kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-03 15:42:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/docker-snipe-it/tasks/ldap.yml

107 lines
3.9 KiB
YAML
Raw Blame History

# @See https://raw.githubusercontent.com/snipe/snipe-it/master/app/Models/Setting.php
---
- name: "Wait until the Snipe-IT Login is available"
uri:
url: "{{ snipe_it_url }}/login"
method: GET
return_content: no
status_code: 200
register: snipeit_admin_check
retries: 30
delay: 5
until: snipeit_admin_check.status == 200
when: not ( applications | is_feature_enabled('oauth2', application_id))
- name: "Debug: show APP_KEY in container shell"
shell: |
docker-compose exec -T \
-u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
application \
sh -c 'echo "SHELL sees APP_KEY=$APP_KEY"'
args:
chdir: "/opt/docker/snipe-it/"
- name: "Debug: show APP_KEY in container shell"
shell: |
docker-compose exec -T -u www-data \
-e XDG_CONFIG_HOME=/tmp \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
application \
php artisan tinker --execute="echo 'CONFIG app.key: ' . config('app.key') . PHP_EOL;"
args:
chdir: "/opt/docker/snipe-it/"
- name: "Set all LDAP settings via Laravel Setting model (inside container as www-data)"
shell: |
docker-compose exec -T \
-e APP_KEY='{{ applications[application_id].credentials.app_key }}' \
-e XDG_CONFIG_HOME=/tmp \
-u www-data application \
sh -c 'php artisan tinker << "EOF"
$s = \App\Models\Setting::getSettings();
$s->ldap_enabled = 1;
$s->ldap_server = "{{ ldap.server.uri }}";
$s->ldap_port = {{ ldap.server.port }};
$s->ldap_uname = "{{ ldap.dn.administrator.data }}";
$s->ldap_pword = "{{ ldap.bind_credential }}";
$s->ldap_basedn = "{{ ldap.dn.users }}";
$s->ldap_filter = "&(objectClass=inetOrgPerson)";
$s->ldap_username_field = "{{ ldap.attributes.user_id }}";
$s->ldap_fname_field = "{{ ldap.attributes.firstname }}";
$s->ldap_lname_field = "{{ ldap.attributes.surname }}";
$s->ldap_auth_filter_query = "uid=";
$s->ldap_version = 3;
$s->ldap_pw_sync = 0;
$s->is_ad = 0;
$s->ad_domain = "";
$s->ldap_default_group = "";
$s->ldap_email = "{{ ldap.attributes.mail }}";
$s->custom_forgot_pass_url = "{{ oidc.client.reset_credentials }}";
$s->save();
EOF'
args:
chdir: "{{ docker_compose.directories.instance }}"
register: ldap_tinker
failed_when: >
ldap_tinker.stdout_lines is not defined
or ldap_tinker.stdout_lines[0] != '= true'
changed_when: >
ldap_tinker.stdout_lines is defined
and ldap_tinker.stdout_lines[0] == '= true'
notify: docker compose up
- name: Encrypt & save LDAP bind password via Crypt + DB façade
shell: |
docker-compose exec -T \
-u www-data \
-e APP_KEY="{{ applications[application_id].credentials.app_key }}" \
-e XDG_CONFIG_HOME=/tmp \
application \
php artisan tinker --execute="
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\DB;
/* encrypt the clear-text password */
\$encrypted = Crypt::encrypt('{{ ldap.bind_credential }}');
/* write it straight into settings.ldap_pword */
/* update the one and only row in `settings` */
DB::table('settings')->update([
'ldap_pword' => \$encrypted
]);
echo 'Stored: ' . \$encrypted . PHP_EOL;
"
args:
chdir: "/opt/docker/snipe-it/"
register: ldap_encrypt
failed_when: ldap_encrypt.rc != 0
- name: "Clear Laravel config & cache (inside container as www-data)"
shell: |
docker-compose exec -T -u www-data application php artisan config:clear
docker-compose exec -T -u www-data application php artisan cache:clear
args:
chdir: "{{ docker_compose.directories.instance }}"
notify: docker compose up
Reference in New Issue View Git Blame Copy Permalink