From 293a33b6cd9c15a9955a3c1ca4c365c7423a0393 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 1 Feb 2024 00:16:50 +0100 Subject: apps/whawty/auth: revamp port configuration --- roles/apps/whawty/auth/instance/templates/listener.yml.j2 | 12 ++++++------ roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 | 10 +++++++--- .../apps/whawty/auth/instance/templates/sync-sshd_config.j2 | 2 +- 3 files changed, 14 insertions(+), 10 deletions(-) (limited to 'roles/apps/whawty') diff --git a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 index 12a83905..2ac01cb3 100644 --- a/roles/apps/whawty/auth/instance/templates/listener.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/listener.yml.j2 @@ -1,6 +1,6 @@ https: listen: - - ":{{ whawty_auth_instances[whawty_auth_instance].port }}" + - ":1080" tls: certificate: /tls/publish-crt.pem certificate-key: /tls/publish-key.pem @@ -9,16 +9,16 @@ https: {% if 'ldap' in whawty_auth_instances[whawty_auth_instance] %} {% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} ldaps: -{% else %} -ldap: -{% endif %} listen: - - ":{{ whawty_auth_instances[whawty_auth_instance].ldap.port }}" -{% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} + - ":1636" tls: certificate: /tls/ldap-crt.pem certificate-key: /tls/ldap-key.pem min-protocol-version: "TLSv1.3" prefer-server-ciphers: true +{% else %} +ldap: + listen: + - ":1389" {% endif %} {% endif %} diff --git a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 index 4b75a346..7c1d3be5 100644 --- a/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 +++ b/roles/apps/whawty/auth/instance/templates/pod-spec.yml.j2 @@ -22,13 +22,17 @@ containers: - name: store mountPath: /store ports: - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].port }} + - containerPort: 1080 hostPort: {{ whawty_auth_instances[whawty_auth_instance].port }} {% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %} hostIP: "127.0.0.1" {% endif %} {% if 'ldap' in whawty_auth_instances[whawty_auth_instance] %} - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }} +{% if 'tls' in whawty_auth_instances[whawty_auth_instance].ldap %} + - containerPort: 1636 +{% else %} + - containerPort: 1389 +{% endif %} hostPort: {{ whawty_auth_instances[whawty_auth_instance].ldap.port }} {% endif %} {% if 'sync' in whawty_auth_instances[whawty_auth_instance] %} @@ -44,7 +48,7 @@ containers: mountPath: /store readOnly: true ports: - - containerPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} + - containerPort: 2222 hostPort: {{ whawty_auth_instances[whawty_auth_instance].sync.port }} {% endif %} volumes: diff --git a/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 index 65a11d80..b86eda36 100644 --- a/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 +++ b/roles/apps/whawty/auth/instance/templates/sync-sshd_config.j2 @@ -1,4 +1,4 @@ -Port {{ whawty_auth_instances[whawty_auth_instance].sync.port }} +Port 2222 ListenAddress 0.0.0.0 ListenAddress :: -- cgit v1.2.3