From 4a43281179d25bb842672a8b4caac8e35371cd1c Mon Sep 17 00:00:00 2001 From: Simon C Date: Wed, 5 Jul 2023 14:57:00 +0200 Subject: [PATCH] feat(LLDAP): Add new service --- README.md | 1 + lldap/README.md | 29 +++++++++++++++++++++++++ lldap/docker-compose.local.yml | 13 +++++++++++ lldap/docker-compose.postgres.yml | 8 +++++++ lldap/docker-compose.smtp.yml | 16 ++++++++++++++ lldap/docker-compose.traefik.yml | 23 ++++++++++++++++++++ lldap/docker-compose.yml | 36 +++++++++++++++++++++++++++++++ 7 files changed, 126 insertions(+) create mode 100644 lldap/README.md create mode 100644 lldap/docker-compose.local.yml create mode 100644 lldap/docker-compose.postgres.yml create mode 100644 lldap/docker-compose.smtp.yml create mode 100644 lldap/docker-compose.traefik.yml create mode 100644 lldap/docker-compose.yml diff --git a/README.md b/README.md index b9ac8fd..5995101 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ Vous trouverez dans ce dépôt l'ensemble des services Open Source que RésiLien - [GeoIP Update](./geoipupdate) : Permet de télécharger la base de données GeoIP2 permettant de localiser les IPs - [Gitea](./gitea) : Un service Git très simple à installer et à utiliser. Il est similaire à GitHub, Bitbucket ou Gitlab. - [Grafana](./grafana) : Un outil de supervision simple et élégant +- [LLDAP](./lldap): Implémentation légère de LDAP pour l'authentification - [PostgreSQL](./postgres) : PostgreSQL est un système de gestion de base de données relationnelle et objet. - [Prometheus](./prometheus) : Un logiciel de surveillance informatique - [Redis](./redis) : Système de gestion de base de données clé-valeur extensible, très hautes performances diff --git a/lldap/README.md b/lldap/README.md new file mode 100644 index 0000000..45314af --- /dev/null +++ b/lldap/README.md @@ -0,0 +1,29 @@ +# LLDAP + +> Implémentation légère de LDAP pour l'authentification : +> Ce projet est un serveur d'authentification léger (écrit en rust) qui fournit une interface LDAP simplifiée pour l'authentification. Il s'intègre avec de nombreux backends, de KeyCloak à Authelia en passant par Nextcloud et plus encore ! + + +## Documentation + +- Le fichier [`lldap_config.docker_template.toml`](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) contient toute la configuration possible de l'outil. +- De base le projet utilise SQLite mais on peut utiliser Postgres voir le fichier [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) +- Le projet n'est pas [traduit](https://github.com/lldap/lldap/issues/20) actuellement + + +## Configuration + +La configuration a été séparé dans 5 fichiers : + +- [`docker-compose.yml`](./docker-compose.yml) contient la configuration de base +- [`docker-compose.local.yml`](./docker-compose.local.yml) permettant de tester le service sans Traefik +- [`docker-compose.smtp.yml`](./docker-compose.smtp.yml) correspondant à la configuration du service SMTP +- [`docker-compose.postgres.yml`](./docker-compose.postgres.yml) pour configurer le service Postgres +- [`docker-compose.traefik.yml`](./docker-compose.traefik.yml) pour configurer automatiquement Traefik + + +## Liens + +- [Code source][https://github.com/lldap/lldap] +- [Docker Hub][https://hub.docker.com/r/nitnelave/lldap] +- [Documentation](https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml) diff --git a/lldap/docker-compose.local.yml b/lldap/docker-compose.local.yml new file mode 100644 index 0000000..8b441ac --- /dev/null +++ b/lldap/docker-compose.local.yml @@ -0,0 +1,13 @@ +--- + +version: "3.8" + +services: + lldap: + ports: + # For LDAP + - "3890:3890" + # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below + - "6360:6360" + # For the web front-end + - "17170:17170" diff --git a/lldap/docker-compose.postgres.yml b/lldap/docker-compose.postgres.yml new file mode 100644 index 0000000..a285164 --- /dev/null +++ b/lldap/docker-compose.postgres.yml @@ -0,0 +1,8 @@ +--- + +version: "3.8" + +services: + lldap: + environment: + - LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_CONTAINER_NAME}/${POSTGRES_DB} diff --git a/lldap/docker-compose.smtp.yml b/lldap/docker-compose.smtp.yml new file mode 100644 index 0000000..23024ae --- /dev/null +++ b/lldap/docker-compose.smtp.yml @@ -0,0 +1,16 @@ +--- + +version: "3.8" + +services: + lldap: + environment: + - LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO} + - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET} + - LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER} + - LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT} + - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__ENCRYPTION} + - LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER} + - LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD} + - LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM} + - LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__TO} diff --git a/lldap/docker-compose.traefik.yml b/lldap/docker-compose.traefik.yml new file mode 100644 index 0000000..46cc578 --- /dev/null +++ b/lldap/docker-compose.traefik.yml @@ -0,0 +1,23 @@ +--- + +version: "3.8" + +networks: + default: + name: ${TRAEFIK_NETWORK_NAME:-traefik} + +services: + lldap: + labels: + - traefik.enable=true + - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} + - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=Host(`${LLDAP_DOMAIN:?err}`) + - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} + # - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-lldap}.tls.certResolver=letsencrypt + - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=17170 + - traefik.http.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.scheme=http + + # https://github.com/lldap/lldap/issues/247#issuecomment-1489962511 + # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.rule=HostSNI(`${LLDAP_DOMAIN:?err}`) + # - traefik.tcp.routers.${TRAEFIK_ROUTER_NAME:-lldap}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web} + # - traefik.tcp.services.${TRAEFIK_ROUTER_NAME:-lldap}.loadbalancer.server.port=3890 diff --git a/lldap/docker-compose.yml b/lldap/docker-compose.yml new file mode 100644 index 0000000..c3c7978 --- /dev/null +++ b/lldap/docker-compose.yml @@ -0,0 +1,36 @@ +--- + +version: "3.8" + +volumes: + lldap: + name: ${LLDAP_VOLUME_NAME:-lldap} + +services: + lldap: + container_name: ${LLDAP_CONTAINER_NAME:-lldap} + image: ${LLDAP_IMAGE:-nitnelave/lldap:v0.4.3} + restart: always + volumes: + - "lldap:/data" + environment: + - TZ=${TIMEZONE:-Europe/Paris} + + - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET:?err} + - LLDAP_HTTP_URL=https://${LLDAP_DOMAIN:?err} + - LLDAP_VERBOSE=${LLDAP_VERBOSE:-false} + + - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN:?err} + - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN:?err} + - LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL:?err} + - LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS:?err} + + - LLDAP_TEST_EMAIL_TO=${LLDAP_TEST_EMAIL_TO} + - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=${LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET} + - LLDAP_SMTP_OPTIONS__SERVER=${LLDAP_SMTP_OPTIONS__SERVER} + - LLDAP_SMTP_OPTIONS__PORT=${LLDAP_SMTP_OPTIONS__PORT} + - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=${LLDAP_SMTP_OPTIONS__ENCRYPTION} + - LLDAP_SMTP_OPTIONS__USER=${LLDAP_SMTP_OPTIONS__USER} + - LLDAP_SMTP_OPTIONS__PASSWORD=${LLDAP_SMTP_OPTIONS__PASSWORD} + - LLDAP_SMTP_OPTIONS__FROM=${LLDAP_SMTP_OPTIONS__FROM} + - LLDAP_SMTP_OPTIONS__REPLY_TO=${LLDAP_SMTP_OPTIONS__TO}