From 846f7f7fc744f677cad2ec6a967ecddcf50e9192 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Sat, 3 May 2025 23:48:16 +0200
Subject: [PATCH] feat(openldap): add ansible role for deployment

---
 galaxy.yml                                 |  1 +
 roles/openldap/README.md                   |  3 ++
 roles/openldap/defaults/main/container.yml | 40 ++++++++++++++++++++++
 roles/openldap/defaults/main/main.yml      | 12 +++++++
 roles/openldap/tasks/configure.yml         |  0
 roles/openldap/tasks/deploy-docker.yml     | 29 ++++++++++++++++
 roles/openldap/tasks/main.yml              | 22 ++++++++++++
 roles/openldap/vars/main.yml               |  6 ++++
 8 files changed, 113 insertions(+)
 create mode 100644 roles/openldap/README.md
 create mode 100644 roles/openldap/defaults/main/container.yml
 create mode 100644 roles/openldap/defaults/main/main.yml
 create mode 100644 roles/openldap/tasks/configure.yml
 create mode 100644 roles/openldap/tasks/deploy-docker.yml
 create mode 100644 roles/openldap/tasks/main.yml
 create mode 100644 roles/openldap/vars/main.yml

diff --git a/galaxy.yml b/galaxy.yml
index ae7193a..26e1d92 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -25,3 +25,4 @@ tags:
   - nginx
   - restic
   - user_management
+  - openldap
diff --git a/roles/openldap/README.md b/roles/openldap/README.md
new file mode 100644
index 0000000..85ad817
--- /dev/null
+++ b/roles/openldap/README.md
@@ -0,0 +1,3 @@
+# `finallycoffee.base.openldap` ansible role
+
+Deploy and configure [OpenLDAP](https://www.openldap.org/).
diff --git a/roles/openldap/defaults/main/container.yml b/roles/openldap/defaults/main/container.yml
new file mode 100644
index 0000000..92c5532
--- /dev/null
+++ b/roles/openldap/defaults/main/container.yml
@@ -0,0 +1,40 @@
+---
+openldap_container_name: "openldap"
+openldap_container_image_registry: ~
+openldap_container_image_namespace: ~
+openldap_container_image_name: "openldap"
+openldap_container_image_tag: ~
+openldap_container_image_source: "pull"
+openldap_container_image_force_source: >-2
+  {{ openldap_container_image_tag | default(false, true) }}
+openldap_container_image_repository: >-2
+  {{
+    [
+      openldap_container_image_registry | default([], true),
+      openldap_container_image_namespace | default([], true),
+      openldap_container_image_name
+    ] | flatten | join('/')
+  }}
+openldap_container_image: >-2
+  {{
+    [
+      openldap_container_image_repository,
+      openldap_container_image_tag
+        | default(openldap_package_version, true),
+    ] | join(':')
+  }}
+openldap_container_env: ~
+openldap_container_user: ~
+openldap_container_ports: ~
+openldap_container_labels: ~
+openldap_container_volumes: ~
+openldap_container_networks: ~
+openldap_container_network_mode: ~
+openldap_container_dns_servers: ~
+openldap_container_etc_hosts: ~
+openldap_container_memory: ~
+openldap_container_memory_swap: ~
+openldap_container_memory_reservation: ~
+openldap_container_restart_policy: "on-failure"
+openldap_container_state: >-2
+  {[ (openldap_state == 'present') | ternary('started', 'absent') }}
diff --git a/roles/openldap/defaults/main/main.yml b/roles/openldap/defaults/main/main.yml
new file mode 100644
index 0000000..ad76055
--- /dev/null
+++ b/roles/openldap/defaults/main/main.yml
@@ -0,0 +1,12 @@
+---
+openldap_version: "2.6.8"
+openldap_alpine_revision: "0"
+openldap_alpine_package_version: >-2
+  {{ openldap_version }}-r{{ openldap_alpine_revision | string }}
+
+openldap_config_path: "/etc/openldap/"
+openldap_data_path: "/var/lib/openldap"
+openldap_socket_path: "/run/openldap"
+
+openldap_state: "present"
+openldap_deployment_method: "docker"
diff --git a/roles/openldap/tasks/configure.yml b/roles/openldap/tasks/configure.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/openldap/tasks/deploy-docker.yml b/roles/openldap/tasks/deploy-docker.yml
new file mode 100644
index 0000000..65188ae
--- /dev/null
+++ b/roles/openldap/tasks/deploy-docker.yml
@@ -0,0 +1,29 @@
+---
+- name: Ensure container image '{{ openldap_container_image }}' is {{ openldap_state }}
+  community.docker.docker_image:
+    name: "{{ openldap_container_image }}"
+    state: "{{ openldap_state }}"
+    source: "{{ openldap_container_image_source }}"
+    force_source: "{{ openldap_container_image_force_source }}"
+
+- name: Ensure container '{{ openldap_container_name }}' is {{ openldap_container_state }}
+  community.docker.docker_container:
+    name: "{{ openldap_container_name }}"
+    image: "{{ openldap_container_image }}"
+    env: "{{ openldap_container_env | default(omit, true) }}"
+    user: "{{ openldap_container_user | default(omit, true) }}"
+    ports: "{{ openldap_container_ports | default(omit, true) }}"
+    labels: "{{ openldap_container_labels | default(omit, true) }}"
+    volumes: "{{ openldap_container_volumes | default(omit, true) }}"
+    networks: "{{ openldap_container_networks | default(omit, true) }}"
+    network_mode: "{{ openldap_container_network_mode | default(omit, true) }}"
+    dns_servers: "{{ openldap_container_dns_servers | default(omit, true) }}"
+    etc_hosts: "{{ openldap_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ openldap_container_memory | default(omit, true) }}"
+    memory_swap: "{{ openldap_container_memory_swap | default(omit, true) }}"
+    memory_reservation: >-2
+      {{ openldap_container_memory_reservation | default(omit, true) }}
+    restart_policy: >-2
+      {{ openldap_container_restart_policy | default(omit, true) }}
+    state: "{{ openldap_container_state }}"
+
diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml
new file mode 100644
index 0000000..619fea1
--- /dev/null
+++ b/roles/openldap/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Check if 'openldap_state' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ openldap_state }}'!
+      Supported states are {{ openldap_states | join(', ') }}.
+  when: openldap_state not in openldap_states
+
+- name: Check if 'openldap_deployment_method' is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ openldap_deployment_method }}'!
+      Supported states are {{ openldap_deployment_methods | join(', ') }}.
+  when: openldap_deployment_method not in openldap_deployment_methods
+
+- name: Ensure openldap is configured
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+
+- name: Ensure openldap is deployed using {{ openldap_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ openldap_deployment_method }}.yml"
diff --git a/roles/openldap/vars/main.yml b/roles/openldap/vars/main.yml
new file mode 100644
index 0000000..d2e6bff
--- /dev/null
+++ b/roles/openldap/vars/main.yml
@@ -0,0 +1,6 @@
+---
+openldap_states:
+  - "present"
+  - "absent"
+openldap_deployment_methods:
+  - "docker"