Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • infrastruktur/ansible-warpzone
  • specki/ansible-warpzone
2 results
Show changes
Commits on Source (5)
......@@ -136,4 +136,5 @@ oauth_global:
oidc_global:
provider_url: https://uffd.warpzone.ms
logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
logout_url: https://uffd.warpzone.ms/logout
ldap_base_dn: "dc=warpzone,dc=ms"
......@@ -47,10 +47,11 @@ oauth_global:
oidc_global:
provider_url: https://uffd.test-warpzone.de
logout_url: https://uffd.test-warpzone.de/logout
ldap_base_dn: "dc=test-warpzone,dc=de"
# Matrix Settings
matrix:
domain: matrix.warpzone.ms
public_url: https://matrix.warpzone.ms
identity_server: https://matrix.warpzone.ms
notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.warpzone.ms"
\ No newline at end of file
domain: matrix.test-warpzone.de
public_url: https://matrix.test-warpzone.de
identity_server: https://matrix.test-warpzone.de
notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.test-warpzone.de"
......@@ -58,6 +58,7 @@ administratorenteam:
- "void"
- "sandhome"
- "jabertwo"
- "supervirus"
# Docker konfigurationen
docker:
......
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6+Ex8TM4gP+Nph5Cy5zK6z2mceI9i7vsh0ec4oTfDC htk@ridcully
\ No newline at end of file
......@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/shared/noreply_email_pass, length: -1 }
- { path: /srv/matrix/uffd_api_secret, length: 32 }
- { path: /srv/matrix/ldap_bind_pw, length: 32 }
- { path: /srv/matrix/matrix_macaroon_secret_key, length: 32 }
- { path: /srv/matrix/matrix_registration_shared_secret, length: 32 }
- { path: /srv/matrix/matrix_form_secret, length: 32 }
......@@ -30,6 +32,7 @@
group: "999"
with_items:
- "/srv/matrix/db/"
- "/srv/matrix/uffd-ldapd/"
- name: Konfig-Dateien erstellen
......@@ -40,6 +43,7 @@
- docker-compose.yml
- synapse-data/homeserver.log.config
- synapse-data/homeserver.yaml
- uffd-ldapd/Dockerfile
register: configs
......
......@@ -23,6 +23,18 @@ services:
networks:
- default
ldap:
build: uffd-ldapd/
restart: always
environment:
SERVER_API_URL: "{{ oidc_global.provider_url }}"
SERVER_API_USER: "matrixldap"
SERVER_API_SECRET: "{{ uffd_api_secret }}"
SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
networks:
- default
synapse:
......@@ -32,6 +44,7 @@ services:
cpuset: "0"
depends_on:
- db
- ldap
volumes:
- /srv/matrix/synapse-data/:/data
environment:
......
......@@ -86,29 +86,41 @@ max_spider_size: 10M
enable_registration: false
password_config:
enabled: false
enabled: true
# OIDC Single Sign-On with uffd
oidc_providers:
- idp_id: uffd
idp_name: uffd
- idp_id: "uffd"
idp_name: "warpzone SSO (uffd)"
discover: true
enable_registration: true
allow_existing_users: true
user_profile_method: "userinfo_endpoint"
issuer: "{{ oidc_global.provider_url }}"
client_id: "matrix" # TO BE FILLED
client_secret: "{{ matrix_oidc_secret }}" # TO BE FILLED
client_id: "matrix"
client_secret: "{{ matrix_oidc_secret }}"
scopes:
- "openid"
- "profile"
- "email"
user_mapping_provider:
config:
subject_claim: "preferred_username"
subject_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}"
# Password login with uffd-ldapd
modules:
- module: "ldap_auth_provider.LdapAuthProviderModule"
config:
enabled: true
uri: "ldap://ldap:389"
start_tls: false
base: "ou=users,{{ oidc_global.ldap_base_dn }}"
attributes:
uid: "uid"
mail: "mail"
name: "displayName"
auto_join_rooms:
- "#warpzone:{{ matrix.domain }}"
......
FROM debian:bookworm-slim
# Set environment variables
ENV DEBIAN_FRONTEND=noninteractive
# Install necessary dependencies and configure custom repository
RUN apt-get update \
&& apt-get install -y --no-install-recommends wget gnupg ca-certificates \
&& wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg \
&& echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
USER 999
EXPOSE 389/tcp
# Set default command
CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
# Get all LDAP Entries
# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
......@@ -23,7 +23,7 @@ services:
- "WG_VPN_CIDRV6=0" # to disable IPv6
- "WG_EXTERNAL_HOST={{ domain }}"
- "WG_DNS_ENABLED=true"
- "WG_DNS_UPSTREAM=10.0.0.1"
- "WG_DNS_UPSTREAM=192.168.0.201"
- "WG_LOG_LEVEL=info"
labels:
- traefik.enable=true
......