Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

2025-08-29 15:06:26 +02:00 · 2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
--- a/roles/web-app-lam/README.md
+++ b/roles/web-app-lam/README.md
@@ -0,0 +1,20 @@
+# LAM
+
+## Description
+
+Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for administering LDAP directories. LAM offers an intuitive web interface for managing users, groups, and other LDAP objects, making directory operations both efficient and secure.
+
+## Overview
+
+This role deploys LAM in a Docker environment and integrates it with an Nginx reverse proxy to provide secure access. It leverages environment variable templates to configure LDAP connection settings and administrative credentials, ensuring a smooth and customizable installation of LDAP Account Manager.
+
+## Features
+
+- **User-Friendly Interface:** Easily manage LDAP directories through an intuitive web-app-based interface.
+- **Customizable Deployment:** Configure LDAP settings and LAM’s administrative credentials via flexible environment variables.
+- **Secure Access:** Utilize Nginx reverse proxy integration to safeguard your management interface.
+- **Efficient Administration:** Streamline the handling of LDAP objects such as users, groups, and organizational units.
+
+## Further Resources
+
+- [LDAP Account Manager Official Website](https://www.ldap-account-manager.org/)
--- a/roles/web-app-lam/meta/main.yml
+++ b/roles/web-app-lam/meta/main.yml
@@ -0,0 +1,24 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Elevate your LDAP directory management with LAM (LDAP Account Manager), a powerful solution for efficient administration of LDAP directories."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - lam
+    - ldap
+    - docker
+    - management
+    - directory
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+  logo:
+    class: "fa-solid fa-network-wired"
+  run_after:  
+      - web-app-keycloak
+dependencies: []
--- a/roles/web-app-lam/meta/schema.yml
+++ b/roles/web-app-lam/meta/schema.yml
@@ -0,0 +1,5 @@
+credentials:
+  administrator_password:
+    description: "Initial password for the LAM administrator"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
--- a/roles/web-app-lam/tasks/main.yml
+++ b/roles/web-app-lam/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
+
+- name: "include role webserver-proxy-domain for {{application_id}}"
+  include_role:
+    name: webserver-proxy-domain
+  vars:
+    domain:   "{{ domains | get_domain(application_id) }}"
+    http_port:   "{{ ports.localhost.http[application_id] }}"
--- a/roles/web-app-lam/templates/docker-compose.yml.j2
+++ b/roles/web-app-lam/templates/docker-compose.yml.j2
@@ -0,0 +1,11 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  application:
+    container_name: {{ application_id }}
+    image: "{{ applications[application_id].images.lam }}"
+    ports:
+      - 127.0.0.1:{{ports.localhost.http[application_id]}}:80 
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-lam/templates/env.j2
+++ b/roles/web-app-lam/templates/env.j2
@@ -0,0 +1,14 @@
+# See all variables here: 
+# https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
+      
+# Basic Configuration   
+LAM_PASSWORD=               {{applications[application_id].credentials.administrator_password}}    # LAM configuration master password and password for server profile "lam
+     
+# Database
+LAM_CONFIGURATION_DATABASE= files                                               # configuration database (files or mysql) @todo implement mariadb
+
+# LDAP Configuration
+LDAP_SERVER=                {{ldap.server.domain}}                              # domain of LDAP database root entry
+LDAP_BASE_DN=               {{ldap.dn.root}}                                    # LDAP base DN to overwrite value generated by LDAP_DOMAIN
+LDAP_USER=                  {{ldap.dn.administrator.data}}                           # LDAP admin user (set as login user for LAM)
+LDAP_ADMIN_PASSWORD=        {{ldap.bind_credential}}                            # LDAP admin password
--- a/roles/web-app-lam/vars/configuration.yml
+++ b/roles/web-app-lam/vars/configuration.yml
@@ -0,0 +1,25 @@
+images:
+  lam:                          "ghcr.io/ldapaccountmanager/lam:latest"
+oauth2_proxy:
+  application:                  application
+  port:                         80
+features:
+  matomo:                       true
+  css:                          true
+  portfolio_iframe:             true
+  ldap:                         true
+  central_database:             false
+  oauth2:                       false
+csp:
+  flags:
+    style-src:
+      unsafe-inline:            true
+    script-src-elem:
+      unsafe-inline:            true
+      unsafe-eval:              true
+    script-src:
+      unsafe-inline:            true
+domains:
+  aliases:
+    - "ldap.{{primary_domain}}"
+
--- a/roles/web-app-lam/vars/main.yml
+++ b/roles/web-app-lam/vars/main.yml
@@ -0,0 +1 @@
+application_id: "lam"