From 6e3802ad57c035d5acf15614c8bf1558276ebdde Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Mon, 1 Jul 2024 21:02:27 +1000 Subject: [PATCH] feat: add users/services/groups --- hieradata/roles/infra/auth/glauth.yaml | 85 ++++++++++++++++++++++++++ site/profiles/manifests/ldap/server.pp | 11 ++++ 2 files changed, 96 insertions(+) diff --git a/hieradata/roles/infra/auth/glauth.yaml b/hieradata/roles/infra/auth/glauth.yaml index 64de7e5..1a8a838 100644 --- a/hieradata/roles/infra/auth/glauth.yaml +++ b/hieradata/roles/infra/auth/glauth.yaml @@ -42,3 +42,88 @@ profiles::consul::client::node_rules: - resource: service segment: ldap disposition: write + +glauth::users: + benvin: + user_name: 'benvin' + givenname: 'Ben' + sn: 'Vincent' + mail: 'ben@users.main.unkin.net' + uidnumber: 20000 + primarygroup: 20000 + othergroups: + - 20010 + - 20011 + - 20012 + - 20013 + - 20014 + - 20015 + loginshell: '/bin/bash' + homedir: '/home/benvin' + passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a' + sshkeys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net' + +glauth::services: + svc_jellyfin: + service_name: 'svc_jellyfin' + mail: 'jellyfin@service.main.unkin.net' + uidnumber: 30000 + primarygroup: 20001 + passsha256: '97f7b1eb24deb0a86e812d79c56f4901d39a24128dc9f6fde033e7195f7d0739' + svc_sonarr: + service_name: 'svc_sonarr' + mail: 'sonarr@service.main.unkin.net' + uidnumber: 30001 + primarygroup: 20001 + passsha256: 'e4068a02bb930c2c2ccfea6b638df1fb4c29c1b083732b92e91da47d5de4a51d' + svc_radarr: + service_name: 'svc_radarr' + mail: 'radarr@service.main.unkin.net' + uidnumber: 30002 + primarygroup: 20001 + passsha256: '805b0182d90c2b5b3ba43e50988447a0bff0115eb5fedd8eeae8eac00ba53025' + svc_lidarr: + service_name: 'svc_lidarr' + mail: 'lidarr@service.main.unkin.net' + uidnumber: 30003 + primarygroup: 20001 + passsha256: '6d04cd2a45784bacbd50e6714710b55805c7e9886665a6d7790e6d8712b67aff' + svc_readarr: + service_name: 'svc_readarr' + mail: 'readarr@service.main.unkin.net' + uidnumber: 30004 + primarygroup: 20001 + passsha256: '751f22fbd9c052b2cd0c1cb4be514d8710f1a51f84ce44f607ab3a5591162f8c' + svc_prowlarr: + service_name: 'svc_prowlarr' + mail: 'prowlarr@service.main.unkin.net' + uidnumber: 30005 + primarygroup: 20001 + passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043' + +glauth::groups: + users: + group_name: 'people' + gidnumber: 20000 + services: + group_name: 'services' + gidnumber: 20001 + jellyfin_access: + group_name: 'jellyfin_access' + gidnumber: 20010 + sonarr_access: + group_name: 'sonarr_access' + gidnumber: 20011 + radarr_access: + group_name: 'radarr_access' + gidnumber: 20012 + lidarr_access: + group_name: 'lidarr_access' + gidnumber: 20013 + readarr_access: + group_name: 'readarr_access' + gidnumber: 20014 + prowlarr_access: + group_name: 'prowlarr_access' + gidnumber: 20015 diff --git a/site/profiles/manifests/ldap/server.pp b/site/profiles/manifests/ldap/server.pp index 52dabed..bcda9ec 100644 --- a/site/profiles/manifests/ldap/server.pp +++ b/site/profiles/manifests/ldap/server.pp @@ -4,6 +4,17 @@ class profiles::ldap::server ( Hash $services = lookup('glauth::services', { default_value => {} }), Hash $groups = lookup('glauth::groups', { default_value => {} }), ) { + + Glauth::Obj::User { + config_path => '/etc/glauth/glauth.conf', + } + Glauth::Obj::Service { + config_path => '/etc/glauth/glauth.conf', + } + Glauth::Obj::Group { + config_path => '/etc/glauth/glauth.conf', + } + create_resources('glauth::obj::user', $users) create_resources('glauth::obj::service', $services) create_resources('glauth::obj::group', $groups)