Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / b8d4a8a902430e038fa9c0986d44b92fae788dde / . / hswaw / ldapweb / prod.jsonnet
blob: 00f3cca039a50c91504d18a7a9ca45b41f0b80f1 [file] [log] [blame]
radexb8d4a8a2023-09-22 23:46:05 +0200[diff] [blame^]1local kube = import "../../kube/kube.libsonnet";
2
3{
4 local top = self,
5 local cfg = self.cfg,
6
7 cfg:: {
8 name: 'ldapweb',
9 namespace: 'ldapweb',
10 domain: 'profile.hackerspace.pl',
11 image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
12 },
13
14 ns: kube.Namespace(cfg.namespace),
15
16 deployment: top.ns.Contain(kube.Deployment(cfg.name)) {
17 spec+: {
18 replicas: 1,
19 template+: {
20 spec+: {
21 volumes_: {
22 config: kube.ConfigMapVolume(top.configmap),
23 },
24 containers_: {
25 default: kube.Container("default") {
26 image: cfg.image,
27 resources: {
28 requests: { cpu: "25m", memory: "64Mi" },
29 limits: { cpu: "500m", memory: "128Mi" },
30 },
31 ports_: {
32 http: { containerPort: 8000 },
33 },
34 volumeMounts_: {
35 config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
36 }
37 },
38 },
39 },
40 },
41 },
42 },
43
44 service: top.ns.Contain(kube.Service(cfg.name)) {
45 target_pod:: top.deployment.spec.template,
46 },
47
48 ingress: top.ns.Contain(kube.Ingress(cfg.name)) {
49 metadata+: {
50 annotations+: {
51 "kubernetes.io/tls-acme": "true",
52 "cert-manager.io/cluster-issuer": "letsencrypt-prod",
53 "nginx.ingress.kubernetes.io/proxy-body-size": "0",
54 },
55 },
56 spec+: {
57 tls: [ { hosts: [ cfg.domain ], secretName: cfg.name + "-tls" } ],
58 rules: [
59 {
60 host: cfg.domain,
61 http: {
62 paths: [
63 { path: "/", backend: top.service.name_port },
64 ],
65 },
66 },
67 ],
68 },
69 },
70
71 configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
72 data: {
73 "config.py": |||
74 import flask_wtf
75 import wtforms
76 import secrets
77
78 secret_key = secrets.token_hex(32)
79
80 ldap_url = 'ldap://ldap.hackerspace.pl'
81 dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
82
83 ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
84
85 ldap_base = 'dc=hackerspace,dc=pl'
86 ldap_people = 'ou=People,dc=hackerspace,dc=pl'
87 admin_groups = {
88 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
89 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
90 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
91 }
92
93 admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
94 admin_pw = 'unused'
95
96 hackerspace_name = 'Warsaw Hackerspace'
97
98 readable_names = {
99 'commonname': u'Common Name',
100 'givenname': u'Given Name',
101 'gecos': u'GECOS (public name)',
102 'surname': u'Surname',
103 'loginshell': u'Shell',
104 'telephonenumber': 'Phone Number',
105 'mobiletelephonenumber': 'Mobile Number',
106 'sshpublickey': 'SSH Public Key',
107 'mifareidhash': 'MIFARE ID Hash',
108 }
109
110 full_name = {
111 'cn': 'commonname',
112 'gecos': 'gecos',
113 'sn': 'surname',
114 'mobile': 'mobiletelephonenumber',
115 'l': 'locality',
116 }
117
118 can_add = set([
119 'telephonenumber',
120 'mobiletelephonenumber',
121 'sshpublickey',
122 'mifareidhash',
123 ])
124 can_delete = can_add
125 can_modify = can_add | set([
126 'givenname', 'surname', 'commonname', 'gecos',
127 ])
128 can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
129 admin_required = set()
130
131
132 perm_errors = {
133 'add': 'You cannot add this attribute!',
134 'mod': 'You cannot change this attribute!',
135 'del': 'You cannot delete this attribute!',
136 }
137 std_templates = {
138 'add': 'ops/add.html',
139 'mod': 'ops/mod.html',
140 'del': 'ops/del.html',
141 }
142
143
144
145 default_field = (wtforms.fields.StringField, {})
146 fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
147
148 kadmin_passwd = True
149 kadmin_principal_map = "{}@HACKERSPACE.PL"
150
151 TOKEN_LENGTH = 32
152 |||,
153 },
154 },
155}