The company I work for just open-sourced these roles that were written
for use with DebOps:
Manages SimpleSAMLphp as a SAML iDP. Installs
simplesamlphp-module-webauthn by default, which adds WebAuthn 2FA.
Manages Self Service Password, a web interface for changing one's LDAP
Manages OpenVPN server for client-server use. Authenticates clients
against LDAP and integrates with YK-VAL to provide Yubikey TOTP 2FA.
Manages Matomo analytics platform.
Manages ISC DHCP server. Essentially a rewrite of the existing
debops.dhcpd role with support for DHCPv6, but it's still missing some
Manages Opera DNS UI, a web-based LDAP-authenticated DNS management
system for use with PowerDNS authoritative nameserver.
Manages PowerDNS authoritative nameserver.
We use all these roles in production. A lot of documentation is still
missing, I hope to be able to add that soon so the roles can be
integrated into DebOps mainline. The roles are licensed under
GPL-3.0-or-later and can be found here:
Suggestions for improvements are more than welcome.