Merge branch 'master' of github.com:kevinveenbirkenbach/cymais

group_vars/all

@@ -245,11 +245,14 @@ keycloak_version:                 "latest"
 keycloak_administrator_username:  "{{administrator_username}}"
 
 #### LDAP
-ldap_version:                         "latest"
-ldap_admin_version:                   "2.0.0-dev"   # @todo Attention: Change this as fast as released to latest
+ldap_lam_version:                     "latest"
+ldap_openldap_version:                "latest"
+ldap_phpldapadmin_version:            "2.0.0-dev"                               # @todo Attention: Change this as fast as released to latest
+ldap_webinterface:                    "lam"                                     # The webinterface which should be used. Possible: lam and phpldapadmin
 ldap_administrator_username:          "{{administrator_username}}"
 ldap_administrator_password:          "{{user_administrator_initial_password}}" #CHANGE for security reasons
 ldap_administrator_database_password: "{{user_administrator_initial_password}}" #CHANGE for security reasons
+ldap_lam_administrator_password:      "{{user_administrator_initial_password}}" #CHANGE for security reasons
 
 #### Listmonk
 listmonk_admin_username:          "{{administrator_username}}"

roles/docker-ldap/README.md

@@ -38,8 +38,8 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
 | `cert_mount_directory`        | Directory to mount SSL/TLS certificates.                | `{{docker_compose_instance_directory}}/certs/` |
 | `ldap_administrator_username` | Username for the LDAP admin.                            | `admin`                              |
 | `ldap_administrator_password` | Password for the LDAP admin.                            | _Required_                           |
-| `ldap_admin_version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
-| `ldap_version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
+| `ldap_phpldapadmin_version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
+| `ldap_openldap_version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
 
 ---
 
@@ -75,8 +75,8 @@ Here’s an example playbook to use this role:
         primary_domain_tld: "world"
         ldap_administrator_username: "administrator"
         ldap_administrator_password: "secure_password_here"
-        ldap_admin_version: "latest"
-        ldap_version: "latest"
+        ldap_phpldapadmin_version: "latest"
+        ldap_openldap_version: "latest"
 ```
 
 ### **Steps to Deploy:**

roles/docker-ldap/templates/docker-compose.yml.j2

@@ -1,6 +1,30 @@
 services:
+{% if ldap_webinterface == 'lam' %}
+  lam:
+    image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}}  # Dies ist das Docker-Image für LAM
+    container_name: lam
+    logging:
+      driver: journald
+    restart: {{docker_restart_policy}}
+    ports:
+      - 127.0.0.1:{{http_port}}:80 
+    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
+      
+      # Basic Configuration   
+      LAM_PASSWORD:       {{ldap_lam_administrator_password}}       # LAM configuration master password and password for server profile "lam
+      
+      # Database
+      LAM_CONFIGURATION_DATABASE: files                              # configuration database (files or mysql) @todo implement mariadb
+
+      # LDAP Configuration
+      LDAP_SERVER:         ldap://openldap:389                       # LDAP server URL
+      LDAP_DOMAIN:         {{domain}}                                # domain of LDAP database root entry, will be converted to dc=...,dc=...
+      LDAP_BASE_DN:        {{ldap_root}}                             # LDAP base DN to overwrite value generated by LDAP_DOMAIN
+      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
+      LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}}  # LDAP admin password
+{% elif ldap_webinterface == 'phpldapadmin' %}
   phpldapadmin:
-    image: leenooks/phpldapadmin:{{ldap_admin_version}}
+    image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
@@ -10,8 +34,9 @@ services:
       # @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
       APP_URL:    https://{{domain}}
       LDAP_HOST:  openldap
+{% endif %}
   openldap:
-    image: bitnami/openldap:{{ldap_version}}
+    image: bitnami/openldap:{{ldap_openldap_version}}
     logging:
       driver: journald
     restart: {{docker_restart_policy}}
@@ -23,7 +48,7 @@ services:
       
       # GENERAL
       ## Database
-      LDAP_ADMIN_USERNAME:        {{ldap_administrator_username}} # LDAP database admin user.
+      LDAP_ADMIN_USERNAME:        {{ldap_administrator_username}}          # LDAP database admin user.
       LDAP_ADMIN_PASSWORD:        {{ldap_administrator_database_password}} # LDAP database admin password.
       
       ## Users

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -24,7 +24,7 @@ services:
       - "127.0.0.1:{{ http_port }}:80"
       - "{{ ip4_address }}:25:25"
       - "{{ ip4_address }}:465:465"
-      - "{{ ip4_address }}:{{system_email_smtp_port}}:{{system_email_smtp_port}}"
+      - "{{ ip4_address }}:587:587"
       - "{{ ip4_address }}:110:110"
       - "{{ ip4_address }}:995:995"
       - "{{ ip4_address }}:143:143"

roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh

@@ -12,6 +12,12 @@ docker_compose_instance_directory="$2"
 
 # Copy certificates
 cp -RvL "/etc/letsencrypt/live/$domain/"* "$docker_compose_instance_directory/certs" || exit 1
+
+# This code is optimized for mailu
+cp -v "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_instance_directory/certs/key.pem" || exit 1
+cp -v "/etc/letsencrypt/live/$domain/fullchain.pem" "$docker_compose_instance_directory/certs/cert.pem" || exit 1
+
+# Set correct reading rights
 chmod a+r -v "$docker_compose_instance_directory/certs/"*
 
 # Flag to track if any Nginx reload was successful