Role to configure nextcloud with LDAP User backend.
First test passed.
New modules:
- occ:
set coniguration values using `php occ` nextcloud command-line tool.
Created a reusable tasks list for issung certificates (tls) at the
moment.
Added option for module cert_request to programmatically require
signing of client certificate.
- Coherent quotation style
Single quotes for text variable (even if implicit), no quotes for
variable and conditional statements, if not required.
- Some useful tags added:
* ssh_certs
renewal of server SSH certificates and configuration of authorized
CA.
* tls_pub
renewal of public TLS certificates (let's encrypt) and certbot
configuration.
* tls_int
renewal of internal TLS certificates (service authorizations) and
configuration of authorized internal CA.
*(ToDo: deployment of Certificate Revokation Lists)*
* lxc
deployment of new containers (deployment of configuration file
excluded, for instance change in ip address are always applied and
trigger a container restart even if you skip this tag.
* packages
installation and upgrade of software packages (apt, opkg or
tarballs)
* service_password
create new random password for services-only password, for routine
rotation. Not meant to be skipped (some roles need to know the
service password, so they do a rotation).
- prepare_host
- ssh_server
- lxc_guest
- ldap
- gitlab
- x509_subject_prefix
- x509_ldap_suffix
*Replaces:* x509_suffix in ldap.yaml
- letsencrypt_email
Used in roles/certbot and roles/gitlab
- root_ca_cert
*Replaces:* ssl_ca_cert and files/lilik_x1.crt
New defaults:
- ldap_domain | default: `${domain}`
- server_fqdn | default: `${hostname}.dmz.${domain}`
*Replaces:* fqdn_domain
Removed:
- fqdn_dmain
- x509_suffix
*Replaced by:* x509_ldap_suffix in common
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
*Replaces*: fqdn
- ldap_domain | default: `${domain}`
- ldap_server | default: `ldap1.dmz.${domain}`
- ldap_basedn | default: `dn(${ldap_domain})`
- enable_https | default: `true`
New defaults:
- server_fqdn | default: `${hostname}.${domain}`
- Tasks splitted in subfiles.
- Static slapd configuration (slapd.conf) moved *properly* to dynamic
conf (slapd.d).
- TLS Enabled by default, with certificate acquired using
`ca_manager`.
- New default tree
- New default ACL
- Kerberos schema added
- {SSHA512} hash properly configured.