sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-07 15:41:37 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: various web1 fixes

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-01-09 03:47:19 +01:00
parent d926d70a5f
commit 462e54bd14
5 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all.yaml
View File

@@ -24,15 +24,18 @@ keycloak_address: keycloak.atlantishq.de
keycloak_clients: keycloak_clients:
python-flask-picture-factory: python-flask-picture-factory:
party_secret : "HISTORY_PURGED_SECRETKG0j"
client_id: z_images client_id: z_images
client_secret: "HISTORY_PURGED_SECRET" client_secret: "HISTORY_PURGED_SECRET"
redirect_uris: '"https://images.atlantishq.de/*","https://images.athq.de/*","https://images.potaris.de/*"' redirect_uris: '"https://images.atlantishq.de/*","https://images.athq.de/*","https://images.potaris.de/*"'
simple-log-server: simple-log-server:
party_secret : "8fZpHISTORY_PURGED_SECRET"
client_id: z_sls client_id: z_sls
client_secret: "" client_secret: ""
redirect_uris: '"https://sls.atlantishq.de/*"' redirect_uris: '"https://sls.atlantishq.de/*"'
soundlib-interface: soundlib-interface:
party_secret : "zdHRHISTORY_PURGED_SECRET"
client_id: z_soundlib client_id: z_soundlib
client_secret: "" client_secret: ""
redirect_uris: '"https://sounds.atlantishq.de/*"' redirect_uris: '"https://sounds.atlantishq.de/*"'

4
roles/global-handlers/handlers/main.yml
View File

@@ -19,3 +19,7 @@
systemd: systemd:
name: influxdb name: influxdb
state: restarted state: restarted
- name: daemon reload
systemd:
daemon-reload: yes

1
roles/web1/files/sls_config.py Normal file
View File

@@ -0,0 +1 @@
SQLALCHEMY_DATABASE_URI = "sqlite:///database.sqlite"

29
roles/web1/tasks/main.yaml
View File

@@ -3,6 +3,7 @@
name: name:
- itsdangerous==2.0.1 - itsdangerous==2.0.1
- flask - flask
- flask-login
- flask-oidc - flask-oidc
- Flask-SQLAlchemy - Flask-SQLAlchemy
- MarkupSafe - MarkupSafe
@@ -42,6 +43,13 @@
- simple-log-server - simple-log-server
- soundlib-interface - soundlib-interface
- name: SLS Config
copy:
src: sls_config.py
dest: /var/www/simple-log-server/config.py
owner: www-data
group: www-data
- name: Deploy OIDC config (client secrets) - name: Deploy OIDC config (client secrets)
template: template:
src: oidc_client_secrets.json.j2 src: oidc_client_secrets.json.j2
@@ -53,12 +61,27 @@
- simple-log-server - simple-log-server
- soundlib-interface - soundlib-interface
- name: Systemd Units - name: Template Systemd Units
template: template:
src: "waitress-systemd-unit.j2" src: "waitress-systemd-unit.j2"
dest: "/etc/systemd/user/{{ item.name }}.service" dest: "/etc/systemd/system/{{ item.name }}.service"
with_items: with_items:
- { name : "image-factory", path : "/var/www/python-flask-picture-factory", port : 5000 } - { name : "image-factory", path : "/var/www/python-flask-picture-factory", port : 5000 }
- { name : "serien-ampel", path : "/var/www/serien-ampel", port : 5001 } - { name : "serien-ampel", path : "/var/www/serien-ampel", port : 5001 }
- { name : "simple-log-server", path : "/var/www/simple-log-service", port : 5002 } - { name : "simple-log-server", path : "/var/www/simple-log-server", port : 5002 }
- { name : "soundlib", path : "/var/www/soundlib-interface", port : 5003 } - { name : "soundlib", path : "/var/www/soundlib-interface", port : 5003 }
notify:
- daemon reload
- meta: flush_handlers
- name: Enable and Start Systemd Units
systemd:
name: "{{ item }}"
enabled: yes
state: started
with_items:
- image-factory
- serien-ampel
- simple-log-server
- soundlib

2
templates/oidc_config.json.j2
View File

@@ -1,5 +1,5 @@
{ {
"SECRET_KEY" : "{{ lookup('password', '/dev/null length=20 chars=ascii_letters') }}", "SECRET_KEY" : "{{ keycloak_clients[item].party_secret }}",
"TEST" : true, "TEST" : true,
"DEBUG" : true, "DEBUG" : true,
"OIDC_CLIENT_SECRETS" : "oidc_client_secrets.json", "OIDC_CLIENT_SECRETS" : "oidc_client_secrets.json",