public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 17:56:26 +00:00
Code Issues Releases Wiki Activity

Publish OpenLDAP

Browse Source
This commit is contained in:
David Young
2018-12-09 21:54:52 +13:00
parent b23bcee4f1
commit fcdb9901fb
7 changed files with 419 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
manuscript/CHANGELOG.md
View File

@@ -15,6 +15,7 @@
## Recently added recipes
* Added [OpenLDAP](/recipes/openldap/), a 20-year old project which [refuses to die](https://www.youtube.com/watch?v=cnQEo4bazIo), underpinning many of today's authentication platforms, and providing a single authentication backend for multiple recipes (_9 Dec 2018_)
* Added [Wetty](/recipes/wetty/), a remote terminal client in your web browser (_22 Nov 2018_)
* Added [PrivateBin](/recipes/privatebin/), a self-hosted pastebin alternative (_5 Nov 2018_)
* Added [Realms](/recipes/realms/), another git-based wiki, like [Gollum](/recipes/gollum/), but including basic user auth and registration

BIN
manuscript/images/common_observatory.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
manuscript/images/openldap.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 162 KiB

415
manuscript/recipes/openldap.md Normal file
View File

@@ -0,0 +1,415 @@
# OpenLDAP
!!! important
Development of this recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
[![Common Observatory](../images/common_observatory.png)](https://www.observe.global/)
LDAP is probably the most ubiquitous authentication backend, before the current era of "[stupid social sign-ons](https://www.usatoday.com/story/tech/columnist/2018/10/23/how-separate-your-social-networks-your-regular-sites/1687763002/)". Many of the recipes featured in the cookbook (_[NextCloud](/recipe/nextcloud/), [Kanboard](/recipe/kanboard/), [Gitlab](/recipe/gitlab/), etc_) offer LDAP integration.
## Big deal, who cares?
If you're the only user of your tools, it probably doesn't bother you _too_ much to setup new user accounts for every tool. As soon as you start sharing tools with collaborators (_think 10 staff using NextCloud_), you suddenly feel the pain of managing a growing collection of local user accounts per-service.
Enter OpenLDAP - the most crusty, PITA, fiddly platform to setup (_yes, I'm a little bitter, [dynamic configuration backend](https://linux.die.net/man/5/slapd-config)!_), but hugely useful for one job - a Lightweight Protocol for managing a Directory used for Access (_see what I did [there](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)?_)
The nice thing about OpenLDAP is, like MySQL, once you've setup the server, you probably never have to interact directly with it. There are many tools which will let you interact with your LDAP database via a(n ugly) UI.
This recipe combines the raw power of OpenLDAP with the flexibility and featureset of LDAP Account Manager.
![OpenLDAP Screenshot](../images/openldap.jpeg)
## What's the takeaway?
What you'll end up with is a directory structure which will allow integration with popular tools (_[NextCloud](/recipe/nextcloud/), [Kanboard](/recipe/kanboard/), [Gitlab](/recipe/gitlab/), etc_), as well as with KeyCloak (_an upcoming recipe_), for **true** SSO.
## Ingredients
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
2. [Traefik](/ha-docker-swarm/traefik_public) configured per design
3. DNS entry for the hostname (_i.e. "lam.your-domain.com"_) you intend to use for LDAP Account Manager, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
## Preparation
### Setup data locations
We'll need several directories to bind-mount into our container, so create them in /var/data/openldap:
```
mkdir /var/data/openldap/openldap
mkdir /var/data/runtime/openldap/
```
!!! note "Why 2 directories?"
For rationale, see my [data layout explanation](/reference/data_layout/)
### Prepare environment
Create /var/data/openldap/openldap.env, and populate with the following variables, customized for your own domain structure. Take care with LDAP_DOMAIN, this is core to your directory strucutre, and can't easily be changed later.
```
LDAP_DOMAIN=batcave.gotham
LDAP_ORGANISATION=BatCave Inc
LDAP_ADMIN_PASSWORD=supermansucks
LDAP_TLS=false
# For the oauth2_proxy elements used to protect LAM
OAUTH2_PROXY_CLIENT_ID=
OAUTH2_PROXY_CLIENT_SECRET=
OAUTH2_PROXY_COOKIE_SECRET=
```
Create ```authenticated-emails.txt```, and populate with the email addresses (_matched to GitHub user accounts, in my case_) to which you want grant access, using OAuth2.
### Create config.cfg
The Dockerized version of LDAP Account Manager is a little fiddly. In order to maintain a config file which persists across container restarts, we need to present the container with a copy of /var/www/html/config/lam.conf, tweaked for our own requirements.
Create ```/var/data/openldap/lam/config/config.cfg``` as follows:
???+ note "Much scroll, very text. Click here to collapse it for better readability"
```
# password to add/delete/rename configuration profiles (default: lam)
password: {SSHA}54haBZN/kfgNVJ+W3YJrI2dCic4= iCXkNA==
# default profile, without ".conf"
default: batcave
# log level
logLevel: 4
# log destination
logDestination: SYSLOG
# session timeout in minutes
sessionTimeout: 30
# list of hosts which may access LAM
allowedHosts:
# list of hosts which may access LAM Pro self service
allowedHostsSelfService:
# encrypt session data
encryptSession: true
# Password: minimum password length
passwordMinLength: 0
