2024-07-02 18:12:55 +10:00
2 changed files with 96 additions and 0 deletions
--- a/hieradata/roles/infra/auth/glauth.yaml
+++ b/hieradata/roles/infra/auth/glauth.yaml
@ -42,3 +42,88 @@ profiles::consul::client::node_rules:
  - resource: service
    segment: ldap
    disposition: write
 glauth::users:
  benvin:
    user_name: 'benvin'
    givenname: 'Ben'
    sn: 'Vincent'
    mail: 'ben@users.main.unkin.net'
    uidnumber: 20000
    primarygroup: 20000
    othergroups:
      - 20010
      - 20011
      - 20012
      - 20013
      - 20014
      - 20015
    loginshell: '/bin/bash'
    homedir: '/home/benvin'
    passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
    sshkeys:
      - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net'
 glauth::services:
  svc_jellyfin:
    service_name: 'svc_jellyfin'
    mail: 'jellyfin@service.main.unkin.net'
    uidnumber: 30000
    primarygroup: 20001
    passsha256: '97f7b1eb24deb0a86e812d79c56f4901d39a24128dc9f6fde033e7195f7d0739'
  svc_sonarr:
    service_name: 'svc_sonarr'
    mail: 'sonarr@service.main.unkin.net'
    uidnumber: 30001
    primarygroup: 20001
    passsha256: 'e4068a02bb930c2c2ccfea6b638df1fb4c29c1b083732b92e91da47d5de4a51d'
  svc_radarr:
    service_name: 'svc_radarr'
    mail: 'radarr@service.main.unkin.net'
    uidnumber: 30002
    primarygroup: 20001
    passsha256: '805b0182d90c2b5b3ba43e50988447a0bff0115eb5fedd8eeae8eac00ba53025'
  svc_lidarr:
    service_name: 'svc_lidarr'
    mail: 'lidarr@service.main.unkin.net'
    uidnumber: 30003
    primarygroup: 20001
    passsha256: '6d04cd2a45784bacbd50e6714710b55805c7e9886665a6d7790e6d8712b67aff'
  svc_readarr:
    service_name: 'svc_readarr'
    mail: 'readarr@service.main.unkin.net'
    uidnumber: 30004
    primarygroup: 20001
    passsha256: '751f22fbd9c052b2cd0c1cb4be514d8710f1a51f84ce44f607ab3a5591162f8c'
  svc_prowlarr:
    service_name: 'svc_prowlarr'
    mail: 'prowlarr@service.main.unkin.net'
    uidnumber: 30005
    primarygroup: 20001
    passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043'
 glauth::groups:
  users:
    group_name: 'people'
    gidnumber: 20000
  services:
    group_name: 'services'
    gidnumber: 20001
  jellyfin_access:
    group_name: 'jellyfin_access'
    gidnumber: 20010
  sonarr_access:
    group_name: 'sonarr_access'
    gidnumber: 20011
  radarr_access:
    group_name: 'radarr_access'
    gidnumber: 20012
  lidarr_access:
    group_name: 'lidarr_access'
    gidnumber: 20013
  readarr_access:
    group_name: 'readarr_access'
    gidnumber: 20014
  prowlarr_access:
    group_name: 'prowlarr_access'
    gidnumber: 20015
--- a/site/profiles/manifests/ldap/server.pp
+++ b/site/profiles/manifests/ldap/server.pp
@ -4,6 +4,17 @@ class profiles::ldap::server (
  Hash $services = lookup('glauth::services', { default_value => {} }),
  Hash $groups   = lookup('glauth::groups', { default_value => {} }),
 ) {
  Glauth::Obj::User {
    config_path => '/etc/glauth/glauth.conf',
  }
  Glauth::Obj::Service {
    config_path => '/etc/glauth/glauth.conf',
  }
  Glauth::Obj::Group {
    config_path => '/etc/glauth/glauth.conf',
  }
  create_resources('glauth::obj::user', $users)
  create_resources('glauth::obj::service', $services)
  create_resources('glauth::obj::group', $groups)