Configure LDAP for akkounts, add more Rails credentials

2025-05-06 19:41:54 +04:00
parent d029d90214
commit 3c436bb9f1
2 changed files with 74 additions and 32 deletions
--- a/site-cookbooks/kosmos-akkounts/recipes/default.rb
+++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb
@@ -29,7 +29,7 @@ node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_20.x"
 include_recipe 'kosmos-nodejs'
 npm_package "bun"

-ruby_version = "3.3.0"
+ruby_version = "3.3.8"
 ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
 bundle_path = "#{ruby_path}/bin/bundle"
 rails_env = node.chef_environment == "development" ? "development" : "production"
@@ -48,6 +48,9 @@ env = {
  primary_domain: node['akkounts']['primary_domain'],
  akkounts_domain: node['akkounts']['domain'],
  rails_serve_static_files: true,
+  secret_key_base: credentials["rails_secret_key_base"],
+  encryption_primary_key: credentials["rails_encryption_primary_key"],
+  encryption_key_derivation_salt: credentials["rails_encryption_key_derivation_salt"],
  db_adapter: "postgresql",
  pg_host: "pg.kosmos.local",
  pg_port: 5432,
@@ -57,6 +60,17 @@ env = {
  pg_password: credentials["postgresql"]["password"]
 }

+env[:ldap] = {
+  host: "ldap.kosmos.local",
+  port: 389,
+  use_tls: false,
+  uid_attr: "cn",
+  base: "ou=kosmos.org,cn=users,dc=kosmos,dc=org",
+  admin_user: credentials["ldap"]["admin_user"],
+  admin_password: credentials["ldap"]["admin_password"],
+  suffix: "dc=kosmos,dc=org"
+}
+
 smtp_server, smtp_port = smtp_credentials[:relayhost].split(":")
 env[:smtp] = {
  server: smtp_server,