feat: create glauth module

- manage config directories, config file
- manage systemd service and socket
- manage users, service accounts and groups
- manage defaults for users, services and groups
- manage packages for role
This commit is contained in:
2024-06-30 22:41:32 +10:00
parent bc35270731
commit c69e8c487e
19 changed files with 545 additions and 0 deletions
+10
View File
@@ -0,0 +1,10 @@
#################
# API configuration.
[api]
enabled = <%= $api_enabled %>
internals = <%= $api_internals %>
tls = <%= $api_tls %>
listen = "<%= $api_address %>:<%= $api_port %>"
cert = "<%= $api_cert %>"
key = "<%= $api_key %>"
+10
View File
@@ -0,0 +1,10 @@
#################
# The backend section controls the data store.
[backend]
datastore = "<%= $backend_datastore %>"
baseDN = "<%= $backend_basedn %>"
nameformat = "<%= $backend_nameformat %>"
groupformat = "<%= $backend_groupformat %>"
anonymousdse = <%= $backend_anonymousdse %>
sshkeyattr = "<%= $backend_sshkeyattr %>"
+11
View File
@@ -0,0 +1,11 @@
#################
# Behaviors configuration.
[behaviors]
IgnoreCapabilities = <%= $ignorecapabilities %>
LimitFailedBinds = <%= $limitfailedbinds %>
NumberOfFailedBinds = <%= $numberoffailedbinds %>
PeriodOfFailedBinds = <%= $periodoffailedbinds %>
BlockFailedBindsFor = <%= $blockfailedbindsfor %>
PruneSourceTableEvery = <%= $prunesourcetableevery %>
PruneSourcesOlderThan = <%= $prunesourcesolderthan %>
+7
View File
@@ -0,0 +1,7 @@
#################
# General configuration.
debug = <%= $debug %>
syslog = <%= $syslog %>
structuredlog = <%= $structuredlog %>
watchconfig = <%= $watchconfig %>
+9
View File
@@ -0,0 +1,9 @@
#################
# Server configuration.
[ldap]
enabled = <%= $ldap_enabled %>
listen = "<%= $ldap_address %>:<%= $ldap_port %>"
tls = <%= $ldap_tls %>
tlsCertPath = "<%= $ldap_tlscertpath %>"
tlsKeyPath = "<%= $ldap_tlskeypath %>"
+8
View File
@@ -0,0 +1,8 @@
#################
# Server configuration.
[ldaps]
enabled = <%= $ldaps_enabled %>
listen = "<%= $ldaps_address %>:<%= $ldaps_port %>"
cert = "<%= $ldaps_cert %>"
key = "<%= $ldaps_key %>"
+5
View File
@@ -0,0 +1,5 @@
[[groups]]
name = "<%= $name %>"
gidnumber = <%= $gidnumber %>
<% if $includegroups.length > 0 { %>includegroups = [<% $includegroups.each |Integer $group| { %><%= $group %>, <% } %>]<% } %>
+7
View File
@@ -0,0 +1,7 @@
[[users]]
name = "<%= $name %>"
mail = "<%= $mail %>"
uidnumber = <%= $uidnumber %>
primarygroup = <%= $primarygroup %>
passsha256 = "<%= $passsha256 %>"
+14
View File
@@ -0,0 +1,14 @@
[[users]]
name = "<%= $name %>"
<% if $givenname != '' { %>givenname = "<%= $givenname %>"<% } %>
<% if $sn != '' { %>sn = "<%= $sn %>"<% } %>
mail = "<%= $mail %>"
uidnumber = <%= $uidnumber %>
primarygroup = <%= $primarygroup %>
<% if $loginshell != '' { %>loginShell = "<%= $loginshell %>"<% } %>
<% if $homedir != '' { %>homeDir = "<%= $homedir %>"<% } %>
passsha256 = "<%= $passsha256 %>"
<% if $sshkeys.length > 0 { %>sshkeys = [<% $sshkeys.each |String $key| { %>"<%= $key %>", <% } %>]<% } %>
<% if $passappsha256.length > 0 { %>passappsha256 = [<% $passappsha256.each |String $pass| { %>"<%= $pass %>", <% } %>]<% } %>
othergroups = <%= $othergroups %>
@@ -0,0 +1,14 @@
[Unit]
Description=GLAuth Service
After=network.target
[Service]
User=<%= $user %>
Group=<%= $group %>
ExecStart=<%= $bin_path %> -c <%= $config_path %>
Restart=always
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
Also=<%= $service_name %>.socket
@@ -0,0 +1,11 @@
[Unit]
Description=GLAuth Socket
[Socket]
ListenStream=<%= $ldap_port %>
ListenStream=<%= $ldaps_port %>
ListenStream=<%= $api_port %>
NoDelay=true
[Install]
WantedBy=sockets.target