# Password: minimum uppercase characters
passwordMinUpper: 0
# Password: minimum lowercase characters
passwordMinLower: 0
# Password: minimum numeric characters
passwordMinNumeric: 0
# Password: minimum symbolic characters
passwordMinSymbol: 0
# Password: minimum character classes (0-4)
passwordMinClasses: 0
# Password: checked rules
checkedRulesCount: -1
# Password: must not contain part of user name
passwordMustNotContain3Chars: false
# Password: must not contain user name
passwordMustNotContainUser: false
# Email format (default/unix)
mailEOL: default
# PHP error reporting (default/system)
errorReporting: default
# License
license:
```
### Create <profile\>.cfg
While config.cfg (_above_) defines application-level configuration, <profile\>.cfg is used to configure "domain-specific" configuration. You probably only need a single profile, but LAM could theoretically be used to administer several totally unrelated LDAP servers, ergo the concept of "profiles".
Create yours profile (_you chose a default profile in config.cfg above, remember?_) by creating ```/var/data/openldap/lam/config/<profile>.conf```, as follows:
???+ note "Much scroll, very text. Click here to collapse it for better readability"
```
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://openldap:389
# list of users who are allowed to use LDAP Account Manager
# names have to be separated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=admin,dc=batcave,dc=gotham
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}h39N9+gg/Qf1K/986VkKrjWlkcI= S/IAUQ==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=batcave,dc=gotham
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_user_minUID: 10000
modules: posixAccount_user_maxUID: 30000
modules: posixAccount_host_minMachine: 50000
modules: posixAccount_host_maxMachine: 60000
modules: posixGroup_group_minGID: 10000
modules: posixGroup_group_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group
types: suffix_user: ou=People,dc=batcave,dc=gotham
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
types: suffix_group: ou=Groups,dc=batcave,dc=gotham
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
serverDisplayName:
# enable TLS encryption
useTLS: no
# follow referrals
followReferrals: false
# paged results
pagedResults: false
referentialIntegrityOverlay: false
# time zone
timeZone: Europe/London
scriptUserName:
scriptSSHKey:
scriptSSHKeyPassword:
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=batcave,dc=gotham
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
jobsBindPassword:
jobsBindUser:
jobsDatabase:
jobsDBHost:
jobsDBPort:
jobsDBUser:
jobsDBPassword:
jobsDBName:
jobToken: 190339140545
pwdResetAllowSpecificPassword: true
pwdResetAllowScreenPassword: true
pwdResetForcePasswordChange: true
pwdResetDefaultPasswordOutput: 2
twoFactorAuthentication: none
twoFactorAuthenticationURL: https://localhost
twoFactorAuthenticationInsecure:
twoFactorAuthenticationLabel:
twoFactorAuthenticationOptional:
twoFactorAuthenticationCaption:
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolSchemaBrowser: false
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolMultiEdit: false
```
### Setup Docker Swarm
Create a docker swarm config file in docker-compose syntax (v3), something like this:
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
```
version: '3'
services:
openldap:
image: osixia/openldap
env_file: /var/data/config/openldap/openldap.env
networks:
- internal
volumes:
- /var/data/runtime/openldap/:/var/lib/ldap
- /var/data/openldap/openldap/:/etc/ldap/slapd.d
lam:
image: jacksgt/ldap-account-manager
networks:
- internal
volumes:
- /var/data/openldap/lam/config/config.cfg:/var/www/html/config/config.cfg
- /var/data/openldap/lam/config/batcave.conf:/var/www/html/config/batcave.conf
proxy:
image: funkypenguin/oauth2_proxy
env_file: /var/data/config/openldap/openldap.env
networks:
- traefik_public
- internal
deploy:
labels:
- traefik.frontend.rule=Host:lam.batcave.gotham
- traefik.port=4180
volumes:
- /var/data/config/openldap/authenticated-emails.txt:/authenticated-emails.txt
command: |
-cookie-secure=false
-upstream=http://lam:8080
-redirect-url=https://lam.batcave.gotham
-http-address=http://0.0.0.0:4180
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
networks:
traefik_public:
external: true
```
!!! note
Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here.
## Serving
### Launch OpenLDAP stack
Launch the OpenLDAP stack by running ```docker stack deploy openldap -c <path -to-docker-compose.yml>```
Log into your new LAM instance at https://**YOUR-FQDN**.
On first login, you'll be prompted to create the "_ou=People_" and "_ou=Group_" elements. Proceed to create these.
You've now setup your OpenLDAP directory structure, and your administration interface, and hopefully won't have to interact with the "special" LDAP Account Manager interface much again!
Create your users using the "**New User**" button.
!!! important
Development of this recipe is sponsored by [The Common Observatory](https://www.observe.global/). Thanks guys!
[![Common Observatory](../images/common_observatory.png)](https://www.observe.global/)
## Chef's Notes
1. An upcoming recipe for [KeyCloak](https://www.keycloak.org/) will illustrate how to integrate KeyCloak with your LDAP directory.
### Tip your waiter (donate) 👏
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
### Your comments? 💬

