lldap.yaml

---

- hosts: homelab

  vars:
    application: lldap

    docker_network: "{{ networks.pub }}"

  handlers:
    - name: Restart
      community.docker.docker_container:
        name: "{{ application }}"
        restart: true
        comparisons:
          '*': ignore

  tasks:
    - name: Create config folder
      ansible.builtin.file:
        path: "{{ config_directory }}"
        state: directory
        owner: "{{ common_user }}"
        group: "{{ common_group }}"
        mode: "0771"

    - name: Create postgres container
      ansible.builtin.include_role:
        name: postgres
      vars:
        postgres_version: 16
        postgres_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65363034393638396634663539616434643232623966316662366136396662383635333536626665
          3833343434373436643133363331303731303731323530660a343535633365626566386632666266
          65316339623733656339386332373834666538363864363334386563626566346463363063613864
          3732323634316232330a346331626263643564323133626132653662663935363664663238333364
          66653162333438386632313766363562623332393332373462313061613237383365306134643833
          39613561363533663633363036636232653961303661646438326665663932303136623563333861
          61313133306535643962356235613639353535333136643264306533306337623338316534353734
          66336636363438626638

    - name: Create container
      ansible.builtin.include_role:
        name: docker_container
      vars:
        image: ghcr.io/lldap/lldap:v0.6.1
        env:
          UID: "{{ common_user_id | string }}"
          GID: "{{ common_group_id |string }}"
          TZ: "{{ common_timezone }}"

          LLDAP_HTTP_URL: "https://{{ application }}.{{ common_tld }}"
          LLDAP_JWT_SECRET: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            64653963323663386430313564353163396139626137643536643532386637323334353930383731
            3363323334326164646464626236636431613839626264650a656632353862616364373035383063
            37636635353235656364343262653761653966666362376136333166663365373166303132646633
            3939323739633334320a333931373332383831316465393537643035303637656633373131653966
            61633038323463663563323131623366616361636664346131333939316537333133323432316665
            66653532316661393335613864613337353436396464386438316566326336383237393936353162
            343364336361303063613037306661303935
          LLDAP_LDAP_BASE_DN: "{{ ldap_base_dn }}"
          LLDAP_LDAP_USER_DN: "{{ ldap_username }}"
          LLDAP_LDAP_USER_EMAIL: "{{ application }}{{ common_email_to }}"
          LLDAP_LDAP_USER_PASS: "{{ ldap_password }}"
          LLDAP_KEY_SEED: !vault |
            $ANSIBLE_VAULT;1.1;AES256
            30636266393464393331376539313137636632363936613266623736303938666166323634356363
            3866376536623232353563663338306230316331313235370a313031383833366562303466313730
            32623734616530303837663938346534326538333563306562386233393763336132656562333736
            6261303563316263630a623864663461623137626638303633666436373130616436646466303930
            33613162383564326239306365326230653938306464646465363465306131303362326531646564
            62376663643639306665303865613736306262383161303563306337386165386531623438353336
            343936653630636466396236323530326364

          LLDAP_DATABASE_URL: "{{ _postgres_url }}"
        volumes:
          - "{{ config_directory }}/data:/data"
        traefik:
          - port: 17170
        homepage:
          name: LLDAP
          group: Management
          weight: 400
          description: "LDAP"
          href: "https://lldap.{{ common_tld }}"