diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:20:59 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:20:59 +0100 |
| commit | f58cfcd50a9c1b0a22da477a54f7a6a7ef9cbe6c (patch) | |
| tree | 179577d022be9919c9182816eb4f32c1c87529d6 | |
| parent | finalize whawty/auth roles for now (diff) | |
add what-auth instance to ch-apn
| -rw-r--r-- | chaos-at-home/ch-pan.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ch-apps/whawty.yml | 1 | ||||
| -rw-r--r-- | inventory/host_vars/ch-pan.yml | 21 | ||||
| -rw-r--r-- | roles/whawty/auth/app/defaults/main.yml | 2 |
4 files changed, 25 insertions, 1 deletions
diff --git a/chaos-at-home/ch-pan.yml b/chaos-at-home/ch-pan.yml index bccd9ca5..29a4ae5c 100644 --- a/chaos-at-home/ch-pan.yml +++ b/chaos-at-home/ch-pan.yml @@ -18,6 +18,8 @@ - role: x509/acmetool/base - role: nginx/base - role: apt-repo/spreadspace + - role: whawty/auth/store + - role: whawty/auth/app - role: monitoring/prometheus/exporter - role: nginx/vhost nginx_vhost: diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml index a0ea111f..f47a9714 100644 --- a/inventory/host_vars/ch-apps/whawty.yml +++ b/inventory/host_vars/ch-apps/whawty.yml @@ -12,6 +12,7 @@ whawty_auth_instances: port: 3022 authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsY3QIaN/S05EHZ9IF6GWgXG0wAh5qAxgQAq7ZLtNP8 whawty-auth-sync-chaos-at-home@ch-http-proxy + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHoyvg0McwpPFAT642lm9MIGG2/6Hi+hFe8IvmroDar whawty-auth-sync-chaos-at-home@ch-pan storage: type: zfs parent: "{{ _whawty_auth_zfs_base_ }}" diff --git a/inventory/host_vars/ch-pan.yml b/inventory/host_vars/ch-pan.yml index fc87f374..16a43695 100644 --- a/inventory/host_vars/ch-pan.yml +++ b/inventory/host_vars/ch-pan.yml @@ -175,3 +175,24 @@ prometheus_job_multitarget_blackbox__probe: - instance: "https-pan.chaos-at-home.org" target: "https://pan.chaos-at-home.org" module: http_tls_2xx + + +whawty_auth_store_instances: + chaos-at-home: + config: "{{ whawty_auth_store__chaos_at_home | combine({'basedir': '/var/lib/whawty/auth/chaos-at-home'}) }}" + permissions: + file-mode: "0600" + dir-mode: "0700" + sync: + type: client + hostname: 192.168.32.1 + port: 3022 + user: sync + +whawty_auth_app_instances: + chaos-at-home: + store: chaos-at-home + listeners: + saslauthd: + sockets: + - /run/whawty/auth/chaos-at-home.sock diff --git a/roles/whawty/auth/app/defaults/main.yml b/roles/whawty/auth/app/defaults/main.yml index d1423a61..c5e8185a 100644 --- a/roles/whawty/auth/app/defaults/main.yml +++ b/roles/whawty/auth/app/defaults/main.yml @@ -9,7 +9,7 @@ whawty_auth_app_install_pam_module: no # listeners: # saslauthd: # sockets: -# - /var/run/whawty/auth.sock +# - /run/whawty/auth.sock # user: foo # group: bar # mode: 0600 |