瀏覽代碼

unfinished stuff

Thomas Buck 5 月之前
父節點
當前提交
3a70dd1dbc
共有 5 個文件被更改,包括 29 次插入3 次删除
  1. 3
    2
      README.md
  2. 8
    0
      TODO.md
  3. 2
    0
      roles/gitea/defaults/main.yml
  4. 11
    0
      roles/gitea/tasks/gitea.yml
  5. 5
    1
      roles/ldap/DESIGN.md

+ 3
- 2
README.md 查看文件

@@ -7,6 +7,7 @@ I removed a bunch of roles from the upstream version, added new ones, and made i
7 7
 Ubuntu is no longer supported, simply because I just use Debian.
8 8
 
9 9
 I also added the ability for full-fledged user-management using OpenLDAP and FusionDirectory.
10
+It automatically creates E-Mail inboxes for LDAP users, as well as allowing login using LDAP credentials on most roles / services.
10 11
 This is optional, however.
11 12
 You can also use statically configured credentials, which is enough for single-user setups.
12 13
 
@@ -83,7 +84,7 @@ Or you can just add your `deploy` user to the sudo group.
83 84
 
84 85
 Download this repository somewhere on your machine, either through `Clone or Download > Download ZIP` above, `wget`, or `git` as below.
85 86
 Also install the dependencies for password generation as well as ansible itself.
86
-    
87
+
87 88
     git clone https://github.com/xythobuz/sovereign.git
88 89
     cd sovereign
89 90
     sudo pip install -r ./requirements.txt
@@ -111,7 +112,7 @@ Create `A` and `AAAA` or `CNAME` records which point to your server's IP address
111 112
 To run the whole thing:
112 113
 
113 114
     ansible-playbook -i ./hosts --ask-sudo-pass --key-file KEY site.yml
114
-    
115
+
115 116
 If you chose to make a passwordless sudo deploy user, you can omit the `--ask-sudo-pass` argument.
116 117
 If you don't need to specify an ssh key to connect to the host, leave out `--key-file KEY` part, otherwise replace `KEY` with the path to the key you want to use.
117 118
 Append eg. `-l testing` to only run for the hosts in the testing group.

+ 8
- 0
TODO.md 查看文件

@@ -0,0 +1,8 @@
1
+# TODOs
2
+
3
+* Add apache2 access and error logs for installed servers to logrotate
4
+
5
+* Crawlers create large archives in gitea for repos.
6
+  These can be deleted in the gitea admin interface.
7
+  Add automated task to delete these (if required)?
8
+  https://github.com/go-gitea/gitea/issues/5292#issuecomment-769264637

+ 2
- 0
roles/gitea/defaults/main.yml 查看文件

@@ -7,6 +7,8 @@ gitea_release: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_ve
7 7
 gitea_admin_username: "{{ main_user_name }}"
8 8
 gitea_admin_password: "{{ lookup('password', secret + '/' + 'gitea_admin_password length=32') }}"
9 9
 
10
+gitea_enable_ldap: false
11
+
10 12
 gitea_db_username: giteauser
11 13
 gitea_db_password: "{{ lookup('password', secret + '/' + 'gitea_db_password length=32') }}"
12 14
 gitea_db_database: gitea

+ 11
- 0
roles/gitea/tasks/gitea.yml 查看文件

@@ -90,6 +90,17 @@
90 90
     chdir: /data/gitea
91 91
   ignore_errors: True
92 92
 
93
+# check if ldap already enabled
94
+#gitea admin auth list
95
+
96
+# remove ldap auth if it exists
97
+#gitea admin auth delete
98
+
99
+# add ldap auth, if configured
100
+#gitea admin auth add-ldap --name customldap --security-protocol unencrypted --host localhost --port 389 --bind-dn "uid=admin,ou=people,dc=shagohod,dc=de" --bind-password "xS3Lbd.PuHdmEjAYxQn.JRmaXbuo_2-h" --user-search-base "ou=people,dc=shagohod,dc=de" --user-filter "uid=%s,ou=people,dc=shagohod,dc=de" --email-attribute mail
101
+
102
+# --admin-filter --username-attribute
103
+
93 104
 - name: Add fail2ban script for gitea
94 105
   copy:
95 106
     src=etc_fail2ban_filter.d_gitea.conf

+ 5
- 1
roles/ldap/DESIGN.md 查看文件

@@ -21,7 +21,11 @@ To setup Nextcloud LDAP login, give it the following credentials:
21 21
     Password: {{ slapd_admin_password }}
22 22
     Base DN: dc=DOMAIN,dc=TLD
23 23
 
24
-Dokuwiki, Jitsi and Kanboard can be configured to use LDAP automatically.
24
+For LimeSurvey, use these settings:
25
+
26
+
27
+
28
+Dokuwiki, Gitea, Jitsi and Kanboard can be configured to use LDAP automatically.
25 29
 See their defaults.
26 30
 
27 31
 ## ToDo

Loading…
取消
儲存