From 5d254508721c3ca6a0fd38a7608c20dc9963028a Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sun, 19 Jan 2020 22:31:52 +0100
Subject: [PATCH] add ldap_sync container setup

---
 defaults/main.yml                 | 31 +++++++++++++++++
 templates/services/compose.yml.j2 | 58 +++++++++++++++++++++++++++++--
 2 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 090db43..4856df7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -85,4 +85,35 @@ bitwardenrs_db_password: secure
 bitwardenrs_db_ssl_mode: disable
 bitwardenrs_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt
 
+bitwardenrs_ldap_sync_enabled: False
+bitwardenrs_ldap_container_name: bitwardenrs_ldap
+bitwardenrs_ldap_image: "xoxys/bitwardenrs_ldap:{{ bitwardenrs_version }}"
+bitwardenrs_ldap_restart_policy: on-failure
+
+# @var bitwardenrs_ldap_memory_limit: $ "_unset_"
+# @var bitwardenrs_ldap_memory_limit:example: $ "512m"
+# @var bitwardenrs_ldap_memory_reservation: $ "_unset_"
+# @var bitwardenrs_ldap_memory_reservation:example: $ "256m"
+# @var bitwardenrs_ldap_cpu_shares: $ "_unset_"
+# @var bitwardenrs_ldap_cpu_shares:example: $ "1024"
+
+bitwardenrs_ldap_cap_add: []
+bitwardenrs_ldap_cap_drop: []
+bitwardenrs_ldap_security_opt: []
+# @var bitwardenrs_ldap_pids_limit: $ "_unset_"
+
+bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_base_url }}"
+bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_admin_token | default('') }}"
+# @var bitwardenrs_ldap_host: $ "_unset_"
+# @var bitwardenrs_ldap_scheme: $ "_unset_"
+bitwardenrs_ldap_ssl: True
+# @var bitwardenrs_ldap_port: $ "_unset_"
+# @var bitwardenrs_ldap_bind_dn: $ "_unset_"
+# @var bitwardenrs_ldap_bind_password: $ "_unset_"
+# @var bitwardenrs_ldap_search_base_dn: $ "_unset_"
+bitwardenrs_ldap_search_filter: "(&(objectclass=*)(uid=*))"
+bitwardenrs_ldap_mail_field: "mail"
+bitwardenrs_ldap_sync_interval_seconds: "60"
+bitwardenrs_ldap_sync_loop: True
+
 bitwardenrs_docker_compose_bin: /usr/local/bin/docker-compose
diff --git a/templates/services/compose.yml.j2 b/templates/services/compose.yml.j2
index 58d53ac..63b9c24 100644
--- a/templates/services/compose.yml.j2
+++ b/templates/services/compose.yml.j2
@@ -6,7 +6,7 @@ services:
   bitwardenrs:
     container_name: {{ bitwardenrs_container_name }}
     image: {{ bitwardenrs_image }}
-    restart: unless-stopped
+    restart: {{ bitwardenrs_restart_policy }}
     ports:
       - {{ bitwardenrs_exposed_ip + ':' if bitwardenrs_exposed_ip is defined else '' }}{{ bitwardenrs_exposed_port }}:8080
     volumes:
@@ -64,7 +64,6 @@ services:
       {% endif %}
       - BITWARDENRS_SMTP_AUTH_MECHANISM={{ bitwardenrs_smtp_auth_mechanism }}
       - BITWARDENRS_SMTP_TIMEOUT={{ bitwardenrs_smtp_timeout }}
-
     {% if bitwardenrs_memory_limit is defined %}
     mem_limit: {{ bitwardenrs_memory_limit }}
     {% endif %}
@@ -99,6 +98,61 @@ services:
     {% if bitwardenrs_pids_limit is defined %}
     pids_limit: {{ bitwardenrs_pids_limit }}
     {% endif %}
+  {% if bitwardenrs_ldap_sync_enabled %}
+
+  bitwardenrs_ldap:
+    container_name: {{ bitwardenrs_ldap_container_name }}
+    image: {{ bitwardenrs_ldap_image }}
+    restart: {{ bitwardenrs_ldap_restart_policy }}
+    environment:
+      bitwardenrs_ldap_bitwarden_url: "{{ bitwardenrs_ldap_bitwarden_url }}"
+      bitwardenrs_ldap_bitwarden_admin_token: "{{ bitwardenrs_ldap_bitwarden_admin_token }}"
+      bitwardenrs_ldap_host: "{{ bitwardenrs_ldap_host }}"
+      {% if bitwardenrs_ldap_scheme is defined and bitwardenrs_ldap_scheme %}
+      bitwardenrs_ldap_scheme: "{{ bitwardenrs_ldap_scheme }}"
+      {% endif %}
+      bitwardenrs_ldap_ssl: "{{ bitwardenrs_ldap_ssl }}"
+      {% if bitwardenrs_ldap_port is defined and bitwardenrs_ldap_port %}
+      bitwardenrs_ldap_port: "{{ bitwardenrs_ldap_port }}"
+      {% endif %}
+      bitwardenrs_ldap_bind_dn: "{{ bitwardenrs_ldap_bind_dn }}"
+      bitwardenrs_ldap_bind_password: "{{ bitwardenrs_ldap_bind_password }}"
+      bitwardenrs_ldap_search_base_dn: "{{ bitwardenrs_ldap_search_base_dn }}"
+      bitwardenrs_ldap_search_filter: "{{ bitwardenrs_ldap_search_filter }}"
+      bitwardenrs_ldap_mail_field: "{{ bitwardenrs_ldap_mail_field }}"
+      bitwardenrs_ldap_sync_interval_seconds: "{{ bitwardenrs_ldap_sync_interval_seconds }}"
+      bitwardenrs_ldap_sync_loop: "{{ bitwardenrs_ldap_sync_loop }}"
+    {% if bitwardenrs_ldap_memory_limit is defined %}
+    mem_limit: {{ bitwardenrs_ldap_memory_limit }}
+    {% endif %}
+    {% if bitwardenrs_ldap_memory_reservation is defined %}
+    mem_reservation: {{ bitwardenrs_ldap_memory_reservation }}
+    {% endif %}
+    {% if bitwardenrs_ldap_cpu_shares is defined %}
+    cpu_shares: {{ bitwardenrs_ldap_cpu_shares }}
+    {% endif %}
+    {% if not bitwardenrs_ldap_cap_add | length == 0 %}
+    cap_add:
+      {% for item in bitwardenrs_ldap_cap_add %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if not bitwardenrs_ldap_cap_drop | length == 0  %}
+    cap_drop:
+      {% for item in bitwardenrs_ldap_cap_drop %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if not bitwardenrs_ldap_security_opt | length == 0 %}
+    security_opt:
+      {% for item in bitwardenrs_ldap_security_opt %}
+      - {{ item }}
+      {% endfor %}
+    {% endif %}
+    {% if bitwardenrs_ldap_pids_limit is defined %}
+    pids_limit: {{ bitwardenrs_ldap_pids_limit }}
+    {% endif %}
+    {% endif %}
 
 volumes:
   data: