Refactored application variables

2025-08-29 15:06:26 +02:00 · 2025-02-03 11:44:13 +01:00
parent ce13beff68
commit b11879650c
60 changed files with 294 additions and 255 deletions
--- a/roles/docker-ldap/README.md
+++ b/roles/docker-ldap/README.md
@@ -34,12 +34,12 @@ This Ansible role provides a streamlined implementation of an LDAP server with T
 |-------------------------------|----------------------------------------------------------|--------------------------------------|
 | `application_id` | Name of the Docker Compose project.                     | `ldap`                               |
 | `ldap_root`                   | Base DN for the LDAP directory.                         | `dc={{primary_domain_sld}},dc={{primary_domain_tld}}` |
-| `ldap_admin_dn`               | Distinguished Name (DN) for the LDAP administrator.     | `cn={{ldap_administrator_username}},{{ldap_root}}` |
+| `ldap_admin_dn`               | Distinguished Name (DN) for the LDAP administrator.     | `cn={{applications.ldap.administrator_username}},{{ldap_root}}` |
 | `cert_mount_directory`        | Directory to mount SSL/TLS certificates.                | `{{docker_compose_instance_directory}}/certs/` |
-| `ldap_administrator_username` | Username for the LDAP admin.                            | `admin`                              |
-| `ldap_administrator_password` | Password for the LDAP admin.                            | _Required_                           |
-| `ldap_phpldapadmin_version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
-| `ldap_openldap_version`                | Version of OpenLDAP Docker image.                       | `latest`                             |
+| `applications.ldap.administrator_username` | Username for the LDAP admin.                            | `admin`                              |
+| `applications.ldap.administrator_password` | Password for the LDAP admin.                            | _Required_                           |
+| `applications.ldap.phpldapadmin.version`          | Version of phpLDAPadmin Docker image.                   | `latest`                             |
+| `applications.ldap.openldap.version`                | Version of OpenLDAP Docker image.                       | `latest`                             |

 ---

@@ -73,10 +73,10 @@ Here’s an example playbook to use this role:
        docker_compose_instance_directory: "/opt/docker/ldap/"
        primary_domain_sld: "veen"
        primary_domain_tld: "world"
-        ldap_administrator_username: "administrator"
-        ldap_administrator_password: "secure_password_here"
-        ldap_phpldapadmin_version: "latest"
-        ldap_openldap_version: "latest"
+        applications.ldap.administrator_username: "administrator"
+        applications.ldap.administrator_password: "secure_password_here"
+        applications.ldap.phpldapadmin.version: "latest"
+        applications.ldap.openldap.version: "latest"
 ```

 ### **Steps to Deploy:**
@@ -114,7 +114,7 @@ The following directories are mounted in the container:
 ---

 ## 🔒 **Security Recommendations**
- Always use strong passwords for `ldap_administrator_password`.
+- Always use strong passwords for `applications.ldap.administrator_password`.
 - Restrict access to phpLDAPadmin by binding it to `127.0.0.1` or using a reverse proxy.

 ---
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@@ -11,13 +11,13 @@
    src:  "nginx.stream.conf.j2" 
    dest: "{{nginx.directories.streams}}{{domain}}.conf"
  notify: restart nginx
-  when: ldap_expose_to_internet | bool
+  when: applications.ldap.openldap.expose_to_internet | bool

 - name: Remove {{domain}}.conf if LDAP is not exposed to internet
  file:
    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
    state: absent
-  when: not ldap_expose_to_internet | bool
+  when: not applications.ldap.openldap.expose_to_internet | bool

 - name: "create {{docker_compose_instance_directory}}"
  file:
--- a/roles/docker-ldap/templates/docker-compose.yml.j2
+++ b/roles/docker-ldap/templates/docker-compose.yml.j2
@@ -2,19 +2,19 @@ services:

 {% include 'roles/docker-oauth2-proxy/templates/container.yml.j2' %}

-  {{ldap_webinterface}}:
-    container_name: {{ldap_webinterface}}
+  {{applications.ldap.webinterface}}:
+    container_name: {{applications.ldap.webinterface}}
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
-{% if ldap_webinterface == 'lam' %}
-    image: ghcr.io/ldapaccountmanager/lam:{{ldap_lam_version}}      # Dies ist das Docker-Image für LAM
+{% if applications.ldap.webinterface == 'lam' %}
+    image: ghcr.io/ldapaccountmanager/lam:{{applications.ldap.lam.version}}      # Dies ist das Docker-Image für LAM
    ports:
      - 127.0.0.1:{{http_port}}:80 
    environment:                                                    # See all variables here: https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env  
      
      # Basic Configuration   
-      LAM_PASSWORD:       {{ldap_lam_administrator_password}}       # LAM configuration master password and password for server profile "lam
+      LAM_PASSWORD:       {{applications.ldap.lam.administrator_password}}       # LAM configuration master password and password for server profile "lam
      
      # Database
      LAM_CONFIGURATION_DATABASE: files                              # configuration database (files or mysql) @todo implement mariadb
@@ -24,9 +24,9 @@ services:
      LDAP_DOMAIN:         {{domain}}                                # domain of LDAP database root entry, will be converted to dc=...,dc=...
      LDAP_BASE_DN:        {{ldap_root}}                             # LDAP base DN to overwrite value generated by LDAP_DOMAIN
      LDAP_USER:           {{ldap_admin_dn}}                         # LDAP admin user (set as login user for LAM)
-      LDAP_ADMIN_PASSWORD: {{ldap_administrator_database_password}}  # LDAP admin password
-{% elif ldap_webinterface == 'phpldapadmin' %}
-    image: leenooks/phpldapadmin:{{ldap_phpldapadmin_version}}
+      LDAP_ADMIN_PASSWORD: {{applications.ldap.administrator_database_password}}  # LDAP admin password
+{% elif applications.ldap.webinterface == 'phpldapadmin' %}
+    image: leenooks/phpldapadmin:{{applications.ldap.phpldapadmin.version}}
    ports:
      - 127.0.0.1:{{http_port}}:8080
    environment:
@@ -35,7 +35,7 @@ services:
      LDAP_HOST:  openldap
 {% endif %}
  openldap:
-    image: bitnami/openldap:{{ldap_openldap_version}}
+    image: bitnami/openldap:{{applications.ldap.openldap.version}}
    container_name: openldap
    logging:
      driver: journald
@@ -48,8 +48,8 @@ services:
      
      # GENERAL
      ## Database
-      LDAP_ADMIN_USERNAME:        {{ldap_administrator_username}}          # LDAP database admin user.
-      LDAP_ADMIN_PASSWORD:        {{ldap_administrator_database_password}} # LDAP database admin password.
+      LDAP_ADMIN_USERNAME:        {{applications.ldap.administrator_username}}          # LDAP database admin user.
+      LDAP_ADMIN_PASSWORD:        {{applications.ldap.administrator_database_password}} # LDAP database admin password.
      
      ## Users
      LDAP_USERS:                 ' '                             # Comma separated list of LDAP users to create in the default LDAP tree. Default: user01,user02
@@ -59,8 +59,8 @@ services:
      ## Admin
      LDAP_ADMIN_DN:              {{ldap_admin_dn}}               # Not well documented. Don't know if this has an effect
      LDAP_CONFIG_ADMIN_ENABLED:  yes
-      LDAP_CONFIG_ADMIN_USERNAME: {{ldap_administrator_username}}
-      LDAP_CONFIG_ADMIN_PASSWORD: {{ldap_administrator_password}}
+      LDAP_CONFIG_ADMIN_USERNAME: {{applications.ldap.administrator_username}}
+      LDAP_CONFIG_ADMIN_PASSWORD: {{applications.ldap.administrator_password}}
        
      # Network
      LDAP_PORT_NUMBER:           {{ldap_localhost_port}}         # Route to default port
@@ -73,7 +73,7 @@ services:
      - 'data:/bitnami/openldap'
    healthcheck:
      test: >
-        ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{ldap_administrator_database_password}}"
+        ldapsearch -x -H ldap://localhost:389 -b "{{ldap_root}}" -D "{{ldap_admin_dn}}" -w "{{applications.ldap.administrator_database_password}}"
      interval: 30s
      timeout: 10s
      retries: 3
--- a/roles/docker-ldap/vars/main.yml
+++ b/roles/docker-ldap/vars/main.yml
@@ -1,15 +1,14 @@
 application_id:               "ldap"
 ldap_root:                    "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
-ldap_admin_dn:                "cn={{ldap_administrator_username}},{{ldap_root}}"
+ldap_admin_dn:                "cn={{applications.ldap.administrator_username}},{{ldap_root}}"
 ldap_secure_localhost_port:   1636
 ldap_secure_internet_port:    636
 ldap_localhost_port:          389

 # OAuth2 Proxy Configuration
-oauth2_proxy_upstream_application_and_port: "{{ ldap_webinterface }}:{% if ldap_webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
+oauth2_proxy_upstream_application_and_port: "{{ applications.ldap.webinterface }}:{% if applications.ldap.webinterface == 'phpldapadmin' %}8080{% else %}80{% endif %}"
 oauth2_proxy_active:                        true

-
 enable_one_letsencrypt_cert_for_all:  false # Activate dedicated Certificate

 ldap_network_enabled:                 true  # Activate LDAP network