add ldap_sync container setup

2020-01-19 22:31:52 +01:00 · 2020-01-19 22:31:52 +01:00 · 5d25450872
parent 5e99a58425
commit 5d25450872
2 changed files with 87 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -85,4 +85,35 @@ bitwardenrs_db_password: secure
 bitwardenrs_db_ssl_mode: disable
 bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt

+bitwardenrs_ldap_sync_enabled: False
+bitwardenrs_ldap_container_name: bitwardenrs_ldap
+bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_version }}"
+bitwardenrs_ldap_restart_policy: on-failure
+
+# @var bitwardenrs_ldap_memory_limit: $ "_unset_"
+# @var bitwardenrs_ldap_memory_limit:example: $ "512m"
+# @var bitwardenrs_ldap_memory_reservation: $ "_unset_"
+# @var bitwardenrs_ldap_memory_reservation:example: $ "256m"
+# @var bitwardenrs_ldap_cpu_shares: $ "_unset_"
+# @var bitwardenrs_ldap_cpu_shares:example: $ "1024"
+
+bitwardenrs_ldap_cap_add: []
+bitwardenrs_ldap_cap_drop: []
+bitwardenrs_ldap_security_opt: []
+# @var bitwardenrs_ldap_pids_limit: $ "_unset_"
+
+bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}"
+bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}"
+# @var bitwardenrs_ldap_host: $ "_unset_"
+# @var bitwardenrs_ldap_scheme: $ "_unset_"
+bitwardenrs_ldap_ssl: True
+# @var bitwardenrs_ldap_port: $ "_unset_"
+# @var bitwardenrs_ldap_bind_dn: $ "_unset_"
+# @var bitwardenrs_ldap_bind_password: $ "_unset_"
+# @var bitwardenrs_ldap_search_base_dn: $ "_unset_"
+bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))"
+bitwardenrs_ldap_mail_field: "mail"
+bitwardenrs_ldap_sync_interval_seconds: "60"
+bitwardenrs_ldap_sync_loop: True
+
 bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose
--- a/templates/services/compose.yml.j2
+++ b/templates/services/compose.yml.j2
@ -6,7 +6,7 @@ services:
  bitwardenrs:
    container_name: {{ bitwardenrs_container_name }}
    image: {{ bitwardenrs_image }}
-    restart: unless-stopped
+    restart: {{ bitwardenrs_restart_policy }}
    ports:
      - {{ bitwardenrs_exposed_ip + ':' if bitwardenrs_exposed_ip is defined else '' }}{{ bitwardenrs_exposed_port }}:8080
    volumes:
@ -64,7 +64,6 @@ services:
      {% endif %}
      - BITWARDENRS_SMTP_AUTH_MECHANISM={{ bitwardenrs_smtp_auth_mechanism }}
      - BITWARDENRS_SMTP_TIMEOUT={{ bitwardenrs_smtp_timeout }}
-
    {% if bitwardenrs_memory_limit is defined %}
    mem_limit: {{ bitwardenrs_memory_limit }}
    {% endif %}
@ -99,6 +98,61 @@ services:
    {% if bitwardenrs_pids_limit is defined %}
    pids_limit: {{ bitwardenrs_pids_limit }}
    {% endif %}
+  {% if bitwardenrs_ldap_sync_enabled %}
+
+  bitwardenrs_ldap:
+    container_name: {{ bitwardenrs_ldap_container_name }}
+    image: {{ bitwardenrs_ldap_image }}
+    restart: {{ bitwardenrs_ldap_restart_policy }}
+    environment:
+      bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_ldap_bitwarden_url }}"
+      bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_ldap_bitwarden_admin_token }}"
+      bitwardenrs_ldap_host: "{{ bitwardenrs_ldap_host }}"
+      {% if bitwardenrs_ldap_scheme is defined and bitwardenrs_ldap_scheme %}
+      bitwardenrs_ldap_scheme: "{{ bitwardenrs_ldap_scheme }}"
+      {% endif %}
+      bitwardenrs_ldap_ssl: "{{ bitwardenrs_ldap_ssl }}"
+      {% if bitwardenrs_ldap_port is defined and bitwardenrs_ldap_port %}
+      bitwardenrs_ldap_port: "{{ bitwardenrs_ldap_port }}"
+      {% endif %}
+      bitwardenrs_ldap_bind_dn: "{{ bitwardenrs_ldap_bind_dn }}"
+      bitwardenrs_ldap_bind_password: "{{ bitwardenrs_ldap_bind_password }}"
+      bitwardenrs_ldap_search_base_dn: "{{ bitwardenrs_ldap_search_base_dn }}"
+      bitwardenrs_ldap_search_filter: "{{ bitwardenrs_ldap_search_filter }}"
+      bitwardenrs_ldap_mail_field: "{{ bitwardenrs_ldap_mail_field }}"
+      bitwardenrs_ldap_sync_interval_seconds: "{{ bitwardenrs_ldap_sync_interval_seconds }}"
+      bitwardenrs_ldap_sync_loop: "{{ bitwardenrs_ldap_sync_loop }}"
+    {% if bitwardenrs_ldap_memory_limit is defined %}
+    mem_limit: {{ bitwardenrs_ldap_memory_limit }}
+    {% endif %}
+    {% if bitwardenrs_ldap_memory_reservation is defined %}
+    mem_reservation: {{ bitwardenrs_ldap_memory_reservation }}
+    {% endif %}
+    {% if bitwardenrs_ldap_cpu_shares is defined %}
+    cpu_shares: {{ bitwardenrs_ldap_cpu_shares }}
+    {% endif %}
+    {% if not bitwardenrs_ldap_cap_add | length == 0 %}
+    cap_add:
+      {% for item in bitwardenrs_ldap_cap_add %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if not bitwardenrs_ldap_cap_drop | length == 0  %}
+    cap_drop:
+      {% for item in bitwardenrs_ldap_cap_drop %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if not bitwardenrs_ldap_security_opt | length == 0 %}
+    security_opt:
+      {% for item in bitwardenrs_ldap_security_opt %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if bitwardenrs_ldap_pids_limit is defined %}
+    pids_limit: {{ bitwardenrs_ldap_pids_limit }}
+    {% endif %}
+    {% endif %}

 volumes:
  data: