Dreaded_X/flux-infra
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: Working on new lldap bootstrap script

Browse Source
This commit is contained in:
Dreaded_X 2025-01-30 01:15:02 +01:00
parent ba5c9e11d1
commit c964951309
Signed by: Dreaded_X
GPG Key ID: FA5F485356B0D2D4
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/authelia/release.yaml
View File

@ -1,4 +1,3 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease kind: HelmRelease
metadata: metadata:
name: authelia name: authelia
@ -36,6 +35,7 @@ spec:
authentication_backend: authentication_backend:
ldap: ldap:
enabled: true enabled: true
# TODO: Use lldap implementation, see docs
implementation: custom implementation: custom
address: ldap://lldap.lldap.svc.cluster.local:3890 address: ldap://lldap.lldap.svc.cluster.local:3890
base_dn: dc=huizinga,dc=dev base_dn: dc=huizinga,dc=dev

18
apps/lldap/bootstrap/bootstrap-job.yaml
View File

@ -45,6 +45,10 @@ spec:
mountPath: /bootstrap/group-configs mountPath: /bootstrap/group-configs
readOnly: true readOnly: true
- name: system-users
mountPath: /bootstrap/system-users
readOnly: true
volumes: volumes:
- name: bootstrap - name: bootstrap
configMap: configMap:
@ -73,6 +77,20 @@ spec:
- key: user-configs.json - key: user-configs.json
path: grafana-configs.json path: grafana-configs.json
- name: system-users
projected:
sources:
- secret:
name: authelia-lldap
items:
- key: password
path: authelia
- secret:
name: grafana-lldap
items:
- key: password
path: grafana
- name: group-configs - name: group-configs
projected: projected:
sources: sources:

6
apps/lldap/bootstrap/bootstrap.sh
View File

@ -7,6 +7,7 @@ LLDAP_URL="${LLDAP_URL:-http://localhost:17170}"
LLDAP_ADMIN_USERNAME="${LLDAP_ADMIN_USERNAME:-admin}" LLDAP_ADMIN_USERNAME="${LLDAP_ADMIN_USERNAME:-admin}"
LLDAP_ADMIN_PASSWORD="${LLDAP_ADMIN_PASSWORD:-password}" LLDAP_ADMIN_PASSWORD="${LLDAP_ADMIN_PASSWORD:-password}"
USER_SCHEMAS_DIR="${USER_SCHEMAS_DIR:-/bootstrap/user-schemas}" USER_SCHEMAS_DIR="${USER_SCHEMAS_DIR:-/bootstrap/user-schemas}"
SYSTEM_USERS_DIR="${SYSTEM_USERS_DIR:-/bootstrap/system-users}"
GROUP_SCHEMAS_DIR="${GROUP_SCHEMAS_DIR:-/bootstrap/group-schemas}" GROUP_SCHEMAS_DIR="${GROUP_SCHEMAS_DIR:-/bootstrap/group-schemas}"
USER_CONFIGS_DIR="${USER_CONFIGS_DIR:-/bootstrap/user-configs}" USER_CONFIGS_DIR="${USER_CONFIGS_DIR:-/bootstrap/user-configs}"
GROUP_CONFIGS_DIR="${GROUP_CONFIGS_DIR:-/bootstrap/group-configs}" GROUP_CONFIGS_DIR="${GROUP_CONFIGS_DIR:-/bootstrap/group-configs}"
@ -481,6 +482,11 @@ main() {
[[ -d "$GROUP_SCHEMAS_DIR" ]] && for file in "${GROUP_SCHEMAS_DIR}"/*.json; do [[ -d "$GROUP_SCHEMAS_DIR" ]] && for file in "${GROUP_SCHEMAS_DIR}"/*.json; do
group_schema_files+=("$file") group_schema_files+=("$file")
done done
[[ -d "$SYSTEM_USERS_DIR" ]] && for file in "${SYSTEM_USERS_DIR}"/*; do
printf -- "$(basename $file) => $(cat $file)\n"
done
create_user_schema_property "managed" "integer" "false" "false" "false"
if ! check_configs_validity "${group_config_files[@]}" "${user_config_files[@]}" "${group_schema_files[@]}" "${user_schema_files[@]}"; then if ! check_configs_validity "${group_config_files[@]}" "${user_config_files[@]}" "${group_schema_files[@]}" "${user_schema_files[@]}"; then
exit 1 exit 1