403
manuscript/recipes/sso-stack/openldap.md
View File

@@ -1,403 +0,0 @@
# OpenLDAP with LAM
!!! warning
While this could stand on its own as a standalone recipe, it's a component of the [sso-stack](/recipes/sso-stack/) "_uber-recipe_", and is written in the expectation that the entire SSO stack is being deployed.
![OpenLDAP Screenshot](../images/openldap.png)
## Ingredients
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
2. [Traefik](/ha-docker-swarm/traefik_public) configured per design
3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP
## Preparation
### Setup data locations
We'll need several directories to bind-mount into our container, so create them in /var/data/openldap:
```
mkdir /var/data/openldap/openldap
mkdir /var/data/runtime/openldap/
```
### Prepare environment
Create /var/data/openldap/openldap.env, and populate with the following variables, customized for your own domain struction. Take care with LDAP_DOMAIN, this is core to the rest of the [sso-stack](/recipes/sso-stack/), and can't easily be changed later.
```
LDAP_DOMAIN=batcave.gotham
LDAP_ORGANISATION=BatCave Inc
LDAP_ADMIN_PASSWORD=supermansucks
LDAP_TLS=false
# Setup for github
OAUTH2_PROXY_CLIENT_ID=
OAUTH2_PROXY_CLIENT_SECRET=
OAUTH2_PROXY_COOKIE_SECRET=
```
Create ```authenticated-emails.txt```, and populate with the email addresses (matched to GitHub user accounts, in my case) which you want to grant access, using OAuth2.
### Create config.cfg
```
# password to add/delete/rename configuration profiles (default: lam)
password: {SSHA}54haBZN/kfgNVJ+W3YJrI2dCic4= iCXkNA==
# default profile, without ".conf"
default: observeglobal
# log level
logLevel: 4
# log destination
logDestination: SYSLOG
# session timeout in minutes
sessionTimeout: 30
# list of hosts which may access LAM
allowedHosts:
# list of hosts which may access LAM Pro self service
allowedHostsSelfService:
# encrypt session data
encryptSession: true
# Password: minimum password length
passwordMinLength: 0
# Password: minimum uppercase characters
passwordMinUpper: 0
# Password: minimum lowercase characters
passwordMinLower: 0
# Password: minimum numeric characters
passwordMinNumeric: 0
# Password: minimum symbolic characters
passwordMinSymbol: 0
# Password: minimum character classes (0-4)
passwordMinClasses: 0
# Password: checked rules
checkedRulesCount: -1
# Password: must not contain part of user name
passwordMustNotContain3Chars: false
# Password: must not contain user name
passwordMustNotContainUser: false
# Email format (default/unix)
mailEOL: default
# PHP error reporting (default/system)
errorReporting: default
# License
license:
```
### Create <profile>.cfg
```
# LDAP Account Manager configuration
#
# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.
#
###################################################################################################
# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)
ServerURL: ldap://openldap:389
# list of users who are allowed to use LDAP Account Manager
# names have to be seperated by semicolons
# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org
Admins: cn=admin,dc=observe,dc=global
# password to change these preferences via webfrontend (default: lam)
Passwd: {SSHA}h39N9+gg/Qf1K/986VkKrjWlkcI= S/IAUQ==
# suffix of tree view
# e.g. dc=yourdomain,dc=org
treesuffix: dc=observe,dc=global
# default language (a line from config/language)
defaultLanguage: en_GB.utf8
# Path to external Script
scriptPath:
# Server of external Script
scriptServer:
# Access rights for home directories
scriptRights: 750
# Number of minutes LAM caches LDAP searches.
cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings
modules: posixAccount_user_minUID: 10000
modules: posixAccount_user_maxUID: 30000
modules: posixAccount_host_minMachine: 50000
modules: posixAccount_host_maxMachine: 60000
modules: posixGroup_group_minGID: 10000
modules: posixGroup_group_maxGID: 20000
modules: posixGroup_pwdHash: SSHA
modules: posixAccount_pwdHash: SSHA
# List of active account types.
activeTypes: user,group
types: suffix_user: ou=People,dc=observe,dc=global
types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber
types: modules_user: inetOrgPerson,posixAccount,shadowAccount
types: suffix_group: ou=Groups,dc=observe,dc=global
types: attr_group: #cn;#gidNumber;#memberUID;#description
types: modules_group: posixGroup
# Password mail subject
lamProMailSubject: Your password was reset
# Password mail text
lamProMailText: Dear @@givenName@@ @@sn@@,+::++::+your password was reset to: @@newPassword@@+::++::++::+Best regards+::++::+deskside support+::+
serverDisplayName:
# enable TLS encryption
useTLS: no
# follow referrals
followReferrals: false
# paged results
pagedResults: false
referentialIntegrityOverlay: false
# time zone
timeZone: Europe/London
scriptUserName:
scriptSSHKey:
