roles/ttrss/vars/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

ttrss_packages:
  - php
  - php-pdo
  - php-pgsql
  - php-cli
  - php-json
  - php-xml
  - php-intl
  - php-mbstring
  - php-process
  - php-gd
  - php-opcache
  - php-ldap
  - git

ttrss_home: /var/www/ttrss
ttrss_keytab: /var/lib/gssproxy/clients/{{ ttrss_user }}.keytab

ttrss_git_repo: https://git.tt-rss.org/fox/tt-rss
ttrss_version: HEAD

ttrss_freeipa_plugin_url: https://raw.githubusercontent.com/sacredheartsc/ttrss-freeipa/master/auth_freeipa/init.php

ttrss_writable_dirs:
  - lock
  - cache
  - feed-icons
  - cache/images
  - cache/upload
  - cache/export

ttrss_php_environment:
  GSS_USE_PROXY: 'yes'

ttrss_apache_config: |
  <LocationMatch "^/(index.php)?$">
    <If "%{QUERY_STRING} != 'noext=1'">
      AuthType GSSAPI
      AuthName "FreeIPA Single Sign-On"
      GssapiLocalName On
      {{ apache_gssapi_session_config }}
      {{ apache_ldap_config }}
      Require ldap-attribute memberof=cn={{ ttrss_access_group }},{{ freeipa_group_basedn }}
      Require ldap-attribute memberof=cn={{ ttrss_admin_group }},{{ freeipa_group_basedn }}
      ErrorDocument 401 /index.php?noext=1
    </If>
  </LocationMatch>