Updated group vars for nginx

2024-10-01 18:53:40 -06:00 · 2024-10-01 18:53:40 -06:00 · db2918ef1b
commit db2918ef1b
parent 06957e6cef
3 changed files with 31 additions and 0 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -4,5 +4,6 @@
 user_source: "local"

 kanidm_uri: "https://idm.ezri.dev"
+ldap_uri: "ldaps://idm.ezri.dev"

 kanidm_supplemental: []
--- a/group_vars/containers.yml
+++ b/group_vars/containers.yml
@ -0,0 +1,18 @@
+sso_type: ldap
+
+allowed_groups:
+  - sysadmin@idm.ezri.dev
+
+sudo_groups:
+  - sysadmin@idm.ezri.dev
+
+uses_passkey_auth: no
+uses_passkey_2fa: no
+uses_totp_2fa: yes
+totp_2fa_nullok: yes
+
+ldap_user_search_base: >-
+  dc=idm,dc=ezri,dc=dev
+ldap_group_search_base: >-
+  dc=idm,dc=ezri,dc=dev?subtree?(|(objectClass=posixAccount)(objecctClass=posixGroup))
+ldap_access_filter: "(memberof=sysadmin@idm.ezri.dev)"
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@ -12,6 +12,7 @@ sites_available:
    enabled: yes
    cert_domain: ezri.dev
    upstream: http://10.242.2.2:9001
+    max_upload: 0

  - fqdn: git.ezri.dev
    enabled: yes
@ -111,10 +112,20 @@ sites_available:
    enabled: yes
    cert_domain: ezri.dev
    upstream: http://10.242.2.2:30032
+    restricted: yes
    allowed_ips:
      - 10.242.0.0/23
      - 10.242.3.0/24

+  - fqdn: sysadmin-exercise.internal.ezri.dev
+    enabled: yes
+    cert_domain: internal.ezri.dev
+    upstream: http://10.242.2.207:8888
+    restricted: yes
+    allowed_ips:
+      - 10.242.0.0/16
+      - 129.123.107.0/24
+
 streams_available:
  - fqdn: git.ezri.dev
    enabled: yes
@ -132,6 +143,7 @@ streams_available:
    upstream_ssl: yes
    restricted: yes
    allowed_ips:
+      - 10.242.0.107
      - 10.242.2.2
      - 10.242.0.1
      - 10.242.2.1