dani
/
ansible-roles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to 2024-01-03 12:00

This commit is contained in:
Daniel Berteaud 2024-01-03 12:00:34 +01:00
parent a6b43a8034
commit 9946ec6561
9 changed files with 247 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
roles/lemonldap_ng/templates/nginx_portal.conf.j2
View File

@ -51,19 +51,19 @@ server {
try_files $uri $uri/ =404;
}
location /index.psgi/adminSessions {
location ~ ^/index.psgi/adminSessions {
deny all;
}
location /index.psgi/sessions {
location ~ ^/index.psgi/sessions {
deny all;
}
location /index.psgi/config {
location ~ ^/index.psgi/config {
deny all;
}
location /index.psgi/notification {
location ~ ^/index.psgi/notification {
deny all;
}
}
@ -87,7 +87,7 @@ server {
{% endif %}
{% endif %}
location ~ /index.psgi/(adminSessions|sessions|config|notification) {
location ~ ^/index.psgi/config {
{% if llng_engine == 'fastcgi' %}
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
@ -107,12 +107,39 @@ server {
{% endfor %}
deny all;
{% if llng_api_pass is defined %}
auth_basic "Lemonldap::NG SOAP endpoint";
auth_basic "Lemonldap::NG API";
auth_basic_user_file /etc/lemonldap-ng/api.htpasswd;
satisfy all;
{% endif %}
}
location ~ ^/index.psgi/(adminSessions|sessions) {
{% if llng_engine == 'fastcgi' %}
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param LLTYPE psgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
{% elif llng_engine == 'uwsgi' %}
include /etc/nginx/uwsgi_params;
uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock;
uwsgi_param LLTYPE psgi;
uwsgi_param SCRIPT_FILENAME $document_root$sc;
uwsgi_param SCRIPT_NAME $sc;
{% endif %}
{% for ip in llng_api_src_ip %}
allow {{ ip }};
{% endfor %}
deny all;
{% if llng_api_pass is defined %}
auth_basic "Lemonldap::NG API";
auth_basic_user_file /etc/lemonldap-ng/api.htpasswd;
satisfy all;
access_log off;
{% endif %}
}
location / {
deny all;
}

9
roles/seafile/defaults/main.yml
View File

@ -11,11 +11,11 @@
# MaxUsers = "9"
# Mode = "subscription"
# etc...
seafile_version: "{{ seafile_license is defined | ternary('10.0.9','10.0.1') }}"
seafile_version: "{{ seafile_license is defined | ternary('10.0.9','11.0.3') }}"
# Archive URL and sha256 are only used for the community version
seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
seafile_archive_sha256: 4ce8d51c464ccde8478dfb5f6c92a43b6beece210a939e799b647521ce5baf42
seafile_archive_sha256: 72fced8581fcded3b63d64c2cc34ca22c30278e4a540d9321cb4727a566a3bf7
seafile_root_dir: /opt/seafile
seafile_data_dir: "{{ seafile_root_dir }}/data"
@ -80,6 +80,11 @@ seafile_ldap_base: "{{ ad_auth | default(False) | ternary('DC=' + ad_realm | def
# prevent seafevents from starting !
# seafile_ldap_bind_pass:
seafile_ldap_login_attr: "{{ ad_auth | default(False) | ternary('userPrincipalName','mail') }}"
seafile_ldap_email_attr: mail
seafile_ldap_first_name_attr: givenName
seafile_ldap_last_name_attr: sn
seafile_ldap_dept_attr: department
seafile_ldap_uid_attr: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
seafile_ldap_filter: "{{ ad_auth | default(False) | ternary('&(objectClass=user)(objectCategory=person)(primaryGroupId=513)','objectClass=inetOrgPerson') }}"
# seafile_ldap_group_filter: (mail=*)

8
roles/seafile/tasks/facts.yml
View File

@ -8,6 +8,14 @@
- vars/{{ ansible_os_family }}.yml
tags: seafile
- set_fact: seafile_edition='pro'
when: seafile_licence is defined
tags: seafile
- set_fact: seafile_edition='community'
when: seafile_licence is not defined
tags: seafile
- name: Set default install mode
set_fact: seafile_install_mode='none'
tags: seafile

4
roles/seafile/tasks/install.yml
View File

@ -37,7 +37,7 @@
pip:
virtualenv: "{{ seafile_root_dir }}"
virtualenv_command: /bin/python3.9 -m venv
name: "{{ seafile_python_libs }}"
name: "{{ seafile_python_libs[seafile_edition] }}"
notify:
- restart seafile
- restart seahub
@ -150,7 +150,7 @@
# Needed since CentOS 7.5 so ldaps can be used
- name: Remove bundled libs
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
loop: "{{ seafile_rm_libs }}"
loop: "{{ seafile_rm_libs[seafile_edition] }}"
notify: restart seafile
tags: seafile

2
roles/seafile/templates/ccnet.conf.j2
View File

@ -15,7 +15,7 @@ PASSWD = {{ seafile_db_pass }}
DB = {{ seafile_db_ccnet }}
CONNECTION_CHARSET = utf8
{% if seafile_ldap_auth is defined and seafile_ldap_auth %}
{% if seafile_edition == 'pro' and seafile_ldap_auth is defined and seafile_ldap_auth %}
[LDAP]
HOST = {{ seafile_ldap_uri }}
BASE = {{ seafile_ldap_base }}

