29 lines
1.5 KiB
Bash
29 lines
1.5 KiB
Bash
# ── FreeIPA ───────────────────────────────────────────────────────────────────
|
|
IPA_HOSTNAME=ipa.corp.example.com
|
|
IPA_DOMAIN=corp.example.com
|
|
IPA_REALM=CORP.EXAMPLE.COM
|
|
IPA_ADMIN_PASSWORD=ChangeMe123!
|
|
IPA_DM_PASSWORD=ChangeMe456!
|
|
IPA_SETUP_DNS=false
|
|
IPA_DNS_FORWARDER=
|
|
IPA_SETUP_KRA=false
|
|
|
|
# ── Ansipa SMB scan-results share ─────────────────────────────────────────────
|
|
# Password for the 'scanupload' Samba user. Deploy to clients via Ansible with
|
|
# smb_scan_password=<this value> (use ansible-vault for production).
|
|
SMB_SCAN_PASSWORD=ChangeMe_ScanPass!
|
|
|
|
# ── Keycloak ──────────────────────────────────────────────────────────────────
|
|
KC_HOSTNAME=keycloak.corp.example.com
|
|
KC_REALM=corp
|
|
KC_ADMIN=admin
|
|
KC_ADMIN_PASSWORD=ChangeMe789!
|
|
KC_DB_PASSWORD=ChangeMe000!
|
|
|
|
# ── Keycloak → FreeIPA LDAP federation ───────────────────────────────────────
|
|
# Leave IPA_BIND_PASSWORD blank to reuse IPA_DM_PASSWORD.
|
|
# In production, create a dedicated read-only service account in FreeIPA.
|
|
IPA_BIND_DN=cn=Directory Manager
|
|
IPA_BIND_PASSWORD=
|
|
IPA_USE_LDAPS=false
|