diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-02-01 00:16:50 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-02-01 00:16:50 +0100 |
commit | 293a33b6cd9c15a9955a3c1ca4c365c7423a0393 (patch) | |
tree | 1dca1d3f7081e85ed060a7dc5a2341d16b07b515 | |
parent | apps/whawty/auth: add ldap listener (diff) |
apps/whawty/auth: revamp port configuration
4 files changed, 15 insertions, 11 deletions
diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml index 63d15eb9..2e95cd1d 100644 --- a/inventory/host_vars/ch-apps/whawty.yml +++ b/inventory/host_vars/ch-apps/whawty.yml @@ -14,7 +14,7 @@ whawty_auth_instances: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsY3QIaN/S05EHZ9IF6GWgXG0wAh5qAxgQAq7ZLtNP8 whawty-auth-sync-chaos-at-home@ch-http-proxy - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHoyvg0McwpPFAT642lm9MIGG2/6Hi+hFe8IvmroDar whawty-auth-sync-chaos-at-home@ch-pan ldap: - port: 3636 + port: 636 hostnames: - ldap.chaos-at-home.org tls: diff --git a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 index 12a83905..2ac01cb3 100644 --- a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 @@ -1,6 +1,6 @@ https: listen: - - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" + - ":1080" tls: certificate: /tls/publish-crt.pem certificate-key: /tls/publish-key.pem @@ -9,16 +9,16 @@ https: {% if 'ldap' in whawty_auth_instances[whawty_auth_instance] %} {% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} ldaps: -{% else %} -ldap: -{% endif %} listen: - - ":{{ whawty_auth_instances[whawty_auth_instance].ldap.port }}" -{% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} + - ":1636" tls: certificate: /tls/ldap-crt.pem certificate-key: /tls/ldap-key.pem min-protocol-version: "TLSv1.3" prefer-server-ciphers: true +{% else %} +ldap: + listen: + - ":1389" {% endif %} {% endif %} diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 index 4b75a346..7c1d3be5 100644 --- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -22,13 +22,17 @@ containers: - name: store mountPath: /store ports: - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }} + - containerPort: 1080 hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }} {% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %} hostIP: "127.0.0.1" {% endif %} {% if 'ldap' in whawty_auth_instances[whawty_auth_instance] %} - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }} +{% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} + - containerPort: 1636 +{% else %} + - containerPort: 1389 +{% endif %} hostPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }} {% endif %} {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} @@ -44,7 +48,7 @@ containers: mountPath: /store readOnly: true ports: - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} + - containerPort: 2222 hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} {% endif %} volumes: diff --git a/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 index 65a11d80..b86eda36 100644 --- a/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 +++ b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 @@ -1,4 +1,4 @@ -Port {{ whawty_auth_instances[whawty_auth_instance].sync.port }} +Port 2222 ListenAddress 0.0.0.0 ListenAddress :: |