From b168f3f3e267f17b6a435cec5c145e4a67caca12 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 1 Feb 2024 00:03:13 +0100
Subject: apps/whawty/auth: add ldap listener

---
 inventory/host_vars/ch-apps/whawty.yml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'inventory/host_vars/ch-apps')

diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml
index cbb08903..63d15eb9 100644
--- a/inventory/host_vars/ch-apps/whawty.yml
+++ b/inventory/host_vars/ch-apps/whawty.yml
@@ -5,7 +5,7 @@ _whawty_auth_zfs_base_:
 
 whawty_auth_instances:
   passwd.chaos-at-home.org:
-    version: 0.3-rc1
+    version: 0.3-rc2
     port: 3080
     store: "{{ whawty_auth_store__chaos_at_home }}"
     sync:
@@ -13,6 +13,31 @@ whawty_auth_instances:
       authorized_keys:
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsY3QIaN/S05EHZ9IF6GWgXG0wAh5qAxgQAq7ZLtNP8 whawty-auth-sync-chaos-at-home@ch-http-proxy
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHoyvg0McwpPFAT642lm9MIGG2/6Hi+hFe8IvmroDar whawty-auth-sync-chaos-at-home@ch-pan
+    ldap:
+      port: 3636
+      hostnames:
+      - ldap.chaos-at-home.org
+      tls:
+        certificate_provider: static-ca
+        certificate_config:
+          ca:
+            key_content: "{{ chaos_at_home_internal_ca_key }}"
+            cert_content: "{{ chaos_at_home_internal_ca_cert }}"
+          key:
+            type: RSA
+            size: 4096
+          cert:
+            key_usage:
+            - digitalSignature
+            - keyAgreement
+            key_usage_critical: yes
+            extended_key_usage:
+            - serverAuth
+            extended_key_usage_critical: yes
+            create_subject_key_identifier: yes
+            not_before: +0h
+            not_after: +365d
+            renew_margin: +70d
     storage:
       type: zfs
       parent: "{{ _whawty_auth_zfs_base_ }}"
-- 
cgit v1.2.3