7 files changed, 18 insertions, 18 deletions

diff --git a/files/chaos-at-home/bind-zones/db.chaos-at-home.org b/files/chaos-at-home/bind-zones/db.chaos-at-home.org
index d074a48c..c091743f 100644
--- a/files/chaos-at-home/bind-zones/db.chaos-at-home.org
+++ b/files/chaos-at-home/bind-zones/db.chaos-at-home.org
@@ -2,7 +2,7 @@ $origin chaos-at-home.org.
 $TTL 1h
 
 @                     SOA  	ns0  hostmaster (
-                                2024012600
+                                2024013100
                                 1h
                                 15m
                                 30d
@@ -67,7 +67,6 @@ jump           600    CNAME   magenta.jump
 web            600    CNAME   magenta.web
 mail           600    CNAME   magenta.mail
 passwd         600    CNAME   magenta.passwd
-passwd-ng      600    CNAME   magenta.passwd
 login          600    CNAME   magenta.login
 node-red       600    CNAME   magenta.node-red
 
@@ -78,6 +77,7 @@ caldav                CNAME   web
 ; TODO: internal service should only be resolvable from within chaos-at-home network
 mon                   A       192.168.32.230
 greenbone             A       192.168.32.231
+ldap                  A       192.168.32.1
 
 ; old: clean this up as soon as everything is moved to caldav
 webdav                CNAME   web
diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml
index 076b8074..cbb08903 100644
--- a/inventory/host_vars/ch-apps/whawty.yml
+++ b/inventory/host_vars/ch-apps/whawty.yml
@@ -5,7 +5,7 @@ _whawty_auth_zfs_base_:
 
 whawty_auth_instances:
   passwd.chaos-at-home.org:
-    version: 0.2
+    version: 0.3-rc1
     port: 3080
     store: "{{ whawty_auth_store__chaos_at_home }}"
     sync:
diff --git a/roles/apps/whawty/auth/defaults/main.yml b/roles/apps/whawty/auth/defaults/main.yml
index a7f2dea8..8f203802 100644
--- a/roles/apps/whawty/auth/defaults/main.yml
+++ b/roles/apps/whawty/auth/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # whawty_auth_instances:
 #   test:
-#     version: 0.2-rc9
+#     version: 0.3-rc1
 #     port: 3080
 #     store:
 #       default: 1
diff --git a/roles/apps/whawty/auth/instance/tasks/main.yml b/roles/apps/whawty/auth/instance/tasks/main.yml
index ece9fd14..8bada57c 100644
--- a/roles/apps/whawty/auth/instance/tasks/main.yml
+++ b/roles/apps/whawty/auth/instance/tasks/main.yml
@@ -62,10 +62,10 @@
   include_role:
     name: "x509/{{ whawty_auth_instances[whawty_auth_instance].publish.zone.certificate_provider }}/cert"
 
-- name: generate app web config
+- name: generate app listener config
   template:
-    src: web.yml.j2
-    dest: "{{ whawty_auth_instance_basepath }}/config/web.yml"
+    src: listener.yml.j2
+    dest: "{{ whawty_auth_instance_basepath }}/config/listener.yml"
     mode: 0400
     owner: app
 
@@ -106,7 +106,7 @@
   vars:
     whawty_auth_instance_config_hash_items__yaml: |
       - path: "{{ whawty_auth_instance_basepath }}/config/store.yml"
-      - path: "{{ whawty_auth_instance_basepath }}/config/web.yml"
+      - path: "{{ whawty_auth_instance_basepath }}/config/listener.yml"
       {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %}
       - path: "{{ whawty_auth_instance_basepath }}/sync/group"
       - path: "{{ whawty_auth_instance_basepath }}/sync/passwd"
diff --git a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 b/roles/apps/whawty/auth/instance/templates/listener.yml.j2
new file mode 100644
index 00000000..a69bdc58
--- /dev/null
+++ b/roles/apps/whawty/auth/instance/templates/listener.yml.j2
@@ -0,0 +1,8 @@
+https:
+  listen:
+  - ":{{ whawty_auth_instances[whawty_auth_instance].port }}"
+  tls:
+    certificate: /tls/publish-crt.pem
+    certificate-key: /tls/publish-key.pem
+    min-protocol-version: "TLSv1.3"
+    prefer-server-ciphers: true
diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
index 99c6e733..01a956cc 100644
--- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
+++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2
@@ -7,10 +7,8 @@ containers:
   image: "ghcr.io/whawty/auth/app:v{{ whawty_auth_instances[whawty_auth_instance].version }}"
   args:
   - "run"
-  - "--web-addr"
-  - ":{{ whawty_auth_instances[whawty_auth_instance].port }}"
-  - "--web-config"
-  - "/config/web.yml"
+  - "--listener"
+  - "/config/listener.yml"
   env:
   - name: "WHAWTY_AUTH_STORE_CONFIG"
     value: "/config/store.yml"
diff --git a/roles/apps/whawty/auth/instance/templates/web.yml.j2 b/roles/apps/whawty/auth/instance/templates/web.yml.j2
deleted file mode 100644
index d7f35f2e..00000000
--- a/roles/apps/whawty/auth/instance/templates/web.yml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
----
-tls:
-  certificate: /tls/publish-crt.pem
-  certificate-key: /tls/publish-key.pem
-  min-protocol-version: "TLSv1.3"
-  prefer-server-ciphers: true