--- hiera_include: - glauth # additional altnames profiles::pki::vault::alt_names: - ldap.main.unkin.net - ldap.service.consul - ldap.query.consul - "ldap.service.%{facts.country}-%{facts.region}.consul" glauth::params::download_version: 2.3.2 glauth::params::ldap_enabled: true glauth::params::ldaps_enabled: true glauth::params::basedn: 'dc=main,dc=unkin,dc=net' glauth::params::behaviors_ignorecapabilities: true glauth::params::ldap_tlscertpath: /etc/pki/tls/vault/certificate.crt glauth::params::ldap_tlskeypath: /etc/pki/tls/vault/private.key glauth::params::ldaps_cert: /etc/pki/tls/vault/certificate.crt glauth::params::ldaps_key: /etc/pki/tls/vault/private.key glauth::params::api_cert: /etc/pki/tls/vault/certificate.crt glauth::params::api_key: /etc/pki/tls/vault/private.key # configure consul service consul::services: ldap: service_name: 'ldap' tags: - 'media' - 'ldap' address: "%{facts.networking.ip}" port: 636 checks: - id: 'glauth_http_check' name: 'glauth HTTP Check' http: "https://%{facts.networking.fqdn}:5555" method: 'GET' tls_skip_verify: true interval: '10s' timeout: '1s' profiles::consul::client::node_rules: - resource: service segment: ldap disposition: write glauth::users: benvin: user_name: 'benvin' givenname: 'Ben' sn: 'Vincent' mail: 'benvin@users.main.unkin.net' uidnumber: 20000 primarygroup: 20000 othergroups: - 20010 - 20011 - 20012 - 20013 - 20014 - 20015 - 20016 - 20017 - 20018 - 20023 - 20024 loginshell: '/bin/bash' homedir: '/home/benvin' passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a' sshkeys: - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net' matsol: user_name: 'matsol' givenname: 'Matt' sn: 'Solomon' mail: 'matsol@users.main.unkin.net' uidnumber: 20001 primarygroup: 20000 othergroups: - 20010 - 20011 - 20012 - 20013 - 20014 - 20015 - 20016 loginshell: '/bin/bash' homedir: '/home/matsol' passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600' seablo: user_name: 'seablo' givenname: 'Sean' sn: 'Bloomfield' mail: 'seablo@users.main.unkin.net' uidnumber: 20002 primarygroup: 20000 othergroups: - 20010 # jelly - 20011 # sonarr - 20012 # radarr - 20013 # lidarr - 20014 # readarr - 20016 # nzbget loginshell: '/bin/bash' homedir: '/home/seablo' passsha256: '2db12484b2b5fdae7f3a1f9f870143c363af14bf2c31a415a9a7afcb02520df2' marbal: user_name: 'marbal' givenname: 'Mark' sn: 'Balch' mail: 'marbal@users.main.unkin.net' uidnumber: 20003 primarygroup: 20000 othergroups: - 20010 # jelly - 20011 # sonarr - 20012 # radarr - 20013 # lidarr - 20014 # readarr - 20016 # nzbget loginshell: '/bin/bash' homedir: '/home/marbal' passsha256: 'cc20cee6269b9970a76549c66b51d0c543352796180d4122260a47f0f7a442a9' kelren: user_name: 'kelren' givenname: 'Kelly' sn: 'Rennie' mail: 'kelren@users.main.unkin.net' uidnumber: 20004 primarygroup: 20000 othergroups: - 20010 # jelly - 20011 # sonarr - 20012 # radarr - 20013 # lidarr - 20014 # readarr - 20016 # nzbget loginshell: '/bin/bash' homedir: '/home/kelren' passsha256: '5b01659bca1ecb27847d2f746fab03eb169879ebcc86547024753dac7cb184c4' ryadun: user_name: 'ryadun' givenname: 'Ryan' sn: 'Dunbar' mail: 'ryadun@users.main.unkin.net' uidnumber: 20005 primarygroup: 20000 othergroups: - 20010 # jelly - 20011 # sonarr - 20012 # radarr - 20013 # lidarr - 20014 # readarr - 20016 # nzbget loginshell: '/bin/bash' homedir: '/home/ryadun' passsha256: 'ee17174d49545f6f7257ae79eb173de4acf2b2edf55e181de90decd0e4b4e617' margol: user_name: 'margol' givenname: 'Maree' sn: 'Goldsworthy' mail: 'margol@users.main.unkin.net' uidnumber: 20006 primarygroup: 20000 