feat: add ldapauth for nginx
- add service, defaults and script
This commit is contained in:
@@ -0,0 +1,72 @@
|
||||
class profiles::nginx::ldapauth (
|
||||
Stdlib::AbsolutePath $bin_path = '/usr/local/bin/nginx-ldap-auth',
|
||||
Stdlib::AbsolutePath $env_path = '/etc/default/nginx-ldap-auth',
|
||||
String $user = 'nginx-ldap-auth',
|
||||
String $group = 'nginx-ldap-auth',
|
||||
Boolean $systempkgs = false,
|
||||
String $version = 'system',
|
||||
Hash $packages = {
|
||||
'python3.11-ldap' => { ensure => 'present' }
|
||||
}
|
||||
){
|
||||
|
||||
|
||||
if $::facts['python3_version'] {
|
||||
|
||||
$python_version = $version ? {
|
||||
'system' => $::facts['python3_version'],
|
||||
default => $version,
|
||||
}
|
||||
|
||||
ensure_resources('package', $packages)
|
||||
|
||||
# Deploy the default configuration file using a template
|
||||
file { $env_path:
|
||||
ensure => file,
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth.default.erb'),
|
||||
}
|
||||
|
||||
# Deploy the daemon script using a template
|
||||
file { $bin_path:
|
||||
ensure => file,
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth-daemon.py.erb'),
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
# Manage user and group
|
||||
group { $group:
|
||||
ensure => present,
|
||||
system => true,
|
||||
}
|
||||
|
||||
user { $user:
|
||||
ensure => present,
|
||||
comment => 'nginx-ldap-auth helper',
|
||||
gid => $group,
|
||||
shell => '/sbin/nologin',
|
||||
system => true,
|
||||
require => Group[$group],
|
||||
}
|
||||
|
||||
# Create log directory for nginx-ldap-auth
|
||||
file { '/var/log/nginx-ldap-auth':
|
||||
ensure => directory,
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0755',
|
||||
require => User[$user],
|
||||
}
|
||||
|
||||
# Ensure the systemd service is enabled and started
|
||||
systemd::unit_file { 'nginx-ldap-auth.service':
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth.service.erb'),
|
||||
enable => true,
|
||||
active => true,
|
||||
require => [
|
||||
File[$bin_path],
|
||||
File[$env_path],
|
||||
User[$user],
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user