scriptSSHKeyPassword:
# Access level for this profile.
accessLevel: 100
# Login method.
loginMethod: list
# Search suffix for LAM login.
loginSearchSuffix: dc=yourdomain,dc=org
# Search filter for LAM login.
loginSearchFilter: uid=%USER%
# Bind DN for login search.
loginSearchDN:
# Bind password for login search.
loginSearchPassword:
# HTTP authentication for LAM login.
httpAuthentication: false
# Password mail from
lamProMailFrom:
# Password mail reply-to
lamProMailReplyTo:
# Password mail is HTML
lamProMailIsHTML: false
# Allow alternate address
lamProMailAllowAlternateAddress: true
jobsBindPassword:
jobsBindUser:
jobsDatabase:
jobsDBHost:
jobsDBPort:
jobsDBUser:
jobsDBPassword:
jobsDBName:
jobToken: 190339140545
pwdResetAllowSpecificPassword: true
pwdResetAllowScreenPassword: true
pwdResetForcePasswordChange: true
pwdResetDefaultPasswordOutput: 2
twoFactorAuthentication: none
twoFactorAuthenticationURL: https://localhost
twoFactorAuthenticationInsecure:
twoFactorAuthenticationLabel:
twoFactorAuthenticationOptional:
twoFactorAuthenticationCaption:
tools: tool_hide_toolOUEditor: false
tools: tool_hide_toolProfileEditor: false
tools: tool_hide_toolSchemaBrowser: false
tools: tool_hide_toolServerInformation: false
tools: tool_hide_toolTests: false
tools: tool_hide_toolPDFEditor: false
tools: tool_hide_toolFileUpload: false
tools: tool_hide_toolMultiEdit: false
```
### Setup Docker Swarm
Create a docker swarm config file in docker-compose syntax (v3), something like this:
!!! tip
I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍
```
version: '3'
services:
openldap:
image: osixia/openldap
env_file: /var/data/config/openldap/openldap.env
networks:
- traefik_public
volumes:
- /var/data/openldap/openldap/:/var/lib/ldap
- /var/data/runtime/openldap/:/etc/ldap/slapd.d
lam:
image: jacksgt/ldap-account-manager
networks:
- traefik_public
#volumes:
#- /var/data/openldap/lam/config/lam.conf:/var/www/html/config/lam.conf
proxy:
image: funkypenguin/oauth2_proxy
env_file: /var/data/config/openldap/openldap.env
networks:
- traefik_public
deploy:
labels:
- traefik.frontend.rule=Host:lam.example.com
- traefik.port=4180
volumes:
- /var/data/config/openldap/authenticated-emails.txt:/authenticated-emails.txt
command: |
-cookie-secure=false
-upstream=http://lam:8080
-redirect-url=https://lam.example.com
-http-address=http://0.0.0.0:4180
-email-domain=example.com
-provider=github
-authenticated-emails-file=/authenticated-emails.txt
networks:
traefik_public:
external: true
```
## Serving
### Launch OpenLDAP stack
Launch the OpenLDAP stack by running ```docker stack deploy openldap -c <path -to-docker-compose.yml>```
Log into your new instance at https://**YOUR-FQDN**. You'll hit the LDAP Account Manager login page, which will look like this:
![LAM Landing Page Screenshot](/images/sso-stack-lam-1.png)
Click on "LAM Configuration" to add a profile.
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-2.png)
Enter a profile name, and a profile password (twice). Leave the template at "_unix_":
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-3.png)
When prompted to save your new profile, enter the "master password" ("lam")
You've created a "profile". Now to configure your profile... Start with "Server Settings", and change your **server address** to ```ldap://openldap:389```, and your **tree suffix** to the base DN you setup in the openldap.env file (above).
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-4.png)
Under **Security Settings**, alter the list of valid users to "**cn=admin\<your-base-dn\>**"
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-5.png)
After you save, you'll be redirected to the profile login page, where you'll need to enter the profile details and password you create above.
Once logged in, click on the "**Account Types"** tab...
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-6.png)
And for both "_Users_" and "_Groups_", edit the "LDAP Suffix" to match your chosen Base DN, and save your changes:
![LAM Edit Profiles Screenshot](/images/sso-stack-lam-7.png)
After saving changes to your LAM profile, you'll be redirected to the LAM admin page. Enter your credentials (default admin/admin) to login. On first login, you'll be prompted to create the "ou=People" and "ou=Group" elements. Proceed to create these.
You've now setup your OpenLDAP directory structure, and hopefully won't have to interact with the "special" LDAP Account Manager interface much again!
Proceed to setting up [KeyCloak](/recipes/sso-stack/keycloak/)...
## Chef's Notes
1. What's not yet documented here is how to make the LAM "profile" configuration persistent. I.e., after each container reload, it's currently necessary to repeat the steps above.
### Tip your waiter (donate) 👏
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
### Your comments? 💬

