apps/whawty/auth: add ldap listener

2 files changed, 20 insertions, 0 deletions

diff --git a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 b/roles/apps/whawty/auth/instance/templates/listener.yml.j2
index a69bdc58..12a83905 100644
--- a/roles/apps/whawty/auth/instance/templates/listener.yml.j2
+++ b/roles/apps/whawty/auth/instance/templates/listener.yml.j2
@@ -6,3 +6,19 @@ https:
     certificate-key: /tls/publish-key.pem
     min-protocol-version: "TLSv1.3"
     prefer-server-ciphers: true
+{% if 'ldap' in whawty_auth_instances[whawty_auth_instance] %}
+{%   if 'tls' in  whawty_auth_instances[whawty_auth_instance].ldap %}
+ldaps:
+{%   else %}
+ldap:
+{%   endif %}
+  listen:
+  - ":{{ whawty_auth_instances[whawty_auth_instance].ldap.port }}"
+{%   if 'tls' in  whawty_auth_instances[whawty_auth_instance].ldap %}
+  tls:
+    certificate: /tls/ldap-crt.pem
+    certificate-key: /tls/ldap-key.pem
+    min-protocol-version: "TLSv1.3"
+    prefer-server-ciphers: true
+{%   endif %}
+{% endif %}
diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
index 01a956cc..4b75a346 100644
--- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
+++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
@@ -27,6 +27,10 @@ containers:
 {% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %}
     hostIP: "127.0.0.1"
 {% endif %}
+{% if 'ldap' in  whawty_auth_instances[whawty_auth_instance] %}
+  - containerPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }}
+    hostPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }}
+{% endif %}
 {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
 - name: sync
   image: "ghcr.io/whawty/auth/sync:v{{ whawty_auth_instances[whawty_auth_instance].version }}"