32
roles/seafile/templates/seahub_settings.py.j2
View File

@ -122,6 +122,7 @@ OAUTH_ATTRIBUTE_MAP = {
"name": (False, "name"),
}
{% endif %}
{% endif %}
{% if seafile_header_auth == True %}
ENABLE_REMOTE_USER_AUTHENTICATION = True
REMOTE_USER_HEADER = '{{ seafile_header_auth_name }}'
@ -169,3 +170,34 @@ ENABLE_UPLOAD_LINK_VIRUS_CHECK = True
VIRUS_SCAN_NOTIFY_LIST = ['{{ system_admin_email }}']
{% endif %}
{% endif %}
{% if seafile_edition == 'community' and seafile_ldap_auth is defined and seafile_ldap_auth %}
ENABLE_LDAP = True
LDAP_SERVER_URL = '{{ seafile_ldap_uri }}'
LDAP_BASE_DN = '{{ seafile_ldap_base }}'
{% if seafile_ldap_bind_dn is defined and seafile_ldap_bind_pass is defined %}
LDAP_ADMIN_DN = '{{ seafile_ldap_bind_dn }}'
LDAP_ADMIN_PASSWORD = '{{ seafile_ldap_bind_pass }}'
{% endif %}
LDAP_PROVIDER = 'ldap'
LDAP_LOGIN_ATTR = '{{ seafile_ldap_login_attr }}'
LDAP_FILTER = '{{ seafile_ldap_filter }}'
LDAP_CONTACT_EMAIL_ATTR = '{{ seafile_ldap_email_attr }}'
LDAP_USER_FIRST_NAME_ATTR = '{{ seafile_ldap_first_name_attr }}'
LDAP_USER_LAST_NAME_ATTR = '{{ seafile_ldap_last_name_attr }}'
{% if seafile_license is defined %}
LDAP_SYNC_INTERVAL = 60
ENABLE_LDAP_USER_SYNC = True
{% if seafile_ldap_group_filter is defined %}
ENABLE_LDAP_GROUP_SYNC = True
{% endif %}
DEACTIVE_USER_IF_NOTFOUND = True
LDAP_USER_OBJECT_CLASS = 'person'
ENABLE_EXTRA_USER_INFO_SYNC = True
DEPT_ATTR = '{{ seafile_ldap_dept_attr }}'
LDAP_UID_ATTR = '{{ seafile_ldap_uid_attr }}'
ACTIVATE_USER_WHEN_IMPORT = False
ACTIVATE_AFTER_FIRST_LOGIN = True
{% endif %}
{% endif %}

52
roles/seafile/vars/RedHat-7.yml
View File

@ -24,20 +24,44 @@ seafile_packages:
- python-setuptools # needed for ansible to create the venv
seafile_python_libs:
- Pillow
- pylibmc
- captcha
- jinja2
- sqlalchemy
- psd-tools
- django-pylibmc
- django-simple-captcha
- python3-ldap
- requests_oauthlib
- future
- mysqlclient==2.0.1
- pycryptodome
- lxml
community:
- pillow==10.0.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==2.0.18
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap==3.4.3
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
pro:
- pillow==9.3.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==1.4.3
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
seafile_rm_libs:
- libnssutil3.so

73
roles/seafile/vars/RedHat-8.yml
View File

@ -24,29 +24,54 @@ seafile_packages:
- python3-setuptools # needed for ansible to create the venv
seafile_python_libs:
- pillow==9.3.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==1.4.3
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
community:
- pillow==10.0.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==2.0.18
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap==3.4.3
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
pro:
- pillow==9.3.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==1.4.3
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
seafile_rm_libs:
- liblber-2.4.so.2
- libldap-2.4.so.2
- libsasl2.so.3
- libldap_r-2.4.so.2 # 9.0.0
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0
community:
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0
pro:
- liblber-2.4.so.2
- libldap-2.4.so.2
- libsasl2.so.3
- libldap_r-2.4.so.2 # 9.0.0
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0

77
roles/seafile/vars/RedHat-9.yml Normal file
View File

@ -0,0 +1,77 @@
---
seafile_packages:
- python39
- python39-setuptools
- python39-pip
- python39-devel
- gcc
- gcc-c++
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- openldap-devel
- openssl-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
- python3-setuptools # needed for ansible to create the venv
seafile_python_libs:
community:
- pillow==10.0.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==2.0.18
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap==3.4.3
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
pro:
- pillow==9.3.*
- pylibmc
- captcha==0.4
- jinja2
- SQLAlchemy==1.4.3
- psd-tools
- django-pylibmc
- django_simple_captcha==0.5.*
- djangosaml2==1.5.*
- pysaml2==7.2.*
- python-ldap
- requests_oauthlib
- future==0.18.*
- mysqlclient==2.1.*
- pycryptodome==3.16.*
- cffi==1.15.1
- lxml
- chardet
seafile_rm_libs:
community:
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0
pro:
- liblber-2.4.so.2
- libldap-2.4.so.2
- libsasl2.so.3
- libldap_r-2.4.so.2 # 9.0.0
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0