3
manuscript/reference/networks.md
View File

@@ -43,9 +43,10 @@ Network | Range
[PrivateBin](https://geek-cookbook.funkypenguin.co.nz/recipes/privatebin/) | 172.16.41.0/24
[Mayan EDMS](https://geek-cookbook.funkypenguin.co.nz/recipes/mayan-edms/) | 172.16.42.0/24
[Hack MD](https://geek-cookbook.funkypenguin.co.nz/recipes/hackmd/) | 172.16.43.0/24
[FlightAirMap](https://geek-cookbook.funkypenguin.co.nz/recipes/flightairmap/) | 172.16.44.0/24
[FlightAirMap](https://geek-cookbook.funkypenguin.co.nz/recipes/flightairmap/) |172.16.44.0/24
[Wetty](https://geek-cookbook.funkypenguin.co.nz/recipes/wetty/) | 172.16.45.0/24
[FileBrowser](https://geek-cookbook.funkypenguin.co.nz/recipes/filebrowser/) | 172.16.46.0/24
[OpenLDAP](https://geek-cookbook.funkypenguin.co.nz/recipes/openldap/) | 172.16.47.0/24
## Chef's Notes

1
mkdocs.yml
View File

@@ -85,6 +85,7 @@ pages:
- GitLab Runner: recipes/gitlab-runner.md
- Gollum: recipes/gollum.md
- InstaPy: recipes/instapy.md
- OpenLDAP: recipes/openldap.md
- Piwik: recipes/piwik.md
- Portainer: recipes/portainer.md
- Realms: recipes/realms.md