers: true |