feat: create glauth module
- manage config directories, config file - manage systemd service and socket - manage users, service accounts and groups - manage defaults for users, services and groups - manage packages for role
This commit is contained in:
@@ -0,0 +1,10 @@
|
||||
#################
|
||||
# API configuration.
|
||||
[api]
|
||||
enabled = <%= $api_enabled %>
|
||||
internals = <%= $api_internals %>
|
||||
tls = <%= $api_tls %>
|
||||
listen = "<%= $api_address %>:<%= $api_port %>"
|
||||
cert = "<%= $api_cert %>"
|
||||
key = "<%= $api_key %>"
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
#################
|
||||
# The backend section controls the data store.
|
||||
[backend]
|
||||
datastore = "<%= $backend_datastore %>"
|
||||
baseDN = "<%= $backend_basedn %>"
|
||||
nameformat = "<%= $backend_nameformat %>"
|
||||
groupformat = "<%= $backend_groupformat %>"
|
||||
anonymousdse = <%= $backend_anonymousdse %>
|
||||
sshkeyattr = "<%= $backend_sshkeyattr %>"
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
#################
|
||||
# Behaviors configuration.
|
||||
[behaviors]
|
||||
IgnoreCapabilities = <%= $ignorecapabilities %>
|
||||
LimitFailedBinds = <%= $limitfailedbinds %>
|
||||
NumberOfFailedBinds = <%= $numberoffailedbinds %>
|
||||
PeriodOfFailedBinds = <%= $periodoffailedbinds %>
|
||||
BlockFailedBindsFor = <%= $blockfailedbindsfor %>
|
||||
PruneSourceTableEvery = <%= $prunesourcetableevery %>
|
||||
PruneSourcesOlderThan = <%= $prunesourcesolderthan %>
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
#################
|
||||
# General configuration.
|
||||
debug = <%= $debug %>
|
||||
syslog = <%= $syslog %>
|
||||
structuredlog = <%= $structuredlog %>
|
||||
watchconfig = <%= $watchconfig %>
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
#################
|
||||
# Server configuration.
|
||||
[ldap]
|
||||
enabled = <%= $ldap_enabled %>
|
||||
listen = "<%= $ldap_address %>:<%= $ldap_port %>"
|
||||
tls = <%= $ldap_tls %>
|
||||
tlsCertPath = "<%= $ldap_tlscertpath %>"
|
||||
tlsKeyPath = "<%= $ldap_tlskeypath %>"
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
#################
|
||||
# Server configuration.
|
||||
[ldaps]
|
||||
enabled = <%= $ldaps_enabled %>
|
||||
listen = "<%= $ldaps_address %>:<%= $ldaps_port %>"
|
||||
cert = "<%= $ldaps_cert %>"
|
||||
key = "<%= $ldaps_key %>"
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
[[groups]]
|
||||
name = "<%= $name %>"
|
||||
gidnumber = <%= $gidnumber %>
|
||||
<% if $includegroups.length > 0 { %>includegroups = [<% $includegroups.each |Integer $group| { %><%= $group %>, <% } %>]<% } %>
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
[[users]]
|
||||
name = "<%= $name %>"
|
||||
mail = "<%= $mail %>"
|
||||
uidnumber = <%= $uidnumber %>
|
||||
primarygroup = <%= $primarygroup %>
|
||||
passsha256 = "<%= $passsha256 %>"
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
[[users]]
|
||||
name = "<%= $name %>"
|
||||
<% if $givenname != '' { %>givenname = "<%= $givenname %>"<% } %>
|
||||
<% if $sn != '' { %>sn = "<%= $sn %>"<% } %>
|
||||
mail = "<%= $mail %>"
|
||||
uidnumber = <%= $uidnumber %>
|
||||
primarygroup = <%= $primarygroup %>
|
||||
<% if $loginshell != '' { %>loginShell = "<%= $loginshell %>"<% } %>
|
||||
<% if $homedir != '' { %>homeDir = "<%= $homedir %>"<% } %>
|
||||
passsha256 = "<%= $passsha256 %>"
|
||||
<% if $sshkeys.length > 0 { %>sshkeys = [<% $sshkeys.each |String $key| { %>"<%= $key %>", <% } %>]<% } %>
|
||||
<% if $passappsha256.length > 0 { %>passappsha256 = [<% $passappsha256.each |String $pass| { %>"<%= $pass %>", <% } %>]<% } %>
|
||||
othergroups = <%= $othergroups %>
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=GLAuth Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=<%= $user %>
|
||||
Group=<%= $group %>
|
||||
ExecStart=<%= $bin_path %> -c <%= $config_path %>
|
||||
Restart=always
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Also=<%= $service_name %>.socket
|
||||
@@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=GLAuth Socket
|
||||
|
||||
[Socket]
|
||||
ListenStream=<%= $ldap_port %>
|
||||
ListenStream=<%= $ldaps_port %>
|
||||
ListenStream=<%= $api_port %>
|
||||
NoDelay=true
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
Reference in New Issue
Block a user