Updated group vars for nginx

group_vars/all.yml

@@ -4,5 +4,6 @@
 user_source: "local"
 
 kanidm_uri: "https://idm.ezri.dev"
+ldap_uri: "ldaps://idm.ezri.dev"
 
 kanidm_supplemental: []

group_vars/containers.yml

@@ -0,0 +1,18 @@
+sso_type: ldap
+
+allowed_groups:
+  - sysadmin@idm.ezri.dev
+
+sudo_groups:
+  - sysadmin@idm.ezri.dev
+
+uses_passkey_auth: no
+uses_passkey_2fa: no
+uses_totp_2fa: yes
+totp_2fa_nullok: yes
+
+ldap_user_search_base: >-
+  dc=idm,dc=ezri,dc=dev
+ldap_group_search_base: >-
+  dc=idm,dc=ezri,dc=dev?subtree?(|(objectClass=posixAccount)(objecctClass=posixGroup))
+ldap_access_filter: "(memberof=sysadmin@idm.ezri.dev)"

group_vars/nginx.yml

@@ -12,6 +12,7 @@ sites_available:
     enabled: yes
     cert_domain: ezri.dev
     upstream: http://10.242.2.2:9001
+    max_upload: 0
 
   - fqdn: git.ezri.dev
     enabled: yes
@@ -111,10 +112,20 @@ sites_available:
     enabled: yes
     cert_domain: ezri.dev
     upstream: http://10.242.2.2:30032
+    restricted: yes
     allowed_ips:
       - 10.242.0.0/23
       - 10.242.3.0/24
 
+  - fqdn: sysadmin-exercise.internal.ezri.dev
+    enabled: yes
+    cert_domain: internal.ezri.dev
+    upstream: http://10.242.2.207:8888
+    restricted: yes
+    allowed_ips:
+      - 10.242.0.0/16
+      - 129.123.107.0/24
+
 streams_available:
   - fqdn: git.ezri.dev
     enabled: yes
@@ -132,6 +143,7 @@ streams_available:
     upstream_ssl: yes
     restricted: yes
     allowed_ips:
+      - 10.242.0.107
       - 10.242.2.2
       - 10.242.0.1
       - 10.242.2.1