Add LDAP support to mastodon

Users can log in with their account in the database, or with an LDAP
account in the cn=greg,ou=users,dc=kosmos,dc=org group, with the
mastodon attribute set to enabled

site-cookbooks/kosmos-mastodon/templates/default/env.production.erb

@@ -61,3 +61,12 @@ ES_HOST=localhost
 ES_PORT=9200
 
 ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
+
+LDAP_ENABLED=true
+LDAP_HOST=<%= @ldap_host %>
+LDAP_METHOD=<%= @ldap_method %>
+LDAP_BASE="<%= @ldap_base %>"
+LDAP_BIND_DN="cn=Directory Manager"
+LDAP_PASSWORD="<%= @ldap_password %>"
+LDAP_UID="uid"
+LDAP_SEARCH_FILTER="(&(objectClass=account)(mastodon=enabled)(|(%{uid}=%{email})(mail=%{email})))"

site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb

@@ -1,14 +1,10 @@
+<% unless node.chef_environment == "development" -%>
 server {
   listen 80;
   server_name mastodon.<%= @onion_address %>;
   include <%= @shared_config_path %>;
 }
-
-server {
-  listen 80;
-  server_name <%= @server_name %>;
-  return 301 https://$server_name$request_uri;
-}
+<% end -%>
 
 map $http_upgrade $connection_upgrade {
   default upgrade;
@@ -16,8 +12,12 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
+  <% unless node.chef_environment == "development" -%>
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
+  <% else -%>
+  listen 80;
+  <% end -%>
   server_name <%= @server_name %>;
   include <%= @shared_config_path %>;