unfinished stuff

README.md

@@ -7,6 +7,7 @@ I removed a bunch of roles from the upstream version, added new ones, and made i
 Ubuntu is no longer supported, simply because I just use Debian.
 
 I also added the ability for full-fledged user-management using OpenLDAP and FusionDirectory.
+It automatically creates E-Mail inboxes for LDAP users, as well as allowing login using LDAP credentials on most roles / services.
 This is optional, however.
 You can also use statically configured credentials, which is enough for single-user setups.
 
@@ -83,7 +84,7 @@ Or you can just add your `deploy` user to the sudo group.
 
 Download this repository somewhere on your machine, either through `Clone or Download > Download ZIP` above, `wget`, or `git` as below.
 Also install the dependencies for password generation as well as ansible itself.
-    
+
     git clone https://github.com/xythobuz/sovereign.git
     cd sovereign
     sudo pip install -r ./requirements.txt
@@ -111,7 +112,7 @@ Create `A` and `AAAA` or `CNAME` records which point to your server's IP address
 To run the whole thing:
 
     ansible-playbook -i ./hosts --ask-sudo-pass --key-file KEY site.yml
-    
+
 If you chose to make a passwordless sudo deploy user, you can omit the `--ask-sudo-pass` argument.
 If you don't need to specify an ssh key to connect to the host, leave out `--key-file KEY` part, otherwise replace `KEY` with the path to the key you want to use.
 Append eg. `-l testing` to only run for the hosts in the testing group.

TODO.md

@@ -0,0 +1,8 @@
+# TODOs
+
+* Add apache2 access and error logs for installed servers to logrotate
+
+* Crawlers create large archives in gitea for repos.
+  These can be deleted in the gitea admin interface.
+  Add automated task to delete these (if required)?
+  https://github.com/go-gitea/gitea/issues/5292#issuecomment-769264637

roles/gitea/defaults/main.yml

@@ -7,6 +7,8 @@ gitea_release: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_ve
 gitea_admin_username: "{{ main_user_name }}"
 gitea_admin_password: "{{ lookup('password', secret + '/' + 'gitea_admin_password length=32') }}"
 
+gitea_enable_ldap: false
+
 gitea_db_username: giteauser
 gitea_db_password: "{{ lookup('password', secret + '/' + 'gitea_db_password length=32') }}"
 gitea_db_database: gitea

roles/gitea/tasks/gitea.yml

@@ -90,6 +90,17 @@
     chdir: /data/gitea
   ignore_errors: True
 
+# check if ldap already enabled
+#gitea admin auth list
+
+# remove ldap auth if it exists
+#gitea admin auth delete
+
+# add ldap auth, if configured
+#gitea admin auth add-ldap --name customldap --security-protocol unencrypted --host localhost --port 389 --bind-dn "uid=admin,ou=people,dc=shagohod,dc=de" --bind-password "xS3Lbd.PuHdmEjAYxQn.JRmaXbuo_2-h" --user-search-base "ou=people,dc=shagohod,dc=de" --user-filter "uid=%s,ou=people,dc=shagohod,dc=de" --email-attribute mail
+
+# --admin-filter --username-attribute
+
 - name: Add fail2ban script for gitea
   copy:
     src=etc_fail2ban_filter.d_gitea.conf

roles/ldap/DESIGN.md

@@ -21,7 +21,11 @@ To setup Nextcloud LDAP login, give it the following credentials:
     Password: {{ slapd_admin_password }}
     Base DN: dc=DOMAIN,dc=TLD
 
-Dokuwiki, Jitsi and Kanboard can be configured to use LDAP automatically.
+For LimeSurvey, use these settings:
+
+
+
+Dokuwiki, Gitea, Jitsi and Kanboard can be configured to use LDAP automatically.
 See their defaults.
 
 ## ToDo