ldapweb: migrate from mirko to standalone
Change-Id: I169598232b39b99bfd2d4ff3799b44083ba77e84
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1623
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/hswaw/ldapweb/prod.jsonnet b/hswaw/ldapweb/prod.jsonnet
new file mode 100644
index 0000000..00f3cca
--- /dev/null
+++ b/hswaw/ldapweb/prod.jsonnet
@@ -0,0 +1,155 @@
+local kube = import "../../kube/kube.libsonnet";
+
+{
+ local top = self,
+ local cfg = self.cfg,
+
+ cfg:: {
+ name: 'ldapweb',
+ namespace: 'ldapweb',
+ domain: 'profile.hackerspace.pl',
+ image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
+ },
+
+ ns: kube.Namespace(cfg.namespace),
+
+ deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
+ spec+: {
+ replicas: 1,
+ template+: {
+ spec+: {
+ volumes_: {
+ config: kube.ConfigMapVolume(top.configmap),
+ },
+ containers_: {
+ default: kube.Container("default") {
+ image: cfg.image,
+ resources: {
+ requests: { cpu: "25m", memory: "64Mi" },
+ limits: { cpu: "500m", memory: "128Mi" },
+ },
+ ports_: {
+ http: { containerPort: 8000 },
+ },
+ volumeMounts_: {
+ config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
+ }
+ },
+ },
+ },
+ },
+ },
+ },
+
+ service: top.ns.Contain(kube.Service(cfg.name)) {
+ target_pod:: top.deployment.spec.template,
+ },
+
+ ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
+ metadata+: {
+ annotations+: {
+ "kubernetes.io/tls-acme": "true",
+ "cert-manager.io/cluster-issuer": "letsencrypt-prod",
+ "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ },
+ },
+ spec+: {
+ tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
+ rules: [
+ {
+ host: cfg.domain,
+ http: {
+ paths: [
+ { path: "/", backend: top.service.name_port },
+ ],
+ },
+ },
+ ],
+ },
+ },
+
+ configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
+ data: {
+ "config.py": |||
+ import flask_wtf
+ import wtforms
+ import secrets
+
+ secret_key = secrets.token_hex(32)
+
+ ldap_url = 'ldap://ldap.hackerspace.pl'
+ dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
+
+ ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
+
+ ldap_base = 'dc=hackerspace,dc=pl'
+ ldap_people = 'ou=People,dc=hackerspace,dc=pl'
+ admin_groups = {
+ 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
+ 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
+ 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
+ }
+
+ admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
+ admin_pw = 'unused'
+
+ hackerspace_name = 'Warsaw Hackerspace'
+
+ readable_names = {
+ 'commonname': u'Common Name',
+ 'givenname': u'Given Name',
+ 'gecos': u'GECOS (public name)',
+ 'surname': u'Surname',
+ 'loginshell': u'Shell',
+ 'telephonenumber': 'Phone Number',
+ 'mobiletelephonenumber': 'Mobile Number',
+ 'sshpublickey': 'SSH Public Key',
+ 'mifareidhash': 'MIFARE ID Hash',
+ }
+
+ full_name = {
+ 'cn': 'commonname',
+ 'gecos': 'gecos',
+ 'sn': 'surname',
+ 'mobile': 'mobiletelephonenumber',
+ 'l': 'locality',
+ }
+
+ can_add = set([
+ 'telephonenumber',
+ 'mobiletelephonenumber',
+ 'sshpublickey',
+ 'mifareidhash',
+ ])
+ can_delete = can_add
+ can_modify = can_add | set([
+ 'givenname', 'surname', 'commonname', 'gecos',
+ ])
+ can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
+ admin_required = set()
+
+
+ perm_errors = {
+ 'add': 'You cannot add this attribute!',
+ 'mod': 'You cannot change this attribute!',
+ 'del': 'You cannot delete this attribute!',
+ }
+ std_templates = {
+ 'add': 'ops/add.html',
+ 'mod': 'ops/mod.html',
+ 'del': 'ops/del.html',
+ }
+
+
+
+ default_field = (wtforms.fields.StringField, {})
+ fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
+
+ kadmin_passwd = True
+ kadmin_principal_map = "{}@HACKERSPACE.PL"
+
+ TOKEN_LENGTH = 32
+ |||,
+ },
+ },
+}