blob: 788008d2539e5e938f1fdb9d73805df33adc3390 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
ttrss_packages:
- php
- php-pdo
- php-pgsql
- php-cli
- php-json
- php-xml
- php-intl
- php-mbstring
- php-process
- php-gd
- php-opcache
- php-ldap
- git
ttrss_home: /var/www/ttrss
ttrss_keytab: /var/lib/gssproxy/clients/{{ ttrss_user }}.keytab
ttrss_git_repo: https://git.tt-rss.org/fox/tt-rss
ttrss_freeipa_plugin_url: https://raw.githubusercontent.com/sacredheartsc/ttrss-freeipa/master/auth_freeipa/init.php
ttrss_writable_dirs:
- lock
- cache
- feed-icons
- cache/images
- cache/upload
- cache/export
ttrss_php_environment:
GSS_USE_PROXY: 'yes'
ttrss_apache_config: |
<LocationMatch "^/(index.php)?$">
<If "%{QUERY_STRING} != 'noext=1'">
AuthType GSSAPI
AuthName "FreeIPA Single Sign-On"
GssapiLocalName On
{{ apache_gssapi_session_config }}
{{ apache_ldap_config }}
Require ldap-attribute memberof=cn={{ ttrss_access_group }},{{ freeipa_group_basedn }}
Require ldap-attribute memberof=cn={{ ttrss_admin_group }},{{ freeipa_group_basedn }}
ErrorDocument 401 /index.php?noext=1
</If>
</LocationMatch>
ttrss_selinux_policy_te: |
require {
type unconfined_service_t;
type httpd_t;
class key { read view write };
}
#============= httpd_t ==============
allow httpd_t unconfined_service_t:key { read view write };
|