othergroups: - 20010 # jelly - 20011 # sonarr - 20012 # radarr - 20013 # lidarr - 20014 # readarr - 20016 # nzbget loginshell: '/bin/bash' homedir: '/home/margol' passsha256: '31a66085fb7eaeb059e51d1376233db72b54f96a6c45947aafbb350c83e618ef' glauth::services: svc_jellyfin: service_name: 'svc_jellyfin' mail: 'jellyfin@service.main.unkin.net' uidnumber: 30000 primarygroup: 20001 passsha256: '97f7b1eb24deb0a86e812d79c56f4901d39a24128dc9f6fde033e7195f7d0739' svc_sonarr: service_name: 'svc_sonarr' mail: 'sonarr@service.main.unkin.net' uidnumber: 30001 primarygroup: 20001 passsha256: '2c32d4cb831183cfbef15835cc76f99b401d0159621bc580e852253d4d8f8722' svc_radarr: service_name: 'svc_radarr' mail: 'radarr@service.main.unkin.net' uidnumber: 30002 primarygroup: 20001 passsha256: '805b0182d90c2b5b3ba43e50988447a0bff0115eb5fedd8eeae8eac00ba53025' svc_lidarr: service_name: 'svc_lidarr' mail: 'lidarr@service.main.unkin.net' uidnumber: 30003 primarygroup: 20001 passsha256: '6d04cd2a45784bacbd50e6714710b55805c7e9886665a6d7790e6d8712b67aff' svc_readarr: service_name: 'svc_readarr' mail: 'readarr@service.main.unkin.net' uidnumber: 30004 primarygroup: 20001 passsha256: '751f22fbd9c052b2cd0c1cb4be514d8710f1a51f84ce44f607ab3a5591162f8c' svc_prowlarr: service_name: 'svc_prowlarr' mail: 'prowlarr@service.main.unkin.net' uidnumber: 30005 primarygroup: 20001 passsha256: 'd1e6bcc4a9f2d15b6e3c349155a88e433902dfe765e57bf3c10e6830f151a043' svc_nzbget: service_name: 'svc_nzbget' mail: 'nzbget@service.main.unkin.net' uidnumber: 30006 primarygroup: 20001 passsha256: 'c9d38f687fcbea754a9f78675d89276d2347f9d15190fff267c3ae1a75f61be6' svc_nzbsubmit: service_name: 'svc_nzbsubmit' mail: 'nzbsubmit@service.main.unkin.net' uidnumber: 30007 primarygroup: 20001 othergroups: - 20016 passsha256: '7af7e12fdc56e9050d16c167f4e34091ad3cf938283e13451b35f9b3d212bfa2' svc_rundeck: service_name: 'svc_rundeck' mail: 'rundeck@service.main.unkin.net' uidnumber: 30007 primarygroup: 20001 passsha256: 'b27786b22c5938d24ffc9be049de366b055c9f054bf38fb73bbd6fba9e1bd525' svc_terraform: service_name: 'svc_terraform' mail: 'terraform@service.main.unkin.net' uidnumber: 30008 primarygroup: 20001 passsha256: 'b27786b22c5938d24ffc9be049de366b055c9f054bf38fb73bbd6fba9e1bd525' svc_vault: service_name: 'svc_vault' mail: 'vault@service.main.unkin.net' uidnumber: 30009 primarygroup: 20001 passsha256: 'd63b04884d5c7d630b0c06896046065a0926ac5c3d6177ef85320e5fa1be00b9' glauth::groups: users: group_name: 'people' gidnumber: 20000 services: group_name: 'services' gidnumber: 20001 jellyfin_access: group_name: 'jellyfin_access' gidnumber: 20010 sonarr_access: group_name: 'sonarr_access' gidnumber: 20011 radarr_access: group_name: 'radarr_access' gidnumber: 20012 lidarr_access: group_name: 'lidarr_access' gidnumber: 20013 readarr_access: group_name: 'readarr_access' gidnumber: 20014 prowlarr_access: group_name: 'prowlarr_access' gidnumber: 20015 nzbget_access: group_name: 'nzbget_access' gidnumber: 20016 rundeck_access: group_name: 'rundeck_access' gidnumber: 20017 rundeck_globaladmin: group_name: 'rundeck_globaladmin' gidnumber: 20018 rundeck_selfservice_admin: group_name: 'rundeck_selfservice_admin' gidnumber: 20019 rundeck_selfservice_user: group_name: 'rundeck_selfservice_user' gidnumber: 20020 rundeck_infrastructure_admin: group_name: 'rundeck_infrastructure_admin' gidnumber: 20021 rundeck_infrastructure_user: group_name: 'rundeck_infrastructure_user' gidnumber: 20022 vault_access: group_name: 'vault_access' gidnumber: 20023 vault_admin: group_name: 'vault_admin' gidnumber: 20024